NEXUS respects your privacy and takes into account major privacy principles and frameworks around the world, including EU General Data Protection Regulation 2016/679 (GDPR). The enhanced data protection rights in this Policy are a reasonable and proportionate way of achieving compliance as required by the EU General Data Protection Regulation and other privacy principles and frameworks.
This Privacy Statement provides information about our privacy practices including details of the personal data we collect, use, disclose and transfer as well as choices you can make and the rights you can exercise in relation to your personal data.
2. Information we collect.
NEXUS collects information about the data subject to provide our services or products. To enable us to deliver our services or products in the best possible way and to facilitate that, it is necessary for us to collect, process, and/or use the information as stated in this Policy. This means that the data collection is very much essential in fulfilling the relationship we have with the data subject.
We will only share the information to our specified partners to make it possible for us to carry out the services requested by the data subject. As part of our business operations, NEXUS may disclose the personal data to its partners and/or distributors to facilitate sales and delivery of its products/services. The partners and distributors are required by contract to hold the data obtained from NEXUS confidentially and securely and process the information only for the specified purpose, unless otherwise authorized by the data subject or applicable laws and regulations.
We process data subject’s personal data on the following legal bases:
Legitimate Interest: We may process the personal data as necessary to pursue our legitimate business interests (except where such interests are overridden by the interests, rights or freedoms of the data subject) particularly for managing, developing and improving our products and services; supporting our customers; performing our marketing and sales operations; protecting our employees and assets; and ensuring compliance with laws and regulations.
Legal Obligation: We may process the personal data to comply with applicable laws and regulations, establish or exercise our legal rights (for example, in connection with legal claims, compliance, regulatory and investigative purposes).
Performance of a Contract: We may process the personal data to enter into a contract and/or fulfil agreements with you or your organisations, including managing and delivering our services and products and allowing our customers to use our products/services and supplementary tools.
Consent: We may process the personal data with the consent of the data subject. In particular, where we cannot rely on an alternative legal basis or we are required by law to ask for your consent in the context of some of our sales and marketing activities, online data collection tools or surveys. At any time, you have a right to withdraw your consent by changing your communication choices, unsubscribing from our communications or contacting the Siemon Office.
Except as described in this Privacy Statement, NEXUS will not disclose the personal data with third parties without the consent of the data subject, unless for: (i) responding to duly-authorized information requests from police and governmental authorities; (ii) complying with law, regulation or court order; (iii) enforcement and protection of the rights and properties of NEXUS ; or (iv) protection of the rights or personal safety of our employees and third parties on or using Siemon property when allowed and in each case in compliance with applicable laws.
NEXUS may provide links to third-party applications, products, services or websites for your convenience or information with your consent. Siemon may offer social-media features that will allow you to share information with social networks and to interact with us on various social-media platforms. The third-party sites or their privacy practices are not controlled by NEXUS . We do not make any endorsements or representations about third-party sites. This Privacy Statement does not cover the personal data you desired to provide to or collected from you by third parties with your consent or shared by these third parties.
3. Information you give us.
We collect personal data only if required to provide our products or services, fulfil our legitimate business purposes and/or comply with applicable laws and regulations. Depending on the data subject’s relationship with NEXUS , we collect and process personal data as follows:
NEXUS products/services: contact details and login credentials to enter into contract and fulfil agreements with the data subject, provide support, manage and implement orders, deliver services and products, conduct quality controls, consult, develop and improve our products/services and ensure compliance with regulatory and legal requirements.
Sales and marketing: contact details, identification details, information necessary to purchase our products and services online, login credentials, profile, preferences, digital activity information and other information as may be relevant (e.g. information from publicly available sources) to serve the following purposes: sales and marketing; advertising; creating and delivering targeted advertisements and offers; conducting marketing campaigns; managing contacts and preferences; generating leads and opportunities; organizing and managing events; and engaging in social media interactions.
Partner and supplier programs: contact information to manage relations with partners and suppliers; engage and deliver services and products to customers in which case Siemon may obtain personal data directly from the data subject or from our partners.
Online Data Collection Tools: digital activity information to enable efficient use of our websites, services; collect statistics to optimize the functionality of our websites, products and services; enhance user experience and deliver content customized to user’s interests; and improve marketing and advertising campaigns.
Online forums and surveys: contact details, login credentials, comments and feedback for the following main purposes: engaging with partners and suppliers in online forums; conducting customer satisfaction and engagement surveys. (e.g. SurveyMonkey)
4. How we share information.
NEXUS does not sell, rent or lease personal data to others except as stated in this Privacy Statement. We may share and/or disclose your personal data as follows:
Disclosure within NEXUS : NEXUS has its headquarters in the United States of America and operates worldwide and may disclose your personal data as necessary within our group of companies in connection with how we use your personal data.
