• Skip to main content
  • Skip to footer
  • Home
  • Work
  • Expertise
  • About us
  • Latest thinking
  • let's chat
  • Home
  • Work
  • Expertise
  • About us
  • Latest thinking
Brand Experience Architects

Legal

Privacy policy

We value your privacy and are dedicated to protecting your personal data. This policy outlines how we collect and use your information in accordance with applicable data protection laws, including GDPR, the UK Data Protection Act 2018, and South Africa's Protection of Personal Information Act. We ensure all data handling practices align with both our legal obligations and your privacy rights.

Logo
  • Home
  • Work
  • Expertise
  • About us
  • Latest thinking
  • Home
  • Work
  • Expertise
  • About us
  • Latest thinking

PRIVACY NOTICE

This Privacy Notice explains how Lucky Beard processes personal data across all regions in which we operate, in compliance with applicable data protection laws including: 

  • EU General Data Protection Regulation (GDPR) (EU Regulation 2016/679) 
  • UK GDPR and the UK Data Protection Act 2018 
  • Irish Data Protection Act 2028 
  • South African Protection of Personal Information Act, 2013 (POPIA) 

This Notice applies where Lucky Beard acts as a data controller or responsible party. 

1. Who We Are (Global Data Controllers) 

Lucky Beard operates globally through the following legal entities: 

  • Lucky Beard Limited (Ireland) – Company No. 610580 
    Registered office: 3rd Floor, 40 Mespil Road, Dublin 4, Ireland 
  • Lucky Beard UK Limited (United Kingdom) – Company No. 11409849 
    Registered office: 15 West Ferry Circus, Canary Wharf, London, E14 4HD, United Kingdom 
  • Lucky Beard (Pty) Ltd (South Africa) – Registration No. 2014/164529/07 
    Registered office: Southdowns Ridge Office Park, 1240 John Vorster Avenue, Irene, 0062, South Africa 

For the purposes of this Privacy Notice: 

  • The Lucky Beard entity with which you interact (for example, through a contract, recruitment process, or local office) will generally act as the primary data controller or responsible party. 
  • Where personal data is processed through shared group systems (such as CRM, HR, marketing, finance or IT platforms), the relevant Lucky Beard entities act as joint controllers, in accordance with Article 26 GDPR. The Lucky Beard entity that hosts the personal data shall take primary responsibility for compliance with the technical measures under this Privacy Notice, while all relevant Lucky Beard entities will take responsibility for their own organizational measures. 

For EU GDPR purposes, Lucky Beard Limited (Ireland) is the main establishment, and the Irish Data Protection Commission is the lead supervisory authority. 

2. Scope of This Privacy Notice 

This Privacy Notice applies to: 

  • Website visitors 
  • Clients and prospective clients 
  • Business contacts and suppliers 
  • Job applicants and candidates 
  • Employees and contractors 

It describes what personal data we collect, how we collect and use it, the legal bases for processing, how long we retain it, who we share it with, and your rights. 

3. Personal Data We Collect 

3.1 Website Users 

  • Identifiers and contact information (e.g. name, email address) 
  • Technical data (IP address, browser type, device information, login details) 
  • Usage data collected via cookies and similar technologies 

3.2 Clients, Prospective Clients & Business Contacts 

  • Contact and professional information 
  • Communications and correspondence 
  • Publicly available professional information (e.g. LinkedIn profiles) 

3.3 Job Applicants 

  • Identification and contact information 
  • CVs, portfolios, education and employment history 
  • Interview notes and assessment results 
  • Special category data where legally permitted or with consent (e.g. health or diversity data) 

3.4 Employees and Contractors

  • Identification and contact information 
  • CVs, portfolios, education and employment history 
  • Payroll and financial information 
  • Benefits and pension data 
  • Performance, training and HR records 
  • Special category data where legally permitted or with consent (e.g. health or diversity data) 
  • Special category data processed in accordance with employment law obligations, or with consent 

3B. Personal Data May Be Collected From

Where we do not collect the personal data directly from you, we may collect the personal data from indirect sources, such as: 

  • recruiters 
  • public sources (e.g., LinkedIn, Meta) 
  • thirdparty data providers 
  • group companies 

4. Legal Bases for Processing 

We process personal data only where we have a lawful basis. 

  • Website enquiries and contact forms - Consent or legitimate interests
  • Marketing communications - Consent or legitimate interests (B2B soft opt-in) 
  • Client contracts and service delivery - Performance of a contract
  • Recruitment and hiring - Legitimate interests and steps prior to contract, or consent 
  • Employment administration - Performance of a contract and legal obligation, or consent 
  • Legal compliance - Legal obligation 
  • IT security and fraud prevention - Legitimate interests (to protect IT systems, prevent fraud, and ensure network safety)

We apply the soft opt-in only where we obtain your email in the context of a sale or negotiation, and only send marketing about our own similar or related services. You can opt out at any time. 

Where special category data is processed, we rely on Article 9 GDPR conditions or equivalent POPIA provisions, including employment law obligations, legal claims, or explicit consent, where required. 

Automated decision making (without human intervention) will not be used in recruitment screening or selection. 

