GDPR Compliance

General Data Protection Regulation Information

Our Commitment to GDPR

While nuclenoes is based in Canada, we recognize that some of our users may be located in the European Economic Area (EEA). We are committed to complying with the General Data Protection Regulation (GDPR) for all EEA residents.

Legal Basis for Processing

We process your personal data under the following legal bases:

Consent

When you provide explicit consent for us to process your personal information for specific purposes, such as receiving our pension analysis services or marketing communications.

Contractual Necessity

Processing is necessary to fulfill our contractual obligations when you engage our services for pension analysis.

Legitimate Interest

We may process your data based on our legitimate business interests, such as improving our services, fraud prevention, and network security, provided these interests do not override your fundamental rights.

Legal Obligation

We may process your data to comply with legal obligations under Canadian or international law.

Your Rights Under GDPR

If you are an EEA resident, you have the following rights:

Right to Access

You have the right to request copies of your personal data. We may charge a reasonable fee for additional copies.

Right to Rectification

You have the right to request correction of any inaccurate or incomplete personal data we hold about you.

Right to Erasure

You have the right to request deletion of your personal data under certain circumstances, including:

  • The data is no longer necessary for the purposes it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

Right to Restrict Processing

You have the right to request restriction of processing your personal data under certain conditions.

Right to Data Portability

You have the right to request transfer of your data to another organization or directly to you in a structured, commonly used, machine-readable format.

Right to Object

You have the right to object to our processing of your personal data in certain circumstances, particularly for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]
Address: 347 Bay Street, Suite 820, Toronto, ON M5H 2R7, Canada

We will respond to your request within one month. If your request is complex or we receive multiple requests, we may extend this period by two additional months, and we will inform you of such extension.

Data Protection Officer

For GDPR-related inquiries, you may contact our Data Protection Officer at [email protected].

Data Transfers

If we transfer your personal data outside the EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions recognizing equivalent data protection
  • Binding Corporate Rules

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.

Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority in the EEA, particularly in the member state where you reside, work, or where an alleged infringement occurred.

Children's Data

We do not knowingly process personal data of children under 16 years of age without parental consent. If you believe we have collected data from a child without appropriate consent, please contact us immediately.

Retention Periods

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Client service records: 7 years after service completion
  • Marketing communications: Until consent is withdrawn
  • Website analytics: 26 months
  • Legal obligations: As required by applicable law

Updates to This Statement

We may update this GDPR compliance statement from time to time. We will notify you of significant changes through our website or by email.

Last Updated: April 23, 2026