Welcome to the Lune Technologies Ltd. privacy policy.
Lune Technologies Ltd. respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, store and disclose personal data when you visit our website, correspond with us, or engage with our products and services, and tells you about your privacy rights and how the law protects you.
We are incorporated in the Dubai International Financial Centre (DIFC) and are regulated, in respect of personal data, primarily under the DIFC Data Protection Law, DIFC Law No. 5 of 2020 (the “DIFC DPL”) and the regulations issued thereunder. Where applicable, we also comply with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the “UAE PDPL”), the EU General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”), and the UK GDPR and Data Protection Act 2018.
Please read this privacy policy together with any other privacy notice or fair processing notice we may provide on specific occasions, so that you are fully aware of how and why we are using your personal data. This privacy policy supplements, and does not override, any such other notices.
Please use the Glossary in Section 11 to understand the meaning of some of the terms used in this privacy policy.
This privacy policy aims to give you information on how Lune Technologies Ltd. collects and processes your personal data through your use of our website and services, including any data you may provide when you sign up to our newsletter, request a demonstration, enter into a commercial agreement with us, or otherwise interact with us.
Our website and services are business-to-business in nature and are not directed at children. We do not knowingly collect personal data relating to children under the age of 18. If you believe that a child has provided us with personal data, please contact us so that we can take appropriate action.
Lune Technologies Ltd. acts in different capacities depending on the personal data concerned:
This privacy policy is issued on behalf of the Lune Technologies Group. Where we refer to “Lune”, “we”, “us” or “our” in this privacy policy, we are referring to the relevant Lune Technologies Group entity responsible for processing your personal data.
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this privacy policy and our compliance with applicable data protection laws. If you have any questions about this privacy policy, or wish to exercise any of your legal rights, please contact our DPO using the details below:
If you are concerned about our handling of your personal information, we would appreciate the chance to address your concerns before you approach a supervisory authority, so please contact us in the first instance.
You also have the right to lodge a complaint with a data protection supervisory authority. The competent authority for Lune Technologies Ltd. is:
Depending on your location, you may also be entitled to complain to:
We keep this privacy policy under regular review. This version was last reviewed and updated on 16 April 2026. Material changes will be notified to you where required by law. It is important that the personal data we hold about you is accurate and current; please keep us informed if your personal data changes during your relationship with us.
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
Personal data, or personal information, means any information about an identified or identifiable natural person. It does not include data where the identity has been irreversibly removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you, which we have grouped together as follows:
We also collect, use and share Aggregated Data, such as statistical or demographic data, for a variety of purposes. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data and use it in accordance with this privacy policy.
We do not ordinarily collect Special Categories of Personal Data about you (this includes details about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health, and genetic and biometric data). We do not collect information about criminal convictions or offences, except to the extent strictly necessary for sanctions screening, fraud prevention, or compliance with a legal or regulatory obligation.
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In such cases we may have to decline to provide, or discontinue, the relevant product or service, and we will notify you if this is the case at the time.
We use different methods to collect data from and about you, including:
Direct interactions.
You may give us your Identity, Contact, Financial and other data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
Automated technologies or interactions.
As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and similar technologies. Please see our Cookie Notice available on our website for further details.
Third parties or publicly available sources.
We may receive personal data about you from various third parties and public sources, including:
We will only use your personal data when the law allows us to. Depending on the applicable law, we rely on one or more of the following legal bases:
Generally, we do not rely on consent as a legal basis for processing your personal data, although we will obtain your consent before sending third-party direct marketing communications to you by email or SMS, where consent is required.
The table below describes the main ways we use your personal data and the legal bases we rely on. We may process your personal data on more than one lawful ground depending on the specific purpose.
We strive to give you choices regarding certain personal data uses, particularly around marketing and advertising.
Promotional offers from us.
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you. You will receive marketing communications from us only where you have requested information from us, purchased from us, engaged with us in a business context, or otherwise consented, and where you have not opted out.
Third-party marketing.
We will obtain your express opt-in consent before we share your personal data with any third party for their own marketing purposes.
Opting out.
You can ask us or third parties to stop sending you marketing messages at any time by contacting us or by using the unsubscribe link in any marketing email. Where you opt out of marketing, this will not apply to personal data provided to us in connection with a product or service purchase, warranty registration, or other transaction.
