Privacy policy

This Privacy Notice applies to users (the Data Subjects to whom the Personal Data belongs) visiting Nexova Group – when browsing the website, subscribing to Nexova newsletters or filling the Contact Us form. Users can be Nexova employees, the general public and/or current and potential clients and suppliers who may contact the Company to find out more about its services and business needs.

Users applying for a job through the Nexova website or via other channels shall consult the Candidate Privacy Notice.

When you browse the website, the Company does not collect special categories of Personal Data as defined in Article 9 of GDPR: “Details about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about employee health and genetic and biometric data”.

Categories of Personal Data collected on this website with their related purposes and legal basis are as follows:

Personal Data collected is processed internally only by duly authorised and informed persons, within the scope of what they need to know.

The Company will not pass on or sell Personal Data to third parties for their own marketing purposes.

The Company shares Personal Data externally only in the following cases:

• Customers or trusted partners that work with the Company and require identity data and contact data for operations, business development, selling and support purposes.
• Service providers to assist the Company in managing our website:
  • Starion Group SA, a sister company to Nexova Group SA (marketing and website content)
  • Full Fat Things (website management)
  • Hetzner Online GmbH (web hosting)
  • Mailchimp (email management)
  • CookieBot (cookie management)
• Professional consultants and advisers including public relations firms, market research and consulting companies, lawyers, bankers, auditors, consultants and insurers
• Regulators and other authorities who require reporting of processing activities in certain circumstances namely:
  • To comply with the Company’s legal obligations
  • To exercise the Company’s legal rights (e.g. pursue or defend a claim)
  • For the prevention, detection and investigation of crime.

On the basis of specific agreements, the Company ensures compliance with the instructions and measures put in place for data processing.

If an international transfer of information involving Personal Data is needed, the Company ensures that there are appropriate safeguards in place to ensure the safety and integrity of Personal Data through the following measures:

• Binding corporate agreements which give Personal Data the same protection it has in the European Economic Area (EEA)
• Standard contractual clauses approved by the European Commission for international transfer of Personal Data outside the EEA into contracts with those third parties, or the country in which personal information will be processed has been deemed ‘adequate’ by the European Commission
• European Data Protection Board opinions on the European Commission Implementing Decision on the adequate protection of Personal Data under the EU-US Data Privacy Framework.

The website is securely stored on web servers hosted by Hetzner Online GmbH in Germany.

Data entered in the Contact Us form on this website will be stored on web servers hosted by Hetzner Online GmbH and will be forwarded to the Company by email to be additionally hosted on the Company servers in the European Union.

When subscribing to any Company publications, including newsletters, Personal Data will be stored by Mailchimp, another one of Nexova’s Data Processors.

When you send an email to info [at] nexovagroup.eu (info[at]nexovagroup[dot]eu) the data will be stored in Starion Group SA’s servers hosted in the European Union. Starion Group SA is a sister company offering corporate services to Nexova Group SA.

The data will remain on these systems until Data Subjects specifically request removal by sending Nexova an email. Data Subjects wanting to request deletion, updating or downloading of their Personal Data handled by Nexova’s Data Processors can send an email to privacy [at] nexovagroup.eu (privacy[at]nexovagroup[dot]eu).

Personal Data is retained according to the purpose for which it has been collected:

• Contact the company: until withdrawal of consent
• Marketing: until withdrawal of consent
• Website administration: as specified in the Cookie Notice

The Company ensures security of processing (Article 32 of GDPR) by implementing appropriate technical and organisational measures to ensure an appropriate level of security. When assessing the appropriate level of security, the Company will take into consideration:

• Risks presented by processing: accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed (data breach).
• State of the art of security measures, costs of implementation of new security measures.
• Nature, scope, context and purposes of processing.
• Risk of varying likelihood and severity for the rights and freedoms of individual people.

Details of specific technical measures are available by sending an email to privacy [at] nexovagroup.eu (privacy[at]nexovagroup[dot]eu).

Website users have the following Data Subjects’ rights with regard to their Personal Data:

• Right of access (Article 15): request access to all Personal Data processed
• Right of rectification (Article 16): ask that any Personal Data that is inaccurate is corrected free of charge
• Right to withdraw consent (Article 7): withdraw earlier given consent for processing Personal Data
• Right of deletion (Article 17): request deletion of Personal Data if it is no longer required in light of the purposes outlined in this policy or if the consent to process them is withdrawn
• Right of limitation (Article 18): ask to limit the processing of Personal Data if and when: a) the Data Subject contests the accuracy of that data; b) the processing is illegitimate; or c) the data is no longer needed for the purposes listed but the Data Subject needs it to defend themselves in judicial proceedings
• Right of portability (Article 20): receive the Personal Data in a structured, commonly used and machine-readable format and, where technically feasible, directly transmit that data to another organisation
• Right to object to automated processing, including profiling (Article 21): object to be subject to the legal effects of automated processing or profiling.

To exercise one or more of the rights listed above, Data Subjects shall send an email to privacy [at] nexovagroup.eu (privacy[at]nexovagroup[dot]eu).

The Data Protection Officer will promptly inform the Data Subject of having received this request. If the request proves valid, the Company will process it within 30 days of having received the request. If Data Subjects are unsatisfied with the response, they are free to file a complaint with the competent data protection authority.

We reserve the right to change our Privacy Policy at any time. On this page you will always find the most recent version. If the new Privacy Policy affects the way in which we process data relating to you that has already been collected, we will notify you by email.

This website Privacy Notice was last reviewed and updated in April 2025.

Jurisdiction: Belgium

Country-specific legal requirement:

The Company is entitled to rely on ‘soft opt-in’ consent in respect of certain marketing messages that the Company wishes to send to website users. In all other e-marketing circumstances, active ‘opt-in’ consent is required by law and the Company is required to keep records of each specific consent provided by users.

Note: this section will be updated when local implementing law shall be finalised.