1. OVERVIEW
Nimble WHM is committed to compliance with the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA), as well as similar privacy regulations including CCPA (California), PIPEDA (Canada), and PDPA (various jurisdictions).
2. DATA CONTROLLER
Nimble WHM acts as the Data Controller for personal data collected from its subscribers (tenants). Tenants act as Data Controllers for the personal data of their own clients.
3. LAWFUL BASIS FOR PROCESSING
We process personal data under the following lawful bases:
- Contract performance: to provide the services you subscribed to
- Legitimate interests: to improve our platform and prevent fraud
- Legal obligation: to comply with applicable laws
- Consent: where explicitly obtained for marketing communications
4. YOUR GDPR RIGHTS
If you are located in the EEA, you have the following rights:
Right of Access — Request a copy of all personal data we hold about you.
Right to Rectification — Request correction of inaccurate or incomplete data.
Right to Erasure ("Right to be Forgotten") — Request deletion of your personal data, subject to legal retention requirements.
Right to Restriction — Request that we limit processing of your data.
Right to Data Portability — Receive your data in a structured, machine-readable format.
Right to Object — Object to processing based on legitimate interests or direct marketing.
Right to Withdraw Consent — Where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, contact us at the email address on our website. We will respond within 30 days.
5. DATA TRANSFERS
If we transfer your data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.
6. DATA RETENTION
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Account data is deleted within 30 days of account closure upon request.
7. DATA BREACH NOTIFICATION
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay.
8. COOKIES & TRACKING
We use only essential cookies required for platform operation. We do not use advertising or tracking cookies. You can manage cookie preferences through your browser settings.
9. SUPERVISORY AUTHORITY
If you believe we have not handled your data in accordance with GDPR, you have the right to lodge a complaint with your local data protection supervisory authority.
10. CONTACT OUR DATA TEAM
For any GDPR-related requests or questions, please contact us using the details provided on our website.