Privacy and Data Protection

Data Processing

Information for customers
and prospective customers

Notable Documents

Some of the principal documents relating to privacy and data protection are:

These documents run alongside our terms and conditions of sale.

GDPR

We run an internal compliance programme for GDPR. Due to the nature of the requirements, this is a ongoing project. Changes to our policies will arise from regular audit, updates to the practices of us and our customers, as well as evolution of data protection guidance and best practice.

Security of our Staff

We run data protection awareness training for our staff. Our technicians and engineers will be accessing your data, either specifically or incidentally, in order to provide support to you, so it’s important that they treat that data with due respect. We also have a policy of periodic DBS (criminal record) checks on staff who attend or electronically access our clients’ sites.

Security of Your Data

We store and process certain data connected with your business, as per our privacy notice. We review the tools we use and take active steps in line with the principles of data protection under GDPR, such as minimising the amount of data and the number of copies held, and minimising the number of people with access. Our software tools are typically industry standards, and we review them to make sure they have appropriately strong attention to information security.

In line with article 32 of the GDPR, we implement, as a minimum, the following technical and organisational requirements for the protection of personal data:

  • The pseudonymisation and encryption of personal data;  
  • The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  • The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
  • A process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
ISO 27001 Badge
We are independently audited for ISO27001 (information security)
Cyber Essentials Badge
We hold the cyber essentials certification

Data Processing Agreements

Data controllers are obliged under GDPR to have a data processing agreement in place with their data processors (which can include Nexus if we provide services for you).

For the sake of simplicity and consistency, we provide a standard data processing agreement to our customers, intended to  satisfy this obligation (ask us for a sample copy). We send these documents out through an e-signing system called Signable.

Nexus Customer Data Protection Mailing List

This is our designated means of notifying you of updates to our data protection situation (e.g. new sub-processors).

  • We need at least one email address per customer
  • This is separate to our marketing emails
  • Unsubscribe in response to any message
  • Email list admins on dataprotection@nexusos.co.uk

Subscribe to Nexus Data Protection Notifications

* indicates required