GDPR & Data Protection

1. Data Controller

Noctua Lumen Technologies is the data controller for personal data submitted via this website and during client engagements.

• Company: Noctua Lumen Technologies
• CVR:
• Country: Denmark (Aalborg)
• Contact: contact@nltechnologies.dk

2. Personal data we collect

We only collect data that is necessary for the purpose stated:

• Contact form submissions: name, email, message content, timestamp. Used solely to respond to your enquiry. Legal basis: legitimate interest (Art. 6(1)(f)) and pre-contractual measures (Art. 6(1)(b)).
• Booking data (Calendly): name, email, time-zone, optional message. Used to schedule and run the meeting. Processed by Calendly LLC under their DPA.
• Authentication data: email + hashed password (admin users only). Used to access the site administration.
• Server logs: IP address, user agent, request URL, timestamp. Retained max 30 days for security and abuse prevention. Legal basis: legitimate interest.

3. Where data is stored

All website data is stored on EU/EEA infrastructure:

• Web hosting: Hetzner (Germany)
• Database: PostgreSQL on the same server (Germany)
• Email: Proton Mail — Proton AG, Geneva, Switzerland (Swiss law + EU GDPR adequacy)
• Booking: Calendly LLC (US) — Standard Contractual Clauses in place
• Payments (when active): Stripe Inc. (US/IE) — SCCs + DPA in place

4. Sub-processors

For client project work, we may use the following sub-processors. Each is bound by a Data Processing Agreement:

• Microsoft Azure (EU regions only) — application hosting
• GitHub Inc. — source code repository (private)
• Proton Mail — encrypted email (Switzerland, GDPR adequacy)

For each client engagement we provide a written list of sub-processors involved before any personal data is processed.

5. Retention

• Contact form messages — kept for up to 24 months unless an active engagement exists.
• Booking records — kept until the meeting is completed plus 12 months.
• Server access logs — max 30 days.
• Client project data — for the duration of the engagement plus the period required by Danish bookkeeping law (5 years).

6. Your rights

Under the GDPR you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion ("right to be forgotten")
• Restrict or object to processing
• Data portability
• Withdraw consent at any time
• Lodge a complaint with the Danish Data Protection Agency (Datatilsynet)

To exercise any of these rights, email contact@nltechnologies.dk. We respond within 30 days.

7. Cookies

We do not use marketing or tracking cookies. The only cookies set by this site are strictly necessary for authentication of admin users.

8. Data processing for clients

When acting as a data processor for client projects, we sign a Data Processing Agreement (DPA) before any processing begins. Our standard DPA template is available on request and follows the EDPB guidelines.