• Home
  • Snapshot
  • Presentation
  • ESG Report
  • Blog
  • Order Report
  • More
    • Home
    • Snapshot
    • Presentation
    • ESG Report
    • Blog
    • Order Report
  • Home
  • Snapshot
  • Presentation
  • ESG Report
  • Blog
  • Order Report

General Data Protection Regulation (GDPR) Privacy Notice

Effective Date: 24th September 2024
Last Updated: 25th June 2025

This GDPR Privacy Notice explains how Northstar Research (“Company”, “we”, “us”, or “our”) collects, uses, discloses, and protects personal data when interacting with individuals in the European Economic Area (EEA), United Kingdom (UK), and Switzerland, and the rights you have under the General Data Protection Regulation (“GDPR”) and equivalent laws.


1. Data Controller and Contact Information

Data Controller:
Ghostpilot
444 N Michigan, Chicago  60611
kevin.williams@Northstar-research.com
If you have questions about this notice, or how your personal data is handled, contact us at the above details.


2. What Personal Data We Collect

We may collect the following categories of personal data:

  • Identity Data – First name, last name, title, date of birth, gender.
     
  • Contact Data – Address, email address, phone number.
     
  • Account Data – Login credentials, account history, preferences.
     
  • Transaction Data – Payment information, billing address, purchase history.
     
  • Technical Data – IP address, browser type, device information, operating system, cookies, and tracking technologies.
     
  • Usage Data – Information about how you use our website, products, and services.
     
  • Marketing & Communication Data – Preferences in receiving marketing from us and third parties.
     

We may also process special categories of personal data (e.g., health data, biometric data) only if you provide it voluntarily and with explicit consent.


3. How We Collect Your Personal Data

We collect personal data from:

  • Direct interactions – You provide it when you register, make a purchase, or contact us.
     
  • Automated technologies – We collect data automatically through cookies, server logs, and analytics tools.
     
  • Third-party sources – Public databases, business partners, payment processors, and marketing platforms.
     

4. Legal Bases for Processing

We process personal data only when we have a lawful basis under GDPR:

  • Consent – When you have given clear permission.
     
  • Contract – To perform a contract with you or take steps at your request.
     
  • Legal obligation – To comply with applicable laws.
     
  • Legitimate interests – For business purposes, provided these do not override your rights.
     
  • Vital interests – To protect someone’s life.
     
  • Public task – To carry out tasks in the public interest or under official authority.
     

5. How We Use Your Personal Data

We may use your personal data for:

  1. Providing and managing our products and services.
     
  2. Processing transactions and payments.
     
  3. Personalizing your experience.
     
  4. Sending marketing communications (where permitted).
     
  5. Conducting analytics and research.
     
  6. Detecting and preventing fraud or security incidents.
     
  7. Complying with legal obligations.
     

6. Sharing Your Personal Data

We may share your data with:

  • Service providers (e.g., IT, hosting, payment processors).
     
  • Professional advisers (e.g., lawyers, accountants).
     
  • Marketing and advertising partners.
     
  • Public authorities (where legally required).
     

We require all third parties to respect your personal data and comply with GDPR.


7. International Data Transfers

If we transfer personal data outside the EEA, UK, or Switzerland, we will ensure adequate protection is in place, such as:

  • European Commission adequacy decisions.
     
  • Standard Contractual Clauses (SCCs).
     
  • Binding Corporate Rules (BCRs).
     

8. Data Retention

We retain personal data only as long as necessary to fulfill the purposes we collected it for, including legal, accounting, and reporting requirements. Retention periods vary depending on the type of data.


9. Your GDPR Rights

Under GDPR, you have the following rights:

  1. Right of Access – Request a copy of your personal data.
     
  2. Right to Rectification – Correct inaccurate or incomplete data.
     
  3. Right to Erasure (“Right to be Forgotten”) – Request deletion of your data.
     
  4. Right to Restrict Processing – Limit how we process your data.
     
  5. Right to Data Portability – Receive your data in a structured, commonly used format.
     
  6. Right to Object – Object to processing based on legitimate interests or for marketing purposes.
     
  7. Rights relating to Automated Decision-Making – Not be subject to decisions based solely on automated processing, including profiling.
     

10. How to Exercise Your Rights

To exercise your GDPR rights:

  • Email: privacy@northstar-research.com
     

We may request proof of identity to verify your request. We will respond within one month, as required by GDPR.


11. Cookies and Tracking

We use cookies and similar technologies to improve site functionality and user experience. 


12. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.


13. Complaints

If you believe we have not complied with GDPR, you have the right to lodge a complaint with:

  • Your local supervisory authority in the EEA, or
     
  • The UK Information Commissioner’s Office (ICO) – www.ico.org.uk
     

14. Updates to This Notice

We may update this GDPR Privacy Notice from time to time. Changes will be posted on this page with the updated “Effective Date”.

  • Privacy Policy
  • Terms Of Service
  • Anti Slavery
  • CCPA
  • GDPR

Northstar Research LLC

444 N Michigan Avenue, Chicago, Illinois 60611

Copyright © 2025 Northstar - All Rights Reserved.

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept