Current as of 13 May 2026

Privacy Policy

The NucFinder platform is owned and operated by KLEORIX LTD, a company incorporated in Cyprus. This policy explains what personal data we collect, how we use it, your rights, and how to contact us.

1. Who we are

KLEORIX LTD is a private limited company incorporated in Cyprus.

  • Registration number: HE 490271
  • Registered address: Office 602, 6th floor, Apollo Court, 232 Arch. Makariou III Ave., Limassol, 3030, Cyprus
  • Data controller contact: privacy@nucfinder.com

Lead supervisory authority

Commissioner for Personal Data Protection, 1 Iasonos Street, 1082 Nicosia, Cyprus — www.dataprotection.gov.cy.

Note for EU/EEA users: if you are based in an EU/EEA member state, you may also lodge a complaint with your local data protection authority. As KLEORIX is established in Cyprus (an EU member state), the Cyprus Commissioner is our lead supervisory authority under the GDPR one-stop-shop mechanism.

Data Protection Officer

KLEORIX has assessed that appointment of a Data Protection Officer is not mandatory under Article 37 GDPR for its current operations. We keep this under review. For all data protection queries, contact privacy@nucfinder.com.

2. What personal data we collect

We collect the following categories of personal data:

  • Identity: Full name and professional role, where provided
  • Contact: Business email address and company contact details provided during registration or account administration
  • Company / KYC: Company name, registration number, VAT number, industry sector, KYC and verification information, which may include company verification documents and supporting documents relating to authorised representatives where required for verification
  • Account credentials: Email address, hashed password, and account security records
  • Platform usage: Pages visited, searches, listings viewed, features used, time on platform
  • Communications: Support tickets, platform messages, email correspondence
  • Billing: Invoice contact name, billing email, payment reference (no card data stored by KLEORIX)
  • Technical: IP address, browser type, device type, session tokens, access logs
  • Communications preferences: Notification and communication preferences where such settings are made available

We do not intentionally request special category personal data. Users should not upload special category data unless strictly required by law or expressly requested as part of a documented compliance process. The platform is for B2B professional use only — we do not knowingly collect data from individuals under 18.

3. Why we use your data and on what basis

We process personal data for the following purposes:

  • Account creation and management: Based on contract performance (Art. 6(1)(b) GDPR). Retained for account duration + 5 years.
  • KYC / identity verification: Based on legal obligation (Art. 6(1)(c)) and legitimate interests (Art. 6(1)(f)). Retained for 5 years from onboarding.
  • Platform access and features: Based on contract performance (Art. 6(1)(b)). Retained for duration of subscription.
  • Payment processing and invoicing: Based on contract performance (Art. 6(1)(b)). Retained for 10 years (tax / accounting obligations).
  • Customer support: Based on legitimate interests (Art. 6(1)(f)). Retained for 3 years from last interaction.
  • Security and fraud prevention: Based on legitimate interests (Art. 6(1)(f)). Retained for 12 months (logs); longer if incident.
  • Platform analytics and improvement: Based on legitimate interests (Art. 6(1)(f)) — limited usage and search interaction data; consent where required for non-essential tracking. Retained for 24 months pseudonymised.
  • Service notifications and updates: Based on contract performance (Art. 6(1)(b)). Retained for duration of subscription.
  • Marketing communications (if introduced): Based on consent (Art. 6(1)(a)). Retained until consent withdrawn.
  • Legal compliance: Based on legal obligation (Art. 6(1)(c)). Retained as required by law.

Note on analytics: we collect limited platform usage and search interaction data to operate, secure, and improve the Platform. Where consent is required for non-essential cookies or tracking technologies, we will request it before activating them.

Note on legitimate interests: where we rely on legitimate interests, we have assessed that our interests are not overridden by your rights — particularly in the B2B / professional context. You have the right to object at any time.

4. Who we share your data with

No sale of personal data

We do not sell personal data.

