Request a Demo

 

We take the protection of your personal data seriously. This information applies to the processing of your personal data when you visit our website.

1. Controller

The Controller within the meaning of the EU General Data Protection Regulation (“GDPR”) is:

Nexis Group GmbH, Rudolf-Vogt-Str. 6, 93053 Regensburg, Germany

Telephone number: +49 941 85097900 Email: contact@nexis-secure.com

2. Data Protection Officer

You can contact our Data Protection Officer at privacy@nexis-secure.com or at the above postal address, adding “The Data Protection Officer”.

 

3. Processing on our website

The following personal data is processed in connection with your visit to our website.

3.1 Web hosting

When you visit our website, we process personal data to ensure the smooth, functional and secure operation of our website. The following data may be processed (so-called log files):

  • Operating system and current IP address (last octet truncated) of the device you are using to visit our website
  • Browser (type, version and language setting)
  • The amount of data accessed
  • Date and time of access
  • The URL of the previously visited website (referrer)
  • The URL of the (sub)page you are accessing on the website
  • The internet service provider of the accessing system

The collection of log files is technically necessary to display our website to you and to ensure the stability and security of the website. This also constitutes our legitimate interest in data processing. The legal basis is Article 6(1)(f) of the GDPR. This website is hosted by the service provider IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany, with whom we have concluded a data processing agreement. Your data is processed in a German data centre and deleted after 8 weeks.

3.2 Contact

If you contact us via a form or by email, we process the data you provide. This includes, in particular, your email address, your name and the content of your message. The processing of the data is carried out on the basis of Article 6(1)(b) of the GDPR in the context of the initiation or performance of pre-contractual measures, or on the basis of our legitimate interest in processing and responding to your other enquiry in accordance with Article 6(1)(f) of the GDPR. Further details are not strictly necessary to contact you and are therefore provided voluntarily on the basis of your consent in accordance with Article 6(1)(a) of the GDPR. Your personal data will be deleted – subject to statutory retention periods – as soon as the purpose for which it was stored no longer applies, i.e. once your enquiry has been fully processed and no further communication with you is required or desired by you.

We also use your data for marketing purposes in accordance with the declaration of consent you have provided. The legal basis for this is your voluntary consent in accordance with Article 6(1)(a) of the GDPR. You have the option to withdraw your consent at any time, with effect for the future and without giving reasons, by using the unsubscribe link within the emails or by contacting us using the contact details provided here. Where we seek your consent to receive promotional information, we use a double opt-in procedure. Once you have given your consent, you will receive an email containing a confirmation link. Your consent is only finalised once you click on this link, at which point we will use your contact details for promotional communications.

To provide our email service, we work with Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland. Data processing generally takes place within the EU. However, as a data transfer to Microsoft Inc. in the USA (a third country) cannot be completely ruled out, a data processing agreement has been concluded with Microsoft using the EU Standard Contractual Clauses. The EU Standard Contractual Clauses are available on the European Commission’s website. Furthermore, Microsoft Inc. is certified under the EU-US Data Privacy Framework. The European Commission’s adequacy decision therefore applies to transfers of personal data.

3.3 Online events

When you participate in online events, we also process your name, email address, IP address and other technically necessary data, as well as, where applicable, any audio, video and text content you send, your telephone number and your profile picture. If you book a paid webinar, we process your data for the purpose of fulfilling the relevant contract. The legal basis is Article 6(1)(b) of the GDPR. The provision of this information is required for participation in the webinars. Free participation in webinars or the download of recorded webinar content is based on your consent in accordance with Article 6(1)(a) of the GDPR. If a free webinar is offered only in exchange for consent to receive advertising, we will expressly inform you of this prior to registration. In this case, consent is a prerequisite for free participation. You have the option to withdraw your consent at any time, with effect for the future and without giving reasons, by using the unsubscribe link within the emails or by contacting us using the contact details provided here. We store your data for as long as is necessary to carry out the relevant event and delete it, subject to relevant statutory retention obligations, as soon as processing is no longer required.

To document your consent, we store the time of registration, the time of confirmation, the IP address used, and the content of the declaration of consent. This documentation serves as proof that valid consent has been given.

The legal basis for marketing communications is your consent in accordance with Article 6(1)(a) of the GDPR. The documentation of consent is carried out to fulfil our obligations to provide evidence in accordance with Article 6(1)(c) of the GDPR.

