GDPR Compliance Statement

We process personal data lawfully, fairly, and transparently; collect it for specified, explicit, and legitimate purposes; limit it to what is necessary; keep it accurate; retain it no longer than required; and ensure appropriate security.

We rely on one or more lawful bases under Article 6 GDPR: your consent, the performance of a contract, compliance with a legal obligation, or our legitimate interests, balanced against your rights and freedoms.

Under the GDPR you have the right of access, rectification, erasure ('right to be forgotten'), restriction of processing, data portability, objection to processing, and the right not to be subject to solely automated decision-making.

We respond to verified requests without undue delay and within one month, as required by law. To exercise your rights, contact office@nubeckholding.com.

Where we rely on consent, it is freely given, specific, informed, and unambiguous. You can withdraw consent at any time without affecting the lawfulness of prior processing.

For transfers outside the EEA/Switzerland, we use appropriate safeguards such as European Commission Standard Contractual Clauses and adequacy decisions where applicable.

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours and affected individuals where required.

We integrate data protection into our processes and systems from the outset and apply data minimization and security measures by default.

You have the right to lodge a complaint with a data protection supervisory authority in your country of residence, place of work, or place of the alleged infringement.