Privacy Policy

Privacy Policy

This Privacy Policy is last updated Monday March 20, 2023.

This Privacy Policy is last updated Monday March 20, 2023.

This Privacy Policy is last updated Monday March 20, 2023.


Moonlander takes data protection very seriously and considers data privacy and security across all its services and countries of operation.

This privacy notice explains how and why we collect, hold and use personal data to ensure we fully comply with international data protection legislation and best practice.

Moonlander collects, holds and uses limited personal data on some of its clients’ employees for the following reasons:
• To enable logging in to our technology (typically name and email address)
• For occasional communications, such as invitations to Moonlander events and important business or service delivery news (again, this would typically be name and email address)
• Communications (such as emails) that are exchanged between client employees and Moonlander employeesAny data Moonlander holds for its clients is done so in line with Moonlander data policy, separate data processing agreements and any applicable international legislation.

EU/UK individuals: this Privacy Statement is intended to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of the European Union 27 April 2016 (the General Data Protection Regulation or GDPR), and the UK equivalent (the UK GDPR), and provide appropriate protection and care with respect to the treatment of information in accordance with the GDPR.

US individuals: this privacy statement is intended to comply with state data privacy legislation including, but not limited to, the California Consumer Privacy Act (CCPA), Nevada Senate Bill 220, Vermont’s Protection of Personal Information: Data Brokers Statute, Colorado Privacy Act and the Virginia Consumer Data Protection Act.

Moonlander complies with all international data protection legislation applicable for the individual’s data it holds. Moonlander is part of Operators and all considerations and requirements are documented in Operators data protection policy and managed by Operators Data Protection Officer (DPO).

If you have any questions, please contact Operators (and thus Moonlander) DPO on

1. What information do we collect, hold and process, and why?

We only collect, hold and process the data types mentioned above, in line with applicable legislation.

In the UK and EU, we process data that fully complies with the six lawful reasons to process personal data, set out in Article 6 of the GDPR, which are given below:
Consent: you have given clear consent for us to process your personal data for a specific purpose
Contract: the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations)
Vital interests: the processing is necessary to protect someone’s life
Public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law
Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data that overrides those legitimate interests

UK and EU citizens’ data will be stored and processed within the UK or EU.

Any US citizens’ data will be treated as per the state applicable laws and stored in the US where possible.

All client employees on whom we hold data will be made fully aware of how and why the data we hold on them will be used at the time we collect the data (such as when they register to use our technology). All ‘opt in’ consent will be shown in a clearly visible location.

Only data types that are required for the stated function will be collected.

2. Profiling

Moonlander would only profile individuals that use its website. This would be in line with the cookie banner displayed and section 8 of this privacy policy. Any information used in profiling individuals is kept strictly internal and only used for potential lead generation on business contacts

3. Is this information shared?

We only use your data in the manner and for the purposes stated on collection. It will only be shared with approved third parties who need to access it to carry out their duties in line with the services Moonlander offers to its clients.

We may also share personal data with the following external bodies when required to, in line with the applicable data protection legislation:
• Regulators and government authorities, such as HMRC or the police, if we are required to do so by law.
• Our insurers, legal advisers or other third parties who need access to your data for managing, investigating or defending claims or complaints.
• A potential purchaser of Moonlander, or one of Moonlander’s subsidiaries or parent company (ITG group) that carries out work for you. This would only apply to clients who have agreed to be contacted for references or information.
• Organisations (such as third-party service providers) that process your data on our behalf. They are not allowed to use your data for any other purpose than stated on collection and are fully compliant to the Moonlander / ITG Group ISO 27001 due diligence and third-party management program. You will be informed of any use of your personal data and the legal reason for its use. We take the security and confidentiality of your information very seriously.

4. International transfers

Moonlander, as a global business, considers the location of all data subjects and the required data protection measures. Data storage will always be ideally located in the same location (under data protection legislation) as the location of the data subject, and any data transfer of information between locations is protected in line with the applicable legislation.

If we transfer EU/EEA personal data to recipients outside the EU/EEA, we use adequacy decisions, data transfer agreements, Standard Contractual Clauses (SCC) or other EU-approved mechanisms for such transfers.

Moonlander ensures all of its third parties agree to the Privacy Principles and all data subjects are made aware of such transfers.

Any US data transfers will also be done in line with state legislation and transparency requirements of ITG Group / Moonlander policy.

For further information, please contact Operators (and thus Moonlander) DPO on

5. Data retention

Personal data is stored for various lengths of time depending on the nature and purpose for which it was collected.

We store personal data in line with any applicable statutory minimum periods, and then review it periodically (usually annually) to ensure it is still necessary to be retained for the purpose for which it was collected. Where there is a statutory maximum length that data can be retained, we will delete on expiration.

Any data stored on behalf of our clients is stored in line with separate agreements and applicable data protection legislation.

All data retention periods can be found in the Moonlander’s Data Handling Policy. This can be accessed internally or on request by emailing

6. What are your data subjects’ rights?

Moonlander respects the rights of all data subjects in line with applicable data protection legislation and will put in place processes that allow data subjects to exercise these rights.

