1. Introduction to GDPR Compliance

At NodeByte LTD, we are committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This policy outlines our commitment to GDPR compliance and explains your rights as a data subject.

The GDPR is a comprehensive data protection law that came into effect on May 25, 2018, throughout the European Union (EU) and European Economic Area (EEA). It sets strict standards for how organizations collect, process, store, and protect personal data of EU/EEA residents.

2. Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data:

Right to Access

You can request a copy of all personal data we hold about you.

Right to Rectification

You can correct any inaccurate or incomplete personal data.

Right to Erasure

You can request deletion of your personal data in certain circumstances.

Right to Restriction

You can limit how we use your personal data.

Right to Portability

You can receive your data in a structured, commonly used format.

Right to Object

You can object to processing of your personal data for certain purposes.

3. Legal Basis for Processing

We process your personal data only when we have a lawful basis to do so under GDPR Article 6:

Consent

You have given clear consent for us to process your personal data for a specific purpose (e.g., marketing communications, newsletter subscriptions).

Contract

Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.

Legal Obligation

Processing is necessary for compliance with a legal obligation (e.g., tax reporting, responding to legal requests).

Legitimate Interests

Processing is necessary for our legitimate interests or the legitimate interests of a third party, unless your interests and fundamental rights override those interests.

4. Data Protection Principles

We adhere to the core principles of data protection as outlined in GDPR Article 5:

Lawfulness, Fairness, and Transparency

We process personal data lawfully, fairly, and in a transparent manner. We clearly explain how and why we use your data.

Purpose Limitation

We collect personal data for specified, explicit, and legitimate purposes only, and do not process it in a manner incompatible with those purposes.

Data Minimization

We collect only the personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

Accuracy

We take reasonable steps to ensure that personal data is accurate and, where necessary, kept up to date. Inaccurate data is erased or rectified without delay.

Storage Limitation

We keep personal data in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the data is processed.

Integrity and Confidentiality

We process personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage.

5. Categories of Personal Data We Process

We may collect and process the following categories of personal data about you:

Identity Data

Includes:

• First name, last name
• Username or identifier
• Title, date of birth
• Gender

Contact Data

Includes:

• Email address
• Telephone numbers
• Billing address
• Delivery address

Financial Data

Includes:

• Bank account details
• Payment card information
• Transaction history

Technical Data

Includes:

• IP address
• Browser type and version
• Device information
• Operating system

Usage Data

Includes:

• How you use our website
• Products and services viewed
• Page response times
• Download errors

Marketing Data

Includes:

• Marketing preferences
• Communication preferences
• Newsletter subscriptions

6. International Data Transfers

Some of our external third-party service providers are based outside the European Economic Area (EEA), so their processing of your personal data may involve a transfer of data outside the EEA.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards:

We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
We may use specific contracts approved by the European Commission (Standard Contractual Clauses) which give personal data the same protection it has in Europe.
Where we use providers based in the US, we may transfer data to them if they are part of the EU-U.S. Data Privacy Framework which requires them to provide similar protection to personal data shared between Europe and the US.

7. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your personal data, whether we can achieve those purposes through other means, and the applicable legal requirements.

General Retention Periods

• Account Data: Retained for as long as you maintain an active account, plus 90 days after account closure for potential reactivation
• Transaction Records: Retained for 7 years to comply with legal and tax obligations
• Marketing Data: Retained until you withdraw consent or 3 years of inactivity, whichever comes first
• Website Analytics: Retained for up to 26 months
• Support Communications: Retained for 3 years from the last interaction

8. Security Measures

We have implemented appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. For more detailed information, please see our Security Policy.

Technical Measures

• Encryption in transit and at rest
• Regular security assessments
• Secure access controls
• Network security protocols

Organizational Measures

• Staff training and awareness
• Confidentiality agreements
• Data breach procedures
• Regular policy reviews

9. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it.

If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, unless:

We have implemented appropriate technical and organizational protection measures that render the data unintelligible to unauthorized persons (e.g., encryption)
We have taken subsequent measures to ensure that the high risk to your rights and freedoms is no longer likely to materialize
It would involve disproportionate effort (in which case we will make a public communication instead)

10. How to Exercise Your Rights

You can exercise your GDPR rights by contacting us using the details below. To protect your privacy and security, we may need to verify your identity before processing your request.

Contact Our Data Protection Officer

Email Address

[email protected]

Subject Line

GDPR Rights Request - [Your Request Type]

Response Time: We will respond to your request without undue delay and within one month of receipt. In complex cases, we may extend this period by a further two months, in which case we will inform you of the extension and the reasons for the delay.

11. Third-Party Links

Our website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements or GDPR compliance.

When you leave our website, we encourage you to read the privacy policy and GDPR compliance information of every website you visit.

12. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement if you believe that the processing of your personal data infringes the GDPR.

UK Supervisory Authority

Authority Name

Information Commissioner's Office (ICO)

Website

https://ico.org.uk

Helpline

0303 123 1113

13. Children's Privacy

Our services are not directed to children under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us.

If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers.

14. Changes to This GDPR Policy

We may update this GDPR Compliance policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date at the top of this policy.

Where changes are significant, we will provide a more prominent notice (including, for certain services, email notification of policy changes). We encourage you to review this policy periodically for any updates.

15. Contact Us

If you have any questions about this GDPR Compliance policy, your data protection rights, or our GDPR compliance practices, please contact us:

General Inquiries

Email: [email protected]

Company: NodeByte LTD

Company Number: 15432941

Data Protection Officer

Email: [email protected]

For all GDPR-related inquiries and data subject requests

GDPR Compliance

1. Introduction to GDPR Compliance

2. Your GDPR Rights

Right to Access

Right to Rectification

Right to Erasure

Right to Restriction

Right to Portability

Right to Object

3. Legal Basis for Processing

Consent

Contract

Legal Obligation

Legitimate Interests

4. Data Protection Principles

Lawfulness, Fairness, and Transparency

Purpose Limitation

Data Minimization

Accuracy

Storage Limitation

Integrity and Confidentiality

5. Categories of Personal Data We Process

Identity Data

Contact Data

Financial Data

Technical Data

Usage Data

Marketing Data

6. International Data Transfers

7. Data Retention

General Retention Periods

8. Security Measures

Technical Measures

Organizational Measures

9. Data Breach Notification

10. How to Exercise Your Rights

Contact Our Data Protection Officer

11. Third-Party Links

12. Right to Lodge a Complaint

UK Supervisory Authority

13. Children's Privacy

14. Changes to This GDPR Policy

15. Contact Us

General Inquiries

Data Protection Officer

Related Legal Documents

GDPR Compliance

1. Introduction to GDPR Compliance

2. Your GDPR Rights

Right to Access

Right to Rectification

Right to Erasure

Right to Restriction

Right to Portability

Right to Object

3. Legal Basis for Processing

Consent

Contract

Legal Obligation

Legitimate Interests

4. Data Protection Principles

Lawfulness, Fairness, and Transparency

Purpose Limitation

Data Minimization

Accuracy

Storage Limitation

Integrity and Confidentiality

5. Categories of Personal Data We Process

Identity Data

Contact Data

Financial Data

Technical Data

Usage Data

Marketing Data

6. International Data Transfers

7. Data Retention

General Retention Periods

8. Security Measures

Technical Measures

Organizational Measures