SunStrike Studios Game Art
Outsourcing Studio
CONTACT US

Privacy Policy

Last updated: 27 April 2026

1. Who we are

This Privacy Policy is issued by Sun Strike Gaming Ltd, a company incorporated in Cyprus (registered office: Kallipoleos 3, office 102, 1055 Nicosia, Cyprus), trading under the brand "Sunstrike Studios" (in this Policy: "we", "us", "our"). For the purposes of Regulation (EU) 2016/679 (the "GDPR"), Sun Strike Gaming Ltd is the controller of personal data processed via this website.

If you have any questions about this Policy or your personal data, contact us at support@sunstrikestudios.com. We have not appointed a designated Data Protection Officer because our processing does not meet the criteria of Article 37(1) GDPR; the contact above is the single point of contact for all data protection matters.

2. Scope of this Policy

This Policy describes how we collect, use, disclose and protect personal data when you visit sunstrikestudios.com or contact us by email, contact form, scheduled call (Calendly) or other channels referenced on the site. It does not cover third-party websites linked from our site - those operate under their own privacy policies.

3. Personal data we collect

We collect only the data we actually need to operate the website and respond to business enquiries.

3.1. Data you provide directly

  • Contact form submissions: name, business email, message content and the page where the form was submitted.
  • Calendar bookings (Calendly): name, email and timezone you provide when scheduling an introductory call.
  • Email correspondence: any data you choose to share when emailing us at support@sunstrikestudios.com or any other Sunstrike Studios email address.

3.2. Data collected automatically

  • Server logs: IP address, user-agent string, requested URL, timestamp and referrer. Used for security and abuse prevention.
  • Cookies and analytics: see Section 9 below.

We do not knowingly collect any special category data within the meaning of Article 9 GDPR, and we do not knowingly collect personal data from children under the age of 16.

Provision of personal data is voluntary and is not a statutory requirement. However, providing your name, email and a brief description of the project is necessary for us to respond to enquiries, prepare a quote or enter into a contract. If you choose not to provide this information, we will not be able to engage with you commercially.

4. Why we use your data and the legal bases

The table below lists each processing purpose and the legal basis we rely on under Article 6(1) GDPR.

Purpose Legal basis (GDPR Art. 6)
Responding to your enquiry submitted through the contact form, by email or via scheduled call Pre-contractual measures at your request (Art. 6(1)(b)); legitimate interests in prompt business communication (Art. 6(1)(f))
Preparing and sending project quotes, proposals or contracts Pre-contractual measures and performance of contract (Art. 6(1)(b))
Ensuring website security, preventing abuse, debugging Legitimate interests (Art. 6(1)(f))
Audience measurement and analytics Consent (Art. 6(1)(a)) - applied only after you accept analytics cookies
Marketing and remarketing Consent (Art. 6(1)(a)) - applied only after you accept marketing cookies
Compliance with legal obligations (tax, accounting, KYC, requests from competent authorities) Legal obligation (Art. 6(1)(c))

Where we rely on legitimate interests under Article 6(1)(f) GDPR, the interests pursued are: (i) responding promptly to business enquiries, (ii) maintaining a secure and functional website, (iii) preventing fraud, abuse and unauthorised access, and (iv) defending or exercising legal claims. We have carried out a balancing test in each case and consider that these interests are not overridden by your rights and freedoms. You have the right to object at any time, on grounds relating to your particular situation, under Article 21 GDPR.

Where processing is based on consent, you may withdraw your consent at any time through the cookie banner control on the site, by adjusting your browser settings, or by emailing us. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

5. Recipients of your data

We share personal data only with the categories of recipients listed below, each acting as our processor or co-controller and bound by appropriate contractual safeguards:

  • Hosting and deployment provider (Vercel Inc., USA)
  • Email, calendar and document services (Google Workspace, Calendly LLC)
  • Web analytics, only when you have consented (Google Analytics)
  • Search Console and webmaster tools (Google Ireland Ltd)
  • Professional advisors (legal, accounting, audit) under confidentiality
  • Public authorities or courts where we are legally required to disclose

We do not sell your personal data and we do not share it for any purpose not listed in this Policy.

