Nexus Privacy Notice
We keep your personal data safe
We appreciate you showing an interest in our products & services, and we want you to feel safe when interacting with us. Nexus may collect personal data from you directly, through your interaction with us, or from a third party. Therefore, we have collected information on how we process your personal data, and what rights you have in connection to that processing, in this Privacy Notice.
This Privacy Notice is directed to you when you:
- Interact with our website
- Contact us via telephone or our website
- Sign up for our newsletters or download our guides and whitepapers
- Sign up for and attend an event or webinar hosted by us
- Purchase products & services from us
- Deliver products & services to us
- Visit our premises
If you apply for a job with us, please see our separate Privacy Notice on recruitment.
1. Responsibility for your personal data
Technology Nexus Secured Business Solutions AB ("Nexus", “we”, “us” or “our”), as registered with the Swedish Companies Registration Office under company number 556258-0414, and with registered office at Telefonvägen 26, 126 26 Hägersten, Sweden, is the Data Controller for the processing of your personal data in accordance with the EU Regulation 2016/679 (“GDPR”). The Data Controller is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data. If you have questions about this Privacy Notice or the processing of your personal data, please contact our Data Protection Officer at dpo@nexusgroup.com.
In some cases, we process personal data on behalf of other Data Controllers (e.g. our customers). In these cases, we act as a Data Processor. If you have any questions about how we process your personal data as a Data Processor, please reach out to the Data Controller.
2. How we use your personal data
In this section we will describe the purposes for which we use your personal data, what categories of personal data we use for each purpose, what legal basis we have for doing so and the retention time for which we keep your personal data for each purpose.
The categories of personal data which we process for our purposes are:
- Contact and identification information
Your name, invoice and delivery address, phone number, email address, company name, your expressed interest in Nexus’ offers, and other points of information connected to yourself and/or the business you represent. In some cases, we might process recorded imagery in case you have visited our office premises. - Information about your contacts with Nexus personnel (incl. customer service)
Based on your interaction with us, we might have collected personal data through recorded phone calls and email correspondence. - Information regarding events & webinars
The events and webinars you have signed up for and attended as well as eventual recordings of your name, picture, voice or chat message from a hosted event or webinar. - Information about purchases of our products & services
Information regarding the products & services which you, or the company you represent, have purchased from us, including order numbers and delivery address. - Payment and invoice information
Bank account number, name of you bank, name and organization number of the company you represent, invoice and delivery address, VAT-number, etc. - Device information
Navigational data, such as your IP-address, web browser, names of Nexus pages visited, time zone, operating system, platform, screen resolution and similar information about your device settings. - Website interaction information
For information on the information, we collect about your interactions with our website, please see our Cookie Notice.
3. Sharing personal data with third parties
In certain cases, to the extent necessary, we share your personal data with third parties, for example to suppliers that provide services we cannot deliver on our own. Such suppliers can be for example solutions for administration, storage and hosting services, marketing systems or CRM-services. In addition to that, in some cases, we might be obligated by law to share your personal data with relevant authorities such as the police authority, the tax authority or the data protection authority.
Compliance with data protection laws and regulations, including the GDPR is an inherent part of our business and therefore, we have implemented contractual, legal, technical, and organizational measures to ensure that any data protection related requirements are applied by us as well as by our external suppliers and other service providers. When we transfer personal data to third parties, we ensure that the receiver processes the data in accordance with this Privacy Notice, for example through a Data Processing Agreement.
If you have further questions regarding the disclosure of your personal data with third parties by Nexus, please contact us by sending an email to dpo@nexusgroup.com.
4.Transferring personal data to third countries
We process your personal data within the EU/EEA. However, in exceptional cases, and when necessary, we may transfer and process your personal data in countries outside of EU/EEA (third countries). When we, or one of our suppliers, process your personal data in a third country, we ensure that an adequate level of protection is assured before transferring your personal data. Primarily, we rely on the decision of the European Commission that the third country to which your personal data is transferred upholds an adequate level of protection. Secondarily, if the European Commission has not deemed the level of protection in a third country adequate, we enter into the European Commission’s Standard Contractual Clauses (SCC) with the recipient in the third country. When relying on the SCC:s, we also assess whether the legislation in the recipient country affects the protection of your personal data granted by the SCC:s. If necessary, we will adopt supplementary measures to ensure the protection of your data when transferred to the third country.
If you have further questions regarding the transfer of your personal data outside the EU/EEA, please contact us by sending an email to dpo@nexusgroup.com.
5. Marketing
How we use data to provide you with relevant content
We are using navigational data in combination with personal data to provide you with relevant content on our website and in our marketing emails which we think may be of interest to you. We want you to always receive relevant and valuable content from Nexus, which is why we carry out this so-called "profiling", which allows us to select the right pieces of content for you.
Transparency is our highest priority - therefore we openly communicate our segmentation logic, which services as the basis for our email marketing.
