Privacy Policy

1. Data controller

• Sánchez Peinado Solutions SL (trade name: NEXUS SP Solutions )
• NIF: B75818237 · Address: Paseo de las Palmeras, 3, Local B, 51001 Ceuta (Spain)
• Web: www.nexusspsolutions.com · Tel.: +34 656 806 899
• Privacy Channel: privacy@nexusspsolutions.com
• Cybersecurity channel (vulnerabilities/incidents reporting): ciberseguridad@nexusspsolutions.com .

Registration and contact information according to internal corporate file.

Data Protection Officer (DPO): Not designated. If it becomes required in the future, we will update this section.

2. What data do we process?

• Identification and contact: name, surname, company, position, email, telephone number.
• Sales and support data: inquiries, quotes, tickets, customer service history.
• Billing and shipping information: NIF, addresses, payment methods (we do not store full PAN).
• eCommerce transactional data: orders, logistics, RMA/SAT.
• Technical metadata: IP, identifiers/cookies (see Cookie Policy), security logs.
• HR: CV and data provided in selection processes.

Origin: Provided by the data subject; generated by the use of the website/services; and, where applicable, by third parties involved in logistics, payments, or support (processors). Flows and tools aligned with our internal architecture (ERP/CRM/Odoo Helpdesk, email, and proprietary systems).

3. Purposes

•  Respond to requests (contact, quotes, support).
• Contractual and operational management (orders, invoicing, logistics, warranties, RMA/SAT).
• System maintenance and security , fraud prevention, and business continuity.
• Legitimate commercial communications (newsletters or B2B actions; always with the option to unsubscribe).
• Personnel selection (CV management and employment processes).
• Legal compliance (tax, commercial and information society services).

4. Legal bases

• Execution of contract or pre-contractual measures: (a–b–e).
• Legal obligation: (f) —e.g. tax/commercial regulations.
• Legitimate interest: (c) security/operation; (d) B2B marketing of similar products/services, with the right to object . Spanish Data Protection Agency
• Consent: specific forms, newsletter subscription, and non-technical cookies (revocable at any time). Criteria and banner/panel in accordance with the AEPD guidelines and the 2023 EDPB guidelines (accept/reject at the same level). Spanish Data Protection Agency +1

Commercial communications via electronic means: only with prior consent or within the framework of a prior contractual relationship for similar products/services, with the option to opt out with each mailing (Article 21 LSSI).

5. Conservation periods (criteria)

• Clients/Billing: Applicable legal, commercial and tax deadlines.
• Tickets and project documentation/warranty: up to 5 years or the period required for coverage/SLAs.
• Non-contractual leads/contacts: 12–24 months from last interest.
• CV/selection: up to 24 months.
• Emails with commercial/tax relevance: 6 years (commercial). General tax documentation: 4 years (tax). Criteria aligned with internal mail and archiving policy.

6. Recipients (managers and transfers)

We share data only when necessary and under data processing contracts :

• IT hosting and infrastructure , corporate email , ERP/CRM/Helpdesk (Odoo) , payment gateways , logistics/transport , technical support/integrators .
• Public administrations and competent bodies when legally required .
  We maintain an updated register of those responsible , available upon request.

7. International transfers

Our operations rely primarily on providers located in the EU/EEA. If, exceptionally, any service involves international transfers, these will be formalized with Standard Contractual Clauses or other appropriate safeguards (Article 46 GDPR). We will inform you in advance in this policy if the data map changes. (See also the AEPD/EDPB criteria for cookies and external services.)

8. Rights of people

  You can exercise your rights of access, rectification, erasure, objection, restriction of processing, portability , and withdrawal of consent at any time by contacting privacy@nexusspsolutions.com . The request is free ; we may request additional information to verify your identity and, if the request is manifestly unfounded or excessive, deny it or pass on the administrative costs. If you are not satisfied, you can file a complaint with the Spanish Data Protection Agency (AEPD) .

AEPD – exercise your rights: www.aepd.es . 

9. Information security

We implement technical and organizational measures commensurate with the risk: access control, MFA, encryption in transit, backups, incident logging and management, hardening, and secure email policies (SPF/DKIM/DMARC). Responsible disclosure channel : ciberseguridad@nexusspsolutions.com .  

10. Minors

Our services are not directed at minors under the age of 16. If we detect inappropriate processing, we will remove it without delay. 

11. Commercial communications

They are only sent when there is a prior relationship and similar products/services ( soft opt-in ) or express consent ; always with an opt-out mechanism.

12. Cookies

 The site uses its own and third-party cookies for technical, personalization, analytical, and, where applicable, advertising purposes. Users can configure or reject their use from the banner and the Preferences Panel at any time. See the Cookie Policy for detailed information (types, purposes, third parties, and time limits). Current AEPD/EDPB criteria: reject and accept at the same level , without deceptive patterns.

13. Updates

We may update this policy to reflect regulatory, technical, or organizational changes. We will indicate the effective date and, where appropriate, notify you of relevant changes by reasonable means.

Validity: 09/26/2025.