Privacy Policy

Last updated: April 1, 2026

1. Data Controller

The data controller for the purposes of the General Data Protection Regulation (GDPR) and applicable Estonian data protection legislation is NexoServices Europe Solutions Ltd, Sepapaja 6, 15551 Tallinn, Estonia, VAT: EE102837465 (“Controller”).

2. Data We Collect

We collect and process the following categories of personal data in connection with the operation of our Partner Hub platform:

  • Identity Data: Name, surname, corporate email address.
  • Authentication Data: One-time verification codes (not stored after verification).
  • Transaction Data: Purchase history, invoice details, amounts, service selections.
  • Technical Data: IP address, browser type, access timestamps, device identifiers.

3. Legal Basis for Processing

We process personal data on the following legal bases under Article 6 of the GDPR:

  • Contract Performance (Art. 6(1)(b)): Processing necessary for the performance of the service agreement.
  • Legitimate Interest (Art. 6(1)(f)): Platform security, fraud prevention, and service improvement.
  • Legal Obligation (Art. 6(1)(c)): Compliance with Estonian tax and accounting regulations.

4. Data Retention

Personal data is retained for the duration of the business relationship and for a period of 7 years thereafter, as required by Estonian accounting and tax legislation. Authentication data (OTP codes) is automatically deleted within 5 minutes of generation.

5. Data Recipients

We may share personal data with the following categories of recipients:

  • Hosting and infrastructure providers (within the EU/EEA).
  • Email service providers for transactional communications.
  • Tax authorities, as required by applicable Estonian and EU legislation.

6. International Transfers

All data processing occurs within the European Economic Area (EEA). In the event that data is transferred outside the EEA, we ensure adequate safeguards are in place in accordance with Chapter V of the GDPR, including Standard Contractual Clauses (SCCs) where applicable.

7. Your Rights

Under the GDPR, you have the right to:

  • Access your personal data (Art. 15).
  • Rectify inaccurate data (Art. 16).
  • Request erasure (“right to be forgotten”) (Art. 17).
  • Restrict processing (Art. 18).
  • Data portability (Art. 20).
  • Object to processing (Art. 21).
  • Lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).

8. Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption of data in transit (TLS), secure authentication mechanisms, access controls, and regular security assessments.

9. Contact

For data protection inquiries, contact us at: noreply@nexoservices.io