Privacy Policy

At Digital Nexus, we value the privacy and protection of our users’, clients’, and visitors’ personal data. This Privacy Policy outlines how we collect, use, share, and protect personal information in relation to our services, which include web development, digital marketing, IT solutions, social media management, and more.

1. Who We Are

Digital Nexus is a company dedicated to providing comprehensive technological and digital services. Our official website is: www.digitalnexustec.com. For any privacy-related inquiries, please contact us at info@digitalnexustec.com.

2. What Personal Data We Collect and Why

Data Collected:

• Contact information: name, email address, phone number.
• Account information: username and passwords (for services such as hosting and domains).
• Transactional information: billing and payment details.
• Technical data: IP addresses, cookies, and website usage statistics.
• Personal preferences: marketing preferences, social media interactions, and analytics data.

Purpose:

• To deliver contracted services such as website development or digital marketing campaigns.
• To continuously improve our services and customer support.
• To comply with legal obligations, including billing requirements.
• To send marketing communications only if explicit consent has been provided.

3. Comments and Contact Forms

Digital Nexus collects information provided by users through comments and contact forms, such as name, email address, and IP address. This is done to prevent fraudulent activity and enhance our service quality. Such data is stored for six months and treated with strict confidentiality. It is not used for advertising purposes without prior consent. Users may exercise their rights to access, rectify, or delete their data by contacting the Data Protection Officer.

4. Use of Cookies and Analytics

At Digital Nexus, we use cookies and analytics tools to enhance user experience and optimize our services. Cookies are small text files stored on the user’s device when visiting our website, allowing us to recognize the user and remember their preferences for future visits.

We use different types of cookies:

• Essential cookies: required for basic website functionality.
• Preference cookies: store personal settings such as language or region.
• Performance cookies: collect data on user interaction with our website to improve functionality.
• Marketing cookies: used to deliver personalized and relevant advertising.
• We also integrate analytics services such as Google Analytics and Facebook Pixel to collect aggregated and anonymous data on user interactions with our site. These insights help us better understand user behavior and optimize our advertising campaigns.

Users may accept, reject, or configure cookie use via their browser settings. They can also disable analytics tracking using tools provided by each platform or opt-out mechanisms. For more information on managing cookies and analytics data usage, we recommend reviewing the privacy policies of the respective third-party providers.

All data collected through these technologies is processed anonymously and not used to identify users individually, ensuring compliance with applicable personal data protection regulations.

5. Who We Share Your Data With

At Digital Nexus, we are committed to protecting your personal data. However, in the course of delivering our services, it may be necessary to share certain information with third parties who act as strategic partners or service providers. These third parties only access the data strictly required to fulfill their contractual duties and are bound by confidentiality and security agreements.

Key third parties we may share data with include:

• Web hosting and domain providers: to ensure proper hosting and domain services.
• Advertising and digital marketing platforms: such as Google Ads and Facebook Ads, for managing and optimizing advertising campaigns.
• IT solutions and support providers: for infrastructure maintenance and support.
• Payment processors: who handle secure financial transactions in compliance with current regulations.
• We ensure that all providers adhere to applicable data protection laws through contractual clauses, adherence to legal frameworks such as the Privacy Shield (where applicable), or use of standard contractual clauses.

Digital Nexus does not sell, rent, or disclose your personal data to third parties for commercial purposes without your explicit consent. Any transfer of data outside the European Economic Area (EEA) is carried out with adequate safeguards to protect your rights and information security.

For more details about the third parties we work with or to review their privacy policies, feel free to contact us via the channels listed in this Privacy Policy.

6. How Long We Retain Your Data

We retain personal data only as long as necessary:

Below are the retention periods for the different types of personal data:

• Contact forms and inquiries: retained for six (6) months to follow up on requests, resolve queries, and improve service quality.
• Analytics and browsing data: kept for up to one (1) year to assess website performance and improve user experience.
• Commercial transaction records: including billing and payment data, stored for ten (10) years to comply with tax and legal obligations.
• Account and contracted service data: retained while the user maintains an active relationship with Digital Nexus and for up to five (5) years afterward for administrative and legal purposes.

