A summary of GDPR and how we process data at neXus
1) Lawful, fair and transparent processing
Personal data is processed in a lawful, fair and transparent manner, summary of this is below
- Lawful means all processing will be based on a legitimate purpose.
- Fair means neXus take responsibility and do not process data for any purpose other than the legitimate purposes.
- Transparent means that neXus will inform data subjects about the processing activities on their personal data.
2) Limitation of purpose, data and storage
We limit the processing of data, collect only that data which is necessary, and do not keep personal data once the processing purpose is completed. This effectively ensures the following requirements:
- No processing of personal data outside the legitimate purpose for which the personal data was collected
- No personal data, other than what is necessary, will be requested
- Personal data should be deleted once the legitimate purpose for which it was collected is fulfilled
3) Data subject rights
Data subjects have the right to ask neXus what information we has about them, and what we do with this information. In addition, a data subject has the right to ask for correction, object to processing, lodge a complaint, or even ask for the deletion or transfer of his or her personal data.
If we find the necessity to process personal data beyond the legitimate purpose for which that data was collected, we will ask the data subject to provide clear and explicit consent. Once collected, this consent must be documented, and the data subject is allowed to withdraw their consent at any moment.
5) Personal data breaches
We maintain a Personal Data Breach Register based on severity and should a data breach occur, the regulator and data subject will be informed within 72 hours of identifying the breach.
6) Privacy by Design
neXus incorporate organisational and technical mechanisms to protect personal data in the design of new systems and processes; that is, privacy and protection aspects are ensured by default.
7) Data Protection Impact Assessment
To estimate the impact of changes or new actions, a Data Protection Impact Assessment will be conducted when initiating a new project, change, or product. The Data Protection Impact Assessment is a procedure that will be carried out when a significant change is introduced in the processing of personal data. This change could be a new process, or a change to an existing process that alters the way personal data is being processed.
8) Data transfers
We (neXus) have the accountability to ensure that personal data is protected and GDPR requirements respected, even if processing is being done by a third party. We have the obligation to ensure the protection and privacy of personal data when that data is being transferred outside the company, to a third party and / or other entity within the same company.
9) Data Protection Officer
There is not a significant amount of personal data being processed and we have not assigned a Data Protection Officer for that reason. The company directors have the responsibility of compliance with EU GDPR requirements.
10) Awareness and training
We create awareness among employees about key GDPR requirements, and conduct regular training to ensure that employees remain aware of their responsibilities with regard to the protection of personal data and identification of personal data breaches as soon as possible.
neXus Terms of Service
neXus Privacy & Security Policy