Privacy Policy

Data Controller Information

nexitem S.L. is the data controller responsible for your personal data. We are committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Collection

We collect various types of information to provide and improve our e-commerce platform services. The data we collect includes personal information you provide directly to us and information automatically collected through your use of our website and services.

Information You Provide

• Contact information (name, email address, phone number, postal address)
• Business information (company name, industry, business requirements)
• Account credentials when you create an account
• Communication preferences and marketing consent
• Payment information for our services (processed securely by third-party payment processors)
• Any other information you choose to provide through our contact forms or communications

Automatically Collected Information

• Website usage data (pages visited, time spent, navigation patterns)
• Technical information (IP address, browser type, device information, operating system)
• Cookies and similar tracking technologies (see our Cookie Policy for details)
• Referral sources and search terms used to find our website

How We Use Your Information

We use the data we collect for various legitimate business purposes. How we use your information depends on the services you use and your relationship with nexitem. We use of your data is based on the following legal grounds under GDPR:

Service Provision (Contract Performance)

• Providing our e-commerce platform development and support services
• Processing payments and managing billing
• Communicating about your projects and service requests
• Delivering technical support and customer service

Legitimate Business Interests

• Improving our website and services through analytics
• Preventing fraud and ensuring security
• Understanding customer needs and market trends
• Developing new features and services

Consent

• Sending marketing communications (where you have opted in)
• Using certain cookies and tracking technologies
• Processing special categories of data (if applicable)

Legal Compliance

• Complying with legal obligations and regulations
• Responding to legal requests and preventing illegal activities
• Maintaining records for tax and accounting purposes

Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information in the following circumstances:

• Service Providers: Trusted third-party providers who assist in delivering our services (hosting, payment processing, analytics)
• Business Transfers: In connection with mergers, acquisitions, or sale of business assets
• Legal Requirements: When required by law, court order, or to protect our legal rights
• Consent: With your explicit consent for specific purposes

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Our data retention periods are based on:

• Active Customers: Personal data is retained for the duration of our business relationship
• Former Customers: Data may be retained for up to 7 years for legal and accounting purposes
• Marketing Data: Retained until you withdraw consent or for 3 years of inactivity
• Website Analytics: Typically retained for 26 months
• Legal Obligations: As required by applicable laws and regulations

When personal data is no longer needed, we securely delete or anonymise it in accordance with our data retention and deletion policies.

Your Rights

Under the General Data Protection Regulation (GDPR) and other applicable data protection laws, you have several rights regarding your personal data. These rights include:

• Right of Access: Request a copy of the personal data we hold about you
• Right of Rectification: Request correction of inaccurate or incomplete data
• Right of Erasure: Request deletion of your personal data in certain circumstances
• Right to Restrict Processing: Request limitation of how we process your data
• Right to Data Portability: Request transfer of your data to another service provider
• Right to Object: Object to processing based on legitimate interests or for marketing purposes
• Right to Withdraw Consent: Withdraw consent where processing is based on consent

To exercise any of these rights, please contact us using the contact information provided below. We will respond to your request within one month, or inform you if we need additional time.

You also have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.

International Data Transfers

As nexitem operates within the European Union, your personal data is primarily processed within the EU/EEA. However, some of our service providers may be located outside the EU/EEA. When we transfer personal data outside the EU/EEA, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Binding Corporate Rules or certification schemes
• Your explicit consent for specific transfers

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication measures
• Employee training on data protection and security
• Secure data centres and hosting environments
• Regular backups and disaster recovery procedures

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to protecting your data using industry-standard practices.

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyse website usage, and provide personalised content. For detailed information about our use of cookies, including types of cookies, purposes, and how to manage your preferences, please refer to our Cookie Policy.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make significant changes, we will notify you by:

• Posting the updated policy on our website with a new "last updated" date
• Sending an email notification to registered users
• Displaying a prominent notice on our website

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Contact Information

If you have any questions about this Privacy Policy, need to exercise your data protection rights, or want to contact us about your personal data, please don't hesitate to contact information:

We will respond to all requests and enquiries within 30 days. For urgent privacy matters, please indicate this clearly in your communication.