Privacy Policy
Last Updated: April 2026
1. Introduction
MODULUX LTD (HE 490331) ("Company", "we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our cloud-based software service (the "Service").
This Privacy Policy is issued in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable data protection laws of the Republic of Cyprus.
By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.
2. Data Controller
The data controller responsible for your personal data is:
Company Name: MODULUX LTD
Registration Number: HE 490331
Registered Office: Vasil Michalidi, Limassol, Cyprus
Data Protection Contact: privacy@modulux-tech.com
3. Personal Data We Collect
3.1 Data You Provide to Us
When you register for and use the Service, we collect:
- Account Information: name, email address, telephone number, password (encrypted).
- Billing Information: payment card details (processed by our payment processor; we do not store full card numbers), billing address, VAT number (if applicable).
- User Content: data you input into the Service, including project specifications, calculations, and other information related to your use of the Service.
3.2 Data Collected Automatically
When you access the Service, we automatically collect:
- Technical Data: IP address, browser type and version, operating system, device type, screen resolution, language preferences.
- Usage Data: pages visited, features used, time spent on the Service, clickstream data, referring website.
- Cookies and Similar Technologies: see Section 9 for details.
4. Purposes and Legal Basis for Processing
Under the GDPR, we must have a legal basis for processing your personal data. The table below sets out the purposes for which we process your data and the corresponding legal basis:
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| To provide and maintain the Service | Performance of contract (Art. 6(1)(b)) |
| To process payments | Performance of contract (Art. 6(1)(b)) |
| To send service-related communications | Performance of contract (Art. 6(1)(b)) |
| To improve and develop the Service | Legitimate interest (Art. 6(1)(f)) |
| To ensure security and prevent fraud | Legitimate interest (Art. 6(1)(f)) |
| To comply with legal obligations | Legal obligation (Art. 6(1)(c)) |
| To send marketing communications | Consent (Art. 6(1)(a)) |
5. Data Sharing and Recipients
We do not sell your personal data. We may share your personal data with the following categories of recipients:
5.1 Service Providers
We engage third-party service providers to perform functions on our behalf, including cloud hosting, payment processing, email delivery, and analytics. These providers process data only on our instructions and are contractually bound to protect your data in accordance with GDPR requirements.
5.2 Legal Requirements
We may disclose your personal data if required by law, court order, or governmental authority, or where necessary to protect our legal rights or the rights, safety, or property of others.
5.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity, subject to the same privacy protections described in this Policy.
6. International Data Transfers
Your personal data may be transferred to and processed in countries outside your country of residence, including countries outside the European Economic Area (EEA).
Where we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including:
- (a) Transfers to countries that the European Commission has determined provide an adequate level of protection;
- (b) Standard Contractual Clauses approved by the European Commission; or
- (c) Other lawful transfer mechanisms under GDPR Article 46 or derogations under Article 49.
You may request a copy of the safeguards we use for international transfers by contacting us at the address provided in Section 2.
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. The specific retention periods are:
| Data Category | Retention Period |
|---|---|
| Account data | Duration of account + 3 years |
| Transaction and billing data | 7 years (legal requirement) |
| User content | 30 days after account deletion |
| Security and access logs | 12 months |
8. Your Rights Under GDPR
Under the GDPR, you have the following rights regarding your personal data:
- Right of Access (Art. 15): You have the right to obtain confirmation of whether we process your personal data and to request a copy of that data.
- Right to Rectification (Art. 16): You have the right to request correction of inaccurate personal data or completion of incomplete data.
- Right to Erasure (Art. 17): You have the right to request deletion of your personal data in certain circumstances ("right to be forgotten").
- Right to Restriction (Art. 18): You have the right to request restriction of processing of your personal data in certain circumstances.
- Right to Data Portability (Art. 20): You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
- Right to Object (Art. 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes.
- Right to Withdraw Consent (Art. 7(3)): Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
To exercise any of these rights, please contact us at privacy@modulux-tech.com. We will respond to your request within one (1) month, or inform you if an extension is required.
Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority. In Cyprus, this is the Office of the Commissioner for Personal Data Protection (www.dataprotection.gov.cy).
9. Cookies and Similar Technologies
9.1 What Are Cookies?
Cookies are small text files stored on your device when you visit a website. They help us recognise your browser, remember your preferences, and understand how you use the Service.
9.2 Types of Cookies We Use
| Cookie Type | Purpose |
|---|---|
| Strictly Necessary | Essential for the Service to function (authentication, security). Cannot be disabled. |
| Functional | Remember your preferences (language, display settings) for enhanced experience. |
| Analytics | Collect anonymous statistical data about how the Service is used. |
9.3 Managing Cookies
You can manage your cookie preferences through our cookie consent tool or through your browser settings. Please note that disabling certain cookies may affect the functionality of the Service.
10. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:
- (a) Encryption of data in transit (TLS/SSL) and at rest;
- (b) Access controls limiting data access to authorised personnel only;
- (c) Regular security assessments and penetration testing;
- (d) Secure backup procedures; and
- (e) Employee training on data protection and security.
While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.
11. Children's Privacy
The Service is not intended for individuals under the age of eighteen (18). We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us immediately, and we will take steps to delete such information.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the Service at least thirty (30) days before the changes take effect. We encourage you to review this Privacy Policy periodically. Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the changes.
The "Last Updated" date at the top of this Privacy Policy indicates when it was most recently revised.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: privacy@modulux-tech.com
Supervisory Authority: Office of the Commissioner for Personal Data Protection (www.dataprotection.gov.cy)
BY USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY.