Privacy Policy

Last updated:

1. Who Nexus Is (Data Controller)

This Privacy Policy explains how C.K. NEXUS IT SOLUTIONS (“Nexus”, “we”, “us”, “our”) collects and uses personal data when users visit the website, contact Nexus, create an account, or use services.

Contact information:
C.K. Nexus IT Solutions
https://www.nexusitsolutions.com.cy
Email: dpo@nexusitsolutions.com.cy

2. Scope

This Privacy Policy applies to:

  • website visitors;
  • individuals who contact Nexus (for example by email or web forms);
  • customers and authorized users who create an account or use a client portal for ordering, billing, and support (including hosting services); and
  • business communications relating to Nexus IT and technology services.

This Policy does not apply to third-party websites, products, or services not controlled by Nexus (even where links are provided). Third parties’ privacy practices are governed by their own policies.

3. Personal Data Nexus Collects

Nexus collects personal data in three main ways: (a) information users provide, (b) information collected automatically, and (c) information received from third parties.

3.1 Information users provide

Depending on interaction with Nexus, this may include:

  • identity and contact data: name, email address, company name, job title, postal address (if provided), and other contact details submitted;
  • account and customer data: login credentials (in hashed/secured form), account identifiers, service selections, and support preferences;
  • billing and transaction data: billing contact, invoicing details, payment status, transaction references, and records needed for accounting (note: payment card details are typically handled by payment providers and not stored by Nexus unless a user provides them directly and Nexus has a legitimate need to process them); and
  • support and communications data: emails, support tickets, correspondence, attachments, and any information a user chooses to share.

3.2 Information collected automatically (website/portal)

When users access the website or a client portal, Nexus may automatically collect:

  • device and usage data: IP address, browser type/version, operating system, language, pages viewed, dates/times, referring URLs, and interactions;
  • log and security data: event logs relating to authentication, errors, and security monitoring; and
  • cookie and similar technology data (see Section 7).

3.3 Information from third parties

Nexus may receive limited personal data from:

  • payment, billing, and fraud-prevention providers (for example, confirmation that a payment succeeded/failed);
  • domain registrar/reseller partners and registries in connection with domain services; and
  • service providers supporting Nexus IT operations (for example, anti-abuse and security tooling).

4. Why Nexus Uses Personal Data (Purposes)

Nexus processes personal data for the following purposes:

  • to provide, operate, maintain, and secure the website, client portal, and services;
  • to respond to inquiries and provide customer support;
  • to create and administer customer accounts, orders, subscriptions, and service delivery;
  • to process billing, payments, and accounting, and manage contractual relationships;
  • to manage and communicate service notices (for example maintenance, security alerts, and important operational messages);
  • to prevent fraud, abuse, and security incidents, and to monitor, detect, and remediate threats;
  • to improve services, user experience, and performance (including through analytics, where enabled); and
  • to comply with legal obligations and to establish, exercise, or defend legal claims.

Nexus does not use personal data for purposes incompatible with those listed above without providing an appropriate notice or, where required, obtaining consent.

5. Lawful Bases (GDPR)

Where GDPR or similar laws apply, Nexus relies on one or more of the following lawful bases:

  • contract: processing is necessary to provide services requested, manage accounts, and perform contractual obligations;
  • legal obligation: processing is necessary to comply with applicable laws (for example tax/accounting obligations);
  • legitimate interests: processing is necessary for Nexus legitimate interests such as securing systems, preventing abuse, improving services, and responding to business inquiries, except where those interests are overridden by users’ rights; and
  • consent: processing is based on consent where required (for example, for non-essential cookies and certain marketing).

Where consent is the lawful basis, users can withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

6. Marketing Communications

  • service communications: Nexus may send non-marketing messages necessary to provide services (for example billing, security, and operational notices).
  • marketing communications: where Nexus sends marketing, it will do so only where permitted by applicable law. Users can opt out at any time by using an unsubscribe mechanism (where provided) or by contacting dpo@nexusitsolutions.com.cy.

7. Cookies and Similar Technologies

Nexus uses cookies and similar technologies to:

  • make the website and portal function properly (essential/functional cookies);
  • remember preferences;
  • improve performance and understand usage (analytics/statistics cookies, where enabled); and
  • enable certain third-party features (for example embedded social content and web fonts), where enabled.

Some cookies are strictly necessary and do not require consent. For non-essential cookies (for example analytics/marketing), Nexus requests consent where required. Users can manage preferences through cookie settings and by adjusting browser settings.

