fbpx

Data Protection Policy

Introduction

Nexus Data Systems Ltd (“we”, “us”, “our”) is committed to ensuring that your privacy is protected. This Data Protection Policy explains how we collect, store, and process personal data in compliance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. As a company providing web design, digital marketing, domain registration, and hosting services, we are dedicated to safeguarding the personal information of our clients, partners, and employees.

 

1. Scope

This policy applies to:

  • All employees, contractors, and affiliates of Nexus Data Systems Ltd.
  • All data subjects whose personal information is collected, stored, and processed by us.

 

2. Data We Collect

We may collect the following categories of personal data:

  • Client Information: Name, contact details, company name, billing information, and service details.
  • Domain Registration Data: WHOIS information, domain ownership details, and related records.
  • Website Analytics Data: IP addresses, cookies, and browsing behaviour for our web hosting clients.
  • Marketing Data: Emails, phone numbers, and preferences for marketing communications.
  • Employee Data: Employment history, personal contact details, and financial information for payroll purposes.

 

3. Purpose of Data Collection

We collect personal data for the following purposes:

  • To provide and manage our web design, marketing, domain registration, and hosting services.
  • To ensure the proper functioning and security of our website and systems.
  • To comply with legal obligations, such as domain registration requirements and financial reporting.
  • To communicate with clients and respond to inquiries.
  • To send marketing communications, only where consent has been obtained.

 

4. Lawful Basis for Processing

Our processing of personal data is based on one or more of the following lawful grounds:

  • Consent: When you have given us explicit consent to process your data.
  • Contract: When the processing is necessary for the performance of a contract with you.
  • Legal Obligation: To comply with our legal obligations, such as tax and regulatory requirements.
  • Legitimate Interests: When processing is necessary for our legitimate business interests, provided it does not override your rights and freedoms.

 

5. Data Retention

We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected. Once data is no longer required, we will securely delete or anonymise it. Specific retention periods include:

  • Client data: Retained for the duration of the business relationship and up to 7 years for tax and legal compliance.
  • Employee data: Retained for the duration of employment and up to 7 years after termination.
  • Marketing data: Retained until consent is withdrawn.

 

6. Data Security

We are committed to ensuring the security of your personal data. We implement appropriate technical and organisational measures to protect against unauthorised access, accidental loss, destruction, or damage. This includes:

  • Secure servers, firewalls, and encryption.
  • Regular security audits and vulnerability assessments.
  • Access control policies that restrict data access to authorised personnel only.

 

7. Data Subject Rights

Under GDPR, individuals have the following rights regarding their personal data:

  • Right to Access: You can request access to your personal data and obtain information about how we process it.
  • Right to Rectification: You have the right to have inaccurate or incomplete data corrected.
  • Right to Erasure: You can request the deletion of your personal data under certain circumstances.
  • Right to Restrict Processing: You may request the restriction of processing in certain cases.
  • Right to Data Portability: You can request a copy of your personal data in a structured, commonly used format.
  • Right to Object: You may object to the processing of your personal data for marketing or other purposes.
  • Right to Withdraw Consent: Where consent is the lawful basis for processing, you can withdraw your consent at any time.

 

8. Sharing and Disclosure of Data

We do not share personal data with third parties, except where necessary for the operation of our services or where required by law. We may share data with:

  • Third-party service providers who assist us in delivering our services, such as payment processors or domain registrars.
  • Regulatory bodies or law enforcement agencies when required to do so by law.
  • In cases of mergers, acquisitions, or business transfers, personal data may be shared as part of the transaction.

 

9. International Data Transfers

Where we transfer personal data outside of the European Economic Area (EEA), we ensure appropriate safeguards are in place to protect your data, in compliance with GDPR requirements.

 

10. Data Breaches

In the event of a data breach, we have procedures in place to assess the nature and extent of the breach and to notify the Information Commissioner’s Office (ICO) and affected individuals as required by law.

 

11. Policy Updates

We reserve the right to update this Data Protection Policy as necessary to reflect changes in legal requirements or our business practices. We encourage you to review this policy periodically to stay informed about how we protect your data.

 

12. Contact Us

If you have any questions or concerns regarding this Data Protection Policy, or if you wish to exercise your rights under GDPR, please contact us:

 

Nexus Data Systems Ltd
Nexus House, Glasgow, G52 4NQ
Email: info@nxds.com
Telephone: 0141 370 3242