info@digitalnexustec.com

+51 979 363 455

Privacy Policy

At Digital Nexus, we value the privacy and protection of the personal data of our users, clients, and visitors. This Privacy Policy explains how we collect, use, share, and protect personal information in relation to our services, which include web development, digital marketing, IT solutions, social media management, and more.

1. Who We Are

Digital Nexus is a company dedicated to providing comprehensive technology and digital services. Our official website is:
www.digitalnexustec.com.
For any inquiries related to privacy, you may contact us via email at
info@digitalnexustec.com.

2. What Personal Data We Collect and Why

Data Collected:

Contact information: name, email address, phone number.
Account information: username and passwords (for services such as hosting and domains).
Transactional information: billing and payment details.
Technical data: IP addresses, cookies, and website usage statistics.
Personal preferences: marketing preferences, social media interactions, and analytics.

Purpose:

  • Provision of contracted services, such as website development or digital marketing campaigns.
  • Continuous improvement of our services and customer support.
  • Compliance with legal obligations, including invoicing.
  • Sending commercial communications, only if explicit consent has been granted.

3. Comments and Contact Forms

Digital Nexus collects information provided by users through comments and contact forms, such as name, email address, and IP address, with the aim of preventing fraudulent activity and providing better service. This data is stored for six months and is treated with strict confidentiality. It is not used for advertising purposes without prior consent. Users may exercise their rights to access, rectify, or delete data by contacting our Data Protection Officer.

4. Use of Cookies and Analytics

At Digital Nexus, we use cookies and analytics tools to improve user browsing experience and optimize our services. Cookies are small text files stored on the user’s device when visiting our website, allowing us to recognize the user and remember their preferences on future visits.

We use different types of cookies:

  • Essential cookies: required for the basic functioning of the site.
  • Preference cookies: store personal settings, such as language or region.
  • Performance cookies: collect data on how users interact with our site, helping us improve functionality.
  • Marketing cookies: used to deliver personalized and relevant advertising.
  • We also integrate analytics services such as Google Analytics and Facebook Pixel to collect aggregated and anonymous data on user interaction with our site. This data includes, but is not limited to, time spent, pages visited, and approximate location. These tools allow us to better understand user behaviour and optimize our advertising campaigns.

Users may choose to accept, reject, or configure the use of cookies through their browser settings. They may also disable analytics tracking through options provided by each provider or via opt-out tools. For more information on managing cookies and the use of analytics data, users should review the respective privacy policies of the external providers.

The information collected through these technologies is processed anonymously and is not used to individually identify users, ensuring compliance with applicable personal data protection regulations.

5. Who We Share Your Data With

At Digital Nexus, we are committed to safeguarding your personal data. However, in the context of providing our services, it is necessary to share certain information with third parties that act as strategic partners or service providers. These third parties only have access to the data strictly necessary to fulfil contractual purposes and are bound by confidentiality and security obligations.

The main third parties we share data with include:

  • Web hosting and domain providers: to ensure the proper functioning of our hosting and domain services.
  • Digital marketing and advertising platforms: such as Google Ads and Facebook Ads, used to implement and optimize advertising campaigns.
  • IT solutions and technical support providers: responsible for maintaining and supporting technological infrastructure.
  • Payment processors: manage financial transactions with maximum security and in compliance with applicable regulations.
  • In all cases, we ensure these providers comply with applicable data protection regulations, whether through specific contractual clauses, adherence to recognized legal frameworks, or implementation of standard contractual clauses.

It is important to note that Digital Nexus does not sell, rent, or transfer your personal data to third parties for commercial purposes without your explicit consent. Any transfer of data to jurisdictions outside the European Economic Area (EEA) will be carried out with appropriate safeguards to protect your rights and the security of your information.

For more details on the third parties with whom we share data or to review their respective privacy policies, please contact us through the channels provided in this Privacy Policy.

