Legal Information

1. INTRODUCTION

This Privacy Policy explains how Nexi Bot LTD ("we," "us," "our," or "the Company"), a company incorporated in England and Wales under company number 16502958, collects, uses, processes, and protects personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 & 2025, and other applicable UK data protection laws.

We are registered with the Information Commissioner's Office (ICO) under registration number ZB910034.

2. DATA CONTROLLER

Nexi Bot LTD is the data controller for the purposes of UK data protection law. You can contact us at:

Address: 80A Ruskin Avenue, Welling, London, DA16 3QQ
Email: [email protected]

3. CATEGORIES OF DATA SUBJECTS

We process personal data relating to:

• Employees and prospective employees (including individuals under 18 years of age)
• Parents/guardians of employees under 18 years of age
• Customers and users of our platform services
• Website visitors

4. EMPLOYEE DATA PROTECTION

4.1 Data We Collect

We collect and process the following categories of personal data from our employees:

For All Employees:

• Personal identification information (name, country, date of birth)
• Contact details (phone number, personal email address)
• Employment details (job title, department, start date, salary, performance records)
• Bank account details for payroll purposes (for shareholders only)
• Emergency contact information (for under 16s)
• Training records

For Employees Under 18:

• All of the above data categories
• Parental/guardian consent documentation
• Parental/guardian contact information

4.2 Special Provisions for Employees Under 18

Parental Consent: For employees aged 16 and under, we obtain explicit written consent from parents/guardians before processing any personal data. This consent covers:

• Collection and processing of the minor's personal data
• Storage of personal data on our systems
• Use of personal data for employment purposes
• Transfer of data to third-party processors

Parental Rights: Parents/guardians of employees under 18 have the right to:

• Access their child's personal data held by us
• Request rectification of inaccurate data
• Request erasure of data (subject to legal obligations)
• Withdraw consent at any time
• Lodge complaints with the ICO

4.3 Legal Basis for Processing Employee Data

We process employee personal data under the following legal bases:

• Contract Performance: Processing necessary for the voluntary contract
• Legal Obligation: Compliance with employment law, tax obligations, and health and safety requirements
• Legitimate Interests: HR administration, security, and business operations
• Consent: Where specifically obtained, particularly for employees under 18

4.4 Employee Data Storage and Systems

Current Systems:

• Google Docs: Used for document storage and collaboration
• ODOO: Our primary HR platform for employee records management

Future Migration:

• Personal data will be migrated to our proprietary website system
• Data will be stored using MariaDB database technology
• Enhanced security measures will be implemented during migration

Email Systems:

• Employee emails are managed through Roundcube Webmail
• Hosted on webmail.nexihub.uk
• Third-party software provided by Cybrancee
• Subject to appropriate data processing agreements

4.5 Data Retention - Employees

We retain employee personal data for the following periods:

• Current Employees: Throughout employment and as required by law
• Former Employees: Up to 6 years after termination for tax and legal compliance
• Unsuccessful Applicants: Up to 6 months after recruitment process
• Under 18 Employees: Records retained in accordance with child protection requirements

5. CUSTOMER DATA PROTECTION

5.1 Data We Collect from Customers

Service Data:

• Platform configuration data
• User interaction data with our services
• Subscription and service usage data
• Account information and preferences

Billing Data:

• Payment information processed through Stripe
• Subscription status and history
• Billing addresses (processed by Stripe)

5.2 Legal Basis for Processing Customer Data

• Contract Performance: Providing platform services
• Legitimate Interests: Service improvement and customer support
• Consent: Where specifically obtained for marketing communications

5.3 Customer Data Storage and Processing

Service Data:

• Stored in MariaDB database
• Accessible through our website interface
• Regularly updated to reflect current configurations

Billing Data:

• Processed and stored by Stripe (our payment processor)
• Nexi Hub employees do not have access to full payment card details
• Employees can access subscription management functions for customer support
• Employees can cancel subscriptions through our website interface

5.4 Data Retention - Customers

• Active Customers: Data retained for duration of service provision
• Former Customers: Service data retained for up to 12 months
• Billing Data: Retained by Stripe in accordance with their retention policies and legal requirements

6. DATA SHARING AND THIRD-PARTY PROCESSORS

We share personal data with the following categories of third parties:

6.1 Service Providers

Current:

• Google (Google Docs) - Document storage and collaboration
• ODOO - HR management platform
• Cybrancee - Email hosting services
• Stripe - Payment processing

Future:

• MariaDB hosting providers
• Website hosting services

6.2 Legal Disclosures

We may disclose personal data where required by:

• Court orders or legal proceedings
• Regulatory investigations
• Law enforcement requests
• Compliance with statutory obligations

