Privacy Policy
Updated February 7, 2026
This Privacy Policy governs the processing of your personal data by Lunoa (hereinafter referred to as "Lunoa", "we"), a sole proprietorship with its registered address at PO BOX 1126, Research VIC 3095 Australia, registered under number 775184167.
The privacy and security of your personal data (hereinafter referred to as "you" or "your") are very important to us. The purpose of this Privacy Policy is to clarify what categories of personal data we collect through our various activities and services. We explain whether or not your personal data will be disclosed to third parties and the restrictions and safeguards that apply to such transfers. We also aim to provide you with an overview of the purposes for which we process your personal data and the rights you may exercise in this regard.
Article 1 General information
Your personal data may reach us by various means. They may come directly from you via our website: www.lunoa.app, its subdomains and directories (collectively referred to as the "Website"), any other information and communication technology channel including our mobile application ("Application"), e-mails and voice calls, or through any in-person interaction we may have. We may also receive your personal data indirectly, for example from third-party sources.
For the purposes of this Privacy Policy, we should be considered the controller of your personal data. This means that applicable data protection law imposes certain obligations on us. That law includes, in particular, the Australian Privacy Act 1988, the Australian Privacy Principles, and the General Data Protection Regulation (Regulation (EU) 2016/679 of 27 April 2016, "GDPR"), including future adaptations and amendments (collectively the "Data Protection Legislation").
If you have any questions about this Privacy Policy, or if you believe your interests are not or have not been adequately represented, please send your questions to: info@lunoa.app.
Article 2 How we collect personal data
Your personal data may reach us in many ways. This may be directly or indirectly, through in-person or online interactions, through an action you take, or via automated means, etc. We have identified the following, non-exhaustive list of collection points:
- When you visit and use our Website, including when you fill in forms on it or via cookies and similar technologies;
- When you use our Application or otherwise access our services, including when you fill in forms in the Application or via cookies and similar technologies;
- When you contact us, including, without limitation, by email, telephone, postal letter, etc.;
- When you organise and participate in meetings, both online and offline; and
- When your data is provided to us by an Organizer in the context of our services. In general, the Organizer's privacy policy applies exclusively to the processing of these personal data. However, where that is not the case, we will aim to inform you of the application of this Privacy Policy, as indicated in Article 4(B) of this Privacy Policy.
We may also collect and receive personal data from publicly accessible sources, such as public registers for individuals and public registers for companies, in accordance with the purposes set out below.
Article 3 Personal data we collect and process
Below we attempt to provide a general overview of the main categories of personal data we may collect and process about you. Please note that these categories are intended to give you as complete a picture as possible, but we cannot provide an exhaustive list due to the nature of our activities. As a rule, the personal data we process about you will always be linked to the specific purposes identified in Article 4 of this Privacy Policy.
Please be aware the categories of personal data we process about you will depend on your relationship with us.
Our services are not directed at children. If we become aware of the inadvertent processing of personal data relating to children, we will take steps to remove such data immediately.
A. Contact and basic identification data
This category includes identification data and basic professional details such as your given name, family name, date of birth, company name and job title. It also includes contact details such as your email address and telephone number. When necessary for the purposes set out below, it may also include demographic information such as your address, security questions, etc.
B. Preference data
We collect data about your participation in our events, including required skill levels, affiliations, dietary requirements, personal interests and preferences.
This also includes your newsletter subscription, downloads, and similar preferences.
C. Financial data
Financial data means billing details, credit card information, account numbers, payment history, etc.
D. Usage and technical data
We collect and store full IP addresses, unique device identifiers, your browser type, timezone settings, the operating system and hardware specifications you use to access our Website and social media accounts. We may also collect personal data when you access our Wi‑Fi network and other electronic services. Please note that this data may be collected by automated means such as cookies. Refer to our Cookie Policy for more information about our processing of personal data via cookies and similar technologies.
Article 4 How we use personal data
In the following section we set out the specific purposes for which your personal data may be processed. In addition to explaining why and how we may use your personal data, we provide the legal bases on which we rely to process personal data lawfully.
Please contact us as indicated in Article 11 of this Privacy Policy if you have questions about the purposes for which we process your personal data.
