Legal

Privacy Policy

Last updated: April 2026

NexusCore processes data as a result of the services we provide to our customers and the end users of those customers. The value NexusCore places on its relationships with customers, partners, and users requires careful and secure processing of personal data. Through this Privacy Policy, NexusCore ("NexusCore", "we", "our", "us") informs you about the way in which we process personal data of (potential) customers, business partners, end users, and website visitors. We value your privacy. If you have any questions about how we use your personal data, you can reach us at the contact details provided at the bottom of this Privacy Policy.

Who is NexusCore?

NexusCore is a software solutions provider that offers businesses secure, reliable platforms and integrations to connect their systems, simplify operations, and build a trusted digital foundation. Our services support a wide range of organisations - from growing businesses to established enterprises - by providing the software infrastructure they need to operate efficiently in a digital-first world.

You may come into contact with NexusCore if you use our platform as a business customer, if you are an end user of a system powered by NexusCore, or if you simply visit our website.

More information about NexusCore can be found on our About page.

NexusCore's responsibilities

For all activities and purposes mentioned in this Privacy Policy, NexusCore acts as the controller as referred to in the EU General Data Protection Regulation 2016/679 ("GDPR"). NexusCore acts in this position because as a software solutions provider, NexusCore:

  • Determines which personal data are necessary to access and use the NexusCore platform and its related services;
  • Determines which personal data must be processed for the correct delivery and operation of our software solutions;
  • Determines for which other purposes personal data may be processed, provided those purposes are consistent with the purpose for which the personal data were originally obtained;
  • Has to comply with applicable legal obligations, including data protection legislation; and
  • Has drawn up its own terms and conditions that are directly applicable to customers and end users.

Where NexusCore processes personal data exclusively on behalf of a customer and under that customer's instructions - for example when operating a dedicated module or integration - NexusCore may act as a processor. In such cases, the customer is the controller and NexusCore will conclude a data processing agreement with that customer.

What personal data does NexusCore process?

NexusCore processes your personal data because you use our services and/or because you provide personal data to us directly. An overview of the personal data processed by NexusCore, depending on the service you use and your capacity, is provided below.

Customer

Please note that we primarily process data about your business. Business information is not considered personal data in all cases. However, if you operate as a sole trader, some of your business information may qualify as personal data. If you use NexusCore's services as a customer, the following (personal) data are processed:

  • Your first and last name;
  • Your business telephone number;
  • Your business email address;
  • Your company details (such as legal form, registered address, chamber of commerce number, and VAT number);
  • Account login credentials;
  • Platform usage and activity data;
  • Your IP address;
  • Your internet browser and device type;
  • Technical information about mobile or desktop devices used to access the NexusCore platform;
  • Other personal data that you actively provide, for example when creating an account, in written correspondence, or via telephone.

End User

If you are an end user of a system or application powered by NexusCore on behalf of one of our customers, the following personal data may be processed:

  • Your IP address;
  • Your internet browser and device type;
  • In some cases, your first and last name;
  • In some cases, your email address and/or telephone number;
  • In some cases, information about the actions or transactions you perform within the platform;
  • Other personal data that you actively provide, for example in written correspondence or when contacting support.

The specific data processed will depend on the product or integration deployed by the customer, the configuration of the platform, and whether you contact our support team.

Business Partner

If you are a business partner of NexusCore, the following personal data are processed:

  • Your first and last name;
  • Your telephone number;
  • Your business email address;
  • In some cases, depending on the nature of the relationship, your ID document details;
  • Other personal data that you actively provide, for example in email or telephone correspondence.

Website Visitor

If you visit NexusCore's website(s), the following personal data may be processed (depending on your cookie preferences):

  • Your approximate location data;
  • Details about your activity on our website;
  • Your IP address;
  • Your internet browser and device type.

Support Requester

Should you contact our support team via email, phone, or chat, personal data from any of the categories above may be processed depending on your inquiry and the capacity in which you are contacting NexusCore.

Does NexusCore process sensitive personal data?

NexusCore's website, services, and products are not designed for activities that require the processing of special categories of personal data (such as data relating to health, religion, political views, or biometric identifiers). We therefore ask that you do not provide us with such information.

NexusCore does not intend to collect personal data from individuals who are minors. As we cannot always verify the age of a website visitor, we advise parents and guardians to be actively involved in their children's online activities to prevent the unintentional processing of minors' data by NexusCore.

