Check out our new tier pricing

GDPR Compliance

How we help you to comply with the EU and UK General Data Protection Regulation, including our EU-UK Data Processing Addendum.

Last updated: 11 June 2026

This page applies to customers and individuals in the European Economic Area (EEA) and United Kingdom. If you are located outside these regions, please see our Privacy Policy for information about how we handle your data.


Data Storage and Privacy

We store your Client data within the closest secure data centre we have available to your business location. Client data for EU/UK Nookal accounts is stored securely within our data centre in Ireland and is handled in accordance with our Privacy Policy.

Please see our Security & Compliance page and our Privacy Policy for further information on how your data is protected and handled.


EU-UK Data Processing Addendum (DPA)

Where you are established in the European Economic Area or the United Kingdom, or you process personal data subject to the EU GDPR or UK GDPR through Nookal, our EU-UK Data Processing Addendum applies to and forms part of your subscription agreement. Under the DPA:

  • Roles: your Clinic is the data controller of personal data entered into Nookal, and Nookal acts as a data processor on your documented instructions;
  • Confidentiality and security: we apply the technical and organisational measures described on our Security & Compliance page, and persons authorised to process personal data are bound by confidentiality obligations;
  • Sub-processors: we engage only the sub-processors published on our Sub-processors page, under written terms no less protective than the DPA, and we provide notice of changes;
  • International transfers: where personal data is transferred outside the EEA or UK, we rely on approved transfer mechanisms, including the EU Standard Contractual Clauses and the UK Addendum/International Data Transfer Agreement;
  • Assistance: we assist you with data subject rights requests, security, breach notification, and data protection impact assessments as required by Articles 32–36 GDPR;
  • Deletion and return: at the end of the services we delete or return personal data, at your choice, in accordance with the DPA and applicable law.

To request or execute the current version of the EU-UK DPA, please contact privacy@nookal.com.


Data Subject Rights

GDPR grants individuals rights to access, rectify, erase, restrict and port their personal data, and to object to processing. To help you meet these obligations, Nookal provides:

  • UI controls to support data export and deletion;
  • API endpoints for programmatic data retrieval and deletion;
  • audit trails and reporting to support compliance;
  • assistance with data subject access requests (SARs).

Privacy by Design

Nookal is designed with data protection principles in mind, including data minimisation, purpose limitation, storage limitation, and integrity and confidentiality.


Data Protection Impact Assessments (DPIA)

If you are planning to process high-risk personal data, you may need to conduct a DPIA under GDPR Article 35. Nookal can support your DPIA by providing information about our technical controls, data handling practices and safeguards. Contact privacy@nookal.com to request a DPIA support package.


Sub-processors

The current, up-to-date list of sub-processors engaged by Nookal — including each provider’s purpose and corporate location — is published at nookal.com/legal/subprocessors. This is the list referenced in clause 4(a) of our EU/UK Data Processing Addendum.

We use third-party sub-processors to support the delivery of our services. These providers assist us with cloud hosting and storage services; content delivery and review services; support; and incident tracking, response, diagnosis and resolution services.


Integrations

We offer optional third-party integrations. Each integration is subject to the terms and policies defined by the associated third party. We highly recommend you assess each third party for their compliance with your legal requirements.


Our Certifications

  • SOC 2 Type 2 Certified
  • HIPAA Verified
  • GDPR Compliant
  • Australian Privacy Act Compliant

Questions? Contact privacy@nookal.com for privacy and compliance enquiries, or support@nookal.com for product support.

Chat with Us!
🍪 Cookies

🍪 Cookie Consent

We use cookies to provide functionality, improve, analyse, market, and support relevant solutions for you. More info ›