GDPR Compliance

Last updated: April 11, 2026

Our Commitment to GDPR

NinoPOS is fully committed to compliance with the General Data Protection Regulation (GDPR), which came into effect on May 25, 2018. We understand the importance of protecting personal data and have implemented comprehensive measures to ensure that your data is handled securely and in accordance with EU data protection laws.

Data Controller Information

NinoPOS Inc.

123 Business StreetTech City, TC 12345United States

Data Protection Officer: dpo@ninopos.com

General Inquiries: privacy@ninopos.com

Legal Basis for Processing

Under GDPR Article 6, we process personal data based on the following legal grounds:

1

Contractual Necessity (Article 6(1)(b))

Processing necessary for the performance of a contract with you or to take steps at your request before entering into a contract.

2

Legal Obligation (Article 6(1)(c))

Processing necessary for compliance with a legal obligation to which we are subject (e.g., tax and accounting requirements).

3

Legitimate Interests (Article 6(1)(f))

Processing necessary for the purposes of our legitimate interests, provided your interests and fundamental rights do not override those interests.

4

Consent (Article 6(1)(a))

Processing based on your explicit consent, which you can withdraw at any time (e.g., for marketing communications).

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access (Article 15)

You have the right to obtain confirmation as to whether we process your personal data, and if so, access to that data and related information.

Right to Rectification (Article 16)

You have the right to obtain the rectification of inaccurate personal data concerning you without undue delay.

Right to Erasure (Article 17)

You have the right to obtain the erasure of your personal data without undue delay (“right to be forgotten”), subject to certain conditions.

Right to Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.

Right to Restrict Processing (Article 18)

You have the right to obtain restriction of processing where you contest the accuracy of the data, the processing is unlawful, or you object to processing.

Right to Object (Article 21)

You have the right to object at any time to processing of your personal data for direct marketing or based on legitimate interests.

Right to Withdraw Consent (Article 7)

Where processing is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing before withdrawal.

Right to Lodge a Complaint (Article 77)

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

How to Exercise Your Rights

To exercise any of your GDPR rights, you can:

  1. Access your account settings: Many data management options are available directly in your account dashboard under Settings → Privacy.
  2. Contact our DPO: Send an email to dpo@ninopos.com with your request.
  3. Use our Data Request Form: Fill out our contact form specifying your data request.

We will respond to your request within 30 days of receipt. If your request is complex or numerous, we may extend this period by two months, in which case we will notify you.

International Data Transfers

As a US-based company, we transfer personal data outside the European Economic Area (EEA). When we do so, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with our service providers
  • Regular security assessments and compliance audits
  • Encryption of data in transit and at rest

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Our retention periods are:

  • Account Information: Retained while your account is active plus 7 years for tax purposes
  • Transaction Data: Retained for 7 years as required by tax regulations
  • Marketing Data: Retained until you withdraw consent or opt out
  • Log Data: Retained for 12 months for security purposes

Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Regular security assessments and penetration testing
  • Access controls and multi-factor authentication
  • Employee training on data protection
  • Incident response procedures
  • Regular backups and disaster recovery plans

Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this privacy notice and our data protection practices. If you have any questions or concerns, please contact:

Data Protection Officer

dpo@ninopos.com

Response Time: We aim to respond to all inquiries within 48 hours.

Changes to This GDPR Notice

We may update this GDPR Compliance page from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated notice on this page and updating the “Last updated” date.

Contact Us

For any GDPR-related inquiries or to exercise your rights, please contact our Data Protection Officer at dpo@ninopos.com.

Privacy Policy|Terms of Service|Cookie Policy