Back to Home

Privacy Policy

Last Updated: March 18, 2026

Introduction

Nocelion.com ("we," "our," or "us") is committed to protecting your privacy and ensuring transparency in how we collect, use, and protect your personal information. This Privacy Policy explains our practices in compliance with the General Data Protection Regulation (GDPR), UK GDPR, California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and the ePrivacy Directive.

1. Data Controller Information

Business Name: Nocelion.com

Contact Email: privacy@nocelion.com

Website: https://nocelion.com

For EU/UK residents, we serve as the Data Controller for your personal information.

2. Information We Collect

We collect and process the following categories of personal information:

2.1 Information You Provide Directly

Data Type Examples Purpose Legal Basis (GDPR)
Contact Information Name, email address, phone number, mailing address Service provision, communication, responding to inquiries Consent, Contractual Necessity
Professional Information Company name, job title, industry, business needs Service customization, consultation Consent, Legitimate Interest
Inquiry/Form Data Messages, consultation requests, service preferences, project requirements Responding to inquiries, service delivery, consultation scheduling Consent, Contractual Necessity
Communication Preferences Newsletter subscription, email frequency, communication method Delivering requested content, marketing communications Consent

2.2 Information Collected Automatically

Data Type Examples Purpose Legal Basis (GDPR)
Technical Information IP address, browser type, device information, operating system, screen resolution Site functionality, security, fraud prevention, analytics Legitimate Interest
Usage Data Pages visited, time spent, click patterns, referral source, navigation path Site improvement, user experience optimization, content personalization Consent (for analytics cookies)
Location Data General geographic location (country, region, city) based on IP address Content localization, compliance with regional laws Legitimate Interest
Cookies and Tracking Technologies Cookie IDs, session data, preferences User experience, preference storage, analytics Consent (for non-essential cookies)

2.3 Information From Third Parties

We may receive information from third-party services you use to interact with us:

  • Social Media: If you contact us via social media, we may receive public profile information
  • Business Partners: Referrals or recommendations from trusted partners
  • Public Sources: Publicly available business information (company websites, LinkedIn, etc.)

3. How We Use Your Information

We use your personal information for the following business purposes:

  • Service Provision: To provide executive consulting services, technology strategy, consultations, and respond to your inquiries
  • Communication: To send you requested information, updates, newsletters, and respond to your messages
  • Site Improvement: To analyze site usage, understand user behavior, and improve user experience
  • Security: To protect against fraud, unauthorized access, and ensure site security
  • Legal Compliance: To comply with legal obligations, enforce our Terms of Service, and protect our legal rights
  • Marketing: To send promotional content, industry insights, and service updates (with your consent)
  • Personalization: To customize content and recommendations based on your interests
  • Analytics: To measure website performance, track engagement, and optimize content

4. Legal Bases for Processing (GDPR)

For EU/UK residents, we process your personal data based on the following legal grounds:

  • Consent: You have given explicit consent for specific processing activities (e.g., marketing emails, analytics cookies)
  • Contractual Necessity: Processing is necessary to fulfill a contract with you (e.g., providing requested services)
  • Legitimate Interest: Processing is necessary for our legitimate business interests (e.g., fraud prevention, site security, internal analytics)
  • Legal Obligation: Processing is required to comply with legal requirements (e.g., tax reporting, responding to legal requests)

5. International Data Transfers

We are based in the United States. If you are located in the EU/UK, your personal information may be transferred to, stored, and processed in the United States.

Safeguards for EU/UK Residents:

  • Standard Contractual Clauses (SCCs): We use EU Commission-approved Standard Contractual Clauses for data transfers
  • Privacy Shield Successor Mechanisms: We follow successor frameworks that replace Privacy Shield
  • Cloudflare Data Protection: Our hosting provider Cloudflare has robust data protection measures and complies with GDPR

Your Rights: EU/UK residents have the right to object to international data transfers and can contact us for more information.

6. Your Privacy Rights

Your rights vary based on your location. We respect and honor all applicable rights.

6.1 Rights for All Users

  • Right to Access: Request a copy of the personal information we hold about you
  • Right to Correction: Request correction of inaccurate or incomplete information
  • Right to Deletion: Request deletion of your personal information (subject to legal retention requirements)

6.2 Additional Rights for EU/UK Residents (GDPR/UK GDPR)

  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data under certain circumstances
  • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes
  • Right to Restrict Processing: Request limitation of processing in certain circumstances
  • Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format
  • Right to Withdraw Consent: Withdraw consent at any time (for processing based on consent)
  • Right to Lodge a Complaint: File a complaint with your local Data Protection Authority (DPA)

How to Exercise Your Rights:

Email us at privacy@nocelion.com with subject "GDPR Data Request" or "UK GDPR Data Request"

Response Time: We will respond within 30 days (1 month) as required by GDPR

Find Your Data Protection Authority: EDPB Member List

6.3 Additional Rights for California Residents (CCPA/CPRA)

  • Right to Know: Request disclosure of categories and specific pieces of personal information collected, sold, or shared
  • Right to Delete: Request deletion of personal information (with certain exceptions)
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out: Opt out of the sale or sharing of personal information
  • Right to Limit: Limit the use and disclosure of sensitive personal information
  • Right to Non-Discrimination: Exercise your privacy rights without discriminatory treatment