7. Your Rights Over Your Data

Users have the right to:

Right of Access:

You have the right to request and receive confirmation about whether we are processing your personal data, obtain a copy of it, and understand the purposes of processing, recipients, and intended retention period.

Right to Rectification:

You may request the correction of your personal data if it is inaccurate or incomplete, ensuring that the information stored is truthful and updated.

Right to Erasure (“Right to Be Forgotten”):

You have the right to request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, if you withdraw your consent, or if the processing is unlawful.

Right to Restriction of Processing:

You can request the restriction of your data processing under certain circumstances, such as when you contest the accuracy of the data or object to its processing while your request is being verified.

Right to Data Portability:

You have the right to receive your personal data in a structured, commonly used, machine-readable format and request its transfer to another data controller, when technically feasible.

Right to Object:

You may object at any time to the processing of your personal data when it is based on legitimate interests, including profiling. You may also object to receiving commercial communications.

Right to Withdraw Consent:

If you have given your consent for the processing of your personal data, you may withdraw it at any time without affecting the lawfulness of the processing carried out before withdrawal.

Right to File a Complaint:

If you believe your data is being processed in violation of your rights or applicable regulations, you have the right to file a complaint with the relevant data protection authority.

8. International Data Transfers

If we transfer data outside the EU, we ensure its protection through contracts that comply with European regulations (Standard Contractual Clauses or similar).

Data collected through our platforms may be transferred to third parties located in countries outside the European Union, including but not limited to:

• Cloud hosting and storage providers: To ensure the availability, integrity, and security of data, we use international cloud services with strong data protection measures.
• Advertising and analytics providers: Data may be shared with companies like Google and Meta (Facebook) for digital marketing campaigns and behavior analysis, in accordance with their respective privacy policies.

In all cases, we ensure such transfers are carried out with strict security measures, including when necessary:

• Standard Contractual Clauses (SCC): Signed with third-party data recipients to ensure compliance with EU-level data protection standards.
• Certification under specific legal frameworks: Such as the Privacy Shield (if still applicable) or other mechanisms recognized by international regulations.

9. How We Protect Your Data

We regularly carry out privacy and security impact assessments to identify and mitigate risks, as well as internal audits to ensure compliance with current data protection laws.

We implement security measures such as:

• Data encryption: We use advanced encryption technologies to protect personal data during transmission, ensuring it is unreadable to unauthorized third parties.
• Secure authentication: We apply authentication systems, including two-factor authentication (2FA), to prevent unauthorized access to user and administrative accounts.
• Access control: We restrict access to personal data exclusively to authorized personnel under strict confidentiality policies.
• Technology infrastructure protection: We use firewalls, antivirus software, and other security tools to defend our systems and databases against cyberattacks and external threats.
• Training and awareness: Our staff receives continuous training on data protection and cybersecurity best practices.

While we take all necessary precautions, it’s important to note that no security measure is entirely infallible. If we detect any incident that compromises personal data, we will notify affected users and take corrective actions in accordance with applicable law.

10. What Procedures We Use in Case of Data Breaches

We have an internal security breach response protocol that includes notifying relevant authorities and affected users within 72 hours of detection.

Identification and Evaluation of the Breach:

When a potential security breach is detected, we conduct an immediate assessment to determine its nature, severity, and scope — including identifying the affected data, number of impacted individuals, and possible consequences.

Internal Notification and Corrective Measures:

Once a breach is confirmed, our security team is notified, and corrective actions are taken to limit the impact. This may involve disabling compromised systems, applying security patches, or disconnecting vulnerable services.

Notification to Affected Users:

If the breach poses a high risk to the rights and freedoms of affected users, we will notify them without undue delay. The notice will include the nature of the breach, the data affected, actions taken, and recommendations for users to protect themselves.

