Privacy Policy

Last Updated: 21 October 2025

Effective Date: 21 October 2025

1. Introduction

Welcome to Lunexa Solutions Ltd. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website, services, and products.

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Our Details

Company Name: Lunexa Solutions Ltd
Company Registration Number: 16371359 (England and Wales)
ICO Registration Number: ZC010687
Registered Address: The Bradfield Centre, 184 Cambridge Science Park, Milton Road, Cambridge, CB4 0GA, United Kingdom
Contact Email: info@lunexasolutions.co.uk
Website: https://lunexasolutions.co.uk

2. Information We Collect

2.1 Information You Provide Directly

Contact Forms and Inquiries: When you contact us through our website or email, we collect:

  • Name
  • Email address
  • Company name (if applicable)
  • Phone number (if provided)
  • Message content
  • Any additional information you choose to share

Client Services: When you engage us for software development, game development, or consulting services, we may collect:

  • Business contact information
  • Company details
  • Project requirements and specifications
  • Technical documentation
  • Payment and invoicing information
  • Communications related to project delivery

Digital Product Purchases (3D Assets): When you purchase 3D assets or other digital products through our website:

  • Email address (for delivery and receipts)
  • Payment information (processed by Stripe – we do not store card details)
  • Purchase history and transaction records
  • Delivery confirmations

Job Applications (if applicable): If you apply for positions at Lunexa Solutions, we may collect:

  • CV/Resume
  • Cover letter
  • References
  • Portfolio or work samples
  • Interview notes

2.2 Information Collected Automatically

Website Analytics and Tracking: Our website uses analytics tools to understand visitor behavior:

  • SourceBuster Analytics: Tracks traffic sources, referrals, campaign data, and user journey information to help us understand how visitors find and navigate our website.
  • Jetpack Stats (provided by Automattic Inc.): Collects anonymous usage statistics including pages visited, time spent on site, and general location data (country/city level).

Technical Information:

  • IP address (anonymized where possible)
  • Browser type and version
  • Operating system
  • Device type and screen resolution
  • Referring website
  • Pages visited, time spent, and navigation patterns
  • Click data and interactions

Cookies: We use cookies to improve your browsing experience. For detailed information, please see our Cookie Policy section below.

2.3 Client Project Data

When working on client projects, we may process:

  • Project-specific data provided by clients
  • Source code and technical assets
  • Design files and creative materials
  • User data as a data processor (on behalf of clients)
  • Testing and quality assurance data

Important: When processing data on behalf of clients, we act as a data processor, and our clients remain the data controllers. Our data processing is governed by separate Data Processing Agreements (DPAs).

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 Service Delivery

  • Responding to inquiries and providing customer support
  • Processing digital product purchases and delivering 3D assets
  • Sending purchase receipts and download links
  • Delivering software development, game development, and consulting services
  • Managing client projects and communications
  • Providing technical support and maintenance
  • Processing payments and invoicing

3.2 Business Operations

  • Analyzing website usage to improve user experience
  • Understanding traffic sources and marketing effectiveness
  • Conducting market research and business analysis
  • Managing recruitment processes
  • Maintaining business records and compliance

3.3 Marketing and Communications (with consent)

  • Sending service updates and company news
  • Sharing case studies and portfolio updates
  • Informing clients about new services or capabilities

3.4 Legal and Security

  • Complying with legal obligations and regulations
  • Protecting against fraud, abuse, and security threats
  • Enforcing our Terms and Conditions
  • Defending legal claims and disputes
  • Maintaining audit trails and business records

4. Legal Basis for Processing (UK GDPR)

We process your personal data under the following legal bases:

  • Consent: When you provide explicit consent (e.g., contact forms, marketing communications)
  • Contract: To fulfill our contractual obligations when delivering services to clients
  • Legitimate Interests: For business operations, security, fraud prevention, and improving our services, where this does not override your rights
  • Legal Obligation: To comply with applicable laws, regulations, and legal processes

