Data Protection Principles
Understand fairness, transparency, purpose limitation, data minimization, security and accountability principles.
Read sectionThis GDPR Compliance page explains how Nexus Web & Software approaches personal data protection, privacy rights, website forms, project data, client portal information, support requests, cookies, analytics, third-party processors and digital service responsibilities where GDPR or similar privacy principles may apply.
We build and support websites, software, mobile apps, client portals, dashboards, WordPress websites, Shopify stores, WooCommerce systems, APIs and SEO campaigns. Privacy planning is important because many digital platforms collect, process or display personal information.
GDPR stands for General Data Protection Regulation. It is a data protection framework that may apply when personal information of individuals in certain regions is collected, used, stored, transferred or otherwise processed. This page explains our general approach to data protection and how we support privacy-aware digital service delivery.
Nexus Web & Software may act as a business handling its own website visitor and client data. In some client projects, we may also help design, develop, maintain or support platforms where clients control the personal data collected from their users. The responsibilities can differ depending on project structure, contract terms, platform ownership and applicable law.
This page is for general transparency and planning guidance. It is not legal advice. Businesses with GDPR, UK GDPR, EU privacy, ePrivacy, cookie, payment, healthcare, financial or industry-specific compliance requirements should consult qualified legal or compliance professionals.
Use these sections to understand data handling, privacy rights, security, cookies, processors and client responsibilities.
Understand fairness, transparency, purpose limitation, data minimization, security and accountability principles.
Read sectionReview contact details, quote forms, support tickets, project files, analytics data and portal information.
Read sectionLearn about access, correction, deletion, restriction, objection, portability and consent withdrawal where applicable.
Read sectionUnderstand how cookies, analytics, logs and tracking tools may support website performance and measurement.
Read sectionSee how reasonable safeguards, access controls, retention practices and secure handling support privacy.
Read sectionLearn how to submit GDPR, privacy, data access, correction, deletion or objection requests.
Read sectionWhere data protection laws apply, personal information should be handled carefully, transparently and securely.
Personal data should be collected and used for legitimate reasons that are explained clearly to the people affected.
Personal information should be collected for specific purposes such as enquiries, quotes, service delivery or support.
Only information that is reasonably needed for the purpose should be requested or stored.
Personal information should be kept accurate where needed for communication, billing, support and project delivery.
Personal data should not be kept longer than reasonably necessary for business, support, legal or accounting purposes.
Reasonable technical and organizational measures should protect information from misuse, loss or unauthorized access.
We collect information only where it helps us communicate, deliver services, provide support or operate the website.
We may collect name, email address, phone number, WhatsApp number, business name, job role, country, website URL, project type, service interest, preferred contact method and message details submitted through forms or direct communication.
Quote forms and consultation requests may include project goals, budget range, timeline, page count, platform preference, feature requirements, SEO goals, content needs, integration requirements and business context.
During website, software, mobile app, WordPress, Shopify, WooCommerce, eCommerce, dashboard or API projects, we may process business information, brand assets, technical documents, user roles, workflow notes, testing feedback, approvals and support records.
Client portal or dashboard use may involve login information, user profile details, support tickets, file uploads, project messages, invoice references, approval records, service status and activity related to project delivery.
Support requests may include website URLs, screenshots, error messages, admin notes, browser details, device information, recent changes, hosting details, access information provided by the client and troubleshooting history.
When you browse the website, technical information may be collected such as IP address, browser type, device type, operating system, referring page, visited pages, approximate location, log data, interaction events and cookie identifiers where applicable.
Where GDPR applies, a lawful basis is generally required for processing personal data.
We may process personal data to prepare quotes, communicate with clients, deliver website development, build software, support apps, manage CMS websites, configure Shopify stores, complete SEO tasks, provide support and manage project obligations.
We may process information for legitimate business interests such as responding to enquiries, improving services, securing our website, preventing abuse, maintaining records, managing client communication and understanding website performance.
Where required, we may rely on consent for certain optional activities such as marketing communication, non-essential cookies or specific data handling choices. Consent may be withdrawn where applicable.
We may retain or process information where needed for accounting, tax, legal, regulatory, dispute resolution, security or compliance reasons.
These legal bases are not usually relevant to our standard digital services, but may apply in exceptional situations where law permits or requires them.
For some projects, the client may decide what data their website, app, portal, dashboard or store collects from end users. In that case, the client may be responsible for its own lawful basis, notices, consent mechanisms and compliance decisions.
