🧾 Privacy Policy (Data Protection Policy)

1. Introduction

Welcome to NationsBase (“we,” “our,” “us”).

We operate an online community and information platform that connects immigrants, local businesses, and compatriot communities.

We are committed to protecting your personal data and processing it in compliance with the General Data Protection Regulation (GDPR – EU Regulation 2016/679), the German Federal Data Protection Act (BDSG), and other applicable European data protection laws.

This policy explains:

• What personal data we collect,
• How and why we process it,
• What rights you have,
• And how we protect your data.

By using our platform, you acknowledge that NationsBase acts primarily as a data processor and community platform, not the creator or owner of user-generated content.

2. Data Controller and Contact

Data Controller:

NationsBase

Hamburg, Germany

Data Protection Officer (DPO):

Amirhossein Cheraghi

📧 [email protected]

If you have any questions or complaints regarding data protection, you can contact us or the German supervisory authority (Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit).

3. Nature of the Platform and Responsibility Disclaimer

NationsBase provides an open community platform where users may publish, upload, and share information (such as business listings, community events, or immigration experiences).

We are not responsible for the accuracy, legality, or ownership of content posted by users.

Each user is solely responsible for the data, text, images, or documents they submit.

However, we take all reasonable technical and organizational measures to prevent unauthorized use or misuse of data within our platform.

4. What Data We Collect

5. Legal Basis for Processing

6. How We Use Your Data

We use your personal data to:

• Register and manage your user account.
• Provide access to community content and listings.
• Match you with relevant compatriot services and events.
• Respond to your inquiries and requests.
• Improve platform quality and user experience.
• Enforce our Terms & Conditions and prevent misuse.

We use your personal data to:

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined above:

• Account data: stored during active use + 24 months after inactivity.
• Uploaded documents: deleted upon account closure or written request.
• Analytics data: anonymized after 12 months.
• Backups: securely deleted within 90 days of account removal.

8. Data Security

We employ state-of-the-art security measures including:

• HTTPS / TLS encryption,
• Password hashing (bcrypt / argon2),
• Role-based access control,
• Firewalled cloud infrastructure (EU servers),
• Regular vulnerability and penetration testing.

Despite these precautions, no online system is fully secure, and users are responsible for safeguarding their login credentials.

9. Data Transfers Outside the EU

If your data is processed outside the European Economic Area (EEA), we ensure compliance through:

• EU Standard Contractual Clauses (SCCs), or
• Adequacy decisions by the European Commission (e.g. for Canada, Japan).

All service providers (e.g. AWS, Google, Stripe) are contractually bound to GDPR-compliant data processing.

10. User-Generated Content and Third-Party Data

NationsBase functions as an intermediary platform:

• Users are fully responsible for any personal data they post publicly (e.g. business listings, events, comments).
• If a user uploads data about third parties (e.g. another person’s name, business address), they must ensure they have that person’s consent.
• NationsBase does not verify or moderate every user submission in real time but will remove unlawful content upon notice (§ 10 TMG – Notice and Takedown principle).

11. Cookies and Tracking

We use cookies and similar technologies to enhance user experience.

Non-essential cookies (e.g. analytics, marketing) are disabled by default until you grant consent via our cookie banner.

For full details, please see our Cookie Policy.

12. Your Rights under GDPR

You have the following rights under Articles 15 - 22 GDPR:

• Right of access - Obtain a copy of your personal data.
• Right to rectification - Correct inaccurate data.
• Right to erasure - Request deletion of your data (“Right to be forgotten”).
• Right to restriction - Limit how we use your data.
• Right to data portability - Receive data in machine-readable format.
• Right to object - Object to processing for legitimate interests or marketing.
• Right to withdraw consent - Withdraw previously given consent at any time.

To exercise your rights, email: [email protected] We will respond within 30 days as required by GDPR (Art. 12 para. 3).

13. Liability Limitation

NationsBase acts as an intermediary hosting service under § 10 Telemediengesetz (TMG). We are not liable for user-generated content unless we have actual knowledge of illegal material and fail to act promptly.

Users are solely responsible for the legality, ownership, and accuracy of their submissions. We disclaim all liability for any damages arising from user-provided data or third-party misuse.

14. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available at https://nationsbase.com/privacy.

If changes materially affect user rights, we will notify registered users via email or app notification.

15. Contact

For privacy concerns, requests, or complaints:

NationsBase - Data Protection Office

Amirhossein Cheraghi

✅ Key legal protections now included:

• GDPR-compliant structure (Articles 5–30).
• Explicit liability limitation (§ 10 TMG).
• Clear statement that NationsBase is a platform (not data owner).
• Data-subject rights + legal deadlines.
• Data-transfer safeguards.
• Strong security & retention clauses.