• DPA Exhibit

  • On this page you'll be able to find how we process personal data and what third party applications we use to store it. Where applicable, user's consent has been received explicable. For a number of our services user data is necessary for smooth operations. We're also obliged to retain the proper information for our tax returns. In light of the GDPR regulation we've tried to be fully transparent about our business, the way we use your personal data, the way we've implemented security measures and be very specific about what information exactly is stored. However if you have any further questions about these data processes please feel free to email us at info@nexusthemes.com

  • Glossary

    Processor Service The name of the specific service of the data processor.
    Lawful basis of processing We need to have a legal reason to use your data. That reason could be consent (you opted in) with notice (we told you what you were opting into), performance of a contract (e.g. you're our customer and we want to send you a bill), or what the GDPR calls “legitimate interest” (e.g. you're a customer, and we want to send you products related to what you currently have).
    Data Type The required data types we store as part of the service. Not required data types are not mentioned.
    Data Origin The person creating the data.
    Data Recipients Third parties who receive the data as part of their service.
    Data Longevity How long we store the data
    Security Measures The GDPR requires a slew of data protection safeguards, from encryption at rest and in transit to access controls to data pseudonymization and anonymization. This section is about what security measures we have in place to pretect your data.
  • Nexus Themes

    Processor Service Track AdWords conversions
    Lawful basis of processing We use Google Adwords for paid marketing purposes. We track click-through rates and the subsequent user journey on our site.
    Data Type
      Data Origin Website visitors
      Data Recipients none
      Data Longevity does not automatically expire
      Security Measures G Suite security, 2-factor authentication
      Processor Service Promote partners
      Lawful basis of processing We process this Google Drive data with our IX Platform tool to store it on our server.
      Data Type
      • First name
      • Last name
      • Brand name
      • Website
      • Country
      • Address
      Data Origin Partner
      Data Recipients none
      Data Longevity does not automatically expire
      Security Measures G Suite security, 2-factor authentication, AWS Cloud Security, VPS backups
      Processor Service Provide theme trial
      Lawful basis of processing As part of our service, website visitors are able to use our themes free of charge during a trial. We use a cookie to be able to distinguish the various trial environments and connect them to a specific person.
      Data Type
      • IP address
      Data Origin Website visitors
      Data Recipients none
      Data Longevity 3 days after last usage
      Security Measures AWS Cloud Security
      Processor Service Log web requests
      Lawful basis of processing NGINX is open source software for web serving, reverse proxying, caching, load balancing, and media streaming among others. It's a core part of business and the foundation of our online operations. One of the fundamental reasons for in-depth data collection on this level is to gain insight into suspicious or harmful behavior and the ability to decline further access.
      Data Type
      • IP address
      • web page requests
      Data Origin Website visitors and website users (we host)
      Data Recipients none
      Data Longevity 30 days
      Security Measures AWS Cloud Security, VPS backups
      Processor Service Register theme's license
      Lawful basis of processing Sometimes license and product purchase information is used to gain new insights for marketing. We use this data to streamline support and gauge the validity of a client's license.
      Data Type
      • License
      • Billing email
      • Domain
      Data Origin Person responsible for building end-user's website (could be the end-user, or person making the website on behalf of the end-user).
      Data Recipients none
      Data Longevity does not automatically expire
      Security Measures HTTPS connection
      Processor Service Provide Support
      Lawful basis of processing Within our themes you have the ability to ask for support. We store this support-related information.
      Data Type
      • License key
      Data Origin Client
      Data Recipients none
      Data Longevity does not automatically expire
      Security Measures AWS Cloud Security, VPS backups
      Processor Service Provide online transaction processing
      Lawful basis of processing We use WooCommerce as our e-commerce solution which stores all information related to product purchases.
      Data Type
      • First name
      • Last name
      • Country
      • Street address
      • Postcode / ZIP