6. International transfers

Some of our processors are located outside the European Economic Area (in particular the United States). Where personal data is transferred outside the EEA we rely on transfer mechanisms permitted by Chapter V GDPR, including:

  • EU Standard Contractual Clauses 2021/914 ("SCCs");
  • EU-U.S. Data Privacy Framework certifications, where applicable;
  • European Commission adequacy decisions, where one applies.

You may request a copy of the relevant safeguards by emailing us at support@sunstrikestudios.com.

7. Retention

We keep your personal data only as long as necessary for the purpose for which it was collected. Indicative retention periods:

Data Retention
Contact form submissions and email correspondence (no resulting project) Up to 24 months from last contact
Customer data (active client engagement) Duration of contract + 7 years (statutory accounting period under Cyprus law)
Server logs Up to 90 days
Analytics data (aggregated / anonymised) Up to 14 months (Google Analytics 4 default)

After expiry of these periods, we either delete or irreversibly anonymise the data, unless a legal obligation requires longer retention or the data is needed to establish, exercise or defend a legal claim.

8. Your rights under the GDPR

You have the following rights, free of charge, in respect of your personal data:

  • Right of access (Art. 15) - obtain a copy of the data we hold about you.
  • Right to rectification (Art. 16) - have inaccurate or incomplete data corrected.
  • Right to erasure (Art. 17) - request deletion in the cases listed in Article 17.
  • Right to restriction of processing (Art. 18).
  • Right to data portability (Art. 20) - receive your data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21), including against direct marketing.
  • Right not to be subject to automated decision-making with legal or similarly significant effects (Art. 22) - we do not currently perform such processing.
  • Right to withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please email support@sunstrikestudios.com. We will respond within one month of receipt, extendable by up to two further months for complex requests, in accordance with Article 12(3) GDPR. We may need to verify your identity before disclosing personal data.

You also have the right to lodge a complaint with the supervisory authority in your EU/EEA country of residence or place of work. The competent authority for our establishment is the Office of the Commissioner for Personal Data Protection of the Republic of Cyprus - https://www.dataprotection.gov.cy/.

9. Cookies and similar technologies

We use cookies and similar tracking technologies to make the site work, measure traffic and - with your consent - display relevant marketing content. On your first visit a cookie banner lets you accept all, decline all or choose categories. You can change or withdraw consent at any time via the same banner or by clearing cookies in your browser.

Category Purpose Legal basis
Strictly necessary Core site functionality, cookie consent state, basic security No consent required under Article 5(3) ePrivacy Directive (necessary for the service requested)
Analytics Anonymous traffic measurement (Google Analytics 4) Consent (Art. 6(1)(a) GDPR)
Marketing Remarketing pixels, ad measurement Consent (Art. 6(1)(a) GDPR)

10. Security and breach notification

We apply technical and organisational measures appropriate to the risk in line with Article 32 GDPR. These include TLS encryption in transit, access controls and least-privilege provisioning, regular updates of dependencies, and contractual confidentiality obligations on staff and processors. No system is 100% secure - if you become aware of a security incident affecting your data, please contact us at support@sunstrikestudios.com without delay.

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the Office of the Commissioner for Personal Data Protection of the Republic of Cyprus without undue delay and, where feasible, no later than 72 hours after becoming aware of it (Article 33 GDPR). Where the breach is likely to result in a high risk, we will also notify affected individuals without undue delay (Article 34 GDPR).

11. Changes to this Policy

We may update this Policy to reflect changes in our practices, the services we offer or the law. The "Last updated" date at the top will always reflect the most recent change. For material changes we will, where appropriate, display a prominent notice on the site or notify you by email.

12. Contact

Sun Strike Gaming Ltd
Kallipoleos 3, office 102, 1055 Nicosia, Cyprus
Email: support@sunstrikestudios.com

HOW CAN WE ASSIST?
LET'S BUILD SOMETHING
INSPIRING TOGETHER

Every project is an opportunity for innovation. By blending our R&D-driven approach with creative synergy, we craft distinctive visual identities that redefine standards in gaming and digital art.

info@sunstrikestudios.com