GDPR Compliance

Data protection, privacy rights and GDPR-focused digital service practices

This GDPR Compliance page explains how Nexus Web & Software approaches personal data protection, privacy rights, website forms, project data, client portal information, support requests, cookies, analytics, third-party processors and digital service responsibilities where GDPR or similar privacy principles may apply.

We build and support websites, software, mobile apps, client portals, dashboards, WordPress websites, Shopify stores, WooCommerce systems, APIs and SEO campaigns. Privacy planning is important because many digital platforms collect, process or display personal information.

  • Covers personal data, project records, support details and portal information
  • Explains privacy rights, lawful processing and data protection principles
  • Includes cookies, analytics, third-party tools and service providers
  • Supports website, software, mobile app, SEO and eCommerce privacy planning
  • Written for transparent business communication and responsible data handling
PrivacyTransparent Data Use
RightsAccess & Correction
SecurityReasonable Safeguards
SupportRequest Process
GDPR Overview

Privacy and data protection should be considered in every modern digital platform

GDPR stands for General Data Protection Regulation. It is a data protection framework that may apply when personal information of individuals in certain regions is collected, used, stored, transferred or otherwise processed. This page explains our general approach to data protection and how we support privacy-aware digital service delivery.

Nexus Web & Software may act as a business handling its own website visitor and client data. In some client projects, we may also help design, develop, maintain or support platforms where clients control the personal data collected from their users. The responsibilities can differ depending on project structure, contract terms, platform ownership and applicable law.

This page is for general transparency and planning guidance. It is not legal advice. Businesses with GDPR, UK GDPR, EU privacy, ePrivacy, cookie, payment, healthcare, financial or industry-specific compliance requirements should consult qualified legal or compliance professionals.

This GDPR page covers

  • Data protection principles and privacy commitments
  • Personal data collected through forms and communication
  • Client portal, support and project information handling
  • Cookies, analytics, tracking and third-party providers
  • Privacy rights and data request process
  • Website, software, app and eCommerce privacy planning
GDPR Sections

Quick navigation through this GDPR Compliance page

Use these sections to understand data handling, privacy rights, security, cookies, processors and client responsibilities.

01

Data Protection Principles

Understand fairness, transparency, purpose limitation, data minimization, security and accountability principles.

  • Fairness
  • Purpose
  • Security
  • Accountability
Read section
03

Privacy Rights

Learn about access, correction, deletion, restriction, objection, portability and consent withdrawal where applicable.

  • Access
  • Correct
  • Delete
  • Object
Read section
04

Cookies and Analytics

Understand how cookies, analytics, logs and tracking tools may support website performance and measurement.

  • Cookies
  • Analytics
  • Logs
  • Tracking
Read section
05

Security and Retention

See how reasonable safeguards, access controls, retention practices and secure handling support privacy.

  • Security
  • Access
  • Retention
  • Protection
Read section
1. Data Protection Principles

Core principles that guide responsible personal data handling

Where data protection laws apply, personal information should be handled carefully, transparently and securely.

Lawfulness, Fairness and Transparency

Personal data should be collected and used for legitimate reasons that are explained clearly to the people affected.

  • Clear privacy information
  • Honest data collection
  • Appropriate legal basis
  • Transparent forms
  • Clear service purpose

Purpose Limitation

Personal information should be collected for specific purposes such as enquiries, quotes, service delivery or support.

  • Quote handling
  • Project communication
  • Support requests
  • Billing administration
  • Security and website operation

Data Minimization

Only information that is reasonably needed for the purpose should be requested or stored.

  • Relevant form fields
  • Limited access requests
  • Purpose-driven uploads
  • Reduced unnecessary data
  • Clean project records

Accuracy

Personal information should be kept accurate where needed for communication, billing, support and project delivery.

  • Correct contact details
  • Updated project owners
  • Accurate billing records
  • Clear support descriptions
  • Current client information

Storage Limitation

Personal data should not be kept longer than reasonably necessary for business, support, legal or accounting purposes.

  • Retention review
  • Support history needs
  • Invoice record periods
  • Project archive control
  • Deletion request review

Integrity and Confidentiality

Reasonable technical and organizational measures should protect information from misuse, loss or unauthorized access.

