Privacy Policy
Last updated: 26 May 2026
imprint.html with your legal entity name, registered address, company ID, and contact email.
1. Controller
Data controller: [Legal entity name — e.g. LUNAIT s.r.o.]
Address: [Street, City, Postal code, Country]
Email: privacy@your-domain.com
2. Scope
This policy applies to the LUNA / LUNAIT marketing website and contact forms. We do not run advertising trackers or third-party analytics on this site by default.
3. Data we process
- Contact forms: name, contact details (email/phone), message or project details, budget selection, GDPR consent record.
- Language preference: stored locally in your browser only after you accept essential cookies.
- Server logs: IP address, timestamp, user agent, requested URL — processed by our hosting provider for security and operation (typically up to 30 days).
4. Purposes and legal bases (GDPR Art. 6)
- Responding to inquiries and project requests — Art. 6(1)(b) pre-contractual steps / Art. 6(1)(a) consent via form checkbox.
- Website security, abuse prevention, form honeypot — Art. 6(1)(f) legitimate interest.
- Language preference storage — Art. 6(1)(a) consent (essential cookies banner).
5. Retention
- Form submissions: up to 24 months after last communication, unless legal obligations require longer storage.
- Consent records: up to 36 months.
- Server logs: as defined by hosting provider, typically 30 days.
6. Recipients
Data may be processed by infrastructure providers strictly necessary to operate the website (hosting, form delivery). Contact form data (including drafts entered in contact fields) is transmitted to our team via Telegram Bot API for faster response. We do not sell personal data.
If hosting is outside the EEA, we rely on appropriate safeguards (e.g. EU Standard Contractual Clauses) where required.
7. Your rights
You may request access, rectification, erasure, restriction, portability, and object to processing. Where processing is based on consent, you may withdraw consent at any time without affecting prior lawful processing.
Contact: privacy@your-domain.com
You also have the right to lodge a complaint with your local supervisory authority (e.g. ÚOOÚ in Czechia, DPA in Slovakia, UODO in Poland, BfDI in Germany).
8. Security measures
- HTTPS/TLS in production
- Security headers (CSP, HSTS, X-Frame-Options, etc.)
- Form honeypot and input length limits
- No unnecessary third-party scripts
- Minimal data collection
9. Children
This website is not directed at children under 16. We do not knowingly collect their data.
10. Changes
We may update this policy. Material changes will be reflected by updating the date above.