Lunar Creations Privacy Policy

Lunar Creations ("we," "us," or "our") is committed to protecting the privacy of our clients and website visitors. This Privacy Policy details how we collect, use, process, and protect your Personal Data in line with the **Kenya Data Protection Act, 2019** and other applicable regulations.

This policy applies to data collected through our website (e.g., contact forms, analytics), through direct correspondence (email, phone), and during the execution of client projects (Web Design, Automation, and AI solutions).

We collect information that falls into two primary categories:

Personal Data (PII)

This includes any information that can be used to directly or indirectly identify you:

• Identity Data: Name, job title, company name.
• Contact Data: Email address, physical business address, phone number.
• Financial Data: Bank account details for payments and billing (only collected for transaction purposes).
• Project Data: Information, access credentials, or data you provide to us specifically for project execution (e.g., hosting logins, API keys, internal business process details for automation).

Non-Personal Data

This includes technical and aggregated data that does not directly reveal your identity:

• Technical Data: IP address, browser type and version, time zone setting, operating system.
• Usage Data: Information about how you use our website, such as pages visited, time spent, and referral sources.

We collect data through the following interactions:

• Direct Interactions: When you fill out a contact form, email us, engage in a consultation, or provide us with project materials and access credentials.
• Automated Technologies: Through the use of cookies and server logs when you browse our website.
• Third Parties or Publicly Available Sources: We may receive limited technical data from analytics providers (like Google Analytics) or contact data from public business directories.

We use your Personal Data only when the law allows us to, relying on the following legal bases:

• Contractual Necessity: To fulfill the agreement between us, specifically to design, develop, and deliver your website, automation, or AI solution.
• Legitimate Interests: To improve our services, manage our business, or conduct internal accounting, provided your rights are not overridden.
• Legal Obligation: To comply with legal or regulatory requirements, such as tax laws or court orders in Kenya.
• Consent: Where we specifically request and obtain your explicit consent for a particular purpose (e.g., marketing updates).

Specific Uses in Project Execution

For AI and Automation projects, we may temporarily process client data (including potentially sensitive customer data provided by the client) solely for testing and deployment purposes. This processing is strictly limited to the necessary time and scope outlined in the Project Proposal, and we act as a **Data Processor** on your behalf.

We do not sell or rent your Personal Data to third parties. We may share your data in the following circumstances, strictly on a need-to-know basis:

• Service Providers: We use third-party providers for hosting our communications, accounting, and cloud storage. These providers are bound by strict contractual confidentiality obligations.
• Subcontractors: If we use specialized freelance developers or consultants to complete a portion of your project, they will only receive the minimum necessary data required for their task.
• Legal Requirements: If required by Kenyan law or in response to valid requests by public authorities (e.g., a court or government agency).
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction, subject to the new entity adhering to this Policy.

Any international transfer of data is conducted only in compliance with the **Kenya Data Protection Act, 2019**, ensuring appropriate safeguards are in place.

We retain your Personal Data only for as long as necessary to fulfill the purposes for which it was collected, including for satisfying any legal, accounting, or reporting requirements.

• Project Data: Project-specific access credentials and client-provided sensitive data are securely deleted or returned immediately upon final project handover and confirmation of receipt by the client.
• Contact and Financial Data: Basic client contact details and transaction records are retained for a minimum of seven (7) years as required by Kenyan tax and business laws.

We have implemented robust technical and organizational measures to prevent your Personal Data from being accidentally lost, used, accessed in an unauthorized way, altered, or disclosed.

• Encryption: Data is transmitted using Secure Socket Layer (SSL) technology where appropriate.
• Access Control: Access to client data is limited strictly to employees, agents, and contractors who have a legitimate business need and are subject to duties of confidentiality.
• Internal Policies: We have internal procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Under the Kenya Data Protection Act, you have the following rights regarding your Personal Data:

• Right to be Informed: To be informed of the use to which your Personal Data is to be put (this Policy serves this purpose).
• Right of Access: To request access to the Personal Data we hold about you.
• Right to Rectification: To request correction of incomplete or inaccurate data.
• Right to Erasure: To ask us to delete or remove Personal Data where there is no good reason for us to continue processing it.
• Right to Object: To object to processing of your Personal Data for direct marketing purposes.

To exercise any of these rights, please contact us using the information provided in Section 13. We may need to verify your identity before processing your request.

Our website uses cookies (small text files placed on your device) to collect Usage Data and improve your experience. We primarily use **Necessary Cookies** (essential for website function) and **Analytical/Performance Cookies** (to measure website traffic and user patterns).

You can manage your cookie preferences through your web browser settings. Please note that disabling essential cookies may impact the functionality of our website.

Our website may contain links to third-party websites, plug-ins, or applications (e.g., links to software platforms we recommend). Clicking on those links or enabling those connections may allow third parties to collect or share data about you.

We do not control these third-party websites and are not responsible for their privacy statements. We encourage you to read the privacy policy of every website you visit after leaving ours.

Our services are not intended for use by individuals under the age of 18. We do not knowingly collect Personal Data from children. If we become aware that we have inadvertently collected Personal Data from a child without verifiable parental consent, we will take steps to promptly delete that information from our records.

We may update this Privacy Policy from time to time. When we make changes, we will revise the "Last updated" date at the top of this document. For material changes, we will provide you with reasonable advance notice, such as by email or a prominent notice on our website, before the changes take effect.

If you have questions about this Privacy Policy, our data practices, or wish to exercise your data subject rights, please contact our Data Protection Lead:

• Email Address: info@lunarcreations.tech
• Business Address: Lunar Creations, Kisumu, Kenya.