  • Access controls
  • Secure communication practices
  • Password protection
  • Limited team access
  • Security review
2. Personal Data We May Handle

Information may be collected through website forms, projects, support and portal activity

We collect information only where it helps us communicate, deliver services, provide support or operate the website.

Contact and enquiry information

We may collect name, email address, phone number, WhatsApp number, business name, job role, country, website URL, project type, service interest, preferred contact method and message details submitted through forms or direct communication.

Quote and consultation information

Quote forms and consultation requests may include project goals, budget range, timeline, page count, platform preference, feature requirements, SEO goals, content needs, integration requirements and business context.

Project and development information

During website, software, mobile app, WordPress, Shopify, WooCommerce, eCommerce, dashboard or API projects, we may process business information, brand assets, technical documents, user roles, workflow notes, testing feedback, approvals and support records.

Client portal and dashboard information

Client portal or dashboard use may involve login information, user profile details, support tickets, file uploads, project messages, invoice references, approval records, service status and activity related to project delivery.

Support request information

Support requests may include website URLs, screenshots, error messages, admin notes, browser details, device information, recent changes, hosting details, access information provided by the client and troubleshooting history.

Technical and analytics information

When you browse the website, technical information may be collected such as IP address, browser type, device type, operating system, referring page, visited pages, approximate location, log data, interaction events and cookie identifiers where applicable.

3. Lawful Basis and Use of Information

Personal data may be used for clear business and service-related purposes

Where GDPR applies, a lawful basis is generally required for processing personal data.

Contract and service delivery

We may process personal data to prepare quotes, communicate with clients, deliver website development, build software, support apps, manage CMS websites, configure Shopify stores, complete SEO tasks, provide support and manage project obligations.

Legitimate interests

We may process information for legitimate business interests such as responding to enquiries, improving services, securing our website, preventing abuse, maintaining records, managing client communication and understanding website performance.

Consent

Where required, we may rely on consent for certain optional activities such as marketing communication, non-essential cookies or specific data handling choices. Consent may be withdrawn where applicable.

Legal obligations

We may retain or process information where needed for accounting, tax, legal, regulatory, dispute resolution, security or compliance reasons.

Vital or public interests

These legal bases are not usually relevant to our standard digital services, but may apply in exceptional situations where law permits or requires them.

Client-controlled processing

For some projects, the client may decide what data their website, app, portal, dashboard or store collects from end users. In that case, the client may be responsible for its own lawful basis, notices, consent mechanisms and compliance decisions.

4. Privacy Rights

Individuals may have rights over personal data where GDPR applies

Data rights depend on location, applicable law, identity verification, data type and lawful basis.

Right of Access

You may request confirmation of whether we hold personal data about you and receive certain information about how it is used.

  • Contact record review
  • Support record review
  • Portal data review
  • Project communication review
  • Data source information

Right to Correction

You may ask us to correct inaccurate or incomplete personal data where applicable.

  • Email correction
  • Phone correction
  • Business contact update
  • Billing contact update
  • Portal profile update

Right to Deletion

You may request deletion of personal data where applicable, subject to legal, accounting, security or business retention needs.

  • Contact removal
  • Marketing opt-out
  • Support record review
  • Inactive enquiry removal
  • Retention exceptions

Right to Restriction

You may request that certain processing be limited while a concern is reviewed, where applicable.

  • Dispute review
  • Accuracy check
  • Temporary limitation
  • Processing pause
  • Case-by-case review

Right to Portability

Where applicable, you may request certain personal data in a structured format if processing is based on consent or contract and carried out by automated means.

  • Eligible data export
  • Structured format
  • Identity verification
  • Scope limitation
  • Technical feasibility

Right to Object

You may object to certain processing, including some legitimate interest processing or direct marketing, where applicable.

  • Marketing objection
  • Legitimate interest review
  • Processing assessment
  • Communication preference
  • Response record
5. Cookies, Analytics and Tracking

Website technologies may collect technical and usage information

Cookies and analytics help operate, measure and improve the website, subject to applicable choices and settings.

