Legal
Privacy Policy
Last updated: 21 June 2026
Noctulux
1. Who we are
Noctulux is the data controller for personal data collected through this website.
For privacy-related questions, contact us at contact@noctulux.com.
2. What data we collect
We keep data collection on this website to a minimum.
Contact form: name, email address, subject, and message content you choose to send.
Technical data: standard server and security logs (for example IP address and request metadata) needed to operate and protect the site.
We do not use advertising trackers, analytics pixels, or user accounts on this public website by default.
3. Why we use your data
To respond to enquiries you submit via the contact form or email.
To maintain the security, availability, and integrity of this website.
To comply with legal obligations where applicable.
Our legal basis under the GDPR (AVG) is typically legitimate interest (handling business enquiries and securing our website) or, where required, consent.
4. How long we keep data
Contact enquiries are kept only as long as needed to respond and for reasonable follow-up, unless a longer retention period is required by law or agreed in a separate engagement.
Server logs are retained for a limited operational period.
5. Who we share data with
We do not sell personal data.
We may use infrastructure providers (for example hosting and email delivery) that process data on our behalf as processors, under appropriate agreements.
We may disclose data when required by law.
6. Cookies
This website is designed to be privacy-light. We do not set non-essential marketing or analytics cookies by default.
Essential cookies or similar technologies may be used where strictly necessary for security or basic site operation.
7. Your rights
Under the GDPR (AVG), you may have the right to access, rectify, erase, restrict, or object to processing, and to data portability where applicable.
You may also lodge a complaint with the Dutch supervisory authority: autoriteitpersoonsgegevens.nl.
To exercise your rights, email contact@noctulux.com.
8. Client engagements
Data handled during paid cybersecurity engagements is governed by the agreed statement of work and any separate data-processing terms, not solely by this website privacy policy.
See our client data handling page at /about/data-privacy for how we approach engagement data.
9. Changes
We may update this policy from time to time. The Last updated date at the top of this page indicates when it was last revised.
This document should be reviewed by a qualified legal advisor before publication.
Questions about this document? Contact us · Privacy policy · Terms