LIMON Consulting Group

Privacy Policy

Last updated: June 4, 2026

LIMONCG (“LIMONCG”, “we”, “our”, or “us”) respects your privacy and is committed to protecting personal data. This Privacy Policy (“Policy”) describes how we collect, use, share, retain, and protect personal information when you visit limoncg.com, communicate with us, or engage us for consulting and technology services (collectively, the “Services”). It also explains your rights and choices regarding your personal data.

This Policy is designed to comply with major data protection regulations applicable to our operations, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), Vietnam's Personal Data Protection Decree 13/2023/ND-CP (PDPD), and the Philippines' Data Privacy Act of 2012 (RA 10173).

1. Data Controller

LIMONCG is the data controller responsible for your personal data collected through the Services. For data protection inquiries, contact us at privacy@limoncg.com.

2. Information We Collect

We collect the following categories of personal data:

  • Identity and contact data: full name, job title, company name, business email, phone number, postal address, and country.
  • Engagement data: the contents of contact-form submissions, project briefs, meeting notes, contracts, and correspondence.
  • Account data: credentials, preferences, and activity logs for any client portal or authenticated services.
  • Technical data: IP address, device identifiers, browser type and version, operating system, language, time zone, referring URLs, pages visited, time and duration of visits, and other diagnostic data.
  • Marketing and communications data: your subscription status, preferences for receiving marketing from us, and survey responses.
  • Cookies and similar technologies: as described in our Cookie Policy.

We do not knowingly collect sensitive personal data (such as health, biometric, or financial account information) unless necessary for a specific engagement and processed under appropriate safeguards.

3. Sources of Personal Data

We collect personal data from:

  • You directly, when you submit a form, request a proposal, sign a contract, attend a meeting, or correspond with us;
  • Your organization, when a colleague provides your contact details for an engagement;
  • Automated technologies, including cookies, analytics tools, and server logs;
  • Public sources, such as LinkedIn, company websites, and publicly available business registries, for legitimate business development purposes.

4. How We Use Personal Data and Legal Bases

We process personal data only when we have a valid legal basis to do so. Under the GDPR and similar laws, our legal bases include:

  • Performance of a contract — to provide the Services, manage engagements, deliver projects, invoice, and communicate with you;
  • Legitimate interests — to operate, improve, and secure our website and Services, conduct B2B marketing to relevant business contacts, prevent fraud, and pursue or defend legal claims;
  • Consent — for non-essential cookies, marketing emails where required by law, and any optional features;
  • Legal obligation — to comply with tax, accounting, employment, anti-money-laundering, and other applicable laws.

5. How We Share Personal Data

We do not sell your personal data. We may share it with:

  • Service providers and processors who help us operate the business, including cloud hosting, email delivery, CRM, analytics, customer support, and accounting providers, subject to written agreements requiring confidentiality and appropriate security;
  • Professional advisors, such as lawyers, auditors, and insurers, where necessary;
  • Affiliates and subcontractors involved in delivering the Services to you;
  • Authorities and other parties where required by law, court order, or to protect our rights, your safety, or the security of our Services;
  • Successors in connection with a merger, acquisition, financing, or sale of assets, subject to confidentiality.

6. International Data Transfers

LIMONCG operates across Vietnam and the Philippines, and uses cloud providers and tools that may process personal data in other countries (including the United States and the European Economic Area). Where personal data is transferred outside of your jurisdiction, we implement appropriate safeguards such as the European Commission's Standard Contractual Clauses, equivalent mechanisms recognized under Vietnam's PDPD, and additional organizational and technical measures.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Policy, comply with our legal, accounting, or reporting obligations, resolve disputes, and enforce our agreements. Typical retention periods are:

  • Client engagement records: for the duration of the engagement plus 7 years (statute of limitations and tax obligations);
  • Contact-form submissions and prospect data: up to 3 years from last interaction;
  • Marketing subscription data: until you unsubscribe, plus a short suppression list to honor your opt-out;
  • Website analytics: up to 26 months in aggregated form;
  • Security logs: up to 12 months.

8. Data Security

We implement reasonable and appropriate technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, loss, or destruction. These include encryption in transit (TLS), encryption at rest where applicable, access controls, multi-factor authentication for internal systems, employee confidentiality obligations, secure development practices, and ongoing monitoring. No method of transmission over the internet or storage is 100% secure; you use the Services at your own risk and are responsible for safeguarding your credentials.

9. Your Rights

Subject to your jurisdiction and applicable law, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you;
  • Rectification — request correction of inaccurate or incomplete data;
  • Erasure — request deletion where there is no overriding legitimate ground for processing;
  • Restriction — request that we limit the processing of your data;
  • Portability — request your data in a structured, commonly used, machine-readable format;
  • Objection — object to processing based on legitimate interests or direct marketing;
  • Withdraw consent — where processing is based on consent, without affecting prior lawful processing;
  • Non-discrimination — for California residents, you will not be discriminated against for exercising your privacy rights;
  • Complaint — lodge a complaint with the data protection authority in your jurisdiction.

To exercise these rights, email privacy@limoncg.com. We will respond within the time period required by applicable law (typically within 30 days). We may need to verify your identity before fulfilling the request.

10. Marketing Communications

We may send you newsletters, service updates, and other marketing communications to email addresses provided in a business context. You can opt out at any time by clicking the unsubscribe link in any email or by emailing privacy@limoncg.com. Transactional and service messages required to deliver the Services are not affected by opt-out.

11. Automated Decision-Making

We do not make decisions producing legal or similarly significant effects about you that are based solely on automated processing, including profiling.

12. Children's Privacy

The Services are intended for businesses and professionals and are not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

13. Third-Party Links

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties, and we encourage you to review their privacy policies.

14. Changes to This Policy

We may update this Policy from time to time. Material changes will be communicated by posting the updated Policy on this page with a revised “Last updated” date and, where appropriate, by additional notice. We encourage you to review this Policy periodically.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at: