PRIVACY POLICY
Effective date: 20 February 2026
Last updated: 20 February 2026
Version 2
This Privacy Policy explains how LYNX GROUP INTERNATIONAL LTD (company number 14845704) of Dept 6052a 126 East Ferry Road, Canary Wharf, London, United Kingdom, E14 9FP (we, us, our, the Company) collects, uses, stores, shares and protects personal data when you use enayasoul.com (the Site), create an account, contact us, or purchase and access digital content through the Site.
We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), and other applicable UK laws. For the purposes of UK data protection law, we are the data controller for personal data processed through the Site.
1. Scope
This Privacy Policy applies to personal data we process about:
(a) visitors to the Site;
(b) account holders;
(c) customers; and
(d) people who contact us by email or via Site forms.
This Privacy Policy does not cover third-party websites, apps, or services that may be linked from the Site. Those third parties are responsible for their own privacy practices.
2. Personal data we collect
We collect the following categories of personal data, depending on how you use the Site.
2.1 Identity and account data
• name (if provided)
• username or account identifier
• password (stored in encrypted/hashed form where applicable)
• account status and settings
2.2 Contact data
• email address
• country of residence
• billing address (if provided)
2.3 Transaction data
• items purchased and access entitlements
• transaction references, timestamps, and payment status
• billing country
• fraud and chargeback indicators (where applicable)
We do not store full payment card numbers. Payment processing is handled by payment service providers. We may receive limited payment-related information from them (for example, a payment confirmation, partial card metadata such as last four digits, and payment reference IDs).
2.4 Technical and usage data
• IP address
• device type and device identifiers (where available)
• browser type and version
• operating system
• time zone and language settings (where available)
• referral source and pages viewed
• log and diagnostic data (including error reports)
2.5 Communications data
• emails and messages you send to us
• content of support enquiries and our responses
• records of requests to exercise data protection rights
• complaint information and resolution records
2.6 Cookie and similar technology data
• cookie identifiers and preference signals
• session identifiers
• analytics and performance signals (where enabled)
2.7 Marketing preference data
• consent records (when and how you consented)
• opt-in/opt-out status
• email delivery and suppression status (where applicable)
We do not intentionally collect special category data (as defined in UK GDPR). Please do not send us special category data.
3. How we collect personal data
We collect personal data:
(a) directly from you when you register, purchase, contact us, or configure preferences;
(b) automatically when you use the Site via cookies and similar technologies (see section 8);
(c) from payment service providers to confirm and reconcile transactions;
(d) from security and fraud-prevention services where necessary to protect the Site and prevent misuse.
4. How we use personal data and our lawful bases
We process personal data only where we have a lawful basis under UK GDPR.
4.1 To provide the Site and perform our contract with you (contract)
We use personal data to:
• create and manage accounts;
• authenticate logins and maintain sessions;
• process purchases and provide access to digital content;
• deliver service communications you need (for example, access confirmations, important account notices);
• provide customer support and respond to requests.
Lawful basis: performance of a contract.
4.2 To comply with UK legal obligations (legal obligation)
We use personal data to:
• comply with tax and accounting requirements;
• maintain records required by law;
• respond to lawful requests from courts, regulators, or law enforcement.
Lawful basis: legal obligation.
4.3 To protect the Site, prevent fraud, and improve services (legitimate interests)
We use personal data to:
• secure the Site and our systems;
• monitor for suspicious activity and prevent fraud;
• enforce our Terms and Conditions and protect our legal rights;
• maintain logs and audit trails for security and troubleshooting;
• analyse Site performance and improve functionality (where not reliant on consent-based cookies).
Lawful basis: legitimate interests. Where we rely on legitimate interests, we consider and balance our interests against your rights and freedoms.
4.4 Marketing communications (consent or legitimate interests depending on context)
We may send marketing emails where:
• you have provided consent; or
• UK law permits marketing in limited cases (for example, the soft opt-in rules under PECR, where applicable), and you have the ability to opt out.
You can opt out at any time by using an unsubscribe mechanism (where provided) or by contacting us at info@enayasoul.com.