Essential cookies

Essential cookies may be used to operate the website, support forms, maintain sessions, protect security, reduce spam and enable client portal or login functionality where available.

Analytics cookies

Analytics tools may help us understand traffic sources, page performance, user behavior, device types, popular service pages, enquiry paths and website improvement opportunities.

Marketing and conversion tracking

Where campaigns are active, tracking tools may help measure quote requests, contact form submissions, call clicks, WhatsApp clicks, consultation bookings and campaign performance.

Cookie choices

Users can usually manage cookies through browser settings. If a cookie banner or consent tool is active, users may be able to manage optional cookie categories through that tool.

Server logs

Server logs may automatically record technical information such as IP address, requested page, browser type, timestamp, errors and security events. Logs help troubleshoot issues and protect systems.

Read more

For more details about cookies, analytics and similar technologies, please review our Cookie Policy and Privacy Policy.

6. Processors, Providers and Data Sharing

Trusted service providers may support website operation and service delivery

We do not sell personal data. Limited sharing may occur where needed for legitimate service purposes.

Hosting and Infrastructure

Hosting, server, cloud, domain and security providers may process technical data needed to run websites, portals and systems.

  • Website hosting
  • Server logs
  • DNS services
  • SSL certificates
  • Security monitoring

Communication Providers

Email, form, messaging and project communication tools may process messages and contact details.

  • Email delivery
  • Contact forms
  • Support messages
  • Client updates
  • Project communication

Analytics Providers

Analytics and performance tools may process technical and usage information to help improve the website.

  • Traffic reports
  • Page performance
  • Conversion measurement
  • Device insights
  • SEO improvements

Payment and Billing

Payment processors, banks or invoice tools may process billing details and payment references where services are purchased.

  • Invoice records
  • Payment status
  • Transaction references
  • Billing contacts
  • Accounting records

Project and Support Tools

Project management, file sharing, support ticket and collaboration tools may help us deliver services and manage requests.

  • Project tasks
  • Support tickets
  • Client files
  • Approval notes
  • Maintenance records

Legal and Compliance

Information may be shared where required for legal, dispute, accounting, security, fraud prevention or regulatory reasons.

  • Legal obligations
  • Dispute handling
  • Fraud prevention
  • Security investigation
  • Regulatory requests
7. Security, Access Control and Retention

Reasonable safeguards help protect personal and project information

Security is a shared responsibility between service provider, client, users and third-party platforms.

Security measures

We use reasonable technical and organizational measures designed to protect personal data and project information from unauthorized access, loss, misuse, alteration, disclosure or destruction.

Access limitation

Information should be accessed only by team members, partners or providers who need it for project delivery, support, billing, communication, security or business administration.

Credential handling

Clients should not submit sensitive passwords, private keys, banking credentials or confidential access details through public forms. Secure access sharing should be agreed where needed.

Retention period

We retain personal data only for as long as reasonably necessary for enquiries, projects, support, billing, legal obligations, accounting, security, dispute resolution and legitimate business records.

Deletion and anonymization

Where appropriate, information may be deleted, archived, anonymized or restricted when it is no longer needed. Some records may be retained for legal, billing, contractual or security reasons.

No absolute security guarantee

No online system can be guaranteed completely secure. Clients should use strong passwords, maintain backups, keep platforms updated and follow secure access practices.

GDPR for Digital Services

How privacy planning applies to websites, software, apps and SEO

Different digital services require different privacy, consent, security and data handling considerations.

Website Development

Business websites may collect data through contact forms, quote forms, newsletter forms, analytics, cookies, chat widgets and booking systems.

  • Privacy policy placement
  • Contact form transparency
  • Cookie notice planning
  • Secure form handling
  • Analytics disclosure

Software and Dashboards

Custom software, dashboards and admin panels may process user accounts, roles, permissions, logs, reports and business records.

  • Role-based access
  • User permission design
  • Audit trail planning
  • Data minimization
  • Retention rules

Mobile Apps

Mobile apps may involve user profiles, device data, permissions, push notifications, location features, analytics and app store privacy requirements.