Notification to the Supervisory Authority:

In accordance with applicable law, if the breach represents a high risk to users, we will inform the relevant data protection authority within 72 hours of detection.

Ongoing Monitoring and Evaluation:

After implementing corrective actions and notifications, we thoroughly monitor the incident to ensure all security issues are resolved and to prevent future breaches. We also review and update our internal security procedures and training programs.

Compensation and Assistance:

If the breach significantly affects users, we provide additional support, including compensation, identity monitoring, or corrective measures needed to mitigate the impact.

11. Data Received from Third Parties

We receive data from external services such as advertising platforms and analytics tools. This data helps enhance our marketing activities and personalize services.

Marketing and Advertising Service Providers:

We receive data related to user interactions with advertisements or marketing campaigns, provided by platforms such as Google, Facebook, and other online advertising services. This may include demographic information, browsing preferences, and behavioral patterns.

Web Analytics and Social Media Platforms:

To improve the performance of our website and marketing effectiveness, we collect data from analytics platforms and social media tools such as Google Analytics, Facebook Insights, and others. This data provides insights into how users interact with our site and services.

Payment Service Providers:

When users make purchases or transactions through our site, we may receive payment and transaction data from payment providers such as PayPal, Stripe, or associated banks.

Web Hosting and Cloud Storage Services:

Our web hosting and cloud storage providers may supply us with data, especially in the context of server management, backups, and infrastructure-related services.

Customer Relationship Management (CRM) Platforms:

If we use CRM services to manage user interactions, we may receive personal data such as name, email address, and service preferences from these platforms.

12. Automated Decision-Making and Profiling

We use automated processes to personalize marketing campaigns and analyze behavior, always respecting users’ rights and offering opt-out options.

We ensure these practices comply with current data protection laws, and users can exercise their rights at any time. Below are the types of automated decision-making and profiling we perform:

Automated Decision-Making in Digital Marketing:

We use algorithms to personalize marketing campaigns on platforms like Facebook and Google. This includes ad segmentation based on user preferences, browsing behavior, and demographics. For example, we may show ads for products or services based on a user’s past interactions with our site or campaigns.

Profiling for Service Optimization:

Using analysis and segmentation tools, we collect data about user behavior on our website, such as visited pages, time spent, and interaction with specific content. This data helps us create anonymous user profiles to improve site navigation and service relevance.

Personalized Recommendations:

Based on users’ interests and previous behaviors, we implement recommendation systems that suggest products or services they may find relevant. This personalization uses past interaction data to enhance the user experience.

13. Specific Regulatory Requirements

We comply with applicable local and international data protection laws such as the GDPR and LOPD, as well as any other relevant sector-specific regulations.

Compliance with Digital Advertising Laws:

As a provider of digital marketing services, we ensure full compliance with regulations regarding the collection of personal data for online advertising. This includes cookie policies, obtaining user consent for data processing, and adhering to advertising platform policies like those of Google and Facebook.

Compliance with E-Commerce Laws:

As part of our services, including website and e-commerce store design, we comply with local and European e-commerce laws. These laws govern how consumer data must be handled during online transactions, particularly in terms of payment protection and transparency in data collection.

Data Protection in IT and Technical Support Services:

In the context of our IT solutions and technical support services, we ensure full compliance with all data security and confidentiality regulations, especially when processing sensitive information during service delivery.

National and Local Data Protection Laws:

Depending on the jurisdiction in which we operate, we may be subject to additional national laws, such as Spain’s Organic Law on Personal Data Protection (LOPD), the U.S. Children’s Online Privacy Protection Act (COPPA), or other relevant legislation.

IT Solutions and Business Services Sector:

In the IT and business solutions sector, we follow specific regulations governing the use of data management systems and digital platforms. We ensure compliance with best practices and applicable legal standards regarding corporate customer data.