Why does NexusCore collect and use your personal data?

Customers

If you (apply to) use NexusCore's services as a customer, your personal data are processed for the following purposes:

  • To assess your application and onboard you as a customer;
  • To create and maintain your account;
  • To draft and execute the service agreement;
  • To deliver, operate, and maintain the software solutions and integrations you use;
  • To send information about your services and notify you of updates or changes;
  • To contact you regarding your experience with our platform and to inform you of other relevant NexusCore products or services;
  • To perform analyses for statistical, scientific, and product improvement purposes;
  • To train and assess NexusCore employees;
  • To develop, train, use, and enhance our automated systems, including artificial intelligence models used to improve platform functionality;
  • To record evidence where necessary;
  • To provide support (for example via email, phone, or chat);
  • To manage and strengthen our relationships with customers;
  • To ensure the security and integrity of our platform, for example by identifying, investigating, and preventing unauthorised access, misuse, or other harmful conduct;
  • To comply with applicable legal obligations.

Business Partners

If you are a business partner of NexusCore, your personal data are processed for the following purposes:

  • To draft and perform the partnership agreement;
  • To contact you regarding your experience with our services and to inform you of other relevant NexusCore products;
  • To perform analyses for analytical and statistical purposes;
  • To train and assess NexusCore employees;
  • To record evidence where necessary;
  • To provide support (for example via email and phone);
  • To ensure the security and integrity of our systems and business operations;
  • To comply with applicable legal obligations.

End Users

If you are an end user of a NexusCore-powered system, your personal data are processed for the following purposes:

  • To enable and operate the platform functionality you are accessing;
  • To perform analyses for statistical and product improvement purposes;
  • To train and assess NexusCore employees;
  • To record evidence where necessary;
  • To provide support (for example via email and phone);
  • To ensure the security and integrity of the platform;
  • To comply with applicable legal obligations.

Website Visitors

If you visit NexusCore's websites, your personal data may be processed for the following purposes (depending on how you use our website):

  • To create a personal dashboard environment on our platform;
  • To provide access to your personal environment;
  • To enable you to download resources, guides, and documentation;
  • To analyse your behaviour on our website in order to improve the website and tailor the range of products and services to your needs;
  • To perform analyses for statistical and scientific purposes.

NexusCore processes personal data for the purposes listed above based on your consent, for the performance of a contract, based on legal obligations, in the public interest, and to pursue legitimate business interests. If NexusCore intends to process your personal data for other purposes not described above, we will only do so after obtaining your consent or where we have a legitimate interest, as legally required.

You may withdraw your consent at any time without providing a reason, or object to the processing of your personal data where we rely on legitimate interest. Withdrawing your consent does not affect the lawfulness of any processing carried out prior to your withdrawal. You can withdraw your consent via the unsubscribe link in our emails (where applicable) or by sending a request to privacy@nexuscore.systems. If you withdraw consent for marketing purposes, we may still contact you regarding platform functionality, security updates, or responses to support requests.

How long does NexusCore keep your personal data?

NexusCore will not retain your personal data longer than the applicable statutory retention period or, where no mandatory statutory period applies, no longer than is strictly necessary to fulfil the purposes for which the personal data were collected.

Depending on the nature of the relationship and the applicable legal requirements, certain personal data - such as data related to the assessment of a customer application, the preparation and execution of a service agreement, and the operation of our platform - may be subject to legal retention obligations. We will inform you where relevant.

How does NexusCore secure your personal data?

The protection of your personal data is a core priority for NexusCore - security is not an add-on, it is a foundation. NexusCore has implemented a range of technical and organisational security measures to protect your personal data and to comply with applicable laws and regulations.

Our technical measures include network segmentation, firewalls, anti-DDoS systems, file integrity monitoring, strong authentication, encrypted transfer and storage of data, continuous monitoring and alerting, and industry best practices for encryption and system configuration. Our platform is available across cloud, hybrid, and on-premises environments, each with appropriate security controls.

Organisational measures include role separation, least-privilege access principles, personnel screening, strict procedures for managing changes, incidents, vulnerabilities, and suppliers, and continuous training of our staff. The effectiveness of our security measures is tested periodically.

To report a potential security issue with NexusCore's systems, please contact us at security@nexuscore.systems.

Does NexusCore share your personal data with third parties?

NexusCore collaborates with various processors and (joint) controllers for the purposes described in this Privacy Policy.