EU/EEA personal data will have the following rights:

• You have the right to obtain your personal data from us, apart from in exceptional circumstances (for example, if the information would hinder the prevention, detection or investigation of a crime)
• Where we provide it, the first copy will be free of charge, but we reserve the right to charge a small fee for additional requests to cover administration
• You have the right to require us to rectify any inaccurate personal data we hold concerning you
• Taking into account the purposes of the processing, you may also have the right to have incomplete personal data completed, by means of providing a supplementary statement or information
• You have the right to require us to erase your personal data on certain limited grounds (including where they are no longer necessary for the purpose for which they were collected or where you withdraw your consent and there are no other legal grounds for processing)
• Where we process personal data either on the basis of consent or contractual necessity, and where you provided the personal data to us and we processed it by automated means, you have the right to require us to give you your data in a commonly used electronic format
• You have the right to object to our processing of your personal data when processed on the grounds of our legitimate interests, although we do not always have to honour your objection – we can refuse to cease processing where we have a compelling legitimate ground that outweighs your interests, or if we need the data to bring or defend a legal claim

You have the right to require us to restrict the processing of your personal data on certain grounds, including where:

• You contest the accuracy of the personal data and want us to restrict processing of your personal data while we verify its accuracy
• The processing is unlawful, but you request a restriction of the processing rather than erasure
• We (as controller) no longer need the data for the purposes of the processing, but you have told us you require us to retain that personal data for you to establish, exercise or defend legal claims
• You have objected to us processing your personal data on the grounds of legitimate interests and want us to restrict processing your personal data while we consider your objection

US personal data will have the rights associated to the state in which the data subject resides. Current rights, mainly associated to California, Colorado and Virginia:

• Right to access
• Right to correct
• Right to deleteRight to portability
• Right to opt out of all or specific processing
• Age-based opt-in right
• Right to opt in for sensitive data processing
• Right not to be subject to fully automated decision

If you would like to exercise any of these rights or have any questions about how Moonlander handles and assesses data subjects’ rights in a specific location, please contact

7. Data Security

Moonlander is an ISO 27001 certified company that falls under the scope of the certification of Operators and fully complies with Article 5(1) of the GDPR and US state security requirements.

8. Cookies

We use cookies on our website for a variety of reasons which you can learn about below.

The cookies we use do not store personally identifiable information nor can they harm your computer. We want our site to be informative, personal, and as user-friendly as possible, and cookies helps us to achieve that goal.

By using our website or systems, you agree to the use of cookies as set out in this policy. We appreciate that some users may prefer individual control over their visit to our website and can adjust their system settings accordingly.

You can read all about this in section 8.3 below, entitled "What are your choices regarding cookies?"

All users of our website will be presented with a banner asking them to accept cookies.

8.1 What are cookies?
Cookies are small text files that hold a certain amount of data, that our website can send to your browser. It may then be stored on your computer's hard drive and can be accessed by our web server. This cookie data can then be retrieved and can allow us to customise our web pages and services accordingly. It's important to clarify that cookies do not collect any personal data stored on your hard drive or computer.

To find out more about cookies, visit

8.2 How we use cookies
Our website uses 4 main types of cookies that are defined by a third-party cookie management service. This service allows our website users to make an informed decision on what cookies they allow.

The four main types of cookies used are:

Necessary – Necessary cookies help make a website usable by enabling basic functions, such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Preferences – Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.

Statistics – Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

Marketing – Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers.

A more detailed breakdown of the actual cookies used can be located in the details section of the cookies banner, displayed when you visit our website.

8.3 What are your choices regarding cookies?
We want our website users to be as informed as possible and will present a banner that allows a user to choose what type of cookies are collected and used.

If you'd like to delete cookies, or would like to instruct your web browser to delete or refuse cookies, please visit the help pages of your web browser. Please note, however, that if you delete cookies or refuse to accept them, you may not be able to use the features we offer, you will not be able to log in securely and may not be able to store your preferences.

This will affect your ability to use the site and some of our pages may not display properly.

8.4 Where can you find more information about cookies?
You can learn more about cookies by visiting the following third-party websites:

All About Cookies:
Network Advertising Initiative:

9. Updating the Privacy Policy and keeping you informed

We strive for continuous improvement to our services, processes and protection of data subject rights. We will, therefore, update this privacy notice from time to time.

If we hold your data, we will make sure you are informed of any changes.

Our Data Protection Officer will make sure your information is kept safe throughout the Moonlander Group and ensure all parties are made aware of the relevant legislation.

10. Information and Complaints

All complaints, questions or concerns and appropriate resolutions relating to the practices around handling personal information will be logged. Operators is registered as a data controller with the UK Information Commissioners Office (ICO).

Any complaints of this nature should be made to Operators (and thus Moonlander) DPO at

You also have the right to lodge a complaint with a supervisory authority if we cannot resolve your complaint.