Where necessary, we may pass on your data to partners who are involved in organising the online event. In such cases, our partners are explicitly identified as potential recipients. We use the Teams software, provided by Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland, to run webinars and online events. Data processing generally takes place within the EU. However, as a data transfer to Microsoft Inc. in the USA (a third country) cannot be completely ruled out, a data processing agreement has been concluded with Microsoft using the EU Standard Contractual Clauses. The EU Standard Contractual Clauses are available on the European Commission’s website.

3.4 On-site events and trade fairs

When you register for one of our events, we process the data you provide (e.g. name, email address) in order to organise and run the event, and to contact you in connection with the event. The legal basis for the processing is Article 6(1)(b) of the GDPR (organisation of the event) and, where applicable, Article 6(1)(f) of the GDPR (legitimate interest in the organisation and follow-up of events). We will only store your data for as long as is necessary for the organisation and follow-up of the event.

3.5 Newsletter

If you subscribe to our newsletter, we process your email address to inform you about news and offers. You can subscribe to our newsletter at any time on our website. To send our newsletter, we work with the service provider HubSpot Ireland Limited, 1 Sir John Rogerson’s Quay, Dublin 2, Ireland (parent company: HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA). We have entered into a data processing agreement with the service provider. The legal basis for the processing is your consent pursuant to Article 6(1)(a) of the GDPR, which you may withdraw at any time and without giving reasons with effect for the future (e.g. via the relevant link at the end of each newsletter). We will store your data for as long as your consent to receive the newsletter remains in place.

3.6 Downloading content

You have the option of accessing various content and documents (e.g. white papers, webinar recordings or similar materials) via our website. To gain access to this content, you must consent to the processing of your data for marketing purposes. In this case, consent is a prerequisite for accessing the content. To this end, we collect your email address, your name and your company prior to the download of the content, for the purpose of sending the content and sending advertising via the contact details provided. The legal basis is your consent pursuant to Article 6(1)(a) of the GDPR. You have the option to withdraw your consent at any time, with effect for the future and without giving reasons, by using the unsubscribe link within the emails or by contacting us using the contact details provided here. We store your data for as long as your consent to the use of your data for marketing purposes remains valid and delete it as soon as you withdraw your consent or the purpose of the processing no longer applies.

3.7 Double opt-in procedure

Where we seek your consent to receive marketing information, we use a double opt-in procedure for this purpose. After giving your consent, you will receive an email containing a confirmation link. Only once you click on this link is your consent finalised and we will use your contact details for marketing communications. To document your consent, we store the time of registration, the time of confirmation, the IP address used in the process, and the content of the declaration of consent. This documentation serves as proof that valid consent has been given. The legal basis for promotional communications is your consent in accordance with Article 6(1)(a) of the GDPR. The documentation of consent is carried out to fulfil our obligations to provide evidence in accordance with Article 6(1)(c) of the GDPR. You may withdraw your consent at any time with future effect, for example via the unsubscribe link in our emails or via the contact channels specified in this privacy policy.

4. Service providers and additional functions

4.1 Cookies

When you use our website, cookies are stored on your computer. Cookies are small text files that are stored on your hard drive and associated with the browser you are using, and through which certain information is transmitted to the provider that sets the cookie. Cookies cannot run programs or transmit viruses to your computer. They serve to make the website more user-friendly and effective overall. We use technically necessary cookies that are required for the provision of the website. The legal basis for this is Article 6(1)(f) of the GDPR in conjunction with Section 25(2)(2) of the TDDDG. Our legitimate interest lies in the technically flawless and user-friendly presentation of the website.

For cookies that are not technically necessary, processing is based on your consent in accordance with Section 25(1) of the German Telecmmunications Digital Services Data Protection Act (TDDDG) and Article 6(1)(a) of the General Data Protection Regulation (GDPR). We request your consent via our Consent Manager. You may withdraw your consent at any time and without giving reasons, with effect for the future, by unchecking the box you previously ticked to give your consent in the Consent Manager under the relevant category and then saving the settings. You can always open the Consent Manager via the overlay displayed in the bottom left-hand corner of your screen. You can find more information about the cookies used on this website in our Consent Manager.

4.2 Borlabs Consent Management

We use the Borlabs Consent Manager to store your consents. The provider is Borlabs GmbH, Hamburger Str. 11, 22083 Hamburg, Germany. This software enables us to request consents on our website. Your IP address and your corresponding decisions are processedac and stored in the Consent Manager. The legal basis for the processing is Article 6(1)(c) of the GDPR in conjunction with Section 25(1) of the TDDDG.  Borlabs stores the consents you have given in a cookie on your device. Your data is stored for a maximum of 6 months. You can adjust and withdraw the consents you have given at any time using the button at the bottom left of your screen.

