Nightingale Int. / Privacy

Privacy Policy

Effective: April 10, 2026 · Version 3.0

1. Introduction and Data Controller

Nightingale Int. (“we,” “us,” or “our”) operates the website nightingale-int.com. We are committed to protecting the privacy of individuals who visit our website, subscribe to our intelligence briefings, or submit inquiries through our contact forms.

This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have regarding your data. It applies to all visitors regardless of location and is designed to comply with the following regulations:

  • The General Data Protection Regulation (EU) 2016/679 (“GDPR”)
  • The UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018
  • The California Consumer Privacy Act as amended by the CPRA, Cal. Civ. Code Sections 1798.100–1798.199 (“CCPA”)
  • Other applicable data protection laws in the jurisdictions where we operate

Data Controller: Nightingale Int.
Email: privacy@nightingale-int.com

Providing your personal data is voluntary. However, if you do not provide certain information (such as your email address in a contact form), we may be unable to respond to your inquiry or deliver requested services.

2. What Data We Collect

2.1 Data You Provide Directly

  • Contact form submissions: Name, email address, company/organization (if provided), message content
  • Newsletter / waitlist signups: Email address, name (if provided)

2.2 Data Collected Automatically

  • Analytics data: Pages visited, time spent, referral source, click events (via Google Analytics)
  • Device and browser data: IP address (anonymized), browser type, operating system, screen resolution, language preference
  • Cookie data: Session identifiers, analytics identifiers (see Section 4)
  • Log data: Server access logs including IP address, timestamp, requested URL, HTTP status code

2.3 Data We Do Not Collect

We do not operate user accounts or login systems on the public website. We do not collect payment information or sensitive personal data (such as racial or ethnic origin, political opinions, or health data), and we do not engage in automated decision-making or profiling that produces legal effects.

3. How We Use Your Data

PurposeLegal Basis (GDPR)
Responding to inquiriesArt. 6(1)(b) — Pre-contractual measures
Sending intelligence briefingsArt. 6(1)(a) — Your consent
Website analytics and improvementArt. 6(1)(f) — Legitimate interest
Ensuring website securityArt. 6(1)(f) — Legitimate interest
Displaying interactive mapsArt. 6(1)(f) — Legitimate interest
Legal complianceArt. 6(1)(c) — Legal obligation

Where we rely on legitimate interest, we have conducted a balancing test and concluded that our interests do not override your rights and freedoms. You may object to processing based on legitimate interest at any time (see Section 8).

4. Cookies and Tracking Technologies

CookieProviderPurposeRetention
_gaGoogle AnalyticsDistinguishes visitors2 years
_ga_[ID]Google AnalyticsSession state2 years
ghost-members-ssrGhost CMSMember sessionSession

Third-party resources loaded (which may receive your IP address and basic request metadata): Google Fonts (fonts.googleapis.com), Tailwind CSS via CDN (cdn.tailwindcss.com), Phosphor Icons via CDN (unpkg.com), Chart.js via CDN (cdn.jsdelivr.net), Leaflet / OpenStreetMap tiles (tile.openstreetmap.org), and Unsplash images (images.unsplash.com). These providers may log your IP address in accordance with their own privacy policies.

Managing cookies: You can control cookies via your browser settings. To opt out of Google Analytics, install the Google Analytics Opt-out Add-on. We honor both the Do Not Track (DNT) and Global Privacy Control (GPC) browser signals.

5. Third-Party Services

  • Ghost CMS (Ghost Foundation, Singapore) — Content management and newsletter delivery. Privacy: ghost.org/privacy
  • Google Analytics 4 (Google LLC, USA) — Website usage analytics with IP anonymization enabled. Data retention: 14 months. Privacy: policies.google.com/privacy
  • Google Fonts (Google LLC, USA) — Typography rendering. When you load a page, your browser requests font files from Google servers, transmitting your IP address. Privacy: policies.google.com/privacy
  • CDN providers (Cloudflare, jsDelivr, unpkg) — Delivery of open-source libraries (Tailwind CSS, Phosphor Icons, Chart.js). These CDNs receive your IP address and standard HTTP request headers when loading resources
  • OpenStreetMap / Leaflet — Interactive maps on country pages. Privacy: osmfoundation.org
  • Unsplash (Unsplash Inc., USA) — Stock imagery
  • Contact form processing (n8n, self-hosted) — Data remains within our own infrastructure

6. International Data Transfers

Your data may be transferred to the United States (Google, Unsplash, CDN providers) and Singapore (Ghost Foundation). For transfers from the EEA and the UK, we rely on:

  • The EU–U.S. Data Privacy Framework (where applicable)
  • The UK Extension to the EU–U.S. Data Privacy Framework (UK–U.S. Data Bridge)
  • Standard Contractual Clauses (SCCs) approved by the European Commission, including the UK International Data Transfer Addendum where required
  • Adequacy decisions issued by the European Commission or the UK Secretary of State (where available)

You may request a copy of the relevant transfer safeguards by contacting privacy@nightingale-int.com.

