Nitro Digital Privacy Policy
Introduction
Nitro Digital (“we,” “us,” or “our”) is committed to protecting the privacy and security of your personal data. This policy explains how we collect and use personal data in compliance with the UK GDPR, the EU GDPR (Regulation (EU) 2016/679), and the UK Data (Use and Access) Act 2025.
Data Controllers
For the purposes of data protection law, the following entities are the "Data Controllers" for the information collected:
- United Kingdom: Nitro Digital Limited 86-90 Paul Street, London, EC2A 4NE Company Number: 05912017
- European Union (Regional Hubs): Poland Office: Al. Solidarnosci 34, Floor 3, 25-323, Kielce
Italy Office: Via del Mercato Vecchio, 90, 09124 Cagliari
Data We Collect and Why
We only collect data necessary to provide our services and manage our business relationships.
Data Category | Purpose | Lawful Basis |
Contact Data | Name, email, phone, job title for business communication. | Legitimate Interests / Contract |
Technical Data | IP addresses, browser types, and Platform Engagement Metrics. For eDeta, this includes a deterministic audit trail of "Resolve," "Assign," and "Comment" actions. For visitors; IP address, browser type, and usage data via cookies. | Legitimate Interest for compliance/auditing Consent (for non-essential) / Legitimate Interest |
Client Data | Billing address, financial details, and service records. | Performance of a Contract |
Marketing Data | Preferences for receiving newsletters or updates. | Consent |
New UK "Recognised Legitimate Interests" (2026 Update)
Under the UK Data (Use and Access) Act, we may process data for "recognised legitimate interests" without the traditional balancing test, specifically for purposes of network and information security and detecting or preventing crime.
International Data Transfers
To maintain compliance, all core platform data for BridgeOS and eDeta is resident on secure AWS servers located within the European Economic Area (EEA). This ensures that personal identifiers (Name, Business Email) and project assets do not undergo unauthorised transfers to third countries. Any ancillary data transfers required for global operations are conducted strictly under the protection of Standard Contractual Clauses (SCCs) or equivalent adequacy frameworks to ensure no "Operational Gap" in data security.
Cookies and Tracking
We use cookies to enhance your experience.
- Essential Cookies: Required for site functionality (e.g., security).
- Analytics/Marketing Cookies: We only use these with your explicit consent. You can withdraw consent at any time through our cookie preference center.
Automated Decision-Making
We do not use automated decision-making or profiling that produces legal or significant effects on you. If we implement AI-driven lead scoring or similar tech, we will provide you with a right to human intervention.
Your Rights
You have the following rights under UK and EU law:
- Access: Request a copy of your data.
- Correction: Ask us to fix inaccurate data.
- Erasure: Ask us to delete your data ("Right to be Forgotten").
- Object/Restrict: Stop us from using data for specific purposes (like marketing).
- Portability: Receive your data in a machine-readable format.
Complaint Procedure (UK & EU)
We aim to resolve any privacy concerns internally.
- Internal Resolution: Please email privacy@nitro.digital. We will acknowledge your request within 30 days as required by 2026 UK regulations.
- Regulatory Authorities: If you are not satisfied, you have the right to lodge a complaint with:
- UK: The Information Commissioner’s Office (ICO) at ico.org.uk.
- EU: Your local Data Protection Authority (e.g., UODO in Poland or GPDP in Italy).
Data Retention
We retain personal data only as long as necessary for the purposes it was collected (e.g., 7 years for financial records or the duration of our contract for client contact info).
Contact Us
For any questions regarding this policy:
Email: andy@nitro.digital
Mail: Nitro Digital Limited, 86-90 Paul Street, London, EC2A 4NE, UK