Service providers (processors)

We share data with carefully selected third-party processors under GDPR Article 28 agreements. The following categories reflect processors operational at the time this policy was last updated. We maintain a current sub-processor list at www.nucfinder.com/subprocessors.

  • Cloud infrastructure (EU/EEA hosting)
  • Email delivery (transactional notifications)
  • Payment processor (PCI-DSS compliant; KLEORIX does not store card data)
  • Customer support platform
  • Analytics and telemetry tools (where deployed; pseudonymised data only)

Other platform users

Your company name, profile, and Listings are visible to other Users for marketplace purposes. Personal data of your representatives is generally not shared with other Users except where you or your organisation provide it through profile content, listings, direct communications, sourcing workflows, support interactions, or other platform actions that are intended to be visible to recipients.

Legal and regulatory disclosure

We disclose data where required by Cyprus law, EU law, court order, or a competent regulatory authority (including nuclear sector regulators). We will notify you where legally permitted.

Business transfers

In the event of a merger, acquisition, or business sale, data may transfer to the successor entity under equivalent protections.

5. International data transfers

KLEORIX is established in Cyprus, an EU member state. Processing within Cyprus and the EU/EEA does not require additional transfer safeguards.

Some of our processors may operate outside the EEA. In such cases we rely on: EU Standard Contractual Clauses (SCCs); adequacy decisions; or other appropriate GDPR Chapter V safeguards.

For users outside the EU/EEA: we handle your data in accordance with applicable law and our security standards. By using the platform, non-EU users consent to their data being processed in Cyprus and potentially other jurisdictions where our processors operate, subject to the protections described in this policy.

Contact privacy@nucfinder.com for details of specific safeguards for any transfer.

6. Your rights

Under GDPR, you have the following rights:

  • Access (Art. 15): Copy of all data we hold about you. Email privacy@nucfinder.com — 30 days to respond.
  • Rectification (Art. 16): Correct inaccurate data. Email or update account profile.
  • Erasure (Art. 17): Delete data where no legitimate reason to retain. Email — note tax/legal retention obligations apply.
  • Restriction (Art. 18): Pause processing in certain circumstances. Email privacy@nucfinder.com.
  • Portability (Art. 20): Receive a structured, machine-readable copy. Email — applies to automated processing of data you provided.
  • Object (Art. 21): Object to legitimate-interests processing or marketing. Email / unsubscribe link.
  • Withdraw consent: Withdraw at any time where processing is consent-based. Email or account settings.
  • Complaint: Complain to a supervisory authority. Cyprus Commissioner: www.dataprotection.gov.cy — or your local EU DPA if EU-based.

We respond within 30 days. There is no charge unless requests are manifestly unfounded or excessive. Identity verification may be required before we act on a request.

7. Cookies

We use cookies and similar technologies for session management, security, and limited platform functionality. Where non-essential cookies or similar technologies are introduced, we will provide an appropriate consent mechanism before activating them and update this policy accordingly.

8. Security

KLEORIX applies technical and organisational security measures appropriate to the risks involved, including access controls, encryption in transit, logging, and security procedures proportionate to the platform's operations.

Where a personal data breach is likely to result in a high risk to your rights and freedoms, we will notify affected individuals without undue delay in accordance with Article 34 GDPR, and the competent supervisory authority in accordance with Article 33 GDPR.

9. Children

NucFinder is a B2B platform intended for professional use by businesses operating in the nuclear industry. We do not knowingly collect or process personal data from individuals under the age of 18. If you believe we have inadvertently collected such data, please contact privacy@nucfinder.com and we will delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated at least 30 days in advance via the platform and by email to the account contact. Previous versions are available on request from privacy@nucfinder.com.

11. Contact

  • Email: privacy@nucfinder.com
  • Postal address: Office 602, 6th floor, Apollo Court, 232 Arch. Makariou III Ave., Limassol, 3030, Cyprus
  • Response time: within 5 business days