Privacy Policy

Last Updated: September 29, 2025

nosliW iT SARL-S ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services in compliance with the General Data Protection Regulation (GDPR) and Luxembourg data protection laws.

1. Data Controller

nosliW iT SARL-S
Rue de Strasbourg, 2
L-2560 Luxembourg
Luxembourg
Email: wilson.martins@nosliwit.com
Phone: +352 621 711 642
Company Registration Number: B298207

Note: nosliW iT SARL-S does not have a designated Data Protection Officer (DPO) as our data processing activities do not meet the mandatory DPO appointment criteria under Article 37 of the GDPR. For all data protection inquiries, please contact us directly using the information above.

2. Information We Collect

2.1 Personal Data You Provide

When you contact us through our website, we collect:

Contact Information: Name, email address, phone number
Business Information: Business type, company name (if provided)
Communication Data: Any information you provide in messages or inquiries
Service Preferences: Package interest, specific needs or questions

2.2 Automatically Collected Data

Technical Data: IP address, browser type and version, device information, operating system
Usage Data: Pages visited, time spent on site, referring URLs, clickstream data
Cookies: See Section 11 (Cookies and Tracking) for detailed information

3. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds under Article 6 of the GDPR:

Consent (Article 6(1)(a)): When you submit our contact form or accept cookies, you explicitly consent to data processing for the specified purposes. You can withdraw consent at any time.
Legitimate Interest (Article 6(1)(f)): To respond to inquiries, improve our services, maintain website security, and prevent fraud. We have conducted a legitimate interest assessment to ensure your rights are not overridden.
Contract Performance (Article 6(1)(b)): When processing is necessary to deliver services you have requested or to take pre-contractual steps.
Legal Obligation (Article 6(1)(c)): To comply with Luxembourg tax laws, accounting requirements, and EU regulations.

4. How We Use Your Information

We use your personal data for the following purposes:

Respond to your inquiries and provide customer support
Provide quotes and information about our IT services, POS systems, and technology solutions
Send you service-related communications (with your consent for marketing communications)
Improve our website functionality and user experience
Comply with legal and tax obligations
Maintain security, detect and prevent fraud or technical issues
Analyze website usage to optimize our services

5. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

Data Type	Retention Period	Legal Basis
Contact Form Submissions (Non-Clients)	2 years from last contact	Legitimate interest
Client Data	Duration of service + 7 years	Legal obligation (tax/accounting laws)
Marketing Consent	Until consent is withdrawn	Consent
Technical/Usage Logs	12 months	Legitimate interest (security)

After the retention period expires, your data will be securely deleted or anonymized in accordance with our data deletion procedures.

6. Data Sharing and Disclosure

We do NOT sell, rent, or trade your personal data.

We may share your data with the following categories of recipients:

6.1 Service Providers (Data Processors)

We work with trusted third-party service providers who process data on our behalf under strict data processing agreements (DPAs):

Netlify (Website Hosting): US-based with EU data centers, GDPR-compliant with Standard Contractual Clauses (SCCs)
Zoho Mail (Email Service): EU data centers available, GDPR-compliant with ISO 27001 certification and Standard Contractual Clauses
Google Ads (Conversion Tracking): US-based, GDPR-compliant with Standard Contractual Clauses, anonymized data processing for marketing conversion events

6.2 Legal Requirements

We may disclose your data when required by Luxembourg or EU law, court orders, or governmental authorities.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred. You will be notified of any such change and your rights will be maintained.

7. International Data Transfers

Your data is primarily stored and processed within the European Economic Area (EEA). When data is transferred outside the EEA, we ensure appropriate safeguards:

Adequacy Decisions: Transfers to countries recognized by the EU Commission as providing adequate protection
Standard Contractual Clauses (SCCs): EU-approved contractual terms with non-EEA processors
Additional Safeguards: Encryption, access controls, and transfer impact assessments where required

US Data Transfers: For services hosted in the US (e.g., Netlify), we rely on Standard Contractual Clauses and ensure compliance with the EU-US Data Privacy Framework where applicable.

