--- ---

Privacy Policy

The protection of your personal data is very important to us. This policy outlines how we collect, process, and protect your data across our website, software platform, and corporate events.

1. Information about the Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

2. Data Processing When Visiting Our Website

When you visit our website, certain data is automatically processed to deliver the site and keep it secure. This may include:

  • IP address
  • Browser type and version
  • Operating system

The legal basis for this is Art. 6(1)(f) GDPR (legitimate interest), namely the secure and technically error-free operation of the website. We use only technically necessary cookies.

3. Data and Security in Our Software

When utilising our software products, the following principles apply:

  • Security Measures: NGAI will maintain appropriate technical and organisational measures to protect Customer Data, including data encryption in transit and at rest, logical access controls, logging, and vulnerability management.
  • Data Minimisation: IRIS is designed to process overarching asset data and basic user onboarding information required to provision accounts (e.g., name, corporate email address, and role). Customers agree not to upload or submit any unnecessary personal data into the Service.
  • Data Processing Agreement: To the extent that Customer Data includes personal data subject to the General Data Protection Regulation (GDPR) or other applicable privacy laws, the processing of such data shall be governed exclusively by a separate Data Processing Agreement (DPA) executed between the Parties.
  • Usage Tracking: NGAI reserves the right to track user interactions with the platform for service improvement, quality assurance, and uptime monitoring.
  • Data Return and Deletion: Upon termination or expiration of our agreement, the Customer may request a secure export of Customer Data in an electronic and machine-readable format within ninety (90) days of the termination date ("Handover Window"). Upon expiration of this window, NGAI shall securely delete all Customer Data from its production systems in accordance with its data retention policies, unless retention is mandated by applicable law.

4. Nexus Group AI Events

We organise networking and industry events. Please note that photos, videos, and audio recordings will be taken at these events. Based on our legitimate interest (Art. 6(1)(f) GDPR), we may publish these materials in print and digital media for documentation and reporting purposes. If you prefer not to appear in such materials, please let event staff know or contact us via the contact form.

5. Direct Communication

If you contact us directly, the data you provide will be processed to handle your request.

  • Processing is based on Art. 6(1)(b) GDPR, insofar as your request is related to the performance of a contract or pre-contractual measures.
  • In all other cases, processing is based on Art. 6(1)(f) GDPR (legitimate interest in efficient communication).
  • The data will be deleted as soon as it is no longer required for processing your request and there are no legal retention obligations.

6. Your Rights as a Data Subject

As a data subject, you have the following rights in connection with the processing of your personal data by us in accordance with the General Data Protection Regulation (GDPR):

  • Information: You have the right to request information about the personal data we process about you.
  • Rectification: You have the right to have inaccurate or incomplete personal data corrected.
  • Erasure: You can request the erasure of your personal data, provided that there is no legal obligation to retain it or any other legitimate reason.
  • Restriction: Under certain conditions, you have the right to request the restriction of the processing of your data.
  • Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • Objection: You may object to the processing of your personal data if it is based on Art. 6(1)(e) or (f) GDPR.
  • Withdrawal: You have the right to withdraw your consent at any time with effect for the future.
  • Complaint: If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a data protection supervisory authority.

7. Hosting (Firebase Hosting)

Our website is hosted on Firebase Hosting (Google). As part of providing hosting services, Firebase may process technical data such as IP address, browser information, and request logs.

8. Contact Form (Google Forms)

If you contact us using our website forms, we process the data you provide to respond to your request. The forms are provided by Google (Google Forms), which may process technical data (such as IP address and device information) when you submit a form.

  • Legal basis: Art. 6(1)(b) GDPR for contract-related requests and Art. 6(1)(f) GDPR for general inquiries.
  • Purpose: Responding to your inquiry and maintaining communication.
  • Third party: Google acts as a service provider for form processing. You can find Google's privacy information at https://policies.google.com/privacy.

9. Meeting Scheduling (Google Calendar)

When you schedule a meeting through our site, the appointment page is provided by Google Calendar. Google may process technical data (such as IP address and device information) to provide the scheduling service.

  • Legal basis: Art. 6(1)(b) GDPR for pre-contractual measures and Art. 6(1)(f) GDPR for efficient scheduling.
  • Purpose: Managing appointments and coordinating meetings.
  • Third party: Google acts as a service provider for scheduling. Privacy details are available at https://policies.google.com/privacy.

10. Third-Party Content Delivery (CDNs)

We load some site assets (such as fonts, icons, and animation libraries) from third-party content delivery networks. When these resources load, your IP address and browser metadata are transmitted to the provider to deliver the content.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and efficient website delivery).