7. Data Retention

DataRetention
Contact form submissions24 months after last interaction, then deleted
Newsletter subscriber dataUntil unsubscribe + 30 days, then deleted
Google Analytics data14 months (configured in GA4)
Cookie data (analytics)Up to 2 years (see Section 4)
Server log data90 days, then automatically purged

8. Your Rights

8.1 GDPR Rights (EEA, UK, Switzerland)

  • Access (Art. 15) — Obtain a copy of your data
  • Rectification (Art. 16) — Correct inaccurate data
  • Erasure (Art. 17) — Request deletion
  • Restriction (Art. 18) — Restrict processing
  • Portability (Art. 20) — Receive data in machine-readable format
  • Object (Art. 21) — Object to legitimate-interest processing
  • Withdraw consent (Art. 7(3)) — Withdraw at any time without affecting the lawfulness of processing based on consent before its withdrawal
  • Lodge a complaint (Art. 77) — File a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement: EDPB member list

To exercise any of these rights, contact privacy@nightingale-int.com. We will respond within 30 days of receiving your request. This period may be extended by a further two months where necessary, taking into account the complexity and number of requests.

8.2 CCPA/CPRA Rights (California Residents)

In the preceding 12 months, we have collected the following categories of personal information: identifiers (name, email address), internet or other electronic network activity information (browsing history, interactions with our website), and geolocation data (derived from IP address). We share these categories with the service providers listed in Section 5 solely for the business purposes described in Section 3.

  • Right to Know (Sec. 1798.100, 1798.110) — Categories and specific pieces of personal information collected, the sources of collection, the business purposes, and the categories of third parties with whom we share your data
  • Right to Delete (Sec. 1798.105) — Request deletion of your personal information
  • Right to Correct (Sec. 1798.106) — Request correction of inaccurate personal information
  • Right to Opt-Out of Sale or Sharing (Sec. 1798.120) — We do not sell or share personal information for cross-context behavioral advertising (see Section 10)
  • Right to Limit Use of Sensitive Personal Information (Sec. 1798.121) — We do not collect sensitive personal information as defined by the CCPA
  • Right to Non-Discrimination (Sec. 1798.125) — We will not discriminate against you for exercising any of your CCPA rights

To submit a request, contact privacy@nightingale-int.com with the subject “CCPA Request.” We will acknowledge receipt within 10 business days and respond within 45 days. If additional time is needed, we may extend the response period by an additional 45 days with notice to you. You may also designate an authorized agent to submit a request on your behalf; we may require verification of both the agent’s authority and your identity.

9. Children’s Privacy

Our website is not directed at children under 16 in the EU (pursuant to GDPR Art. 8) or under 13 in the United States (pursuant to the Children’s Online Privacy Protection Act, COPPA). We do not knowingly collect personal data from children below these age thresholds. If you believe that a child has provided us with personal data, please contact privacy@nightingale-int.com, and we will promptly investigate and delete such data.

10. Do Not Sell or Share My Personal Information

We do not sell your personal information and have not done so in the preceding 12 months. We do not share personal information for cross-context behavioral advertising as defined by the CCPA. Google Analytics is configured with advertising features and Google Signals disabled; no data is sold to or shared with Google for advertising purposes. To exercise your opt-out rights, you may: email privacy@nightingale-int.com with the subject “Do Not Sell or Share My Personal Information,” install the Google Analytics Opt-out Add-on, or enable Global Privacy Control (GPC) or Do Not Track (DNT) in your browser. We honor GPC signals as a valid opt-out request under the CCPA.

11. Changes to This Policy

We may update this policy to reflect changes in our practices, technologies, or applicable legal requirements. Material changes will be posted on this page with an updated effective date and version number. Where required by law or where changes materially affect your rights, we will notify affected individuals via email or a prominent notice on our website prior to the changes taking effect.

12. Contact Us

Privacy Team, Nightingale Int.
Email: privacy@nightingale-int.com
General inquiries: info@nightingale-int.com

If unsatisfied with our response:

Last updated: April 10, 2026