8. Your Rights Under GDPR

You have the following rights regarding your personal data under the GDPR:

Right of Access (Article 15): Request a copy of your personal data we hold
Right to Rectification (Article 16): Correct inaccurate or incomplete data
Right to Erasure (Article 17): Request deletion of your data ("right to be forgotten") under certain conditions
Right to Restriction (Article 18): Limit how we use your data in specific circumstances
Right to Data Portability (Article 20): Receive your data in a structured, commonly used, machine-readable format
Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing
Right to Withdraw Consent (Article 7(3)): Withdraw consent at any time without affecting the lawfulness of previous processing
Right Not to Be Subject to Automated Decision-Making (Article 22): We do not use automated decision-making or profiling

How to Exercise Your Rights

Contact us at: wilson.martins@nosliwit.com or +352 621 711 642

We will respond to your request within 30 days (extendable to 60 days for complex requests with notification).

Free of charge: Exercising your rights is free unless requests are manifestly unfounded or excessive.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

Technical Measures:

Encryption: SSL/TLS encryption for all data transmission (HTTPS)
Secure Hosting: Data centers with physical and digital security controls
Access Controls: Role-based access, strong authentication, and password policies
Regular Backups: Encrypted backups with secure storage
Security Monitoring: Regular vulnerability assessments and security audits

Organizational Measures:

Staff training on data protection and GDPR compliance
Confidentiality agreements with employees and contractors
Data breach response procedures
Regular review and update of security policies

Important: No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. We will notify you and the CNPD of any data breach within 72 hours if required by law.

10. Data Processing Activities Record

In accordance with Article 30 of the GDPR, we maintain an internal record of our data processing activities. This record includes:

Purposes of processing
Categories of data subjects and personal data
Recipients of personal data
Data transfers to third countries
Retention periods
Security measures

This record is available to the CNPD upon request during inspections or investigations.

11. Cookies and Tracking

Our website uses cookies to enhance your browsing experience and analyze website usage.

What are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us remember your preferences and understand how you use our site.

Types of Cookies We Use:

Cookie Type	Purpose	Duration	Consent Required
Essential Cookies	Enable basic website functionality, security, and navigation	Session/1 year	No (strictly necessary)
Analytics Cookies	Understand visitor behavior, page views, and site performance (Google Analytics 4)	2 years	Yes
Preference Cookies	Remember your language and region preferences	1 year	No (functionality)

Managing Cookies

You can control and delete cookies through your browser settings:

Google Chrome: Settings > Privacy and Security > Cookies
Firefox: Options > Privacy & Security > Cookies
Safari: Preferences > Privacy > Cookies
Edge: Settings > Cookies and Site Permissions

Note: Disabling essential cookies may affect website functionality. You can withdraw consent for analytics cookies at any time through our cookie banner or browser settings.

Cookie Consent: When you first visit our website, you will see a cookie banner allowing you to accept or reject non-essential cookies. Your consent choices are stored for 12 months.

12. Third-Party Links

Our website may contain links to third-party websites, social media platforms, or external services. We are not responsible for the privacy practices or content of these external sites.

Recommendation: Please review the privacy policies of any third-party sites you visit. Our Privacy Policy applies only to data collected through nosliwit.com.

13. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children.

If we become aware that we have inadvertently collected data from a child under 18 without parental consent, we will take immediate steps to delete such information from our systems.

If you believe we have collected data from a child, please contact us immediately at wilson.martins@nosliwit.com.

14. Data Protection Impact Assessments (DPIA)

In accordance with Article 35 of the GDPR, we conduct Data Protection Impact Assessments (DPIAs) when our processing activities are likely to result in high risk to individuals' rights and freedoms.

Currently, our standard business operations (contact forms, customer relationship management) do not require DPIAs. However, we continuously monitor our processing activities and will conduct DPIAs if we introduce new technologies or processing methods that may pose higher risks.

15. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or technological developments.

Minor Changes: Updated on this page with a new "Last Updated" date
Significant Changes: We will notify you via email (if we have your contact information) or through a prominent notice on our website at least 30 days before the changes take effect

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

16. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal data:

nosliW iT SARL-S
Rue de Strasbourg, 2
L-2560 Luxembourg
Luxembourg
Email: wilson.martins@nosliwit.com
Phone: +352 621 711 642
Response Time: Within 30 days of receipt

17. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Luxembourg supervisory authority:

Commission Nationale pour la Protection des Données (CNPD)
15, Boulevard du Jazz
L-4370 Belvaux
Luxembourg
Phone: (+352) 26 10 60 - 1
Email: info@cnpd.lu
Website: https://cnpd.public.lu

You also have the right to lodge a complaint with the supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

Version History: This Privacy Policy (Version 2.0) was last updated on September 29, 2025, to enhance GDPR compliance and provide clearer information about our data processing activities.

Back to Homepage