Legal

Privacy Policy

Last updated: 1 May 2026

1. Who We Are

Nexa Point Group Limited ("Nexa Point", "we", "us", "our") is a company registered in England and Wales (Company No. 16323341). Our registered office is at 71–75 Shelton Street, London, WC2H 9JQ.

We are the data controller for the personal data we process in connection with our managed IT, cloud, and cybersecurity services. You can contact us at privacy@nexapoint.co.uk or by telephone on 07459 158430.

2. What Data We Collect

We collect and process the following categories of personal data:

  • Identity data: name, job title, company name.
  • Contact data: email address, telephone number, postal address.
  • Account data: username, encrypted password hash, account preferences.
  • Technical data: IP address, browser type, operating system, pages visited, session duration.
  • Communications data: messages, support tickets, and correspondence you send to us.
  • Financial data: invoice details and payment records (we do not store full card numbers).
  • Usage data: how you use our client portal and website.

3. How We Collect Data

We collect data through:

  • Contact and enquiry forms on our website.
  • Client portal account registration and use.
  • Service onboarding forms.
  • Email, telephone, and other direct communications.
  • Automatically via cookies and analytics tools when you visit our website (see our Cookie Policy).

4. Legal Basis for Processing

We rely on the following lawful bases under UK GDPR:

  • Contract performance: processing necessary to deliver services you have contracted with us.
  • Legitimate interests: to improve our services, manage our business, and communicate with you, where those interests are not overridden by your rights.
  • Legal obligation: where we are required to process data to comply with UK law.
  • Consent: for marketing communications and non-essential cookies, where we have obtained your consent.

5. How We Use Your Data

We use your personal data to:

  • Provide, manage, and improve our managed IT services.
  • Create and manage your client portal account.
  • Respond to enquiries and provide customer support.
  • Process and issue invoices.
  • Send service notifications and updates.
  • Comply with legal and regulatory obligations.
  • Analyse website usage to improve user experience (with consent).

6. Who We Share Data With

We do not sell your personal data. We may share it with:

  • Service providers: cloud hosting, database, and infrastructure providers operating under data processing agreements (including Railway Technologies and Namecheap).
  • Payment processors: if applicable, under strict contractual terms.
  • Professional advisers: lawyers, accountants, and insurers under confidentiality obligations.
  • Regulators and authorities: where required by law.

7. International Data Transfers

Some of our service providers may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as UK adequacy decisions or standard contractual clauses, as permitted under UK GDPR.

8. Data Retention

We retain personal data only as long as necessary:

  • Client account data: for the duration of the contract plus 6 years (to meet statutory limitation periods).
  • Enquiry and communications data: 2 years from last contact.
  • Website analytics data: up to 26 months.
  • Financial records: 6 years (legal requirement).

9. Your Rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your data ("right to be forgotten") in certain circumstances.
  • Restrict processing of your data.
  • Data portability: receive your data in a machine-readable format.
  • Object to processing based on legitimate interests.
  • Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at privacy@nexapoint.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

10. Security

We implement appropriate technical and organisational measures to protect your personal data, including encrypted data storage, access controls, and regular security assessments. Passwords are stored as cryptographic hashes and are never stored in plain text.

11. Cookies

We use cookies and similar technologies. For full details, see our Cookie Policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via our website or by email where appropriate. The "Last updated" date at the top of this page indicates when the policy was most recently revised.

13. Contact

For any privacy-related queries, please contact:
Nexa Point Group Limited
71–75 Shelton Street, London, WC2H 9JQ
privacy@nexapoint.co.uk
07459 158430