General Information

For clarity, the following definitions are used throughout this policy to describe terms related to personal data and processing activities.

We collect data necessary to provide our services, improve our products, and meet contractual and legal obligations. Data collection is limited to what is relevant and proportionate for the stated purposes.

Data you provide directly to NexaTsoft typically includes operational and contact information required to deliver services and support.

• Contact information: name, business email address and company phone number
• Company and billing details: company name, business registration, billing address and invoicing information
• Project information: technical requirements, system specifications and documentation provided for development
• Account credentials and access preferences when you register for a client portal or management dashboard
• Communications: records of support requests, emails and meeting notes necessary for project delivery
• Optional feedback and surveys: satisfaction ratings and comments provided voluntarily

We also collect certain technical and usage data automatically when users interact with our websites and services to maintain operation and improve performance.

• Device and browser information: device type, operating system, browser version
• Network information: IP address, approximate location, and connection details
• Usage metrics: pages visited, session duration, feature usage and error logs
• Performance and diagnostic data needed to identify and resolve faults
• Cookies and similar identifiers used for session management and analytics
• Security logs such as authentication attempts and access records

In certain scenarios we receive data from third parties such as clients, integrated service providers, or partners. We limit such transfers to what is necessary for service provision.

• Client-provided directories and user lists for onboarding and access control
• Payment and billing details from payment processors required to complete transactions
• Analytics and telemetry data from third-party monitoring tools integrated with our services

We process personal data for a restricted set of purposes directly related to delivering our core services, legal compliance, and improving our operations.

• To deliver and maintain software, automation workflows and integrations requested by clients
• To manage client relationships, billing, and contractual obligations
• To provide technical support, incident handling and operational communications
• To perform security monitoring, vulnerability management and fraud detection
• To conduct analytics that inform product improvements and operational efficiency
• To comply with legal obligations, regulatory requests and lawful audits
• To enable safe deployment of updates, backups and disaster recovery processes
• To facilitate mergers, acquisitions or corporate reorganisations subject to appropriate safeguards

Where applicable law requires a legal basis for processing personal data, NexaTsoft relies on one or more of the following lawful grounds depending on the specific processing activity.

• Contractual necessity: processing necessary to perform services agreed with a client
• Legitimate interests: processing to ensure service security, fraud prevention and business operations, balanced against individuals' rights
• Consent: where explicit consent has been obtained for optional activities such as marketing communications or non-essential cookies
• Legal obligations: processing required to comply with statutory duties or court orders

We share personal data only with trusted parties that require access to deliver services or where required by law. All recipients are contractually bound to protect the data and to use it only for specified purposes.

• Service providers engaged to host infrastructure, run analytics or process payments on our behalf
• Subcontractors performing project tasks under NexaTsoft direction and confidentiality terms
• Professional advisors, auditors and legal counsel when necessary for compliance or dispute resolution
• Law enforcement, regulatory or government authorities when required by applicable law or court order
• Prospective buyers or partners in the event of a corporate transaction, subject to confidentiality protections
• Aggregated or anonymised data may be shared publicly for research or benchmarking without identifying individuals

NexaTsoft applies a defence-in-depth security approach to protect personal data. Measures include encryption in transit and at rest, role-based access controls, secure development lifecycle practices, vulnerability scanning, and regular security assessments. Access to personal data is limited to authorised personnel strictly on a need-to-know basis.

• Encryption for data at rest and in transit using industry-standard protocols
• Access controls, two-factor authentication for administrative interfaces and least-privilege policies
• Regular security testing, patch management and incident response planning

Subject to applicable law, individuals have rights to exercise control over their personal data. Requests will be handled in a timely manner and in accordance with legal requirements.

• Right to access: obtain confirmation of processing and a copy of personal data
• Right to rectification: request correction of inaccurate or incomplete data
• Right to erasure: request deletion when retention is no longer necessary and no legal basis to retain the data applies
• Right to restriction of processing: request limitation of processing under certain circumstances
• Right to data portability: receive personal data in a structured, commonly used and machine-readable format where applicable
• Right to object: object to processing based on legitimate interests or direct marketing, as permitted by law
• Right to withdraw consent: where processing is based on consent, withdraw it without affecting the lawfulness of prior processing
• Right to lodge a complaint with a supervisory authority if you believe your data rights have been infringed

• Right to access: You may request confirmation whether we process your personal data and obtain a copy of the personal data we hold about you.
• Right to rectification: If your personal data is inaccurate or incomplete, you can ask us to correct it.
• Right to erasure and restriction: Subject to legal limits, you may request deletion or restriction of processing of your personal data.
• Right to data portability and objection: Where applicable, you may request a portable copy of your data and object to certain processing activities, including direct marketing.

If you believe NexaTsoft has processed your personal data in a way that does not comply with applicable law, you may contact us to raise a concern. For individuals in the EEA or UK, you also have the right to lodge a complaint with your local supervisory authority.

Our services are intended for business users and professionals. NexaTsoft does not knowingly collect personal data from children under the age of 16. If you believe we have inadvertently collected information about a child, contact us and we will take steps to remove that information in accordance with applicable law.

Our website and communications may include links to third-party sites and services. NexaTsoft is not responsible for the privacy practices or content of those third parties. We recommend reviewing the privacy notices of any external sites you visit.

NexaTsoft may update this privacy policy to reflect changes in our practices, legal requirements or service offerings. Material changes will be made available on our website and where required by law we will provide additional notice. The effective date of the current policy is noted in this document.