  • Permission notices
  • App privacy labels
  • User account control
  • Notification consent
  • API security

WordPress and WooCommerce

WordPress and WooCommerce websites may process comments, orders, accounts, contact forms, checkout data, plugins and customer records.

  • Plugin privacy review
  • Checkout transparency
  • Customer account controls
  • Order retention review
  • Security updates

Shopify Stores

Shopify stores may collect customer data through checkout, accounts, apps, analytics, email marketing, payment gateways and shipping tools.

  • Store privacy policy
  • App permission review
  • Payment provider notices
  • Customer data access
  • Marketing consent

SEO and Analytics

SEO and analytics work may involve search performance, visitor behavior, tracking tools, conversion events and local business information.

  • Analytics configuration
  • Cookie disclosure
  • Conversion tracking review
  • Search Console data
  • Reporting access control
Client Responsibilities

Clients remain responsible for privacy compliance in their own business operations

Nexus Web & Software can help build privacy-aware websites, portals, dashboards, eCommerce stores and software systems, but clients are responsible for deciding what data their business collects, why it is collected, how it is used, what legal basis applies and what notices are required for their users.

Clients should review their business model, target regions, user types, payment flows, marketing activities, cookie tools, third-party apps, customer databases, retention rules and legal obligations with qualified professionals where needed.

Plan a Privacy-Aware Project

Provide Correct Policies

Clients should supply privacy, cookie, refund and terms content suitable for their business.

Control User Access

Client teams should limit admin, portal and dashboard access to authorized users only.

Review Cookies

Clients should understand analytics, marketing pixels, embeds, apps and tracking scripts.

Payment Compliance

Payment, checkout and customer records must follow gateway, platform and legal requirements.

Minimize Data

Collect only the information needed for forms, accounts, orders, bookings or support.

Maintain Security

Keep accounts, plugins, passwords, backups, hosting and third-party tools secure over time.

8. International Transfers and Global Services

Digital services may involve providers and infrastructure in different countries

Online services commonly depend on cloud tools, hosting providers and software platforms with global infrastructure.

Global service providers

Hosting, analytics, email, cloud, payment, support, project management, file storage and software providers may operate infrastructure or teams in different countries.

Transfer safeguards

Where applicable, data transfers should use appropriate safeguards such as provider contractual terms, data processing agreements, approved mechanisms or other lawful methods depending on the jurisdiction and service.

Client platform choices

Clients may choose platforms such as Shopify, WordPress hosting, payment gateways, CRM tools, email marketing tools or cloud providers. Clients should review provider privacy and transfer terms for their own compliance needs.

Project-specific requirements

If a client needs regional hosting, data residency, special contractual clauses, private infrastructure, restricted provider use or compliance-specific architecture, this should be raised before project approval.

Third-party control

Third-party providers control their own infrastructure, processing locations, compliance documents, security practices and update schedules.

Written agreements

Where data protection agreements, processor terms or custom contractual obligations are needed, they should be reviewed and agreed in writing before work begins.

9. Data Request Process

How to submit a GDPR or privacy request

Requests are reviewed carefully and may require verification before action is taken.

Submit your request

Email sales@nexuswebsoftware.com or support@nexuswebsoftware.com, or use the contact page. Include your name, email address, business name, request type and enough details for us to identify your records.

Request types

You may request access, correction, deletion, restriction, objection, portability, consent withdrawal, marketing opt-out or information about data handling where applicable.

Verification

We may ask for verification to confirm your identity or authority before providing, changing or deleting records. This helps protect personal information from unauthorized disclosure.

Review and response

We review the request, search relevant records, assess legal basis, identify retention obligations and respond as required by applicable law and circumstances.

Limits and exceptions

Some information may be retained for legal, billing, accounting, security, dispute, contractual, support or legitimate business reasons. Some requests may be limited where legal exceptions apply.

Client-controlled data

If your request relates to data controlled by one of our clients through a website, app, store, portal or software system we built or support, we may direct you to that client or support them in responding where appropriate.

GDPR Request Workflow

How privacy requests are handled from submission to response

This workflow explains how Nexus Web & Software may process privacy and data protection requests.

