Compliance

GDPR Compliance

Our commitment to European data protection standards

Last updated: January 1, 2026

Our Commitment to GDPR

NexScale Labs is committed to protecting the privacy and rights of individuals in the European Union (EU) and European Economic Area (EEA). We comply with the General Data Protection Regulation (GDPR) and have implemented comprehensive measures to ensure lawful processing of personal data.

Legal Basis for Processing

We process personal data under the following legal bases as defined by GDPR Article 6:

  • Legitimate Interest (Article 6(1)(f)): For B2B marketing purposes where there is a relevant business relationship or legitimate business interest
  • Consent (Article 6(1)(a)): Where individuals have given explicit consent to processing
  • Contractual Necessity (Article 6(1)(b)): To fulfill our contractual obligations to customers
  • Legal Obligation (Article 6(1)(c)): To comply with applicable laws and regulations

Data Subject Rights

Under GDPR, individuals in the EU/EEA have the following rights regarding their personal data:

Right of Access (Article 15)

You have the right to obtain confirmation of whether we process your personal data and to receive a copy of that data along with information about how it is processed.

Right to Rectification (Article 16)

You have the right to request correction of inaccurate personal data or completion of incomplete data.

Right to Erasure (Article 17)

You have the right to request deletion of your personal data in certain circumstances, including when the data is no longer necessary for its original purpose or when you withdraw consent.

Right to Restriction (Article 18)

You have the right to request restriction of processing in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Object (Article 21)

You have the right to object to processing based on legitimate interests, including profiling. For direct marketing purposes, you have an absolute right to object.

Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.

Exercising Your Rights

To exercise any of these rights, please contact our Data Protection team:

We will respond to your request within 30 days. In complex cases, we may extend this period by an additional 60 days, in which case we will inform you of the extension.

To verify your identity, we may request additional information. We do not charge a fee for processing requests unless they are manifestly unfounded or excessive.

Data We Process

In the context of our B2B data services, we may process:

  • Business contact information (name, job title, business email, phone)
  • Company information (company name, industry, size, location)
  • Professional information (LinkedIn profiles, professional history)
  • Intent signals (technology usage, website activity indicators)

We focus on business-to-business data and do not process personal consumer data for marketing purposes.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected. Our retention periods are based on:

  • The nature of the data and its sensitivity
  • Legal and regulatory requirements
  • Business necessity and legitimate interests
  • Data subject requests and objections

We regularly review and update our data to ensure accuracy and remove outdated information.

International Data Transfers

When transferring personal data outside the EU/EEA, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs): We use EU-approved contractual terms for transfers to third countries
  • Adequacy Decisions: We may transfer data to countries recognized by the EU Commission as providing adequate protection
  • Additional Safeguards: We implement supplementary technical and organizational measures where necessary

Data Security

We implement appropriate technical and organizational measures to protect personal data, including:

  • Encryption of data in transit (TLS) and at rest (AES-256)
  • Access controls and authentication mechanisms
  • Regular security assessments and penetration testing
  • Employee training on data protection and security
  • Incident response and breach notification procedures

Data Breach Notification

In the event of a personal data breach that poses a risk to individuals' rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours
  • Inform affected individuals without undue delay when there is a high risk
  • Document all breaches and remediation measures

Sub-Processors

We engage trusted sub-processors to help deliver our services. All sub-processors are bound by data processing agreements that ensure GDPR compliance. A list of our sub-processors is available upon request.

Data Protection Officer

For questions about our GDPR compliance or to exercise your data protection rights, please contact:

Data Protection Team
NexScale Labs, Inc.
Email: gdpr@nexscalelabs.com

Supervisory Authority

If you are not satisfied with our response to your request or believe we are processing your data unlawfully, you have the right to lodge a complaint with your local data protection authority. A list of EU supervisory authorities is available at: https://edpb.europa.eu/about-edpb/board/members_en

Updates to This Policy

We may update this GDPR Compliance page to reflect changes in our practices or legal requirements. Material changes will be communicated through our website or direct notification where appropriate.