Processors

NexusCore shares your personal data with third parties where necessary to provide our products and services. When third parties process your personal data on our behalf and under our strict instructions, those third parties act as processors. NexusCore concludes a data processing agreement with all processors to ensure that your personal data are always processed carefully, protected to at least the same standard we maintain, and kept confidential. NexusCore remains fully responsible for these processing activities and takes all reasonable administrative, technical, and physical measures to protect your personal data against unauthorised access, unintentional loss, or alteration.

(Joint) Controllers

NexusCore may also receive data from third parties or share your personal data with third parties that are themselves controllers. In those cases, NexusCore concludes appropriate agreements to guarantee thorough protection of your personal data, including joint controller agreements where both parties determine the purposes and means of processing.

We work with a range of third-party service providers to support our operations. This includes cloud infrastructure providers, software vendors delivering SaaS solutions for support, marketing, customer relationship management, and communication. We also work with consulting and technical partners who assist us in delivering and improving our services, and with identity verification partners to support onboarding and access control processes. We use security and monitoring tools to detect and respond to threats.

Applicable laws and regulations may also require us to share your personal data with government institutions or regulatory authorities.

If your personal data is to be shared with third parties for purposes other than those described in this Privacy Policy, NexusCore will only do so where legally permitted or after obtaining your consent.

Cross-border data transfers

When providing our services, your personal data may in some cases be processed by third parties outside the European Economic Area ("EEA"). If personal data are processed outside the EEA in a third country (a country without an adequate level of protection as determined by the European Commission), NexusCore ensures that: (i) the correct contractual arrangements are in place (such as a processor agreement, joint controller agreement, or controller-to-controller provisions), and (ii) an appropriate transfer mechanism is used, such as EU Standard Contractual Clauses. In this way, NexusCore ensures that your personal data is secured to at least the same standard and that its confidentiality is maintained.

Does NexusCore use cookies?

NexusCore uses functional cookies, cookies that improve your experience on our website(s), and cookies that help us understand how our platform and services are used. A cookie is a small text file stored in the browser of your device - such as a computer, tablet, or smartphone - when you first visit our website.

NexusCore uses cookies with purely technical functionality to ensure that our website works correctly and remembers your preferred settings. We also use cookies that track browsing behaviour so that NexusCore can offer you relevant content and an improved experience. Some cookies on NexusCore's website are placed by third parties, such as analytics or functionality providers.

More information about NexusCore's use of cookies can be found in our Cookie Statement.

Automated decision-making and profiling

In some cases - for example to detect and prevent unauthorised access, security incidents, or misuse of the platform - NexusCore may use automated decision-making, including profiling, during the initiation or execution of a service, where it is necessary to perform the contract or where permitted by applicable law.

If any automated decision results in legal effects or significantly affects you, you have the right to:

  • Request a human review of the decision;
  • Express your point of view; and
  • Contest decisions based solely on automated processing, including profiling.

What rights do you have?

You have the right to access, correct, erase, restrict, transfer, or object to the personal data that NexusCore processes, unless NexusCore cannot fulfil these rights due to a legal obligation or where an exception applies. For example, NexusCore may be required by law to retain certain personal data for a defined period, which means we cannot always delete all personal data upon request.

You can submit a request to exercise your privacy rights by emailing privacy@nexuscore.systems. To protect your privacy, NexusCore may need to verify your identity before processing your request. If we are unable to verify your identity directly, we may ask you to provide additional information. NexusCore will respond to your request as promptly as possible and in any case within one month of receipt, unless the complexity or volume of requests justifies extending this period by up to two additional months.

How can you contact NexusCore?

If you have any questions regarding our use of your personal data, please contact us at privacy@nexuscore.systems.

If you believe that NexusCore has processed your personal data unlawfully, or if you are not satisfied with our response to your question or request, you have the right to file a complaint with the relevant Data Protection Authority. For contact details of EU Data Protection Authorities, please visit the European Data Protection Board website.

NexusCore - Privacy & Security Team

Email: privacy@nexuscore.systems

Data Protection Officer

NexusCore has appointed a Data Protection Officer ("DPO"). Among other responsibilities, the DPO supervises the processing of personal data by NexusCore, maintains an overview of data processing activities, and advises and trains our employees on the responsible use of personal data.

If you believe that your personal data is not being handled properly, that it has been misused, or that NexusCore is not adequately complying with its data protection obligations, please contact our DPO directly at privacy@nexuscore.systems.