Data Rights

Scope and Controller

This Data Protection and Privacy Notice applies to the NaNUKE website (nanuke.org) and related services offered in the United States of America. It explains how we collect, use, disclose, and safeguard personal data, and outlines rights available under the European Union General Data Protection Regulation (GDPR) where applicable, alongside relevant U.S. privacy laws.

The controller of personal data is: NaNUKE, owned by Jeff Lapierre, 5959 W Brown St, Glendale, AZ 85302, United States of America. Contact: [email protected].

Categories of Personal Data

We may collect and process the following categories of personal data:

• Identifiers: name, email address, IP address, device identifiers, and cookie IDs.
• Usage Data: pages visited, links clicked, time spent, referral URLs, and general interaction metrics.
• Technical Data: browser type and version, operating system, screen resolution, language settings, and approximate geolocation derived from IP address.
• Inquiry Data: information you provide in emails or forms, including support requests or feedback.
• Professional Data (optional): your role, organization, or clinical specialty if you choose to provide it.
• Sensitive Data: we do not seek to collect sensitive data (e.g., health, biometric, or precise geolocation). Please do not submit protected health information or other sensitive data through our services.

Purposes and Legal Bases of Processing

We process personal data for the purposes and on the legal bases below (GDPR Articles 6(1)(a)–(f)):

• Service Delivery: to operate, maintain, and provide access to the website and its content. Legal basis: legitimate interests (to run our site and provide content) and, where applicable, performance of a contract.
• Communications: to respond to inquiries, support requests, and feedback. Legal basis: legitimate interests and, when you request specific information, performance of a contract; consent when required.
• Analytics and Improvement: to measure performance, debug, and enhance features and content. Legal basis: legitimate interests; consent where local law requires consent for analytics cookies.
• Security and Fraud Prevention: to protect against unauthorized access, monitor for abuse, and ensure integrity of our systems. Legal basis: legitimate interests and legal obligation where applicable.
• Regulatory Compliance: to comply with applicable laws, court orders, or enforce our terms. Legal basis: legal obligation.
• Marketing (limited): to provide updates about our content where you have opted in. Legal basis: consent; you may withdraw consent at any time.

Sources of Personal Data

We collect personal data directly from you (e.g., inquiries), automatically through cookies and similar technologies, and from service providers that operate on our behalf (e.g., analytics or hosting partners).

Cookies and Similar Technologies

We use cookies and similar technologies to enable core functionality, understand usage, improve content, and, where applicable, support limited marketing. Categories include:

• Strictly Necessary: required for site operation and security.
• Functional: remember preferences and enhance features.
• Analytics: measure usage and performance.
• Advertising/Targeting: only if used; facilitate interest-based content or measure reach.

Where required by law, non-essential cookies are used only with your consent. You may adjust your browser settings to block or delete cookies. Withdrawing consent or blocking cookies may affect functionality.

Disclosures to Third Parties

We disclose personal data to the following categories of recipients for the purposes described above:

• Service Providers/Processors: hosting, cloud infrastructure, analytics, email delivery, security, and customer support tools.
• Professional Advisors: legal, compliance, and accounting advisors as needed.
• Authorities and Legal Recipients: when required to comply with law, enforce our terms, or protect rights and safety.
• Business Transfers: in connection with a merger, acquisition, or asset sale, subject to appropriate safeguards.

We do not sell personal data for monetary consideration. To the extent "sale" or "sharing" is defined to include certain disclosures for targeted advertising under U.S. state laws, you may opt out as described in the "Your Rights Under U.S. Law" and "Exercising Your Rights" sections.

International Data Transfers

Our services are operated in the United States. If you access our services from the EEA, UK, or Switzerland, your personal data may be transferred to countries whose data protection laws may not offer the same level of protection. Where required, we implement appropriate safeguards such as Standard Contractual Clauses and supplementary measures. You may request information about these safeguards using the contact details below.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this notice, including to meet legal, accounting, or reporting requirements. Retention periods consider the nature of the data, the risks of harm, the purposes of processing, and applicable legal obligations. When data is no longer needed, we will delete, anonymize, or securely de-identify it.

