GDPR Compliance

At LUNARBAY GROUP (HONGKONG) LIMITED ("Lunarbay Group," "we," "us," or "our"), we are committed to protecting the privacy and rights of individuals in the European Economic Area (EEA) in accordance with the General Data Protection Regulation (GDPR). This GDPR Compliance Statement explains how we comply with the GDPR when processing personal data of individuals in the EEA.

1. Data Controller

Lunarbay Group acts as a data controller for the personal data we collect and process. As a data controller, we determine the purposes and means of processing personal data. Our contact details are:

LUNARBAY GROUP (HONGKONG) LIMITED
Room 602, 6/F, Kai Yu Commercial Building
2C Argyle Street, Mongkok, Kowloon, Hong Kong
Email: bd@lunarbaygroup.com

2. Data Protection Principles

We adhere to the following principles when processing personal data:

• Lawfulness, fairness, and transparency: We process personal data lawfully, fairly, and in a transparent manner.
• Purpose limitation: We collect personal data for specified, explicit, and legitimate purposes and do not process it in a manner that is incompatible with those purposes.
• Data minimization: We collect and process only the personal data that is necessary for the purposes for which it is processed.
• Accuracy: We take reasonable steps to ensure that personal data is accurate and, where necessary, kept up to date.
• Storage limitation: We keep personal data in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the data is processed.
• Integrity and confidentiality: We process personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
• Accountability: We are responsible for and can demonstrate compliance with the GDPR.

3. Legal Bases for Processing

We process personal data only when we have a legal basis to do so. The legal bases we rely on include:

• Consent: When you have given clear consent for us to process your personal data for a specific purpose.
• Contract: When processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
• Legal obligation: When processing is necessary for compliance with a legal obligation to which we are subject.
• Legitimate interests: When processing is necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.

We will inform you of the specific legal basis for processing at the time we collect your personal data or as soon as possible thereafter.

4. Your Rights Under GDPR

If you are in the EEA, you have the following rights regarding your personal data:

• Right to access: You have the right to request a copy of your personal data that we hold.
• Right to rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
• Right to erasure: You have the right to request that we delete your personal data in certain circumstances.
• Right to restrict processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
• Right to data portability: You have the right to request that we transfer your personal data to another organization or directly to you in a structured, commonly used, and machine-readable format.
• Right to object: You have the right to object to the processing of your personal data in certain circumstances, including processing for direct marketing purposes.
• Rights related to automated decision-making and profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

To exercise any of these rights, please contact us at bd@lunarbaygroup.com. We will respond to your request within one month. This period may be extended by two further months where necessary, taking into account the complexity and number of requests.

5. Data Subject Access Requests

You have the right to access your personal data that we hold. To make a data subject access request, please contact us at bd@lunarbaygroup.com with the subject line "Data Subject Access Request." We may need to verify your identity before responding to your request.

We will provide you with a copy of your personal data in a structured, commonly used, and machine-readable format. We may charge a reasonable fee based on administrative costs if you request additional copies or if your request is manifestly unfounded or excessive.

6. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay. We will also notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible.

The notification will include:

• The nature of the personal data breach;
• The name and contact details of our data protection officer or other contact point;
• The likely consequences of the breach;
• The measures taken or proposed to address the breach, including measures to mitigate its possible adverse effects.

7. Data Protection Impact Assessments

We conduct data protection impact assessments (DPIAs) when processing is likely to result in a high risk to the rights and freedoms of individuals. DPIAs help us identify and minimize data protection risks.

8. Data Protection by Design and Default

We implement appropriate technical and organizational measures to ensure that, by default, only personal data that is necessary for each specific purpose of the processing is processed. This includes:

• Pseudonymization and encryption of personal data where appropriate;
• Ensuring the ongoing confidentiality, integrity, availability, and resilience of processing systems and services;
• The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
• A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

9. International Data Transfers

We may transfer your personal data to countries outside the EEA. When we do so, we ensure that appropriate safeguards are in place to protect your personal data, such as:

• Transferring to countries that have been deemed to provide an adequate level of protection by the European Commission;
• Using specific contracts approved by the European Commission that give personal data the same protection it has in Europe;
• Implementing binding corporate rules that have been approved by the relevant supervisory authority.

10. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider:

• The amount, nature, and sensitivity of the personal data;
• The potential risk of harm from unauthorized use or disclosure of the personal data;
• The purposes for which we process the personal data;
• Whether we can achieve those purposes through other means;
• The applicable legal requirements.

11. Contact Us

If you have any questions about our GDPR compliance or how we handle your personal data, please contact us at:

LUNARBAY GROUP (HONGKONG) LIMITED
Room 602, 6/F, Kai Yu Commercial Building
2C Argyle Street, Mongkok, Kowloon, Hong Kong
Email: bd@lunarbaygroup.com

You also have the right to lodge a complaint with a supervisory authority in the EEA if you believe that we have not complied with the requirements of the GDPR.

Last Updated: June 3, 2025

Back to Home