6. How Long We Keep Your Data

We retain personal data only as long as necessary:

Below we detail the retention periods for different types of personal data:

  • Contact forms and inquiries: retained for a period of six (6) months to follow up on requests, resolve inquiries, and improve service quality.
  • Analytics and browsing data: retained for a maximum of one (1) year to evaluate website performance and optimize user experience.
  • Commercial transaction records: including billing and payment data, stored for ten (10) years to comply with tax and legal obligations.
  • Account information and contracted services: retained while the user maintains an active relationship with Digital Nexus and, thereafter, for a maximum of five (5) years for administrative and legal purposes.

7. User Rights Regarding Their Data

Users have the right to:

Right of access:

You have the right to request and receive confirmation as to whether we are processing your personal data, as well as to obtain a copy of it and learn the purpose of its processing, the recipients to whom it has been disclosed, and the expected retention period.

Right of rectification:

You may request the correction of your personal data if you believe it is inaccurate or incomplete, ensuring that the stored information is truthful and up to date.

Right of erasure (right to be forgotten):

You have the right to request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw your consent, or when processing is unlawful.

Right to restrict processing:

You may request that the processing of your data be restricted in certain circumstances, such as when you contest the accuracy of the data or object to its processing, while the legitimacy of the request is verified.

Right to data portability:

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to request its transfer to another controller, when technically feasible.

Right to object:

You may object at any time to the processing of your personal data when such processing is based on legitimate interests, including profiling. You may also object to receiving commercial communications.

Right to withdraw consent:

If you have given your consent for the processing of your personal data, you may withdraw it at any time without affecting the lawfulness of the processing carried out previously.

Right to lodge a complaint:

If you believe that the processing of your personal data infringes your rights or applicable regulations, you have the right to file a complaint with the competent data protection authority.

In all cases, we ensure that such transfers are carried out under strict security measures, including, when necessary:

  • Standard Contractual Clauses (SCCs): signed with third-party data recipients to ensure compliance with protection standards equivalent to those of the European Union.
  • Certification under specific legal frameworks: such as the Privacy Shield, where still applicable, or other mechanisms recognized by international regulations.

9. How We Protect Your Data

We also conduct regular privacy and security impact assessments to identify and mitigate risks, as well as internal audits to ensure compliance with applicable data protection regulations.

We implement security measures such as:

  • Data encryption: we use state-of-the-art encryption technologies to protect personal information during transmission across networks, ensuring that the data is unreadable to unauthorized third parties.
  • Secure authentication: we implement authentication systems, such as two-factor authentication (2FA), to prevent unauthorized access to user and administrative accounts.
  • Access control: we restrict access to personal data exclusively to authorized personnel who require such information to perform their duties, under strict confidentiality policies.
  • Technology infrastructure protection: we use firewalls, antivirus software, and other security tools to protect our systems and databases from cyberattacks and external threats.
  • Training and awareness: we provide ongoing training to our staff on the importance of personal data protection and best practices in cybersecurity.

While we take all necessary precautions, it is important to note that no security measure is completely infallible. Therefore, if we detect any incident that compromises the security of personal data, we will notify affected users and take the appropriate corrective measures in accordance with applicable legislation.

10. Procedures We Use in Case of Data Breaches

We have an internal security breach response protocol that includes notifying the relevant authorities and affected users within 72 hours of detection.

Identification and assessment of the breach:

When a potential security breach is detected, we immediately conduct an assessment to determine the nature, severity, and scope of the incident. This includes identifying the affected data, the number of impacted individuals, and the potential consequences of the breach.

Internal notification and corrective action:

Once the breach has been identified, we immediately notify our security team and take corrective action to limit the impact. This may include disabling compromised systems, implementing security patches, or disconnecting vulnerable services.

Notification to affected users:

If the data breach poses a high risk to the rights and freedoms of affected users, we will notify them without undue delay. The notification will include details about the nature of the breach, the data affected, the measures taken, and the actions users can take to protect themselves.

