1. Controller and Representative
NexelioFlow Inc. is the controller. Our EU representative under Article 27 GDPR is NexelioFlow EU B.V., Herengracht 420, 1017 BZ Amsterdam, Netherlands. The UK representative under Article 27 UK GDPR is available on request.
2. Lawful Bases
We rely on contractual necessity for the core Service, legitimate interests for fraud prevention and aggregate analytics, consent for marketing and non-essential cookies, and legal obligation for tax and compliance retention. A balancing test is available on request for each legitimate-interest processing.
3. Rights of Data Subjects
You have the rights of access, rectification, erasure, restriction, portability, and objection. You also have the right to withdraw consent at any time and to lodge a complaint with a supervisory authority.
- Belgium — Autorité de protection des données (autoriteprotectiondonnees.be).
- France — Commission Nationale de l'Informatique et des Libertés (cnil.fr).
- Germany — competent Land authority depending on residence.
- Netherlands — Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).
- Spain — Agencia Española de Protección de Datos (aepd.es).
- Other EEA/UK — contact your national authority listed on edpb.europa.eu.
4. International Transfers
Transfers outside the EEA/UK are made under the European Commission's 2021 Standard Contractual Clauses with supplementary measures including encryption in transit and at rest, pseudonymization where feasible, and contractual restrictions on government access requests.
5. Automated Decision-making
We do not engage in automated decision-making producing legal or similarly significant effects on you within the meaning of Article 22 GDPR.