5. Cookies and Tracking Technologies 

We use cookies and similar technologies on our website to ensure it functions correctly, to understand how visitors use our site, and to support our marketing activities. 

Cookies used on our website fall into the following categories: 

  • Strictly necessary cookies – required for core site functionality and security. These cookies are always active. 
  • Analytics cookies – help us understand how visitors interact with our website so we can improve performance and usability. 
  • Marketing cookies – help us deliver relevant content and measure the effectiveness of our campaigns. 
  • Third-party cookies – set by third parties that provide services to us. 

Analytics and marketing cookies are only placed on your device with your consent, which is collected via our cookie banner when you first visit our website. You can withdraw or manage your consent at any time through our cookie settings. 

Further details about the specific cookies we use, their purposes, and retention periods are available in our Cookies Policy, available here. 

6. Marketing Communications 

We may send marketing communications to you where: 

  • You have given consent; or 
  • We have a legitimate interest to contact you in a B2B context 

You may opt out at any time by using the unsubscribe link or contacting us. 

7. Data Sharing 

We may share personal data with: 

  • Trusted third-party service providers (IT, hosting, CRM, HR, payroll and professional service providers) 
  • Regulators, tax authorities and law enforcement where required by law 

All processors are bound by written agreements in line with Article 28 GDPR and POPIA requirements. 

8. International Data Transfers 

We may transfer personal data between our offices and to trusted third-party providers (IT, hosting, CRM, HR, payroll and professional service providers) outside your country. 

Transfers are safeguarded using: 

  • EU Standard Contractual Clauses (SCCs) 
  • UK International Data Transfer Agreement (IDTA) or UK Addendum 
  • POPIA-compliant contractual protections (the third party recipient will be subject to a law, binding corporate rules, or binding agreement which provide an adequate level of protection) 

We conduct transfer risk assessments and apply appropriate technical and organisational safeguards. 

9. Data Retention 

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, regulatory, contractual, and business requirements. 

Indicative retention periods include: 

  • Website enquiries and marketing contacts: until you opt out or after 24 months of inactivity 
  • Job applicants: up to 12 months after the recruitment process concludes, unless a longer period is required or permitted by law 
  • Client and supplier records: for the duration of the contractual relationship plus up to 6 years 
  • Employee records: for the duration of employment and for the period required by applicable employment, tax, and social security laws thereafter 

Retention periods may vary depending on jurisdiction and the nature of the data. Further details are set out in our internal data retention policies. 

10. Data Security 

We implement technical and organisational measures including: 

  • Access controls and least-privilege principles 
  • Staff confidentiality obligations and training 
  • Incident and data breach response procedures 

11. Your Rights 

EU GDPR and UK GDPR 

If you are located in the European Union or the United Kingdom, you have the right to: 

  • Be informed about how we use your personal data 
  • Request access to your personal data 
  • Request rectification of inaccurate or incomplete data 
  • Request erasure of your personal data 
  • Request restriction of processing 
  • Object to processing, including the right to object to direct marketing at any time 
  • Request data portability, where applicable 
  • Withdraw consent at any time, where processing is based on consent 

South Africa (POPIA) 

If you are located in South Africa, you have the right to: 

  • Request confirmation of whether or not we hold or process any of your personal information 
  • Request the record or a description of your personal information that we hold, including information about the identity of all third parties, or categories of third parties, who have, or have had, access to the information 
  • Request access to your personal information 
  • Request correction or deletion of personal information 
  • Object to the processing of your personal information 
  • Refuse to provide any information, where processing is based on consent, but this may adversely impact your use of the website or our ability to provide you with services  
  • Object to processing for direct marketing via unsolicited electronic communication 
  • Withdraw consent at any time, where processing is based on consent 
  • Lodge a complaint with the Information Regulator 

Further details about what information we process, and the exercising of your rights, can be found in our PAIA Manual at here. 

12. How to Exercise Your Rights 

Requests can be made by contacting us at: 

Email: privacy@luckybeard.com 

We will respond within one month, unless an extension is permitted by law. 

13. Complaints 

  • EU: Irish Data Protection Commission [https://forms.dataprotection.ie/contact]
  • UK: Information Commissioner’s Office (ICO) [https://ico.org.uk/make-a-complaint/ ]
  • South Africa: Information Regulator (POPIA) [https://inforegulator.org.za/complaints/ ]

14. Updates to This Notice 

We may update this Privacy Notice periodically. The latest version will always be published on our website. 

get in touch

hello@luckybeard.com let's chat
  • Our Instragram page
  • Our LinkedIn page
  • Our YouTube channel
Luckybeard signature

Pretoria

Southdowns Ridge Office Park, Cnr
Nelmapius & John Vorster Ave,
Irene, Centurion, 0123, South Africa

Johannesburg

37 Bath Avenue, Rosebank, Johannesburg, 2193, South Africa

London

15 Westferry Circus, Canary Wharf, London, E14 4HD

Dublin

Century House, Harold’s Cross Road, Dublin 6w, D6W P993

  • Privacy policy
  • Copyright © 2026
  • Cookie policy