Notification to the competent authority:

In accordance with applicable legislation, if the personal data breach poses a high risk to the rights and freedoms of users, we will notify the relevant data protection authority within 72 hours of the breach detection.

Continuous monitoring and evaluation:

After corrective measures have been implemented and notifications sent to users and authorities, we conduct thorough follow-up of the incident to ensure that all security issues are resolved and to prevent future breaches. In addition, we review and update our security procedures and internal training to minimize the risk of future incidents.

Compensation and assistance:

In the event that the breach significantly impacts users, we provide additional assistance, including compensation measures, identity monitoring, or corrective actions as necessary to mitigate the effects of the incident.

11. Data Received from Third Parties

We receive data from external services such as advertising platforms and analytics tools. This data complements our marketing and service personalization activities.

Marketing and advertising service providers:

We receive data related to user interactions with advertising campaigns or ads, provided by platforms such as Google, Facebook, and other online advertising providers. This data may include demographic information, browsing preferences, and behavioural patterns.

Web analytics and social media platforms:

To improve the performance of our website and the effectiveness of our marketing campaigns, we receive data from analytics platforms and social media such as Google Analytics, Facebook Insights, and other analytics tools that provide us with information on how users interact with our site and services.

Payment service providers:

When users make purchases or transactions through our site, we may receive payment and transaction information from payment service providers such as PayPal, Stripe, or associated banks.

Hosting and cloud storage services:

Our web hosting and cloud storage providers may also provide us with data, especially in the context of server management, backups, and services related to the infrastructure of our website.

Customer Relationship Management (CRM) platforms:

If we use CRM services to manage interactions with users, we may receive personal data about users from these platforms, such as name, email address, and service preferences.

12. Automation and Profiling

We use automated processes to personalize marketing campaigns and analyze behaviours, always respecting users’ rights and offering options to opt out of these processes.

At all times, we ensure that these practices comply with applicable data protection laws and that users may exercise their rights at any time. Below are the types of automated decision-making and/or profiling we carry out:

Automated decision-making in digital marketing:

We use automated algorithms to personalize our marketing campaigns on platforms such as Facebook and Google. This includes ad targeting based on user preferences, browsing behaviour, and demographic characteristics. For example, we may display product or service ads based on a user’s prior interaction with our website or advertising campaigns.

Profiling for service optimization:

Through analytics and segmentation tools, we collect data on user behaviour on our website, such as pages visited, time spent, interactions with specific content, and other browsing patterns. This information is used to create anonymous profiles that allow us to improve navigation and the relevance of services offered.

Personalized recommendations:

Based on users’ previous interests and behaviours, we implement recommendation systems that suggest products or services they may find interesting. This personalization is based on the analysis of data collected from past interactions, with the goal of providing a more relevant and tailored experience.

13. Specific Regulatory Requirements

We comply with applicable local and international data protection regulations, such as the GDPR and PIPEDA, as well as any other relevant regulations depending on the sector.

Compliance with digital advertising regulations:

Since we offer digital marketing services, it is essential to comply with regulations on the collection of personal data for online advertising. This includes policies on the use of cookies, user consent for data processing for advertising purposes, and compliance with the regulations of platforms such as Google and Facebook.

Compliance with e-commerce laws:

As part of our services, which include the design of websites and online stores, we comply with local and international e-commerce regulations, which govern how consumer data must be handled during online transactions. This involves data protection in payment processes and transparency in the collection of user information.

Data protection in technical support and IT services:

In the context of our technical support and IT solutions, we ensure that all regulations regarding the security and confidentiality of personal data are followed, especially when handling sensitive information during the provision of these services.

National and local data protection requirements:

Depending on the jurisdiction in which we operate, we may be subject to additional national laws related to the protection of personal data, such as Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), the U.S. Children’s Online Privacy Protection Act (COPPA), or any other relevant legislation.

IT solutions and business services sector:

In the technology solutions and business services sector, we follow specific regulations that govern the use of data management systems and digital platforms, ensuring compliance with best practices and applicable regulations for corporate client data.