4.3 Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The cookie used for this purpose enables an analysis of the use of our website. Google uses this information on our behalf to evaluate the use of our website, to compile reports on website activity and to provide us with other services relating to website and internet usage. The information generated by the cookie may also be transmitted to a Google LLC server in the USA and stored there. Where Google Analytics processes IP addresses, this is done with IP anonymisation enabled. The IP address transmitted by the browser used within the scope of Google Analytics is not merged with other data held by Google.

The legal basis for the use of Google Analytics is your consent in accordance with Section 25(1) of the TDDDG and Article 6(1)(a) of the GDPR, which you grant via the Consent Manager and may also revoke at any time without giving reasons with future effect via the Consent Manager. The personal data processed by Google Analytics is stored for 14 months and then automatically deleted.

We have concluded a data processing agreement with Google using the EU Standard Contractual Clauses. The EU Standard Contractual Clauses are available on the European Commission’s website. Furthermore, Google is certified under the EU-US Data Privacy Framework. The European Commission’s adequacy decision therefore applies to transfers of personal data.

4.4 Google Tag Manager

We use the service known as Google Tag Manager provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to load and manage other services on our website. It does not access the data collected by these services. Google Tag Manager ensures the loading of other components, which may in turn collect data. The legal basis for the use of Google Tag Manager is your consent in accordance with Section 25(1) of the TDDDG and Article 6(1)(a) of the GDPR, which you grant via the Consent Manager and may also revoke at any time without giving reasons with future effect via the Consent Manager.

 Data processing generally takes place within the EU. However, as a data transfer to Google in the USA (a third country) cannot be completely ruled out, we have concluded a data processing agreement with Google using the EU Standard Contractual Clauses. The EU Standard Contractual Clauses are available on the European Commission’s website. Furthermore, Google is certified under the EU-US Data Privacy Framework. The European Commission’s adequacy decision therefore applies to transfers of personal data.

4.5 Google Ads Conversion Tracking

We use the online advertising programme “Google Ads” on our website and, as part of this, conversion tracking (visit action analysis). Google Conversion Tracking is an analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. If you click on an advert placed by Google, a conversion tracking cookie is stored on your computer. If you visit certain pages on our website and the cookie has not yet expired, Google and we can recognise that you clicked on the advert and were redirected to that page. Each Google Ads customer receives a different cookie. Consequently, it is not possible for cookies to be tracked across the websites of Google Ads customers.

The information collected using the conversion cookie is used to compile statistics on the effectiveness of our adverts. This tells us the total number of users who clicked on one of our adverts and were redirected to a page tagged with a conversion tracking tag. However, we do not receive any information that can be used to personally identify users.

The use of Google Ads Conversion Tracking is based on your consent in accordance with Section 25(1) of the TDDDG and Article 6(1)(a) of the GDPR, which you grant via the Consent Manager and which you may also revoke at any time without giving reasons with future effect via the Consent Manager.

Your data may be transferred to the USA. We have therefore entered into a data processing agreement with Google in accordance with the EU Standard Contractual Clauses. The EU Standard Contractual Clauses are available on the European Commission’s website. We will delete your processed personal data after 90 days.

4.6 HubSpot

We use services provided by HubSpot on our website, a service provider of HubSpot Ireland Limited, 1 Sir John Rogerson’s Quay, Dublin 2, Ireland (parent company: HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA). Processing within the scope of the various functions takes place for the purposes and on the legal bases described below.

We have entered into a data processing agreement with HubSpot, which includes the application of the EU Standard Contractual Clauses to ensure an adequate level of data protection in the event of a potential transfer of data to the USA. HubSpot, Inc. is also certified under the EU-US Data Privacy Framework. The European Commission’s adequacy decision therefore applies to transfers of personal data.

4.6.1 HubSpot Forms

When you use a HubSpot form on our website, we process the data you enter into the relevant form. This may include, in particular, your name, email address, company, telephone number, your message and other form-related details. We use this data to process your enquiry, provide requested content and document our communication with you in our CRM.

If your enquiry serves to initiate or perform a contract, the legal basis is Article 6(1)(b) of the GDPR. In other cases, we process your data on the basis of our legitimate interest in processing your enquiry in accordance with Article 6(1)(f) of the GDPR. Where you consent to receiving promotional information via a form, processing for this purpose is carried out on the basis of your consent in accordance with Article 6(1)(a) of the GDPR.