We segment our database in three steps:
- Language
- Industry
- Stage of the customer’s journey
This means that in our marketing emails, you will receive content that's matched to your language and industry and that ideally answers the challenge you have in the buying phase you're currently at.
We use a third-party provider, Pardot, the Marketing Automation platform provided by Salesforce.com, Inc, to deliver marketing e-communications. Individuals can opt-in to the Nexus newsletter. We will also send out ad-hoc bulletins with product or company information that we think may be of relevance to our subscribers. Individuals who are not customers or partners may opt-in to our newsletter via the website via online data collection forms related to our services as detailed below.
Our customers and partners are added to our e-marketing communications automatically as part of their contractual terms so we can inform them about relevant knowledge-sharing activities and supplementary services to help them get the most of their relationship with us.
We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e-newsletter. For more information, please see Pardot’s privacy notice here.
You may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located at the bottom of the Company’s marketing emails.
If you have any questions concerning our processing of personal data for marketing purposes, please contact our Data Protection Officer at dpo@nexusgroup.com.
6. Your rights in relation to your personal data
According to the GDPR, you have several rights when your personal data is being processed, and we are responsible for handling these rights. In this section, you can read about what your rights are and when they apply.
If you would like to know more or exercise any of your rights, please contact our Data Protection Officer at dpo@nexusgroup.com. We will respond to your request within a reasonable timeframe and notify you of the action we have taken. Please note that we may request further personal data when we receive such a request, to ensure that we have the necessary data to securely identify you.
Right to information
You have the right to be informed of how we process your personal data. We are informing through this Privacy Notice, through additional information on our website and by answering questions from you.
Right to access
You have the right to contact us and receive information on if we process personal data about you. If we do, you have the right to get a copy of the personal data that we process about you together with information on the purpose(s) of the processing and the retention time for which we keep the personal data.
Right to data portability
You have the right to get a copy of your personal data in a machine-readable format when we process your personal data based on your consent or to fulfill an agreement with you. Upon you request, we will also assist you with the transmitting your personal data to another Data Controller.
Right to rectification
You have the right to get inaccurate personal data about you rectified, updated or completed if personal data which is relevant taking into account for the purposes of the processing is missing.
Right to erasure
You have the right to get your personal data erasure under certain circumstances. This right is applicable for example when your personal data is no longer necessary to process for the purposes for which it was collected, if you withdraw the consent on which the processing is based or if your personal data is processed for the purpose of direct marketing and you oppose the processing. The right to erasure is not an absolute right and, in some situations, Nexus has an obligation to save personal data even if you request for it to be deleted.
Right to restriction of processing
You have the right to restriction of processing if you believe that the personal data is not correct, or our processing is not according to applicable law or that we are not in need of the data for a specific purpose. You may also request a restriction of the processing during the time you are waiting for our verification if our interest in processing your data outweighs your right not to have this data processed.
Right to object
You have the right to object to processing based on legitimate interest in accordance with article 6.1 f) GDPR, based on your personal circumstances. Also, you always have the right to object to the use of your data for marketing purposes.
Right to withdraw your consent
You have the right to withdraw your consent. In those cases, you may always, and at any time, withdraw your consent. You can withdraw your consent by sending an email to dpo@nexusgroup.com.
Right to complain
We hope that questions regarding our processing of your personal data can be resolved effectively through communication between us. However, please be informed that you always have the right to file an objection with the competent supervisory authority in your jurisdiction, regarding our processing of your personal data.
Opting out and unsubscribing
You may unsubscribe from our marketing communications by clicking on the "unsubscribe" button on the bottom of our emails, by sending us an email at dpo@nexusgroup.com, or by sending us postal mail to our Data Protection Officer (contact details see below). However, customers cannot opt-out of receiving transactional emails related to their account with us.
7. How we secure your personal data
We have taken adequate technical and organizational measures of security to protect your data against willful or haphazard manipulation, loss or destruction and to guard it against any non-authorized persons. All our employees and all those who are involved with data processing are bound by the GDPR, by other relevant laws, and by an undertaking to handle personal data confidentially. Our employees also receive regular training from our Data Protection Officer in this respect.
When personal data is collected on our website, the transfer is always encrypted (SSL) in order to prevent misuse of data by third parties. Our security measures are improved on an ongoing basis in accordance with the development of technical standards.
If you have any questions about the security of your personal data, you can contact us at dpo@nexusgroup.com.
8. Changes to this privacy notice
We reserve the right to change our security and data protection practices as may be required by legal and technical developments. In case we do so, we will also adapt this Privacy Notice accordingly to ensure that you receive accurate information on how we process your personal data. Please always take note of the most current version of our Privacy Notice. In case of any significant changes or updates, we will notify you, either by sending an email or by a notification on our website.
9. How to contact us
If you would like to get in contact with the Data Controller, please contact us at contact@nexusgroup.com or by sending a letter to the following addresses:
Nexus Group
Telefonvägen 26,
126 26 Hägersten,
Sweden
This Privacy Notice was adopted: May 24, 2018
This Privacy Notice was last updated: November 4, 2022