GDPR

Our Commitment to the General Data Protection Regulation (GDPR)

 

As an interactive marketing experience provider that collects personal data on behalf of clients across dozens of shopping centres in Europe, we’ve taken a proactive approach to data privacy.

NexusEngage is committed to compliance with the General Data Protection Regulation (GDPR), which will go into effect May 25, 2018. The GDPR is the most comprehensive EU data privacy law in decades. It is aimed at guiding and regulating the way companies across the world will handle their customers’ personal information and creating strengthened and unified data protection for all individuals within the EU.

Our customers can trust that NexusEngage has made GDPR a priority and has devoted significant resources toward our efforts to comply with GDPR. This page outlines our approach and progress to date.

1. What NexusEngage is doing

Like many other marketing companies, NexusEngage is in the process of rolling out its company-wide GDPR compliance strategy leading up to May 2018 and beyond. NexusEngage appreciates that our customers have requirements under GDPR that are directly impacted by their use of NexusEngage products and services, and NexusEngage is committed to helping our customers fulfil their requirements under GDPR and local laws.

Here are the main things we’ve been doing in order to ensure to satisfy the GDPR requirements that apply to both NexusEngage and our customers:

 

a. New features on our platform

Our dev team are building the necessary features that will enable our customers to easily meet their GDPR obligations.

NexusEngage can help you meet your data portability requirements for GDPR, with new tools to easily export all of your campaign data and permanently delete all data linked to an individual user.

Our new analytic system will also allow for fully anonymised reports – anonymising and aggregating personaldata information.

 

b. Comprehensive Privacy Policy

We have been working on a new version of our Privacy Policy statement – outlining clearly:

  • What is being collected/stored – when visiting our website, interacting with activation or working with NexusEngage
  • Why this data is collected, how it is used
  • How the data might be transferred or shared
  • Our security measures

 

c. GDPR plans with our suppliers

We’re reviewing all our suppliers, finding out and evaluating their GDPR plans and are continuing to improve data process and management ensuring all parties ad-hear to the standards and taking necessary actions where required.

 

d. Data Storage & Security

A full review of the data stored has been conducted, as well as an internal audit of our security system and processes  – please get in touch to know more about our Information Security management system.

 

e. Our commitments

There are additional measures that we are taking towards GDPR-readiness:

  • We are conducting an internal audit of third-party services to determine if they would be considered subprocessors of NexusEngage customer data. We’re in the process of signing GDPR-compliant processing agreements with each subprocessor that we might identify.
  • We are in the process of staff training as well as adding processes for ongoing training for new and existing employees about how to respond to GDPR requests.
  • We will revise the information policies in our official employee handbook (signed by all NexusEngage employees upon employment) in accordance with GDPR.
  • Ensuring NexusEngage staff that access and process customer personal data have been trained in handling that data and are bound to maintain the confidentiality and security of that data.

 

2. GDPR Q&A

Does NexusEngage process Personal Data of its customers?

Yes, NexusEngage processes customer Personal Data to provide the products and services and for other limited purposes enumerated in our Privacy Policy.

 

Where does NexusEngage send my data?

Our goal is to provide our customers with secure, fast, and reliable services.

Today, NexusEngage stores Nexus-based Account metadata in its data centres located in France. NexusEngage platform data are stored based on the AWS data centre closest to the location of the activation. NexusEngage may also allow employees and contractors located in the US and Europe access to certain data for product development, customer and technical support purposes. We disclose in our Privacy Policy that customer data may be accessed from these countries.

 

What does NexusEngage do with my data?

The data collected on one of our activations won’t be accessed directly by NexusEngage. Through the platform, our customer will be able to retrieve any data collected; NexusEngage will only use aggregated or anonymized data for statistical and monitoring purposes – as explained in our Privacy Policy.

The data collected on our website, or via direct contact (email, phone, …) will be stored in our CRM and available to be erased or modified upon request.

 

Can you guarantee that my data will stay in a certain location (e.g., Europe)?

While we prioritize hosting your data in the location closest to your largest user base for performance reasons, some NexusEngage service and product features such as IntuiFace Data Tracking will still require that data be transferred to the US. In addition, NexusEngage personnel may need access to data stored in the EU from the US for technical and support related reasons.

 

NexusEngage Commitment

NexusEngage is 100% committed to customer success and the protection of customer data, which is why our customers can count on our commitment to GDPR compliance.

Fulfilling our privacy and data security commitments are important to us. So we’re glad to help you prepare for all the changes the GDPR brings. This page will be revised to reflect GDPR-related information as it becomes available. If you have any questions about how NexusEngage is addressing GDPR compliance, we hope you’ll reach out to us.