Data rights depend on location, applicable law, identity verification, data type and lawful basis.
You may request confirmation of whether we hold personal data about you and receive certain information about how it is used.
You may ask us to correct inaccurate or incomplete personal data where applicable.
You may request deletion of personal data where applicable, subject to legal, accounting, security or business retention needs.
You may request that certain processing be limited while a concern is reviewed, where applicable.
Where applicable, you may request certain personal data in a structured format if processing is based on consent or contract and carried out by automated means.
You may object to certain processing, including some legitimate interest processing or direct marketing, where applicable.
Cookies and analytics help operate, measure and improve the website, subject to applicable choices and settings.
Essential cookies may be used to operate the website, support forms, maintain sessions, protect security, reduce spam and enable client portal or login functionality where available.
Analytics tools may help us understand traffic sources, page performance, user behavior, device types, popular service pages, enquiry paths and website improvement opportunities.
Where campaigns are active, tracking tools may help measure quote requests, contact form submissions, call clicks, WhatsApp clicks, consultation bookings and campaign performance.
Users can usually manage cookies through browser settings. If a cookie banner or consent tool is active, users may be able to manage optional cookie categories through that tool.
Server logs may automatically record technical information such as IP address, requested page, browser type, timestamp, errors and security events. Logs help troubleshoot issues and protect systems.
For more details about cookies, analytics and similar technologies, please review our Cookie Policy and Privacy Policy.
We do not sell personal data. Limited sharing may occur where needed for legitimate service purposes.
Hosting, server, cloud, domain and security providers may process technical data needed to run websites, portals and systems.
Email, form, messaging and project communication tools may process messages and contact details.
Analytics and performance tools may process technical and usage information to help improve the website.
Payment processors, banks or invoice tools may process billing details and payment references where services are purchased.
Project management, file sharing, support ticket and collaboration tools may help us deliver services and manage requests.
Information may be shared where required for legal, dispute, accounting, security, fraud prevention or regulatory reasons.
Security is a shared responsibility between service provider, client, users and third-party platforms.
We use reasonable technical and organizational measures designed to protect personal data and project information from unauthorized access, loss, misuse, alteration, disclosure or destruction.
Information should be accessed only by team members, partners or providers who need it for project delivery, support, billing, communication, security or business administration.
Clients should not submit sensitive passwords, private keys, banking credentials or confidential access details through public forms. Secure access sharing should be agreed where needed.
We retain personal data only for as long as reasonably necessary for enquiries, projects, support, billing, legal obligations, accounting, security, dispute resolution and legitimate business records.
Where appropriate, information may be deleted, archived, anonymized or restricted when it is no longer needed. Some records may be retained for legal, billing, contractual or security reasons.
No online system can be guaranteed completely secure. Clients should use strong passwords, maintain backups, keep platforms updated and follow secure access practices.
Different digital services require different privacy, consent, security and data handling considerations.
Business websites may collect data through contact forms, quote forms, newsletter forms, analytics, cookies, chat widgets and booking systems.
Custom software, dashboards and admin panels may process user accounts, roles, permissions, logs, reports and business records.
Mobile apps may involve user profiles, device data, permissions, push notifications, location features, analytics and app store privacy requirements.
WordPress and WooCommerce websites may process comments, orders, accounts, contact forms, checkout data, plugins and customer records.
Shopify stores may collect customer data through checkout, accounts, apps, analytics, email marketing, payment gateways and shipping tools.
SEO and analytics work may involve search performance, visitor behavior, tracking tools, conversion events and local business information.
Nexus Web & Software can help build privacy-aware websites, portals, dashboards, eCommerce stores and software systems, but clients are responsible for deciding what data their business collects, why it is collected, how it is used, what legal basis applies and what notices are required for their users.
Clients should review their business model, target regions, user types, payment flows, marketing activities, cookie tools, third-party apps, customer databases, retention rules and legal obligations with qualified professionals where needed.
Plan a Privacy-Aware ProjectClients should supply privacy, cookie, refund and terms content suitable for their business.
Client teams should limit admin, portal and dashboard access to authorized users only.
Clients should understand analytics, marketing pixels, embeds, apps and tracking scripts.
Payment, checkout and customer records must follow gateway, platform and legal requirements.
Collect only the information needed for forms, accounts, orders, bookings or support.
Keep accounts, plugins, passwords, backups, hosting and third-party tools secure over time.
Online services commonly depend on cloud tools, hosting providers and software platforms with global infrastructure.