4.5 Cookies and similar technologies (consent where required)
We use cookies in accordance with PECR. Non-essential cookies (for example, analytics and marketing cookies) are used only where you have given consent, where required by law.
5. Sharing personal data
We may share personal data with trusted service providers that support our operations. These providers act as processors (or sometimes as independent controllers) depending on the service. We share only what is necessary for the relevant purpose.
5.1 Categories of recipients
• payment service providers and related fraud-prevention partners
• hosting, content delivery, and cloud infrastructure providers
• website security providers (for example, to mitigate abuse and attacks)
• customer support tooling providers (where used)
• analytics providers (only where enabled in accordance with cookie rules)
• professional advisers (legal and accounting)
• regulators, courts and law enforcement where required or permitted by law
5.2 Legal disclosures
We may disclose personal data where we reasonably believe disclosure is necessary to:
• comply with a legal obligation;
• respond to lawful requests;
• protect our rights, property or safety, or that of users and the public;
• investigate suspected fraud or security incidents.
We do not sell personal data.
6. International transfers
The Company is incorporated in the United Kingdom. While we may use service providers and data centres located in the European Economic Area (EEA) and globally, your data is primarily governed by UK data protection standards. Where data is transferred outside the UK or EEA, we ensure standard contractual clauses or adequacy regulations are in place.
7. Data retention
We keep personal data only for as long as necessary for the purposes described in this Privacy Policy, including for legal, accounting, security, and dispute-resolution purposes.
7.1 Financial and tax records
Notwithstanding account inactivity, we are required by UK tax law (HMRC) to retain records of financial transactions (including name, address, and transaction details) for a minimum of six (6) years following the end of the relevant tax year.
7.2 Account data
We retain account data for as long as you keep an account, and thereafter only as needed for:
• legal obligations;
• fraud prevention and security;
• defending or bringing legal claims;
• resolving disputes;
• maintaining suppression lists for marketing (to respect opt-out choices).
7.3 Support and communications
We retain support communications for as long as reasonably necessary to handle your request and for audit and quality purposes, then delete or anonymise where appropriate.
8. Cookies and similar technologies
A cookie is a small file stored on your device. We use cookies and similar technologies for:
• strictly necessary functions (for example, security, login sessions, and basic Site operation);
• preferences (where enabled);
• analytics and performance (only where consent is required and obtained);
• marketing (only where consent is required and obtained).
You can control cookies through browser settings. If a cookie preference tool is provided on the Site, you can use it to manage non-essential cookies.
9. Security
We implement appropriate technical and organisational measures to protect personal data, including:
• encrypted data transmission (HTTPS);
• access controls and least-privilege access;
• monitoring and logging;
• secure hosting and patching practices;
• procedures to handle suspected security incidents.
No method of transmission or storage is completely secure. You are responsible for keeping your account credentials confidential and for using a secure device and network.
10. Automated decision-making
We may use automated tools to detect and prevent fraud and abuse (for example, risk scoring based on technical signals). Where such tools are used, they are designed to protect the Site and users. If you believe a decision has been made incorrectly, you can contact us at info@enayasoul.com.
11. Your rights under UK GDPR
Subject to legal limitations and conditions, you have the right to:
• access your personal data;
• rectify inaccurate or incomplete data;
• request erasure (the right to be forgotten);
• restrict processing;
• object to processing (including objection to direct marketing);
• data portability;
• withdraw consent at any time (where we rely on consent).
To exercise these rights, contact us at info@enayasoul.com. We may request information to verify your identity before responding.
12. Complaints
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). You have the right to complain to them at any time (www.ico.org.uk), though we appreciate the chance to deal with your concerns before you approach them.
13. Children
The Site is not directed at children. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, contact us at info@enayasoul.com and we will take appropriate steps.
14. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. The updated version will be published on the Site with a revised “Last updated” date.
15. Contact
If you have questions about this Privacy Policy or how we process personal data, contact us at: info@enayasoul.com
16. Governing law and jurisdiction
This Privacy Policy and any dispute or claim arising out of or in connection with it is governed by the laws of England and Wales, and the courts of England and Wales shall have jurisdiction, subject to any mandatory rights you may have under applicable law.
