GDPR & Data Protection
NordicDataTools is committed to handling personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy and data protection laws.
Last updated: 2026-03-22
This page explains NordicDataTools’ general approach to GDPR and broader data protection expectations. It is intended to provide additional transparency around how we think about privacy principles, legal bases, rights requests, service providers, international transfers, and customer responsibilities when using our websites, plugins, software, licenses, support systems, subscriptions, and related services.
1. Our GDPR Principles
We aim to process personal data in line with the following core principles:
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality
- Accountability
We also aim to apply these principles in a practical and proportionate way across licensing, billing, support, analytics, website operations, communications, and any optional AI-assisted or integrated features you choose to use.
2. Legal Bases for Processing
We process personal data only where we have a valid legal basis, such as:
- performance of a contract;
- compliance with legal obligations;
- legitimate interests; or
- consent, where required.
Depending on the context, processing may be necessary to provide access to products, activate licenses, deliver updates, respond to support requests, secure our systems, investigate abuse, maintain records, comply with accounting or tax requirements, or provide optional features you request.
3. Types of Data We May Process
Depending on the product, service, or interaction, we may process:
- customer and account contact details;
- purchase, subscription, billing, and license data;
- support communications and attached materials;
- technical, diagnostic, activation, and usage information;
- analytics and cookie-related information;
- website, browser, device, and environment details; and
- data, prompts, files, or other information you choose to submit when using our services.
We aim to collect only the information reasonably necessary for the relevant purpose, though the exact categories may vary depending on the product configuration, integrations you enable, and the type of request you make.
4. Roles and Responsibilities
Depending on the context, NordicDataTools may act as a controller, business, operator, processor, or service provider for different activities. For example, we may act as a controller for our own website, support, licensing, billing, and customer communications.
If you use our products to process personal data on your own website or in your own business workflows, you remain responsible for determining your own role under applicable law and for configuring the product appropriately for your use case, jurisdiction, and obligations.
5. Data Subject Rights
If GDPR or similar privacy law applies to you, you may have the right to:
- access your personal data;
- request rectification of inaccurate data;
- request erasure in certain circumstances;
- request restriction of processing;
- object to certain processing;
- request data portability where applicable; and
- withdraw consent where processing is based on consent.
Similar or additional rights may also exist under other privacy laws depending on your jurisdiction.
6. Security Measures
We implement reasonable technical and organizational measures designed to protect personal data against unauthorized access, misuse, disclosure, alteration, or loss. These measures may include access controls, authentication practices, secure transmission where appropriate, logging, vendor review, and internal process controls.
No system or transmission method can be guaranteed to be completely secure, and absolute security cannot be promised.
7. Processors, Service Providers, and Third Parties
We may use trusted service providers to host systems, process payments, manage licenses, deliver updates, send email, analyze traffic, provide customer support tools, or enable optional AI-assisted functionality.
Where required, we seek to use appropriate contractual, technical, or organizational protections with those providers. The providers we use may change over time as our operations evolve.
8. International Transfers
If personal data is transferred outside the EEA or other jurisdictions with cross-border transfer restrictions, we seek to use appropriate safeguards where required by law.
Depending on the countries involved and the services you choose to use, additional rules, notices, approvals, or localization requirements may apply. Customers remain responsible for assessing whether their own use of our products creates additional obligations under local law.
9. Retention
We keep personal data only as long as reasonably necessary for contractual, legal, operational, support, accounting, security, dispute resolution, enforcement, or compliance purposes.
Retention periods may vary depending on the nature of the data, the product or service involved, the applicable legal obligations, and whether continued storage is needed to protect our legitimate interests or respond to claims.
10. AI and Customer Responsibilities
If you use our products with AI-assisted features or external integrations, you are responsible for evaluating whether personal data may lawfully be submitted, processed, stored, or transferred through those workflows.
You are also responsible for determining your own legal basis, providing required notices, obtaining consent where applicable, honoring rights requests where required, and configuring retention, minimisation, and access controls appropriately in your own environment.
11. How to Exercise Your Rights
To make a privacy or GDPR-related request, contact us at support@nordicdatatools.com.
We may ask you to verify your identity before responding, and we may need additional information to understand the scope of your request and determine which legal framework applies.
12. Complaints
If you believe your personal data has been handled unlawfully, you may have the right to lodge a complaint with your local supervisory authority or other relevant data protection regulator, depending on your jurisdiction.
13. International and Regional Notes
While this page focuses primarily on GDPR principles, different privacy and data protection rules may also apply in the United Kingdom, United States, China, India, and other markets. Website owners, merchants, software customers, and operators remain responsible for understanding which local requirements apply to their own activities, customer base, data flows, and selected integrations.
14. Contact
For data protection questions, privacy requests, or related concerns, contact:
support@nordicdatatools.com