Security Measures

We implement appropriate technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include access controls, encryption in transit where feasible, logging and monitoring, least-privilege principles, and periodic review of security practices. No method of transmission or storage is fully secure; residual risks remain.

Your Rights Under GDPR

Where GDPR applies, you have the following rights, subject to conditions and exemptions:

• Access: to obtain confirmation of processing and a copy of your personal data.
• Rectification: to correct inaccurate or incomplete personal data.
• Erasure: to request deletion of personal data in certain circumstances.
• Restriction: to request restriction of processing in certain cases.
• Portability: to receive personal data in a structured, commonly used, machine-readable format and transmit it to another controller where technically feasible.
• Objection: to object to processing based on legitimate interests and to direct marketing at any time.
• Withdraw Consent: where processing is based on consent, to withdraw that consent at any time without affecting lawfulness of processing before withdrawal.
• Complaint: to lodge a complaint with an EU/EEA supervisory authority or the UK ICO, as applicable.

Your Rights Under U.S. Law

Depending on your state of residence, you may have the following rights under U.S. state privacy laws (e.g., California, Colorado, Connecticut, Virginia, Utah):

• Access and Know: to request access to the categories and specific pieces of personal information collected, used, disclosed, sold, or shared.
• Correction: to request correction of inaccurate personal information.
• Deletion: to request deletion of personal information, subject to exceptions.
• Opt-Out: to opt out of the sale or sharing of personal information and targeted advertising.
• Portability: to request a portable copy of personal information.
• Non-Discrimination: to be free from discrimination for exercising privacy rights.
• Appeal: to appeal our decision if we deny your request.

Exercising Your Rights

To exercise your rights, submit a verifiable request to: [email protected]. Please include your name, contact information, the nature of your request, the jurisdiction you reside in, and sufficient details to allow us to verify your identity. You may authorize an agent to submit a request on your behalf where permitted by law; we may require proof of authorization and verification of your identity.

For U.S. residents wishing to opt out of sale/sharing or targeted advertising, please state "Opt-Out of Sale/Sharing" in your request. If we deny your request, you may appeal by replying to our decision with the subject line "Privacy Appeal". We will respond within the timeframes required by applicable law.

Children’s Data

Our services are intended for a general audience and are not directed to children under 13 (or under 16 in certain jurisdictions). We do not knowingly collect personal data from children. If you believe a child has provided personal data, please contact us to request deletion.

Health and Professional Information

NaNUKE provides informational content about pharmaceuticals and related topics. We are not a covered entity or business associate under HIPAA, and we do not request or require Protected Health Information. Do not submit medical records or sensitive health information. Content is for educational purposes only and is not a substitute for professional medical advice, diagnosis, or treatment.

Automated Decision-Making and Profiling

We do not engage in automated decision-making that produces legal or similarly significant effects. If we introduce such processing, we will provide meaningful information about the logic involved and the significance and envisaged consequences, and will obtain consent where required.

Data Breach Notification

In the event of a data breach affecting your personal data, we will notify you and relevant authorities in accordance with applicable laws and regulations.

Do Not Track

Some browsers transmit "Do Not Track" signals. Our services currently do not respond to such signals. We honor legally required opt-out mechanisms as described in this notice.

Changes to This Notice

We may update this notice from time to time to reflect changes to our practices or legal requirements. Material changes will be indicated by updating the effective date below. We encourage you to review this page periodically.

Contact Information

Controller and primary contact: NaNUKE, owned by Jeff Lapierre

Postal address: 5959 W Brown St, Glendale, AZ 85302, United States of America

Email: [email protected]

Effective Date

This notice is effective as of the date of publication and supersedes prior versions. Current effective date: 2025-09-05.