Disclosure to third parties: NEXUS maintains suppliers and service providers to facilitate and support its business operations, offer professional services, deliver products, services and customer solutions and help NEXUS with marketing and sales communication initiatives. Those third parties may receive and process your personal data under appropriate instructions, as necessary to support and facilitate how we use your personal data. The third parties are necessitated by contract to store and process the information confidentially and securely on behalf of NEXUS and use it only to perform the services as stated.
5. International Transfers of Personal Data.
As NEXUS operates worldwide, we may disclose your personal data as necessary within our worldwide office in the Americas, Europe, Russia, Africa, Middle East, India, Asia and Australia. We have an intra-company agreement on the transfer and processing of personal data within our companies across the globe. This forms the basis of our rules for Controller and allows NEXUS to ensure that EEA personal data which is transferred and processed by our companies outside the EEA, is adequately protected in accordance with applicable data protection laws. Intra-group international data transfers are subject to legally-binding agreements referred to as Binding Corporate Rules (BCR) which provide enforceable rights for data subjects.
We will only share your information to specified partners overseas to enable us to perform services requested by you. With regard to the transfer of personal data to a third party in a country that does not provide an adequate amount of data protection, NEXUS will ensure that appropriate safety measures are taken such as signing EU Standard Contractual Clauses with the recipient, relying on their Privacy Shield certification, other approved codes of conduct or certification mechanisms or binding and enforceable commitments of the recipient.
Circumstances may arise where, whether for strategic or other business reasons, NEXUS decides to buy, merge, sell or otherwise reorganize businesses in some countries. Such a transaction may involve the disclosure of personal data to prospective or actual purchasers, or the receipt of it from sellers. It is NEXUS practice to seek appropriate contractual protection for personal data in these types of transactions.
6. How Long We Keep Your Personal Information
In general, NEXUS keeps personal data for the length of any contractual relationship and, to the extent permitted by applicable laws, after the end of that relationship for as long as necessary to perform purposes set out in this Privacy Statement, to protect Siemon from legal claims and administer our business. When we no longer need to use personal data, we will delete it from our systems and records or take steps to anonymize the data unless we need to keep it longer to comply with a legal or regulatory obligation.
7. EEA Residents Rights
If you are a resident of the European Economic Area, you can contact the following European Data Controller in exercise of your data protection rights:
Data Subject Rights
If you are a resident of the European Economic Area, you have the following data protection rights.
- Request access or copies of personal data NEXUS processes about you;
- Rectify your personal data, if inaccurate or incomplete;
- Delete your personal data, unless an exception applies. For instance, we may need to keep your personal data to comply with legal obligation;
- Data portability, in certain circumstances. For instance, you may request us to transmit some of your personal data to another organization if the processing is based on your consent or a contract;
NEXUS strives to keep personal data accurately recorded. We have implemented technology, management processes and policies to help maintain data accuracy. The NEXUS Company has adopted the principle of privacy by design and will ensure that the definition and planning of all new or significantly changed systems that collect, or process personal data will be subject to due consideration of privacy issues, including the completion of one or more data protection impact assessments.
In accordance with applicable laws, NEXUS provides individuals with reasonable access to personal data that they provide to us and the reasonable ability to review and correct it.
To protect your privacy and security, we will take reasonable steps to verify data subject’s identity before granting access to personal data. To view and update the personal data provided directly to NEXUS , data subject can return to the web page where data was originally submitted and follow the instructions.
Data subject’s rights to restriction of, or objection to, processing of their personal data.
The data subject has following rights in regard to the restriction of, or objection to, processing of their personal data:
- Restrict the processing of your personal data, in certain circumstances. For instance, if you contest accuracy of your personal data you may request that we restrict processing of your personal data for the time enabling us to verify the accuracy of your personal data;
- Object to processing of your personal data, in certain circumstances. For instance, you may object to direct marketing including use of your personal data for profiling for direct marketing or where we process your personal data because we have legitimate interest in doing so.
Data subject’s right to lodge a complaint with a supervisory authority.
If the data subject considers that the processing of his/her personal data infringes the GDPR, he/she has the right to lodge a complaint with a supervisory authority in the EEA country where the data subject live, or work, or where he/she considers that data protection rules have been breached.
The data subject has additional rights under our BCRs. For instance, as a third party beneficiary, where you believe your personal data has been transferred to our company located outside the EU and processed by that company in breach of the BCR, you may have a right to lodge a complaint with a supervisory authority located in the same country as the NEXUS company in EU which transferred your data outside the EU