We do not make decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you, except where permitted by law (for example, where necessary for the performance of a contract, authorised by law, or based on your explicit consent) and with suitable safeguards. Where we carry out such processing, we will inform you and, where required, provide you with the right to obtain human intervention, to express your point of view, and to contest the decision.
A cookie is a small text file placed onto your device when you access our website. We use cookies and similar tracking technologies to make your online experience more efficient. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, some parts of our website may become inaccessible or not function properly. For more information, please see our Cookie Notice available on our website.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so.
We may share your personal data with the parties set out below for the purposes described in Section 4:
We require all third parties to respect the security of your personal data and to treat it in accordance with applicable law. We do not allow our third-party service providers to use your personal data for their own purposes; we only permit them to process your personal data for specified purposes and in accordance with our instructions under appropriate written agreements.
We may share your personal data within the Lune Technologies Group and with external third parties located outside the DIFC, the UAE, the European Economic Area (EEA) and the United Kingdom. This may involve the transfer of personal data to countries that, in the view of the DIFC, UAE, EU or UK authorities, may not provide the same level of protection for personal data as your home jurisdiction.
Whenever we transfer your personal data outside the DIFC, the UAE, the EEA or the UK, we seek to ensure an adequate level of protection by applying one or more of the following safeguards, as applicable:
You may request further information about the specific safeguards applied to transfers of your personal data by contacting our DPO at the address in Section 1.
We have put in place appropriate technical and organisational measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Our information security programme is aligned with recognised industry standards, including ISO/IEC 27001 and SOC 2 Type II. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Despite our efforts, no transmission of data over the internet is guaranteed to be completely secure. It may be possible for unauthorised third parties to intercept or access transmissions or private communications unlawfully. While we strive to protect your personal data, we cannot ensure or warrant the security of any personal data you transmit to us. Any such transmission is done at your own risk.
We have put in place procedures to deal with any suspected personal data breach and will notify you, the DIFC Commissioner of Data Protection, the UAE Data Office, and any other applicable regulator of a breach where we are legally required to do so, within the timeframes required by applicable law.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect of our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process your personal data, whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
By way of example, we are required by UAE and DIFC laws (including UAE Federal Decree-Law No. 47 of 2022 on the Taxation of Corporations and Businesses and applicable anti-money-laundering legislation) to retain certain customer and transaction records for a minimum period (typically at least five to seven years) after the end of our relationship with you.
In some circumstances you can ask us to delete your data: see “Your Legal Rights” in Section 9 below for further information.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Under the DIFC DPL, the UAE PDPL, the GDPR, the UK GDPR and other applicable data protection laws, you may have a number of rights in relation to your personal data. These rights are not absolute and each is subject to certain exceptions or qualifications. We will grant your request only to the extent that it follows from our assessment that we are permitted and required to do so. Subject to applicable law, you have the right to:
If you wish to exercise any of these rights, please contact our DPO using the details in Section 1.
No fee usually required.
You will not ordinarily have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable fee, or refuse to comply with your request, if it is manifestly unfounded, repetitive or excessive, to the extent permitted by applicable law.
What we may need from you.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request to speed up our response.
Time limit to respond.
We will respond to all legitimate requests within the timeframe required by applicable law, which is generally one month from receipt of a valid request. Occasionally it may take us longer if your request is particularly complex or if you have made a number of requests, in which case we will notify you and keep you updated.
Our website and services are intended for adults acting in a business capacity and are not directed at children. We do not knowingly collect or process personal data relating to individuals under the age of 18. If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete that information as soon as reasonably practicable. If you believe that we may have collected personal data from a child, please contact our DPO using the details in Section 1.
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service or product and the best and most secure experience. We balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise permitted by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you by contacting our DPO.
Performance of Contract means processing your personal data where it is necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into such a contract.
Legal Obligation means processing your personal data where it is necessary for compliance with a legal, regulatory or supervisory obligation to which we are subject, including under the laws of the DIFC, the UAE, the EU, the UK, or any other applicable jurisdiction.
DIFC DPL means the DIFC Data Protection Law, DIFC Law No. 5 of 2020, as amended, and the regulations issued thereunder.
UAE PDPL means UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data, as amended, and any implementing regulations issued thereunder.
GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
Privacy is important to us, so you have the option of disabling certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may impact your experience on the website.
