This document is provided for transparency. It is not legal advice. Adapt placeholders and local requirements (e.g., India DPDP Act, GDPR where relevant) with counsel before publication.
1. Who We Are
This Privacy Policy explains how **[Company Legal Name]** and members of Nexi Group that operate this website (“we,” “us,” “our”) collect, use, store, and disclose personal information when you visit or interact with our digital properties (the “Site”).
Operating companies within Nexi Group may have their own privacy notices for specific products (such as lending or account-based services). Where a product-specific notice applies, it will govern processing for that product alongside this Policy for general website activity.
Data controller / contact: **[Company Legal Name]** | **[Registered Office Address]** | Privacy enquiries: **[Privacy / Grievance Email]**
2. Scope
This Policy applies to personal information collected through the Site, enquiry forms, cookies and similar technologies, and email or phone communications initiated via contact details published on the Site.
It does not apply to third-party sites that we link to; their policies control their processing.
3. Information We Collect
3.1 Information you provide voluntarily
We may collect identifiers and contact details such as name, email address, telephone number, organisation, job title, and the content of messages you send through forms or email. If you apply for partnership, employment, or institutional relationships, we may collect additional professional information you choose to submit.
3.2 Information collected automatically
When you browse the Site, we and our analytics or security providers may collect technical data such as IP address, device type, browser type, operating system, referring URLs, pages viewed, approximate location derived from IP (not precise geolocation unless you separately consent), timestamps, and diagnostics. This helps us secure the Site, understand usage, and improve performance.
3.3 Sensitive categories
We do not ask you to submit special categories of personal data (such as health information) through general contact forms. Please do not send such information unless a specific, secure channel expressly requests it. Where local law defines “sensitive personal data” or similar, we process it only if and to the extent permitted by law and subject to appropriate safeguards.
4. Legal Bases and Purpose of Use
Where GDPR or similar laws apply, we rely on one or more of the following bases:
- Contract or pre-contract steps (responding to your enquiries, managing relationships you initiate);
- Legitimate interests (site security, analytics, business development, internal reporting, legal compliance), balanced against your rights;
- Consent (for non-essential cookies or marketing where opt-in is required);
- Legal obligation (regulatory requests, court orders, lawful authority).
Purposes
We use information to: operate and improve the Site; respond to communications; prevent fraud and abuse; analyse traffic and engagement; comply with law; enforce terms; and protect our legitimate business interests. We do not sell your personal information in the conventional “sale for money” sense; any sharing is described under “Third parties” below.
5. Cookies and Similar Technologies
We use cookies, local storage, pixels, and analogous tools to remember preferences, authenticate sessions (where applicable), measure performance, and enhance security. Categories may include strictly necessary cookies (required for Site function), functional cookies, analytics cookies, and marketing cookies where used and permitted.
Where consent is required before non-essential cookies are set, we will provide a consent mechanism (e.g., banner or preference centre). **If a cookie banner is not yet deployed on this deployment of the Site**, non-essential analytics or marketing cookies are **currently not applicable** and **may be updated in future**; only necessary technical cookies may operate by default until then.
6. Data Security
We implement administrative, technical, and organisational measures appropriate to the nature of the information and the risks presented, such as access controls, encryption in transit where standard (e.g. HTTPS), monitoring, and vendor due diligence. No method of transmission over the Internet is fully secure; we cannot guarantee absolute security.
7. Third-Party Services
We may engage vendors for hosting, analytics, content delivery, email delivery, cybersecurity, customer-relationship tools, and professional advisors. These recipients process data under instructions and contractual terms that require appropriate confidentiality and security.
If we transfer personal data outside your country, we do so using mechanisms recognised by applicable law (such as adequacy decisions or standard contractual clauses). You may request further information via **[Privacy / Grievance Email]**.
8. Retention
We retain personal information only as long as necessary for the purposes described, including legal, accounting, or reporting requirements. Criteria include: whether you have an ongoing relationship with us; statutory limitation periods; litigation or regulatory investigations; and archival needs for legitimate business records.
When retention is no longer required, we delete or anonymise data in line with policy, subject to lawful exceptions (such as backup snapshots with limited access).
9. Your Rights
Depending on your location, you may have rights to:
- Access a copy of your personal information;
- Request correction of inaccuracies;
- Request deletion (“right to be forgotten”) where applicable;
- Object to or restrict certain processing;
- Withdraw consent where processing is consent-based;
- Data portability for information you provided, where technically feasible;
- Lodge a complaint with a supervisory authority.
How to exercise rights
Submit requests to **[Privacy / Grievance Email]**. We may need to verify your identity. We will respond within timelines required by applicable law. If we decline a request, we will explain reasons where we are permitted to do so.
10. Children
The Site is not directed at children under 16 (or the age defined by local law). We do not knowingly collect personal information from children. If you believe we have received such information, contact us and we will take appropriate steps to delete it.
11. Commercial Communications
Where we send marketing (and where law requires opt-in), we will obtain consent and provide an unsubscribe option. If you have not opted in to marketing from us, **routine marketing email programmes** are **currently not applicable** and **may be updated in future**.
12. Changes to This Policy
We may update this Policy to reflect legal, technical, or business changes. Material updates will be posted on the Site with a revised “Last updated” date. Where required, we will provide additional notice or seek consent.