A. Interactions with us
We may collect and process personal data about you in the course of communications, whether or not related to the performance of our services. The personal data concerned typically includes contact and basic identification data. Such personal data may be used to respond to your requests, provide services and/or other information you may have requested.
Note that processing under this section covers both online and offline interactions. This means information such as personal data on a business card you gave us may also be processed by us.
For the collection and processing of your personal data in relation to our interactions, we rely on our legitimate interest in providing you with the best possible interactions, including delivering services, responding to enquiries and providing appropriate response times.
B. Services
We process your contact and identification data for the performance of our services for account management. To this end, we manage information to allow you to access our services, manage your account, manage your tickets, manage your preferences, access events, etc.
We process your preference data for the purpose of providing our services to you and to the Organizer. To this end, we collect information related to ticket purchases and preferences which are then associated with various user profiles to produce general statistics and specific recommendations based on collected preferences.
For processing personal data in connection with the performance of our services, as controller, we always ask for your prior and explicit consent. When we request your consent we will also provide a link to this Privacy Policy. You may withdraw your consent at any time as set out in Article 8 below.
C. Marketing
We may use your personal data for direct marketing purposes. We may use your contact and identification data and preference data to provide you with information about events we organise or that Organizers organise, communications about our products and services, newsletters, etc.
For direct marketing processing we rely on your consent to receive such communications.
If you are a customer or use our services, we may send you marketing communications based on services we have provided to you in the past. In that case we may send you direct marketing communications based on our legitimate interest in informing you about related services and developments in our activities.
When you receive marketing communications either on the basis of your consent or our legitimate interest, you may unsubscribe at any time by emailing info@lunoa.app or by clicking the unsubscribe link at the bottom of a specific commercial communication.
D. Business administration
We collect and process contact, identification, preference and, where applicable, financial data of persons acting as representatives of their organisations, and of persons who are or may become our business partners or service providers, for general business administration purposes.
Personal information may be used to schedule meetings, perform services by our service providers, establish a business relationship with a service provider, etc.
For the collection and processing of your personal data in the context of business administration, we rely on the contract with the service provider.
Where there is no contract in place, we rely on our legitimate interest in storing information about potential partners and/or service providers, including their representatives.
E. Legal compliance
We may use your contact and identification data, preference data, usage and technical data, as well as your financial data for our own compliance with legal and regulatory obligations imposed on us. These obligations include all tax obligations to which we are subject.
Please note that we may collect or receive this information from you or from third-party sources such as official bodies managing such documentation on your behalf or at your instruction.
We may also process your personal data under this section to establish and assert legal, administrative or judicial claims or defenses.
For the collection and processing of your personal data to comply with specific legal or regulatory obligations, we rely on the necessity to respect the various legal obligations to which we are subject.
When we process personal data to establish or assert our own claims or defences, we rely on our legitimate interest in protecting our commercial, financial and legal interests, as permitted by law.
F. Customer insights and analytics
We may analyse information, including personal data necessary to enable us to identify you in relation to other personal data, such as your interactions on the Website, social media and your communications with us. This information typically concerns your contact and identification data and usage and technical data.
The collection and analysis of this information may be carried out using cookies, web beacons, pixel tags, log files and similar technologies used to collect personal data from the hardware and software you use to visit our Website, including mobile devices you may use.
For more information about the cookies, web beacons and pixel tags used on our Website and Application, please consult our Cookie Policy.
For the collection and processing of your personal data for analytics purposes, we rely on our legitimate interest in using your personal data to continuously improve our services to provide you with the best possible experience on our Website and social profiles.
G. Security and IT management
We use your contact and identification data and your usage and technical data to ensure the effective and secure operation of our IT security systems and, more generally, the online environment we make available to you, including the management of your accounts and password-protected areas of our Website.
The collection and analysis of this information may, among other methods, be carried out using cookies, web beacons, pixel tags, log files and similar technologies used to collect personal data from the hardware and software you use to visit our Website or Application, including mobile devices you may use.
For more information about the cookies, web beacons and pixel tags used on our Website and Application, please refer to our Cookie Policy.
For the collection and processing of your personal data in order to secure and ensure the effective operation of our online environments, we rely on our legitimate interest to monitor how our Website and Application are used and to detect and prevent fraud, criminal activities and general misuse of our services.
