Privacy Policy

1. Who we are

Galaxen (Pvt) Ltd ("Galaxen", "we", "us", "our") is a software development company registered in England and Wales. Our registered address is London, UK. We operate the website galaxen.co and provide software development, product design, and related professional services. For data protection purposes, Galaxen (Pvt) Ltd is the data controller for personal data collected through this website.

2. Data we collect and why

• Contact form submissions — when you fill in our contact form we collect your name, email address, company name (optional), a description of your project, and other information you choose to provide. We use this to respond to your enquiry and assess whether we can help you.
• Email correspondence — if you email us directly, we collect your email address and any personal data contained in the message. We use this to reply and to manage our client relationship.
• Analytics data — we use privacy-respecting analytics to understand how visitors use our website (pages viewed, referring source, device type). This data is aggregated and cannot identify you individually.
• Cookies — we use strictly necessary cookies to operate the website and, where you consent, analytics cookies. See Section 7 for details.

3. Legal basis for processing

• Legitimate interests (Article 6(1)(f) UK GDPR) — responding to enquiries you initiate, preventing fraud, and improving our services.
• Consent (Article 6(1)(a) UK GDPR) — analytics cookies and marketing communications, where we ask for your explicit consent.
• Contract (Article 6(1)(b) UK GDPR) — where we have a signed client agreement, processing necessary to perform that contract.

4. How we use your data

• Responding to your project enquiry or support request.
• Sending project proposals, invoices, and contractual documentation to existing or prospective clients.
• Improving our website and services using aggregated analytics.
• Complying with legal obligations (e.g. financial record-keeping).
• We do not sell your personal data to third parties. We do not use your data for automated decision-making or profiling.

5. Who we share data with

• Service providers — we share data only with trusted processors who help us operate the business: email hosting (Google Workspace), project management tools, and cloud infrastructure providers. All processors are contractually bound to process data only on our instructions.
• Legal requirements — we may disclose data where required by law, court order, or regulatory authority.
• Business transfers — if Galaxen is acquired or merges, your data may transfer to the new entity, who will be bound by this policy.
• We do not share data with advertising networks or data brokers.

6. International transfers

Some of our service providers are located outside the UK or European Economic Area. Where we transfer personal data internationally, we ensure appropriate safeguards are in place (e.g. Standard Contractual Clauses or UK adequacy regulations). Contact us if you would like details of the specific safeguards for any transfer.

7. Cookies

• Strictly necessary cookies — required for the website to function. No consent needed.
• Analytics cookies — used to understand how visitors interact with the site (page views, session duration, source). We only set these with your consent via our cookie banner. You can withdraw consent at any time.
• We do not use advertising cookies or third-party tracking pixels.

8. How long we keep data

• Enquiry data — retained for 12 months from last contact if no project is initiated, then deleted.
• Client data — retained for 7 years after project completion to comply with UK accounting and legal obligations, then securely deleted.
• Analytics data — aggregated and retained for 24 months.

9. Your rights

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate or incomplete data.
• Erasure — request deletion of your data where we have no legitimate reason to retain it.
• Restriction — ask us to pause processing your data in certain circumstances.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — where processing relies on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• To exercise any right, email us at hello@galaxen.co. We will respond within 30 days.

10. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or destruction — including encrypted data transmission (HTTPS), access controls, and regular security reviews. No transmission over the internet is 100% secure; we cannot guarantee absolute security but commit to notifying affected individuals promptly in the event of a breach.

11. Complaints

If you believe we have mishandled your data, please contact us first at hello@galaxen.co so we can resolve the issue. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

12. Changes to this policy

We may update this policy from time to time. We will notify you of material changes by posting a notice on our website. The date at the top of this page shows when it was last revised.

13. Contact us

For any data protection queries, write to: Galaxen (Pvt) Ltd · hello@galaxen.co · London, UK.