5. Data Sharing and Third Parties

We do not sell your personal data. We share data only in the following circumstances:

5.1 Service Providers

We work with trusted third-party service providers:

Website and Analytics:

  • Automattic Inc. (Jetpack Stats): Website analytics – Privacy Policy
  • SourceBuster Analytics: Traffic source tracking (cookie-based, no external data transmission)
  • Web Hosting Provider: Website hosting and infrastructure

Business Operations:

  • Google Workspace: Email and business productivity tools – Privacy Policy
  • Stripe: Payment processing for digital product sales – Privacy Policy
  • Payment Processors: For invoicing and payment processing (Stripe, PayPal, or bank transfers)
  • Cloud Infrastructure: For project development and hosting (DigitalOcean, AWS, or similar)

Project Collaboration Tools:

  • Project management platforms (e.g., Asana, Trello, Jira)
  • Communication tools (e.g., Slack, Microsoft Teams)
  • Version control systems (e.g., GitHub, GitLab, Perforce)

5.2 Client Relationships

When working on client projects:

  • We may share project data with authorized client representatives
  • We may work with client-approved subcontractors or partners
  • Data sharing is governed by project agreements and NDAs

5.3 Legal Requirements

We may disclose your information if required to:

  • Comply with legal obligations, court orders, or government requests
  • Protect our rights, property, or safety, or that of our clients or the public
  • Prevent fraud or security threats
  • Enforce our Terms and Conditions

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity, subject to the same privacy protections.

6. International Data Transfers

Some of our service providers are located outside the United Kingdom. When we transfer data internationally, we ensure appropriate safeguards are in place:

  • European Economic Area (EEA): Adequate level of protection under UK GDPR
  • United States: Transfers comply with UK adequacy regulations or appropriate safeguards (e.g., Standard Contractual Clauses)
  • Other Countries: We use Standard Contractual Clauses or other approved mechanisms

Specific international transfers:

  • Automattic Inc. (USA): Standard Contractual Clauses
  • Google LLC (USA): UK-approved data transfer mechanisms
  • GitHub/GitLab (USA): Standard Contractual Clauses for version control

7. Data Retention

We retain your personal data only as long as necessary:

  • Contact Form Inquiries: Up to 3 years from last contact
  • Digital Product Purchases: 7 years (for tax and business records)
  • Client Project Data: Duration of project plus 7 years (for business records and potential legal claims)
  • Financial Records: 6 years (UK tax law requirement)
  • Analytics Data: Anonymous data retained indefinitely; identifiable data anonymized after 26 months
  • Marketing Communications: Until you unsubscribe or withdraw consent
  • Job Applications: Up to 12 months after recruitment process concludes

After the retention period, data is securely deleted or anonymized.

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

8.1 Right of Access

Request a copy of the personal data we hold about you.

8.2 Right to Rectification

Request correction of inaccurate or incomplete data.

8.3 Right to Erasure (“Right to be Forgotten”)

Request deletion of your personal data, subject to legal obligations and legitimate business needs.

8.4 Right to Restrict Processing

Request that we limit how we use your data in certain circumstances.

8.5 Right to Data Portability

Receive your data in a structured, commonly used format to transfer to another controller.

8.6 Right to Object

Object to processing based on legitimate interests or for direct marketing purposes.

8.7 Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

How to Exercise Your Rights

To exercise any of these rights, please contact us at info@lunexasolutions.co.uk.

