Privacy Policy
Last updated: December 28, 2025
NK Consulting (operating brand of cd4 solutions limited, New Mexico, USA) is the Data Controller responsible for protecting your personal data in accordance with the EU Regulation 2016/679 (GDPR).
1. Who We Are and Contacts
- Data Controller: NK Consulting (brand of cd4 solutions limited)
- Legal Seat: New Mexico, USA (Albuquerque)
- Privacy Contact: [email protected]
- Data Officer: Nico (Lead Strategist)
2. Data We Collect and Why
We follow the Data Minimization principle (GDPR Art. 5): we only collect data strictly necessary to provide our services.
Categories of Data
- Identification Data: Name, email, nationality, tax residency.
- Financial and Asset Data: Description of assets, source of wealth (required for analysis, asset protection, and AML/KYC compliance).
- KYC/AML Data: Identity document, proof of address (mandatory for anti-money laundering regulations).
- Minimal Technical Data: IP address, browser type (for site analytics).
We do NOT collect sensitive data such as biometric, genetic, or health data.
3. Legal Basis and Retention Period
| Data | Legal Basis (GDPR Art. 6) | Duration |
|---|---|---|
| Contact Info | Contract performance | Relationship duration + 5 years |
| Asset Analysis | Contract performance | Relationship duration + 10 years (tax law) |
| KYC/AML Data | Legal obligation | 7-10 years (regulation) |
4. Storage, Protection, and Transfers
Your data is stored on our internal, proprietary storage, not on third-party cloud services. Protection measures include AES-256 encryption, limited access, and offline backups.
For international transfers (e.g., to non-EU banks), we use Standard Contractual Clauses (SCCs) and Data Processing Agreements (DPAs) to ensure GDPR-level protection.
5. Data Access
Access is internally restricted to Nico and authorized staff. Externally, data may be shared with our network of specialists (accountants, lawyers, banking partners) only to perform the service and under a DPA. We may disclose data to Public Authorities if required by law.
6. Your Rights (GDPR)
You have the right to: Access, Rectification, Erasure (Right to be forgotten, with legal exceptions), Restriction, Portability, and Objection. To exercise your rights, please contact [email protected].
7. Security and Data Breach
In the event of a data breach, we will conduct an immediate investigation and, if the risk is high, notify you and the competent authority within 72 hours.
8. International Compliance
In addition to GDPR, we adhere to regulations such as FATCA (for U.S. citizens/residents) and CRS (automatic exchange of tax information between ~100 countries).
9. Cookie Policy
Our website does not use marketing tracking cookies. We only use essential cookies and, with consent, minimal analytics cookies.
10. Contacts and Complaints
For questions or to file a complaint, please write to [email protected]. You also have the right to lodge a complaint with your national Data Protection Authority (e.g., GPDP in Italy).