6.3 Data Processing Agreements

All third-party processors are bound by appropriate data processing agreements ensuring:

• Adequate security measures
• Compliance with UK GDPR requirements
• Restrictions on data use
• Notification of data breaches

7. INTERNATIONAL TRANSFERS

Where personal data is transferred outside the UK, we ensure adequate protection through:

• Adequacy decisions
• Standard Contractual Clauses
• Binding Corporate Rules
• Appropriate safeguards as required by UK GDPR

8. DATA SUBJECT RIGHTS

Under UK GDPR, data subjects have the following rights:

8.1 Right of Access

Request copies of personal data we hold about you

8.2 Right to Rectification

Request correction of inaccurate or incomplete data

8.3 Right to Erasure

Request deletion of personal data (subject to legal obligations)

8.4 Right to Restrict Processing

Request temporary suspension of data processing

8.5 Right to Data Portability

Request transfer of data to another controller

8.6 Right to Object

Object to processing based on legitimate interests

8.7 Rights Related to Automated Decision-Making

Protection against solely automated decision-making

8.8 Right to Withdraw Consent

Where processing is based on consent, withdraw consent at any time

Special Provisions for Minors: For employees under 18, these rights may be exercised by parents/guardians or jointly with the minor, depending on the circumstances and the minor's capacity.

9. DATA SECURITY

We implement appropriate technical and organisational measures including:

9.1 Technical Measures

• Encryption of data in transit and at rest
• Regular security updates and patches
• Access controls and authentication systems
• Secure database configurations
• Regular security assessments

9.2 Organisational Measures

• Staff training on data protection
• Clear data handling procedures
• Regular policy reviews and updates
• Incident response procedures
• Segregation of duties

9.3 Employee Security Obligations

All employees, including those under 18, are required to:

• Maintain confidentiality of personal data
• Follow data protection policies and procedures
• Report suspected data breaches immediately
• Attend mandatory data protection training

10. DATA BREACH NOTIFICATION

In the event of a personal data breach, we will:

• Assess the risk to individuals' rights and freedoms
• Notify the ICO within 72 hours where required
• Notify affected individuals without undue delay where high risk exists
• Document all breaches and remedial actions taken

11. PRIVACY BY DESIGN AND DEFAULT

We implement privacy by design principles:

• Data protection considerations in system design
• Privacy impact assessments for new processing activities
• Regular review of data processing necessity
• Minimisation of data collection and retention

12. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. When we make changes:

12.1 Notification Period

• All Changes: 7 days advance notice
• Changes Affecting Minors: Additional notification to parents/guardians

12.2 Notification Methods

• Email notification to employees and registered customers
• Website publication
• Direct notification to parents/guardians of employees under 18

12.3 Consent Requirements

Where changes require new consent, we will obtain explicit agreement before implementing changes.

13. CONTACT INFORMATION

For questions about this Privacy Policy or to exercise your rights:

General Inquiries:
Email: [email protected]
Address: 80A Ruskin Avenue, Welling, London, DA16 3QQ

ICO Contact: If you are not satisfied with our response, you can contact the Information Commissioner's Office:

• Website: ico.org.uk
• Phone: 0303 123 1113
• Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

14. SPECIAL PROVISIONS FOR CHILD PROTECTION

14.1 Safeguarding Commitments

We are committed to protecting children in our employment and maintain:

• Enhanced DBS checks for relevant positions
• Child protection policies and procedures
• Regular safeguarding training for all staff
• Clear reporting procedures for concerns

14.2 Parental Involvement

Parents/guardians of employees under 18 are entitled to:

• Regular updates on their child's employment status
• Access to relevant personal data processed about their child
• Involvement in any disciplinary or grievance procedures
• Immediate notification of any safeguarding concerns

14.3 Additional Protections

For employees under 18, we provide:

• Enhanced privacy protections
• Restricted access to personal data
• Additional consent requirements for data sharing
• Specialized training for managers and supervisors

15. COMPLIANCE AND ACCOUNTABILITY

We maintain compliance through:

• Regular internal audits
• Staff training programmes
• Policy review and updates
• External legal advice where necessary
• Ongoing monitoring of data protection regulations

This Privacy Policy demonstrates our commitment to protecting personal data and complying with all applicable UK data protection laws. We regularly review and update our practices to ensure continued compliance and protection of personal data.

1. ACCEPTANCE OF TERMS

By accessing or using any Nexi Hub services, including Nexi Web, Nexi Bot, and Nexi Pulse ("Services"), you agree to be bound by these Terms of Service ("Terms"). If you do not agree to these Terms, you may not use our Services.