Additional information about cookies and similar technologies is available in the Cookie Policy:
https://www.nexusitsolutions.com.cy/cookie-policy-eu/

8. Who Nexus Shares Personal Data With (Recipients)

Nexus may share personal data with:

  • hosting/infrastructure and IT service providers supporting operations;
  • security and anti-abuse providers;
  • billing and payment providers to process payments and manage invoicing;
  • domain registrar/reseller partners and domain registries where domain-related services are purchased;
  • professional advisers (for example legal/accounting) where necessary; and
  • authorities or regulators where required by law.

Nexus does not sell personal data.

9. International Transfers

Some service providers and third-party features may process data outside the European Economic Area (EEA). Where this occurs and EU-style transfer rules apply, Nexus implements appropriate safeguards or relies on other lawful transfer mechanisms.

Where Nexus transfers personal data to the United States, Nexus relies on:

  • the EU–U.S. Data Privacy Framework where the relevant U.S. recipient is certified under that framework; or
  • Standard Contractual Clauses approved by the European Commission (and supplementary measures where required); or
  • another valid transfer mechanism recognized by applicable law.

Users can reduce third-party transfers by managing cookie and embed preferences.

10. Data Retention

Nexus keeps personal data only for as long as necessary for the purposes described in this Policy, taking into account legal requirements and limitation periods. Where possible, the retention periods are:

  • inquiries and leads (no contract): typically up to 24 months from the last interaction, unless a longer period is necessary to establish, exercise, or defend legal claims;
  • customers and account records: for the duration of the customer relationship and for a period thereafter to manage disputes, enforce Terms, and comply with legal obligations;
  • billing, invoicing, and accounting records: retained for the period required by applicable tax and accounting laws;
  • marketing suppression lists (opt-outs): retained as long as necessary to ensure marketing preferences are respected; and
  • security logs: typically 30–180 days, unless required longer to investigate or respond to a security incident.

Personal data may be retained longer where required by law or where necessary to establish, exercise, or defend legal claims.

11. Security

Nexus implements appropriate technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. No system is completely secure. Users are responsible for maintaining the confidentiality of credentials and using strong passwords.

12. Hosting, Customer Content, and Domain Services

12.1 Hosting and managed services (processor role)

When Nexus provides hosting or managed technology services, Nexus may process personal data within customer-controlled systems and content (“Customer Content”) on behalf of the customer. In those cases:

  • the customer is typically the data controller for Customer Content; and
  • Nexus acts as a data processor, processing Customer Content only to provide services and in accordance with the customer’s instructions and applicable law.

Business customers who require a Data Processing Agreement (DPA) can contact dpo@nexusitsolutions.com.cy.

12.2 Domain registration and WHOIS data

Where domain registration or management services are purchased through Nexus, registrant details may be submitted to relevant registrar(s) and registry/registries as required to register and manage the domain. Some registrant details may appear in WHOIS records unless privacy/proxy services are enabled where available and applicable.

13. Users’ Rights

Depending on location and applicable law (including GDPR where applicable), users may have rights such as:

  • access: request confirmation of whether Nexus processes personal data and obtain a copy;
  • rectification: request correction of inaccurate or incomplete data;
  • erasure: request deletion in certain circumstances;
  • restriction: request limitation of processing in certain circumstances;
  • objection: object to processing based on legitimate interests (including direct marketing);
  • portability: receive certain data in a structured, commonly used format and transmit it to another controller; and
  • withdraw consent: where processing is based on consent.

Direct marketing: users have an absolute right to object to direct marketing at any time. If a user objects, Nexus will stop using personal data for direct marketing purposes.

To exercise rights, users can contact dpo@nexusitsolutions.com.cy. Nexus may need to verify identity before responding. Nexus will only request information necessary to verify identity to protect personal data security. Nexus generally responds within one month, subject to lawful extensions where permitted.

14. Automated Decision-Making

Nexus does not carry out solely automated decision-making that produces legal or similarly significant effects, unless Nexus specifically informs users otherwise and a lawful basis applies.

15. Children

The website and services are not directed to children. Nexus does not knowingly collect personal data from children under age 14 in contexts where parental authorization is required under Cyprus/EU rules. If a child has provided personal data to Nexus, users should contact Nexus and Nexus will take appropriate steps to delete it where required.

16. Complaints

If users have concerns about Nexus data practices, users should contact Nexus first at dpo@nexusitsolutions.com.cy. Where GDPR applies, users also have the right to lodge a complaint with the applicable supervisory authority. In Cyprus, this is the Office of the Commissioner for Personal Data Protection.

17. Changes to Policy

Nexus may update this Privacy Policy from time to time to reflect changes to services, legal requirements, or processing practices. The updated version will be posted on this page and the “Last updated” date will be revised. Continued use of the website after changes take effect means the updated Policy will apply to the extent permitted by law.