How to Exercise Your Rights:

Email us at privacy@nocelion.com with subject "California Privacy Request" or use the "Do Not Sell or Share My Personal Information" link in our footer

Response Time: We will respond within 45 days as required by CCPA/CPRA

Verification: We may request additional information to verify your identity before fulfilling requests

7. Global Privacy Control (GPC)

We honor the Global Privacy Control (GPC) signal as a valid request to opt out of the sale or sharing of your personal information under CCPA/CPRA. If your browser or browser extension sends a GPC signal, we will automatically treat it as a request to opt out.

What is GPC?

Global Privacy Control is a browser setting or extension that sends a signal to websites indicating you do not want your personal information sold or shared.

How to Enable GPC:

  • Use a browser with built-in GPC support (e.g., Brave, DuckDuckGo Privacy Browser)
  • Install a GPC browser extension (e.g., OptMeowt, Privacy Badger)

Learn more: https://globalprivacycontrol.org

8. Data Sharing and Disclosure

8.1 We Do NOT Sell Your Personal Information

For California Residents: We DO NOT sell your personal information for monetary consideration.

For All Users: We DO NOT sell, rent, or trade your personal information to third parties for their marketing purposes.

8.2 When We Share Your Information

We may share your personal information with the following categories of third parties:

Recipient Category Purpose Examples
Service Providers Hosting, analytics, CRM, form management, email delivery, security Cloudflare (hosting), HubSpot (CRM, analytics, forms), LinkedIn (campaign analytics), email service providers
Business Partners Referrals, joint services, collaborative projects Trusted technology partners, consulting collaborators
Legal Authorities Compliance with legal obligations, law enforcement requests Government agencies, courts, regulators
Successors Mergers, acquisitions, business transfers Acquiring companies (in the event of a sale or merger)

8.3 Data Processing Agreements

All third-party service providers that process personal data on our behalf are contractually bound to:

  • Process data only for specified purposes
  • Implement appropriate security measures
  • Comply with GDPR, UK GDPR, and CCPA/CPRA requirements
  • Not use your data for their own purposes

9. Data Retention

We retain your personal information only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

Data Type Retention Period Justification
Contact Information 3 years after last interaction Business relationship maintenance, inquiry follow-up
Consultation Records 7 years after service completion Legal obligations, professional standards
Marketing Communications Until you unsubscribe Ongoing consent-based relationship
Analytics Data Up to 2 years Trend analysis, site improvement
Cookie Data Session to 2 years (varies by cookie) Functionality, analytics, consent records
Legal Records 7+ years Legal compliance, statute of limitations

Data Deletion: After the retention period, we securely delete or anonymize your personal information.

10. Data Security

We implement appropriate technical and organizational security measures to protect your personal information from unauthorized access, loss, misuse, alteration, or destruction:

10.1 Technical Measures

  • Encryption: Data in transit is protected using TLS/SSL encryption (HTTPS)
  • Secure Hosting: Cloudflare Workers with enterprise-grade security
  • Firewall Protection: Web Application Firewall (WAF) to block malicious traffic
  • DDoS Protection: Cloudflare's DDoS mitigation protects against attacks
  • Access Controls: Restricted access to personal data on a need-to-know basis

10.2 Organizational Measures

  • Regular Security Reviews: Periodic security assessments and updates
  • Employee Training: Data protection and privacy training for all personnel
  • Incident Response Plan: Procedures for responding to data breaches
  • Third-Party Audits: Compliance with industry security standards

10.3 Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify Authorities: Inform relevant Data Protection Authorities within 72 hours (GDPR requirement)
  • Notify Affected Users: Inform you without undue delay if your data is affected
  • Remediate: Take immediate action to contain and remediate the breach

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies. For detailed information, including how to manage your cookie preferences, please see our Cookie Policy.

Cookie Categories:

  • Strictly Necessary: Essential for site functionality (always active)
  • Performance/Analytics: Help us understand site usage (consent required)
  • Functional: Remember preferences and personalize experience (consent required)
  • Marketing: Targeted advertising (consent required)

11.1 HubSpot Tracking and Analytics

We use HubSpot for customer relationship management (CRM), form management, and analytics. HubSpot may collect and process the following information:

  • Contact Form Data: Information you provide when filling out contact forms (name, email, company, inquiry details)
  • Website Analytics: Pages visited, time on site, referring sources, browser information, IP address
  • Interaction Data: How you interact with our website and forms, including form submissions and completions
  • Device Information: Browser type, operating system, device identifiers

HubSpot Cookies:

Cookie Name Purpose Duration Category
__hstc Main tracking cookie - identifies unique visitors 13 months Analytics
hubspotutk Tracks visitor identity across sessions 13 months Analytics
__hssc Tracks individual sessions 30 minutes Analytics
__hssrc Indicates if visitor is in a new session Session Analytics
messagesUtk Stores user token for chat widget 13 months Functional