2. DESCRIPTION OF SERVICES

Nexi Hub provides three main platforms:

• Nexi Web: Web design and development platform with drag-and-drop editor and custom code support
• Nexi Bot: Discord bot services providing moderation, automation, and engagement tools
• Nexi Pulse: Enterprise platform for HR, support, email, and analytics management

3. USER ACCOUNTS

3.1 Account Creation

You must provide accurate and complete information when creating an account. You are responsible for maintaining the confidentiality of your account credentials.

3.2 Account Responsibility

You are solely responsible for all activities that occur under your account. You must notify us immediately of any unauthorized use of your account.

4. ACCEPTABLE USE POLICY

4.1 Permitted Uses

You may use our Services for lawful purposes only and in accordance with these Terms.

4.2 Prohibited Uses

You agree not to use the Services:

• For any unlawful purpose or to solicit others to perform unlawful acts
• To violate any international, federal, provincial, or state regulations, rules, laws, or local ordinances
• To infringe upon or violate our intellectual property rights or the intellectual property rights of others
• To harass, abuse, insult, harm, defame, slander, disparage, intimidate, or discriminate
• To submit false or misleading information
• To upload or transmit viruses or any other type of malicious code
• To spam, phish, pharm, pretext, spider, crawl, or scrape
• For any obscene or immoral purpose
• To interfere with or circumvent the security features of the Services

5. PAYMENT TERMS

5.1 Subscription Services

Some Services require payment of fees. You agree to pay all fees associated with your use of premium features.

5.2 Payment Processing

Payments are processed through third-party payment processors. You agree to their terms and conditions.

5.3 Refunds

Refunds are handled on a case-by-case basis in accordance with our refund policy.

6. INTELLECTUAL PROPERTY

6.1 Our Intellectual Property

The Services and their original content, features, and functionality are owned by Nexi Bot LTD and are protected by international copyright, trademark, patent, trade secret, and other intellectual property laws.

6.2 Your Content

You retain ownership of any content you create using our Services. However, you grant us a license to use, store, and process your content as necessary to provide the Services.

7. PRIVACY

Your privacy is important to us. Please review our Privacy Policy, which also governs your use of the Services.

8. TERMINATION

8.1 Termination by You

You may terminate your account at any time by contacting us or using the account deletion features in our Services.

8.2 Termination by Us

We may terminate or suspend your account immediately, without prior notice, for any breach of these Terms.

9. DISCLAIMERS

THE SERVICES ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS. WE EXPRESSLY DISCLAIM ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED.

10. LIMITATION OF LIABILITY

IN NO EVENT SHALL NEXI BOT LTD BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES.

11. GOVERNING LAW

These Terms shall be governed by and construed in accordance with the laws of England and Wales.

12. CHANGES TO TERMS

We reserve the right to modify these Terms at any time. We will provide notice of significant changes.

13. CONTACT INFORMATION

If you have any questions about these Terms, please contact us at:
Email: [email protected]
Address: 80A Ruskin Avenue, Welling, London, DA16 3QQ

1. INTRODUCTION

This Acceptable Use Policy ("AUP") governs your use of Nexi Hub services and sets out the standards of behavior we expect from all users.

2. PROHIBITED ACTIVITIES

2.1 Illegal Activities

You may not use our services for:

• Any illegal activities or content
• Copyright or trademark infringement
• Fraud, phishing, or identity theft
• Money laundering or terrorist financing
• Distribution of illegal content

2.2 Harmful Content

Prohibited content includes:

• Hate speech, harassment, or discrimination
• Violent or graphic content
• Adult content or pornography
• Content promoting self-harm
• Malware, viruses, or malicious code

2.3 Service Abuse

You must not:

• Attempt to gain unauthorized access to our systems
• Interfere with or disrupt our services
• Use our services for spam or unsolicited communications
• Exceed reasonable usage limits
• Reverse engineer or attempt to extract source code

3. CONTENT STANDARDS

All content must be:

• Legal and not infringing on third-party rights
• Accurate and not misleading
• Respectful and not offensive
• Appropriate for the intended audience
• Compliant with platform-specific guidelines

4. ENFORCEMENT

4.1 Violations

Violations may result in:

• Content removal or modification
• Account suspension or termination
• Service restrictions or limitations
• Legal action where appropriate
• Reporting to relevant authorities

4.2 Appeals Process

If you believe enforcement action was taken in error:

• Contact our support team within 30 days
• Provide detailed explanation of the circumstances
• Include any relevant evidence or documentation
• Allow up to 14 days for review and response

5. REPORTING VIOLATIONS

To report violations of this policy:
Email: [email protected]
Include: Detailed description, URLs, screenshots, and your contact information