This policy applies to personal data we process in connection with our websites (including galdunx.com and sub‑domains), products, marketing, and client services. It also describes your choices and rights under applicable laws such as the EU/UK GDPR, Nigeria Data Protection Act (NDPA), and similar laws.

Galdunx Digital Agency ("Galdunx") is a creative & technology studio offering design, web/app development, and growth services. For privacy questions, Galdunx is the data controller for the processing activities described here unless stated otherwise.

• Visitors to our sites and landing pages.
• Prospective and current clients, newsletter subscribers, and partners.
• Job applicants and contractors interacting with our recruitment or onboarding tools.

Information you provide

• Contact details (name, email, phone, company, role).
• Account and billing information when you become a client.
• Content you submit (briefs, files, messages, feedback, support requests).
• Recruitment data (CV/resume, portfolio, interview notes) if you apply for a role.

Information collected automatically

• Device and usage data (IP address, browser, pages viewed, timestamps, referrer/UTM).
• Approximate location (derived from IP address).
• Cookies, local storage, and similar technologies (see Cookies section).

Information from third parties

• Lead sources and partners (events, referrals, social media, ad platforms).
• Payment processors for invoicing and transaction confirmations.
• Publicly available business information for prospecting and due diligence.

• Provide and improve our Services and customer support.
• Operate websites, personalize content, and measure performance.
• Process payments, invoices, and contract administration.
• Marketing and communications (newsletters, product updates, event invites).
• Security, fraud prevention, and to enforce our terms.
• Recruitment, hiring, and vendor management.
• Compliance with legal obligations and requests from authorities.

• Contract – to provide Services you request.
• Consent – for optional cookies, marketing, and where required by law.
• Legitimate interests – to run our business, secure our Services, and improve user experience.
• Legal obligation – to comply with tax, accounting, and regulatory requirements.

We use cookies, pixels, and local storage to keep you signed in, remember preferences, analyze traffic, and measure campaigns. You can control cookies through your browser settings and, where available, our consent banner. Disabling cookies may affect some features.

We may use analytics (e.g., Google Analytics) and advertising platforms (e.g., Meta Ads, Google Ads) that set cookies or read device identifiers to help us understand performance and reach the right audience. These providers may combine this data with information you’ve provided to them or they’ve collected from your use of their services. You can opt out of interest-based ads via your device settings or platform controls.

• Service providers and subprocessors under contract (hosting, analytics, payments, email, CRM).
• Professional advisors, auditors, and insurers bound by confidentiality.
• Business transfers (merger, acquisition, financing, or asset sale).
• Legal and compliance where required by law or to protect rights and safety.

We do not sell your personal data. We only share as described above, with appropriate safeguards.

We keep personal data only as long as necessary for the purposes described in this policy (for example, contract performance, legal obligations, and dispute resolution). Retention periods vary depending on the nature of the data and our obligations.

We implement administrative, technical, and physical safeguards designed to protect personal data. No method of transmission or storage is 100% secure; we continually improve our measures and encourage you to use strong passwords and enable available security features.

Depending on your location, you may have rights to access, correct, delete, restrict or object to processing, receive a portable copy of your data, and withdraw consent at any time. To exercise rights, contact us using the details below. We may ask for verification before responding.

Our Services are not directed to children under 13 (or the age defined by local law). We do not knowingly collect personal data from children. If you believe a child has provided us personal data, please contact us and we will take appropriate steps to delete such information.

We may process and store information in countries other than where you reside. Where applicable, we rely on appropriate safeguards (such as standard contractual clauses) to protect personal data transferred across borders.

We may update this policy from time to time. The “Last updated” date at the top reflects the most recent changes. Significant changes may be communicated through our Services or by email.

If you are an EEA/UK resident and believe your rights have been infringed, you may lodge a complaint with your local data protection authority.