Nisium

NIS2 Compliance Platform

Sign InGet Started

GDPR Information

Your data protection rights under the GDPR when using Nisium, and how to contact us or the Bulgarian supervisory authority.

Last updated: June 2, 2026 · Version 1.0

This page summarizes how Expert Allies LTD applies the General Data Protection Regulation (GDPR) when you are in the European Economic Area (EEA) or UK and use Nisium at nisium.com. Full details are in our Privacy Policy.

1. Controller and contact

Expert Allies LTD 96 Tsarigradsko Shose blvd., floor 7, Sofia 1784, Bulgaria

Data protection inquiries: privacy@expertallies.com

If you use Nisium through your employer, your organization may be the controller of much of the data in the platform (incidents, evidence, vendor data). Contact your organization first for access to that data; we will support them as processor where applicable.

2. Your rights

Subject to conditions in the GDPR, you may have the right to:

  1. Access — Obtain confirmation whether we process your data and receive a copy
  2. Rectification — Correct inaccurate personal data
  3. Erasure — Request deletion in certain circumstances ("right to be forgotten")
  4. Restriction — Limit processing in certain cases
  5. Data portability — Receive data you provided in a structured, machine-readable format where processing is based on contract or consent and carried out by automated means
  6. Object — Object to processing based on legitimate interests, including profiling; object to direct marketing at any time
  7. Withdraw consent — Where processing is based on consent, without affecting lawfulness before withdrawal

To exercise rights, email privacy@expertallies.com. We may need to verify your identity. We respond within one month, extendable by two further months where complex.

3. Automated decision-making

Nisium is primarily a workflow and documentation platform. We do not rely on solely automated decisions with legal or similarly significant effects on individuals unless explicitly described in a product feature; scoring of vendor questionnaires is based on configured rules visible to customers.

4. Complaints

You may lodge a complaint with a supervisory authority. For Bulgaria:

Commission for Personal Data Protection (CPDP) https://www.cpdp.bg

You may also complain to the authority in your country of residence or workplace.

5. Data transfers

See the Privacy Policy — production hosting is in the EU (AWS eu-central-1). Transfers to subprocessors outside the EEA use appropriate safeguards where required.

6. Related documents

This document is effective as of June 2, 2026. Material changes will be posted on this page.