  1. 01

    Request Received

    You submit a data request through email, contact form, support channel or approved communication method.

  2. 02

    Identity Verification

    We may request information to confirm your identity, relationship to records or authority to act for a business.

  3. 03

    Record Search

    Relevant systems may be reviewed, including enquiry records, email communication, support tickets, portal records and project notes.

  4. 04

    Legal Basis Review

    We assess the type of data, purpose, lawful basis, retention obligations and whether exceptions apply.

  5. 05

    Action or Explanation

    Where appropriate, we may provide access, correct data, delete data, restrict processing, update preferences or explain limitations.

  6. 06

    Response Sent

    We respond through an appropriate communication channel and may keep a record of the request for compliance purposes.

  7. 07

    Ongoing Preference Control

    You may update contact details, unsubscribe from marketing where applicable or request further clarification.

Privacy-Ready Website Planning

Helpful privacy features for professional websites and digital platforms

These features can help businesses build more transparent, user-friendly and privacy-aware digital experiences.

Policy Pages

Privacy and Cookie Pages

Website Trust

Professional privacy, cookie, terms and policy pages help visitors understand how information is collected and used.

  • Privacy policy structure
  • Cookie policy page
  • Terms and disclaimer links
  • Footer policy navigation
View Privacy Policy
Portal Access

Role-Based User Control

Client Systems

Dashboards and portals should define permissions, user roles, secure sessions and access boundaries.

  • User role design
  • Login security
  • Access limitation
  • Account management
View Portal Solutions
Tracking Review

Cookies and Analytics Setup

Measurement

Analytics, conversion tracking, pixels and cookies should be documented and configured responsibly.

  • Cookie category review
  • Analytics planning
  • Conversion events
  • Cookie policy support
Read Cookie Policy
GDPR Compliance FAQs

Helpful answers about GDPR, privacy rights and data handling

These FAQs summarize important points from this GDPR Compliance page.

What is GDPR?

GDPR stands for General Data Protection Regulation. It is a data protection framework that gives individuals certain rights over personal data and requires organizations to handle personal information lawfully, fairly, transparently and securely where GDPR applies.

What personal data may Nexus Web & Software collect?

Nexus Web & Software may collect contact details, business information, project requirements, quote requests, support messages, client portal information, billing-related details, website analytics data, cookie data and technical information needed to communicate, deliver services and support clients.

What rights may individuals have under GDPR?

Depending on applicability and circumstances, individuals may have rights to access, correction, deletion, restriction, objection, portability, withdrawal of consent and complaint to a supervisory authority.

Does Nexus Web & Software sell personal data?

No. Nexus Web & Software does not sell personal data. Information may be shared with trusted providers only where needed for website operation, project delivery, support, billing, hosting, analytics, security, communication or legal obligations.

Do clients need their own GDPR compliance review?

Yes, clients should obtain their own legal or compliance advice where needed. We can build privacy-aware websites and systems, but clients are responsible for their own business data practices, legal basis, user notices and compliance decisions.

Can Nexus Web & Software create GDPR-ready website pages?

We can create professional website structures, policy page layouts, cookie policy pages, form notices and privacy-aware design sections. Legal wording should be reviewed by a qualified professional for your business.

Are cookies covered by GDPR?

Cookies and tracking technologies may be subject to privacy and cookie rules depending on location and use. Website owners should clearly explain cookies and provide consent options where required.

How can I submit a GDPR or data protection request?

You can submit a GDPR or data protection request by contacting Nexus Web & Software at sales@nexuswebsoftware.com or support@nexuswebsoftware.com with your name, contact details, request type and enough information to verify and locate your records.

Need Privacy-Aware Website Planning?

Build websites, portals, dashboards and apps with better privacy structure from the start

Whether you need a business website, WordPress site, Shopify store, client portal, custom software, mobile app or SEO campaign, Nexus Web & Software can help plan privacy-friendly forms, policy pages, cookie notices, secure access and responsible data workflows.

GDPR Navigation

Helpful privacy, legal and support links

Use these links to review related policies, request support or plan privacy-aware digital services.

Chat via WhatsApp