Article 5: Retention periods for your personal data
Our policy is to retain your personal data only as long as necessary to achieve the purposes for which it was collected or provided to us. Below we provide the information necessary for you to evaluate how long we may retain your personal data.
As a rule, we anonymise or delete any personal data that is no longer considered necessary for the purposes described above or when the retention period described below has expired. If no retention period has been specified for a particular processing purpose, personal data will be deleted or anonymised no later than ten (10) years after collection or receipt by us.
However, please note that your personal data will never be anonymised or deleted where such data must be retained by us under a legal, administrative or judicial obligation. Such an obligation would effectively prohibit or make it impossible for us to delete your personal data. These data will be stored and processed thereafter only for compliance purposes and will not be processed for other purposes.
Deletion or anonymisation of personal data will always take place without further notice or liability on our part.
We distinguish the following retention periods:
| Preferences | Two (2) years after your last access to the services. |
| Marketing | Five (5) years from the date we received your consent or from your last use of our services. |
| Legal compliance | Ten (10) years after our last commercial transaction or ten (10) years after the closure of your file. |
| Customer insights and analytics | Two (2) years after receipt or collection of the personal data. |
| Security and IT management | Twelve (12) months after collection of the information, unless the information may lead to compliance and enforcement action by us, in which case it will be retained for ten (10) years after collection. |
Article 6 With whom we share your personal data
In order to provide our services and make our Website, Application and social media pages available to you, we may share your personal data with Organizers, third‑party contractors and/or other controllers. The sharing of your personal data is either carried out on the basis of our contract with you, where necessary for the performance of our services, or based on our legitimate interest in providing our services in the best possible way and ensuring adequate communication within our organisation.
We do not share your personal data with these recipients for secondary or unrelated purposes unless expressly indicated at the time of collection. Recipients have been carefully selected and appropriate measures have been taken to ensure adequate protection of your personal data.
Please note that due to the complexity and changing nature of our services we cannot provide an exhaustive list of all recipients with whom your personal data may be shared. However, we have identified the following recipients who may process personal data about you:
- Organizers
- Nightclub manager
As indicated, we may also share your personal data with other recipients such as:
- Our accountants, auditors, lawyers or similar advisors when we engage them to provide their respective services;
- Any other third party to whom we are obliged to disclose or share your personal data in order to comply with legal obligations;
- The Organizers.
For more information about recipients of your personal data, you may contact us as set out in Article 11.
Article 7 International data transfers
We are an Australian company with offices registered only in Australia. In principle, your personal data will be stored and processed in Australia. However, for the purposes set out in Article 4 of this Privacy Policy, we may transfer personal data to other jurisdictions outside Australia, which are therefore not bound by the Australian Privacy Act 1988. When we transfer your personal data to third parties located in such jurisdictions, we implement appropriate safeguards in our agreements with those parties in order to ensure an adequate level of data protection, at least equivalent to the level of protection you are entitled to under the Australian Privacy Act 1988.
Article 8 Your data protection rights
Under applicable data protection law, you have the right to exercise certain rights regarding your personal data processed by us.
If you wish to obtain more information about your rights or to exercise them, please write to info@lunoa.app. We ask that you properly identify yourself when exercising your data protection rights so that we can carry out your request within the timeframes set out below.
The exercise of your rights is free of charge and will be carried out within one (1) month of receipt of your request. We may extend this period by a further two (2) months, i.e. to a total of three (3) months, if your request proves to be particularly complex. If we decide to extend the initial period, we will always inform you of this decision in due time.
In cases where we consider your request to be manifestly unfounded or excessive, we reserve the right to charge administrative fees for the execution of your request or to refuse to comply with your request. You will always be informed of our decision within the time limits indicated above.
A. Withdrawal of consent
You have the right to withdraw your consent for any processing activities for which you have previously given consent. Please note that withdrawal of your consent will not affect the lawfulness of processing carried out on your personal data prior to the withdrawal.
B. Right of access
You have the right to request a copy of the personal data we process and hold about you. If we process and/or hold personal data about you, you will receive a copy of that information in an understandable format, together with an explanation of why and how we hold and use it.