4.6.2 HubSpot analysis and tracking procedures

In addition to simply providing forms, we also use HubSpot, based on your consent, for analytics and tracking procedures. Cookies and similar technologies may be used to analyse your usage behaviour on our website. In particular, your IP address, device and browser information, pages visited, time of access, referrer URL, interactions with the website and form submissions may be processed. This serves to analyse and optimise our website offering, as well as to enable personalised communication as part of our marketing activities. The storage of information on your device and access to it take place exclusively on the basis of your consent in accordance with Section 25(1) of the TDDDG and Article 6(1)(a) of the GDPR. You may withdraw your consent at any time via our consent management system.

4.6.3 HubSpot appointment booking function

When you use the appointment booking function, we process the data required to arrange the appointment. This includes, in particular, your name, email address, company, selected appointment, time zone, selected contact person and any voluntary information provided in the booking form. The data is processed in HubSpot and synchronised with our CRM. The processing of your data in connection with appointment booking is carried out for the purpose of entering into or performing a contractual relationship in accordance with Article 6(1)(b) of the GDPR. If, as part of the appointment booking process, we additionally request consent for marketing communications, this is voluntary and separate from the appointment booking. The legal basis for this is Article 6(1)(a) of the GDPR.

4.7 Gartner banners

We embed content and widgets (so-called Gartner banners) from the provider Gartner, Inc., 56 Top Gallant Road, Stamford, CT 06902, USA, on our website. This integration serves to display external reviews, awards or further information from the analyst firm Gartner directly on our website.

In order to deliver this content to your browser, your device must establish a direct connection to Gartner’s servers in the USA when you access the relevant subpages. In doing so, your IP address and device-specific information are transmitted to Gartner. Furthermore, Gartner uses its own cookies to carry out statistical analyses. We only embed the Gartner banner if you have given your prior consent. This consent covers the display of the banner as well as the statistical analysis of your interaction with the banner. The legal basis is Section 25(1) of the TDDDG and Article 6(1)(a) of the GDPR. You can revoke your consent at any time via the Consent Manager with future effect, without giving reasons. As data is transferred to the USA, we would like to point out that Gartner, Inc. is certified under the EU-US Data Privacy Framework. The European Commission’s adequacy decision therefore applies to the data transfer.

5. Social media

We operate a company page on the LinkedIn platform: https://www.linkedin.com/company/nexis/ and collaborate with LinkedIn Ireland Unlimited Company, Gardner House, 2 Wilton Pl, Dublin 2, D02 CA30, Ireland (“LinkedIn”) for this purpose. LinkedIn and Nexis process your personal data as joint controllers. LinkedIn provides Nexis with so-called Insight data. This consists exclusively of aggregated information regarding the reach and success of our company page on LinkedIn. When you visit our company page, follow it or otherwise interact with our page, personal data is processed by LinkedIn. This includes data on occupation, country, industry, length of service, company size and employment status. We have no influence over which personal data LinkedIn processes for its own purposes. This also applies to whether LinkedIn attributes, stores, analyses or discloses activities to individual users. To exercise your rights set out below in relation to data processing by LinkedIn, please contact LinkedIn directly using the form available here: https://www.linkedin.com/help/linkedin/ask/cp-master.

6. Your rights

You have the right to request confirmation as to whether we are processing personal data concerning you. If this is the case, we will be happy to provide you with information about this personal data and the details set out in Article 15 of the GDPR. Furthermore, subject to the relevant legal requirements, you have the right to rectification (Article 16 of the GDPR), the right to erasure (Article 17 of the GDPR), the right to restriction of processing (Article 18 of the GDPR), the right to data portability (Article 20 of the GDPR) and the right to object to processing (Article 21 of the GDPR). If the processing is based on your consent, you have the right to withdraw this consent at any time (Article 7(3) of the GDPR); however, the lawfulness of the processing carried out prior to withdrawal remains unaffected.

To exercise your data subject rights, please contact us at the address given in section 1.

You also have the option at any time to exercise your right to lodge a complaint with a competent supervisory authority if you believe that our processing of your personal data infringes data protection regulations (Art. 77 GDPR).

7. Updating and amending the privacy policy

We reserve the right to amend this privacy policy at any time in accordance with the applicable data protection regulations.

Current status: May 2026