This Privacy Policy applies to all visitors and users of the website www.neosun.com and associated pages (the “Website”)
1) Who we are
This Privacy Policy explains how Neosun Group – Neosun Energy Holdings Ltd and its affiliates listed here (collectively, “Neosun”, “we”, “us”) – collects, uses, discloses, and protects personal data when you visit or interact with the Website.
For the purposes of the Website, the primary data controller is Neosun Energy Holdings Ltd. Certain processing may be carried out by other Neosun entities as controllers or processors depending on your interaction.
Privacy contact: in**@****un.com
If you are in the EEA/UK and we do not have a local establishment, our representatives are listed on the Group Entities page (GDPR Art. 27/UK GDPR).
By using the Website, submitting forms, or otherwise providing personal data, you acknowledge this Policy. Where required by law, we will request your explicit consent.
2) Scope
This Policy applies to visitors and users of the Website, including contact forms, downloadable materials, newsletter sign-ups, and embedded third-party services. It does not cover processing carried out on third-party websites that we don’t control.
3) What data we collect
3.1 Data you provide directly
- Contact & identification: name, company, job title, email, phone, country/region.
- Business information: project details, budgets, timelines, interests and preferences.
- Content of messages: questions, support requests, feedback, files you upload.
- Recruitment (if applicable): CV/resume, cover letter, links to profiles, work history.
3.2 Data collected automatically
- Device/usage data: IP address, device and browser type/version, OS, language, referrer/exit pages, pages viewed, time and date, clicks, scrolls, session duration.
- Approximate location: derived from IP (country/region/city).
- Cookies and similar technologies: pixels, tags, local storage. See Cookies & Tracking below.
3.3 Data from third parties
- Leads & enrichment: public business profiles, event registrations, partners/referrers.
- Analytics & marketing tools: aggregated data from our vendors (e.g., page view counts, campaign performance).
- Anti-fraud & security: signals to prevent abuse and spam.
We do not intentionally collect special categories of personal data (e.g., health, religion) via the Website.
4) Purposes and lawful bases (GDPR/UK GDPR)
We process personal data for the following purposes and on these legal bases:
| Purpose | Examples | Legal basis |
|---|---|---|
| Responding to requests | Contact forms, quote requests, demo/meeting scheduling | Contract (pre-contract steps) / Legitimate interests (B2B communications) |
| Providing Website & features | Load pages, remember preferences, ensure security | Legitimate interests; Consent for non-essential cookies |
| Marketing & newsletters | News, product updates, event invites | Consent (where required); Legitimate interests (B2B) |
| Analytics & improvement | Measure traffic, diagnose issues, A/B testing | Consent for analytics cookies; Legitimate interests for strictly necessary metrics |
| Security & fraud prevention | Detect abuse, ensure integrity | Legitimate interests; Legal obligation |
| Legal & compliance | Record-keeping, regulatory requests, enforcing rights | Legal obligation; Legitimate interests |
Where we rely on consent (e.g., analytics/marketing cookies, certain email marketing in the EEA/UK), you can withdraw it at any time via our cookie controls or unsubscribe links.
5) Cookies & tracking technologies
We use cookies and similar technologies to operate the Website, remember your preferences, analyze usage, and (where applicable) support marketing campaigns.
Types of cookies:
- Strictly necessary: essential for core functionality (security, load balancing).
- Preferences: remember settings (language, region).
- Analytics: measure and improve Website performance (e.g., Google Analytics).
- Marketing: measure campaigns, show relevant content (only if used).
Your controls:
- Use our Cookie Banner/Manager to accept/reject non-essential cookies.
- Adjust browser settings to block or delete cookies.
- Opt-out of Google Analytics with the official add-on (if applicable).
We respond to consent choices set via our Cookie Manager; “Do Not Track” (DNT) signals are not universally honored.
6) How we share data
We do not sell your personal data. We may share it with:
- Service providers (“processors”): hosting (e.g., cloud providers), website platform/CMS, analytics (e.g., Google Analytics), CRM and email tools, form processors, security/anti-spam (e.g., reCAPTCHA), videoconferencing/scheduling, document delivery. These vendors process data under contract and only as instructed by us.
- Business partners/affiliates: when you ask us to connect you or when collaboration is required to respond to your request.
- Authorities & legal: to comply with applicable law, enforce our terms, protect rights, safety, or property.
- Corporate transactions: in connection with mergers, acquisitions, financing, or asset transfers, subject to applicable confidentiality and data-protection obligations.
A current list of key processors is available on request at in**@****un.com.
7) International transfers
We operate globally. Your data may be transferred to and processed in countries outside your own (including outside the EEA/UK). Where required, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs), and apply technical and organizational measures to protect your data. You can request a copy of relevant safeguards via in**@****un.com.
8) Retention
We keep personal data only as long as necessary for the purposes described in this Policy, including to meet legal, accounting, or reporting requirements. Typical retention:
- Contact form data: 24 months after last interaction (unless a business relationship forms).
- Marketing lists: until you unsubscribe or your consent is withdrawn, then archived suppression.
- Analytics data: per vendor defaults or aggregated/anonymized as soon as feasible.
- Legal/compliance records: per statutory retention periods.
9) Security
We use administrative, technical, and physical safeguards appropriate to the risk, including encryption in transit (HTTPS), access controls, least-privilege principles, and periodic reviews. No method of transmission or storage is 100% secure; if we detect a breach affecting your data, we will notify you and regulators when legally required.
10) Your rights
Depending on your jurisdiction (e.g., EEA/UK under GDPR/UK GDPR; certain US states), you may have the right to:
- Access your personal data and obtain a copy;
- Rectify inaccurate or incomplete data;
- Erase (delete) data in certain circumstances;
- Restrict or object to processing;
- Data portability (receive data in a structured, commonly used format);
- Withdraw consent at any time (where processing is based on consent);
- Lodge a complaint with a supervisory authority (e.g., your local DPA).
To exercise rights, email in**@****un.com. We may need to verify your identity before responding.
11) Additional information for California residents (CCPA/CPRA)
For California residents, we provide the following disclosures and rights under the CCPA/CPRA:
- Categories collected: identifiers (e.g., name, email), commercial information (requests, preferences), Internet activity (usage data), geolocation (approximate), professional information (B2B context).
- Sources: you, your devices, publicly available sources, partners, service providers.
- Business purposes: as listed in Sections 4–6.
- Sharing/selling: We do not sell personal information and do not “share” it for cross-context behavioral advertising. If this changes, we will update this Policy and provide a “Do Not Sell or Share My Personal Information” link.
CCPA rights: know/access, correct, delete, opt-out of sale/share (if applicable), limit use of sensitive PI (not collected), and non-discrimination. Submit requests at in**@****un.com.
12) Children’s privacy
The Website is not directed to children under 16 (or lower age where permitted by local law), and we do not knowingly collect personal data from children. If you believe a child has provided data, contact in**@****un.com and we will take appropriate steps.
13) Third-party links and embedded content
Our Website may include links or embedded features from third parties (e.g., maps, videos, social media). Those third parties may collect data subject to their own policies. We are not responsible for their practices.
14) Changes to this Policy
We may update this Policy from time to time. Material changes will be indicated by updating the Effective date above and, where appropriate, notifying you via the Website. Continued use of the Website after the effective date constitutes acceptance of the updated Policy.
15) Contact us
Questions, requests, or complaints regarding this Policy or your personal data:
Email: in**@****un.com
For EEA/UK users, you also have the right to complain to your local supervisory authority. A list of EU DPAs is available from the European Data Protection Board.