In addition, you may request information about the recipients or categories of recipients to whom your personal data have been disclosed, including recipients established in third countries outside the EEA. Please refer to Article 7 of this Privacy Policy to see how we handle transfers of personal data to countries outside the European Economic Area.
C. Right of rectification
You have the right to ask us to correct your personal data. This includes the right to ask us to correct typographical errors or to update an address, email addresses, telephone numbers, etc.
In addition, depending on the purposes of the processing, you have the right to complete any incomplete information we process or hold about you.
D. Right to erasure
You have the right to request the erasure of personal data we process about you. We may refuse to erase your personal data if processing is carried out to comply with legal obligations, for reasons of public interest, or for the establishment, exercise or defence of our legal rights.
If you wish to erase personal data processed on the basis of a contract you have concluded with us, we may have to stop providing the services under that contract if processing of that personal data is necessary to perform the contract.
E. Right to restrict processing
In certain circumstances you have the right to ask us to restrict our processing of your personal data. Note that by exercising this right, the personal data concerned will remain stored in our possession, but we will not be able to process them further. You may ask us to restrict the processing of your personal data when:
- you contest the accuracy of the personal data we process about you;
- our processing of your personal data would be unlawful;
- we no longer need to process your personal data for the purposes set out in Article 4, but you object to their deletion because of a legal obligation or other reason; or
- you object to our processing as set out below, but you do not want us to erase your personal data.
F. Right to object to processing
Where we process and collect your personal data on the basis of our legitimate interest, you have the right to object to such processing. If you exercise your right to object, we may provide you with our legitimate grounds for continuing to process your personal data.
Our decision to continue processing your personal data does not prevent you from lodging a complaint with the competent supervisory authority as set out in Article 12 below.
G. Right to data portability
You have the right to receive personal data that we process or hold about you in a structured, commonly used and machine-readable format. In addition, you have the right to have those personal data transmitted to another controller where:
- the personal data in question were provided to us by you; and
- we process the personal data on the legal basis of your consent or under a contract you have concluded with us, as set out in Article 4 of this Privacy Policy.
Please note that we may refuse to comply with this right where we consider the requested action to be technically infeasible, a legal obligation prevents us from transferring or providing these personal data, or the exercise of your rights under this section would conflict with our legitimate interest.
Article 9 Security of your personal data
We use generally accepted and reasonable technical and organizational measures, in line with current technological developments in operational security, to provide protection against loss, misuse, alteration or destruction of all personal data we store and process.
Our technical and organizational measures are frequently updated in order to adapt these measures to new technical and organizational procedures and to ensure the continued security of your personal data.
Please note that our Website and social media accounts may contain links to other websites or internet resources that may also collect personal data, for example via cookies or other technologies. We assume no responsibility and exercise no control over those other websites or internet resources or their collection, use or disclosure of your personal data. We recommend consulting the privacy policies of those other websites and internet resources to understand how they collect and process your personal data.
Article 10 Changes to the Privacy Policy
We may make adjustments and improvements to the Privacy Policy from time to time. These changes will be made mainly to reflect new case law and developing practices in the field of data protection, and to ensure your control over your personal data.
The most recent version of the Privacy Policy will always be posted on the Website and can be requested as indicated in Article 11 below. At the top of this Privacy Policy you may check the date on which we made the latest changes. Please contact us if you wish to consult earlier versions.
Article 11 Questions and requests
You agree to provide us with accurate personal data. You may at any time amend the personal data we hold by sending us an email. We cannot be held responsible for any failure of our services linked to incorrect information you provided.
If you have any questions about this Privacy Policy or feel that your interests are not or have not been properly represented, you may address any questions to the following email address: info@lunoa.app.
Article 12 Dispute resolution
This Privacy Policy is governed by — and interpreted in accordance with — Australian law.
You have the right to lodge a complaint with the competent data protection authority, namely the authority of the Member State of your habitual residence, place of work or the place of the alleged infringement of the applicable data protection law. Notwithstanding the foregoing, the main data protection authority is the Australian Information Commissioner, which may be contacted by the following means:
- by following the instructions and filling in the form available on their website;
- by sending a letter to GPO Box 5218, Sydney, NSW 2001, Australia;
- by calling the following number: +61 2 9284 9749;
- by sending a fax to +61 2 9284 9749; or
- by sending an email to privacy@oaic.gov.au