Privacy Notice

Nurion Labs GmbH · Harkortstraße 95 · 22765 Hamburg · Germany. Data subject rights and privacy enquiries: privacy@nurion.com.

We have not appointed a Data Protection Officer because we do not currently meet the statutory threshold under § 38 BDSG. The dedicated dpo@nurion.com inbox is monitored as the future contact point and currently forwards to privacy@nurion.com.

Account and subscription data

Email, name, organization name, billing address, VAT ID, payment identifiers from Mollie. Lawful basis: Art. 6(1)(b) GDPR (performance of contract). Retention: for the term of the subscription, plus statutory retention periods under § 257 HGB and § 147 AO (six to ten years for billing-relevant records).

Provision of the account and subscription data above is a contractual requirement: without it we cannot create the account, issue invoices, or provide the service. You are not statutorily obliged to provide this data, but if you choose not to, we will not be able to enter into or perform the subscription contract with you (Art. 13(2)(e) GDPR).

Customer Data inside the products

The content you create or import into Desk, Meet, and Funnel (notes, transcripts, summaries, leads, contact records). Lawful basis: Art. 6(1)(b) GDPR (performance of contract). Retention: deleted on customer request or within thirty (30) days of subscription termination, in line with the DPA.

Server logs and security events

Pseudonymous request metadata, IP address (for the duration of the security window), user-agent, and timing data. Lawful basis: Art. 6(1)(f) GDPR (legitimate interest in service security and stability). Retention: thirty (30) days, except where required for incident investigation.

Product telemetry

Pseudonymous, opt-out telemetry (feature usage counters, error rates, performance traces) emitted by the Desk client to help us improve quality. The telemetry stream contains no Customer Data and no human-readable content from your work. Lawful basis: Art. 6(1)(f) GDPR (legitimate interest in product improvement). You can disable telemetry per device in Settings → Privacy at any time.

Marketing-website analytics

Cookieless, IP-anonymised page-view counts via Plausible Analytics (Plausible Insights OÜ, Estonia/EU). No cross-site tracking, no fingerprinting, no third-party cookies. Lawful basis: Art. 6(1)(f) GDPR.

Marketing communications

Where we send promotional email outside an active service relationship, we do so on the basis of your prior consent (Art. 6(1)(a) GDPR, § 7 UWG) and only after a double opt-in. You can withdraw consent at any time using the unsubscribe link in any message or by emailing privacy@nurion.com.

We rely on a small number of vetted subprocessors. The current, live list — including the transfer mechanism for any non-EEA subprocessor — is published at nurion.com/legal/subprocessors.

Under the GDPR you have the right to access (Art. 15), rectify (Art. 16), erase (Art. 17), restrict processing (Art. 18), data portability (Art. 20), and to object to processing based on legitimate interest (Art. 21), as well as the right to withdraw consent at any time without affecting the lawfulness of processing carried out on the basis of consent before the withdrawal.

To exercise any of these rights, email privacy@nurion.com. We respond within thirty (30) days.

You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement (Art. 77 GDPR). The competent authority for Nurion Labs GmbH is the Hamburgischer Beauftragte für Datenschutz und Informationsfreiheit (Ludwig-Erhard-Str. 22, 20459 Hamburg, datenschutz-hamburg.de).

Technical and organisational measures are described on our public Security overview page.

We may update this notice to reflect changes to our products or legal obligations. Material changes will be notified by email or in-product notice. The version and last-updated date below are the authoritative reference.