Hosting, analytics, email, cloud, payment, support, project management, file storage and software providers may operate infrastructure or teams in different countries.
Where applicable, data transfers should use appropriate safeguards such as provider contractual terms, data processing agreements, approved mechanisms or other lawful methods depending on the jurisdiction and service.
Clients may choose platforms such as Shopify, WordPress hosting, payment gateways, CRM tools, email marketing tools or cloud providers. Clients should review provider privacy and transfer terms for their own compliance needs.
If a client needs regional hosting, data residency, special contractual clauses, private infrastructure, restricted provider use or compliance-specific architecture, this should be raised before project approval.
Third-party providers control their own infrastructure, processing locations, compliance documents, security practices and update schedules.
Where data protection agreements, processor terms or custom contractual obligations are needed, they should be reviewed and agreed in writing before work begins.
Requests are reviewed carefully and may require verification before action is taken.
Email sales@nexuswebsoftware.com or support@nexuswebsoftware.com, or use the contact page. Include your name, email address, business name, request type and enough details for us to identify your records.
You may request access, correction, deletion, restriction, objection, portability, consent withdrawal, marketing opt-out or information about data handling where applicable.
We may ask for verification to confirm your identity or authority before providing, changing or deleting records. This helps protect personal information from unauthorized disclosure.
We review the request, search relevant records, assess legal basis, identify retention obligations and respond as required by applicable law and circumstances.
Some information may be retained for legal, billing, accounting, security, dispute, contractual, support or legitimate business reasons. Some requests may be limited where legal exceptions apply.
If your request relates to data controlled by one of our clients through a website, app, store, portal or software system we built or support, we may direct you to that client or support them in responding where appropriate.
This workflow explains how Nexus Web & Software may process privacy and data protection requests.
You submit a data request through email, contact form, support channel or approved communication method.
We may request information to confirm your identity, relationship to records or authority to act for a business.
Relevant systems may be reviewed, including enquiry records, email communication, support tickets, portal records and project notes.
We assess the type of data, purpose, lawful basis, retention obligations and whether exceptions apply.
Where appropriate, we may provide access, correct data, delete data, restrict processing, update preferences or explain limitations.
We respond through an appropriate communication channel and may keep a record of the request for compliance purposes.
You may update contact details, unsubscribe from marketing where applicable or request further clarification.
These features can help businesses build more transparent, user-friendly and privacy-aware digital experiences.
Website Trust
Professional privacy, cookie, terms and policy pages help visitors understand how information is collected and used.
Lead Forms
Forms should collect only required information and clearly explain why the user is submitting data.
Client Systems
Dashboards and portals should define permissions, user roles, secure sessions and access boundaries.
Measurement
Analytics, conversion tracking, pixels and cookies should be documented and configured responsibly.
These FAQs summarize important points from this GDPR Compliance page.
GDPR stands for General Data Protection Regulation. It is a data protection framework that gives individuals certain rights over personal data and requires organizations to handle personal information lawfully, fairly, transparently and securely where GDPR applies.
Nexus Web & Software may collect contact details, business information, project requirements, quote requests, support messages, client portal information, billing-related details, website analytics data, cookie data and technical information needed to communicate, deliver services and support clients.
Depending on applicability and circumstances, individuals may have rights to access, correction, deletion, restriction, objection, portability, withdrawal of consent and complaint to a supervisory authority.
No. Nexus Web & Software does not sell personal data. Information may be shared with trusted providers only where needed for website operation, project delivery, support, billing, hosting, analytics, security, communication or legal obligations.
Yes, clients should obtain their own legal or compliance advice where needed. We can build privacy-aware websites and systems, but clients are responsible for their own business data practices, legal basis, user notices and compliance decisions.
We can create professional website structures, policy page layouts, cookie policy pages, form notices and privacy-aware design sections. Legal wording should be reviewed by a qualified professional for your business.
Cookies and tracking technologies may be subject to privacy and cookie rules depending on location and use. Website owners should clearly explain cookies and provide consent options where required.
You can submit a GDPR or data protection request by contacting Nexus Web & Software at sales@nexuswebsoftware.com or support@nexuswebsoftware.com with your name, contact details, request type and enough information to verify and locate your records.
Whether you need a business website, WordPress site, Shopify store, client portal, custom software, mobile app or SEO campaign, Nexus Web & Software can help plan privacy-friendly forms, policy pages, cookie notices, secure access and responsible data workflows.
Use these links to review related policies, request support or plan privacy-aware digital services.