We will respond to your request within one month. In complex cases, we may extend this by up to two months and will inform you of any delay.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption: Data in transit is encrypted using SSL/TLS protocols
  • Access Controls: Limited access to personal data on a need-to-know basis
  • Secure Development: Following secure coding practices and security best practices
  • Infrastructure Security: Regular security updates, monitoring, and penetration testing
  • Employee Training: Staff trained on data protection and security principles
  • Third-Party Security: Service providers contractually obligated to maintain security standards
  • Client Data: Project-specific security measures as agreed in contracts
  • Backup and Recovery: Regular backups with encryption

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. Client Data Processing

When we develop software, applications, or games for clients, we may process personal data on behalf of our clients:

10.1 Our Role

  • We act as a data processor when handling client-provided data
  • Our clients remain the data controller responsible for the data
  • Processing activities are governed by Data Processing Agreements (DPAs)

10.2 Your Rights

If you are an end-user of a product or service we developed for a client, your privacy rights are managed by our client (the data controller). Please contact them directly regarding your personal data.

10.3 Security Measures

We implement appropriate technical and organizational measures to protect client data according to:

  • UK GDPR requirements
  • Industry best practices
  • Client-specific security requirements
  • Contractual obligations

11. Children’s Privacy

Our website and services are not directed at children under the age of 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at info@lunexasolutions.co.uk, and we will delete it promptly.

For products or services we develop for clients that may be used by children, appropriate child protection measures are implemented as required by UK GDPR and in consultation with our clients.

12. Cookie Policy

What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us improve your experience and understand how our site is used.

Types of Cookies We Use

Essential Cookies (Always Active):

  • Required for website functionality
  • Enable core features like security and accessibility
  • Cannot be disabled without affecting site performance

Analytics Cookies (Optional):

  • SourceBuster cookies: Track traffic sources and user journey
  • Jetpack Stats cookies: Anonymous website usage analytics
  • Help us understand which content is valuable and how visitors find our site

Preference Cookies (Optional):

  • Remember your cookie consent choices
  • Store language and regional preferences

Managing Cookies

When you first visit our site, you’ll see a cookie consent banner where you can:

  • Accept all cookies
  • Reject non-essential cookies
  • Customize your preferences

You can change your cookie preferences at any time by:

  1. Using the cookie settings link in our footer
  2. Adjusting your browser settings to block cookies
  3. Using browser privacy modes

Note: Blocking essential cookies may affect site functionality.

Third-Party Cookies

Some cookies are set by third-party services:

  • Jetpack (Automattic): Analytics cookies
  • SourceBuster: Traffic source tracking cookies

These third parties have their own privacy policies governing their use of cookies.

13. Business Contact Information

13.1 B2B Communications

If you are a business contact (e.g., client, partner, supplier), we process your business contact information (name, work email, company, phone) for:

  • Business relationship management
  • Contract fulfillment
  • Communication about services and projects
  • Networking and partnership opportunities

13.2 Legitimate Interest

We rely on legitimate business interests to process business contact information, balanced against your rights and interests.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements.

Notification of Changes:

  • The “Last Updated” date at the top will be revised
  • Significant changes will be communicated via email (if we have your contact details) or prominent website notice
  • Continued use of our services after changes constitutes acceptance

We encourage you to review this policy periodically.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: info@lunexasolutions.co.uk
Post: Lunexa Solutions Ltd, The Bradfield Centre, 184 Cambridge Science Park, Milton Road, Cambridge, CB4 0GA, United Kingdom
ICO Registration: ZC010687

We aim to respond to all inquiries within 5 business days.

16. Additional Information

16.1 Do Not Track Signals

Our website does not currently respond to Do Not Track (DNT) browser signals, as there is no industry standard for compliance.

16.2 Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on individuals.

16.3 Marketing Communications

If you’ve opted in to receive marketing communications, you can unsubscribe at any time by:

16.4 Data Protection Officer

As a small company, we are not required to appoint a formal Data Protection Officer (DPO). All data protection inquiries should be directed to info@lunexasolutions.co.uk.

16.5 Non-Disclosure Agreements

For client projects, additional confidentiality protections are provided through Non-Disclosure Agreements (NDAs) and project-specific contracts.

Lunexa Solutions Ltd
Company Registration: 16371359
ICO Registration: ZC010687
Last Updated: 21 October 2025

Privacy Policy

Terms & Conditions