GDPR Compliance

Last updated: May 10, 2026

1. Our Commitment to GDPR

nano-shift is committed to complying with the General Data Protection Regulation (GDPR) and protecting the privacy rights of individuals in the European Economic Area (EEA) and the United Kingdom.

2. Data Controller Information

Data Controller: nano-shift
Address: 47 Clerkenwell Road, London EC1M 5RS, United Kingdom
Email: [email protected]

3. Lawful Basis for Processing

We process personal data under the following lawful bases:

• Consent (Article 6(1)(a)): When you voluntarily provide information through forms or subscribe to communications
• Contract (Article 6(1)(b)): When processing is necessary to fulfill our contractual obligations
• Legitimate Interests (Article 6(1)(f)): For business operations, website improvement, and security
• Legal Obligation (Article 6(1)(c)): When required by law

4. Your GDPR Rights

Under the GDPR, you have the following rights:

Right to Access (Article 15)

You can request confirmation of whether we process your personal data and obtain a copy of that data.

Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data.

Right to Erasure (Article 17)

You can request deletion of your personal data in certain circumstances, including when it is no longer necessary for the purpose it was collected.

Right to Restriction of Processing (Article 18)

You can request that we limit processing of your personal data in specific situations.

Right to Data Portability (Article 20)

You can request to receive your personal data in a structured, commonly used format and transmit it to another controller.

Right to Object (Article 21)

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent (Article 7(3))

Where processing is based on consent, you can withdraw that consent at any time.

Right to Lodge a Complaint (Article 77)

You have the right to lodge a complaint with a supervisory authority if you believe we have violated your data protection rights.

5. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]
Subject line: "GDPR Rights Request"

We will respond to your request within one month, unless the request is complex or we receive multiple requests, in which case we may extend the response time by two additional months.

6. Data Processing Activities

We process personal data for the following purposes:

• Responding to inquiries and providing services
• Communicating about our services
• Website analytics and improvement
• Legal compliance and business protection

7. Data Retention

We retain personal data only as long as necessary for the purposes stated in our Privacy Policy. Retention periods vary based on:

• The nature of the data
• The purpose for which it was collected
• Legal or regulatory requirements

8. Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit and at rest
• Access controls and authentication
• Regular security assessments
• Staff training on data protection

9. International Data Transfers

When we transfer personal data outside the EEA or UK, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions
• Other legally recognized transfer mechanisms

10. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay, and the relevant supervisory authority within 72 hours of becoming aware of the breach.

11. Third-Party Processors

We may engage third-party service providers to process personal data on our behalf. We ensure these processors:

• Provide sufficient guarantees of GDPR compliance
• Process data only on our documented instructions
• Maintain appropriate security measures

12. Contact Information

For questions about GDPR compliance or to exercise your rights:

Email: [email protected]
Address: 47 Clerkenwell Road, London EC1M 5RS, United Kingdom