Privacy Policy

1. Controller

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Nephelix Nova Ltd
Centris Business Gateway, Level 4/W
Triq is-Salib tal-Imriehel, Zone 3
Birkirkara, CBD 3020, Malta
Email:

2. Overview of Data Processing

Types of data processed

• Contact data (name, email address, company name) when voluntarily provided via email
• Content of your message when sent via email
• Usage data and metadata automatically transmitted by your browser (IP address, browser type and version, operating system, referrer URL, date and time of access)

3. Hosting

This website is hosted by Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. When you visit this website, Cloudflare processes your IP address and technical metadata to deliver the page content. This is necessary for the operation of the website and constitutes a legitimate interest pursuant to Article 6(1)(f) GDPR.

Cloudflare is certified under the EU-US Data Privacy Framework. For more information, see Cloudflare's Privacy Policy.

4. Web Fonts

This website uses self-hosted web fonts (Space Grotesk, Geist Mono). The font files are served directly from our own hosting infrastructure. No data is transmitted to third-party font providers.

5. Email Contact

When you contact us by email, the data you provide (name, email address, company, and message content) is processed for the purpose of responding to your inquiry. The legal basis is Article 6(1)(b) GDPR (pre-contractual measures) or Article 6(1)(f) GDPR (our legitimate interest in responding to inquiries).

We retain the data you submit via email until you request its deletion, revoke your consent to its storage, or the purpose for its storage no longer applies. Mandatory statutory provisions — in particular retention periods — remain unaffected.

6. Server Log Files

The hosting provider automatically collects and stores information in server log files that your browser transmits automatically. These are:

• Browser type and version
• Operating system
• Referrer URL
• IP address (anonymized where possible)
• Date and time of the request

This data is not combined with other data sources. The basis for processing is Article 6(1)(f) GDPR — our legitimate interest in ensuring the stability and security of our website.

7. Cookies

This website does not set any cookies for analytics or tracking purposes. Essential technical cookies may be used by the hosting provider (Cloudflare) for security purposes such as bot detection. These are strictly necessary and do not require consent pursuant to Article 6(1)(f) GDPR.

8. Your Rights

Under the GDPR, you have the following rights with respect to your personal data:

• Right of access (Article 15 GDPR) — You may request confirmation of whether personal data concerning you is being processed and, if so, obtain access to that data.
• Right to rectification (Article 16 GDPR) — You may request the correction of inaccurate personal data or the completion of incomplete data.
• Right to erasure (Article 17 GDPR) — You may request the deletion of your personal data where there is no legal obligation to retain it.
• Right to restriction of processing (Article 18 GDPR) — You may request that the processing of your data be restricted under certain circumstances.
• Right to data portability (Article 20 GDPR) — You may request to receive the personal data you provided in a structured, commonly used, and machine-readable format.
• Right to object (Article 21 GDPR) — You may object to the processing of your personal data based on legitimate interests at any time. We will then cease processing unless we can demonstrate compelling legitimate grounds.
• Right to withdraw consent (Article 7(3) GDPR) — You may withdraw any consent given at any time with future effect.
• Right to lodge a complaint — You have the right to lodge a complaint with a supervisory authority. The competent authority for Malta is the Office of the Information and Data Protection Commissioner (IDPC), idpc.org.mt.

9. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Email correspondence is retained for the duration of the business relationship and for up to 6 years thereafter to comply with statutory retention obligations under Maltese and applicable DACH commercial law. Server log files are retained for a maximum of 30 days.

10. Changes to This Policy

We reserve the right to update this privacy policy to reflect changes in our practices or for legal, regulatory, or operational reasons. The current version is always available on this page with the "Last updated" date above.