Legal Basis for HubSpot Processing:

  • Contact Forms: Contractual necessity and consent - processing is necessary to respond to your inquiries and provide requested services
  • Analytics: Consent - requires your consent to track website usage
  • CRM: Legitimate interest - managing customer relationships and service delivery

HubSpot Privacy: HubSpot is GDPR, UK GDPR, and CCPA compliant. View HubSpot's Privacy Policy at: https://www.hubspot.com/data-privacy/gdpr

How to Opt-Out of HubSpot Tracking:

  • Use our Cookie Preferences Center to disable analytics cookies
  • Enable Global Privacy Control (GPC) in your browser
  • Contact us at privacy@nocelion.com to request deletion of your HubSpot data

11.2 LinkedIn Insight Tag

We use the LinkedIn Insight Tag for campaign analytics and conversion tracking. The Insight Tag may collect the following information:

  • Page Views: URLs visited and referral URLs
  • Technical Data: IP address (anonymized), browser type, operating system, device information
  • Interaction Data: Timestamps, page metadata

LinkedIn may match this data with LinkedIn member profiles for ad targeting and campaign measurement.

LinkedIn Cookies:

Cookie Name Purpose Duration Category
li_sugr Browser identifier for ad targeting 90 days Marketing
bcookie Browser ID cookie 1 year Marketing
lidc Data center routing 24 hours Marketing
UserMatchHistory LinkedIn Ads ID synchronization 30 days Marketing
AnalyticsSyncHistory Analytics ID synchronization 30 days Marketing
li_fat_id Member indirect identifier 30 days Marketing

Legal Basis for LinkedIn Processing:

  • Campaign Analytics: Consent - requires your consent to track website usage for advertising purposes
  • Conversion Tracking: Consent - measures effectiveness of LinkedIn ad campaigns

LinkedIn Privacy: LinkedIn is GDPR and CCPA compliant. View LinkedIn's Privacy Policy at: https://www.linkedin.com/legal/privacy-policy

How to Opt-Out of LinkedIn Tracking:

  • Use our Cookie Preferences Center to disable marketing cookies
  • Enable Global Privacy Control (GPC) in your browser
  • Contact us at privacy@nocelion.com to request deletion of your LinkedIn tracking data

12. Children's Privacy

Our Services are not directed to children under 16 years of age (13 in the US). We do not knowingly collect personal information from children.

If We Discover Child Data:

  • We will delete the data immediately
  • We will notify parents/guardians if contact information is available

Parental Rights: If you believe we have collected data from your child, contact us at privacy@nocelion.com with subject "Child Privacy Request"

13. Do Not Track (DNT) Signals

We do not currently respond to Do Not Track (DNT) browser signals, as there is no uniform industry standard for DNT compliance.

However, we DO honor Global Privacy Control (GPC) signals for all visitors as a recognized opt-out mechanism. For California residents, GPC is legally recognized under CCPA/CPRA.

14. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings.

Notice of Changes:

  • The "Last Updated" date at the top will be updated
  • Material changes will be communicated via prominent notice on our website
  • For significant changes affecting your rights, we may notify you via email (if we have your email address)
  • Continued use of Services after changes constitutes acceptance of the updated Privacy Policy

Recommendation: Review this Privacy Policy periodically to stay informed about how we protect your information.

15. Contact Us

For privacy-related questions, concerns, or to exercise your rights, please contact us:

Email: privacy@nocelion.com

Subject Line: Include "Privacy Request" or "Data Rights Request"

Response Time:

  • All Users: Within 30 days
  • EU/UK Residents (GDPR): Within 30 days (1 month)
  • California Residents (CCPA/CPRA): Within 45 days

For EU/UK Residents:

If you are not satisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority.

California-Specific Disclosure

Categories of Personal Information Collected (Last 12 Months)

Category Collected? Sources Business Purpose Shared With
Identifiers (name, email, IP address) Yes Directly from you, automatically Service provision, communication, security Service providers
Commercial information (inquiry details, service interests) Yes Directly from you Service customization, consultation Service providers
Internet/network activity (browsing, clicks) Yes Automatically Analytics, site improvement Service providers (analytics, ad measurement)
Geolocation data (general location) Yes Automatically (IP-based) Content localization, compliance Service providers
Professional information (job title, company) Yes Directly from you Service customization Service providers

Sale or Sharing of Personal Information

We DO NOT SELL your personal information to third parties for monetary consideration.

California residents can opt out of the sale or sharing of personal information by clicking the "Do Not Sell or Share My Personal Information" link in our footer or by enabling Global Privacy Control (GPC) in your browser.

Acknowledgment

BY USING OUR SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL INFORMATION AS DESCRIBED IN THIS PRIVACY POLICY.

Last Updated: March 18, 2026

Effective Date: March 18, 2026

Nocelion.com - Executive Consulting Services

Empowering businesses through strategic technology leadership.

Terms of Service Cookie Policy Cookie Preferences

For questions, contact us at