Privacy policy
Last updated: 6 February 2026
This notice explains how Nuclear Instruments S.r.l. (“we”, “us”, the “Controller”, “NI”, “Nuclear Instruments”) processes personal data of users who interact with our online services.
We are committed to protecting your privacy and ensuring the security of your personal data. We process your data in compliance with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.
1. Data Controller
- Controller: Nuclear Instruments S.r.l.
- Registered office: Via Lecco 16, Lambrugo (CO), Italy
- VAT / Tax ID: IT03451890135
- Privacy contact email: info@nuclearinstruments.eu
2. Scope
This policy applies to the use of Nuclear Instruments web services, including restricted areas, contact forms, newsletters, and authenticated features.
3. Categories of personal data
We may process the following categories of personal data:
- Browsing data: IP address, access logs, device identifiers, technical and security events.
- Data you provide: name, surname, email, phone, message/form contents, attachments.
- Account & authentication data: username, user ID, roles, preferences, OIDC/OAuth2 tokens/claims.
- Service & product data: shipping/billing addresses, order numbers, RMAs, technical configurations.
- Payment data: handled by third-party providers (e.g., Stripe/PayPal). We only receive non-sensitive transaction outcomes.
4. Purposes and legal bases (Art. 6 GDPR)
| Purpose | Legal basis |
|---|---|
| Provide the service, manage accounts, fulfill orders/requests | Contract / pre-contractual measures |
| Technical assistance and support tickets | Legitimate interest |
| Security, abuse prevention, diagnostics, logging | Legitimate interest |
| Legal compliance (tax/accounting, authorities' orders) | Legal obligation |
| Service communications (non-marketing) | Legitimate interest / Contract |
| Newsletter/marketing | Consent (revocable) |
| Recruitment (CVs) | Pre-contractual measures / Consent (if requested) |
5. Whether data must be provided
Fields marked as mandatory are necessary to deliver the requested services; failure to provide them may prevent delivery. Consent-based activities are optional.
6. Data retention
We keep data only as long as necessary for the stated purposes, unless longer retention is required by law or for the establishment, exercise, or defense of legal claims.
| Purpose | Legal basis |
|---|---|
| Support tickets (content, attachments, history) | 10 years from ticket closure |
| Service/technical data (configs, product events, RMAs) | As needed for service quality & safety; generally up to 10 years unless longer required for legal claims/safety |
| Accounts & profiles | While the account is active; after deactivation, minimum retention for dispute handling and audit |
| Security & access logs | 12-24 months |
| Tax/accounting data | 10 years (Italian law) |
| Newsletter/marketing | Until consent withdrawal or prolonged inactivity |
| Job applications (CVs) | 12 months unless longer retention is consented |
On request, we can erase or restrict personal data where applicable. Some information may be retained in pseudonymised or aggregated form for security, statistics, or legal defense.
7. Recipients and processors
Processors (Art. 28): hosting, IT maintenance, email/SMTP, CRM, help-desk/ticketing, backup, security, analytics, payment.
Independent recipients: public authorities and professionals (legal/accounting) when necessary. Data Processing Agreements are in place with all processors.
8. International transfers
Some providers may process data in non-EU countries. We use Standard Contractual Clauses (SCCs) and additional safeguards where required. Details are available upon request.
9. Data security
We implement appropriate technical and organisational measures: encryption in transit/at rest, access controls, environment segregation, backups, logging/monitoring, minimisation, and privacy by design/by default.
10. Automated decisions and profiling
We do not carry out automated decisions producing legal effects nor meaningful profiling.
11. Your rights (Arts. 15-22 GDPR)
You may request access, rectification, deletion, restriction, objection (including to processing based on legitimate interest), data portability, and withdrawal of consent.
12. How to exercise your rights
Contact info@nuclearinstruments.eu or write to our registered office. We may request information necessary to verify your identity.
13. Children
The service is intended for users aged 16+. Where data from minors may be processed, we will obtain, when required, consent from those holding parental responsibility.
14. Cookies and similar technologies
We use essential cookies for service functionality. See our Cookie Policy for details on types, purposes, storage periods, and preference management.
15. Changes to this notice
We may update this policy to reflect legal or technical changes. The current version is always published with the latest update date.
16. Contacts
- Controller: Nuclear Instruments S.r.l.
- Privacy email: info@nuclearinstruments.eu
- Registered office: Via Lecco 16, Lambrugo (CO), Italy