      • Town / City
      • Phone
      • Email address
      • PayPal ID
      • Order date
      • IP address
      • SKU (Stock Keeping Unit)
      Data Origin Client
      Data Recipients none
      Data Longevity does not automatically expire
      Security Measures AWS Cloud Security
      Processor Service Provide hosting
      Lawful basis of processing We provide hosting for individual clients. For a hosting environment to properly function there's the need for a user and accompanying registration information.
      Data Type
      • Title
      • First name
      • Last name
      • Street
      • Housenumber
      • Postal code
      • City
      • Country
      • Province/State
      • Phonenumber
      • Current email
      • Domain name
      • Domain name creation date
      Data Origin Client
      Data Recipients none
      Data Longevity does not automatically expire
      Security Measures AWS Cloud Security, VPS backups, Site backups, Login roles
      Processor Service Provide theme updates
      Lawful basis of processing We keep track of our themes in the field to ensure our clients are able to obtain theme updates. And also to be able to better serve our clients and provide premium support only to those with a valid license.
      Data Type
      • License
      • Domain
      • Billing Email
      • Theme
      Data Origin Client
      Data Recipients none
      Data Longevity does not automatically expire
      Security Measures AWS Cloud Security, VPS backup
      Processor Service Provide theme updates
      Lawful basis of processing
      Data Type
        Data Origin
        Data Recipients
        Data Longevity
        Security Measures
        Processor Service Provide studio
        Lawful basis of processing The Nexus Studio uses the default WordPress user registration data. To be able expand upon this standard functionality we register this user data for obvious reasons. It includes data of the Studio user itself and subsequent additional user's for each underlying site.
        Data Type
        • Title
        • First name
        • Last name
        • Street
        • Housenumber
        • Postal code
        • City
        • Country
        • Province/State
        • Phonenumber
        • Current email
        • Domain name
        • Domain name creation date
        Data Origin Client
        Data Recipients none
        Data Longevity does not automatically expire
        Security Measures AWS Cloud Security, VPS backups, Site backups, Login roles
        Processor Service Apply for Studio
        Lawful basis of processing We use Google Forms to perform a survey for people interested in our Studio solution
        Data Type
        • Survey data
        Data Origin (pre-sale) client
        Data Recipients none
        Data Longevity does not automatically expire
        Security Measures G Suite security, 2-factor authentication
        Processor Service Display teammembers
        Lawful basis of processing We process this Google Drive data with our IX Platform tool to store it on our server.
        Data Type
        • Name
        • Role
        • Bio
        Data Origin Teammember
        Data Recipients none
        Data Longevity does not automatically expire
        Security Measures G Suite security, 2-factor authentication, AWS Cloud Security, VPS backups
        Processor Service Provide Support
        Lawful basis of processing Based on the license key we can provide support when we get the request from within the theme.
        Data Type
        • License key
        Data Origin Client
        Data Recipients none
        Data Longevity does not automatically expire
        Security Measures AWS Cloud Security, VPS backups, HTTPS connection
      • Amazon

        DPA available
        Processor Service Send email
        Lawful basis of processing As part of the Nexus Studio service we use the Amazon Simple Email Service to send emails.
        Data Type
        • from
        • to
        • subject
        • body
        Data Origin Client
        Data Recipients none
        Data Longevity does not automatically expire
        Security Measures Amazon SES Security Protocol
      • European Commission

        Processor Service Validate EU VAT number
        Lawful basis of processing To check wether or not someboy has offered us a valid VAT number we make use of the VAT number validation service from the European Commission. This service is used within our ecommerce system, when a purchase is processed and a VAT number is part of the order.
        Data Type
        • VAT number
        Data Origin Client
        Data Recipients none
        Data Longevity does not automatically expire
        Security Measures
      • Google

        DPA available
        Processor Service Track website visits
        Lawful basis of processing We use Google Analytics to keep track of the general health of our site and the way website visitors navigate through our site.
        Data Type
        • IP anonymous, compliant by design
        Data Origin Website visitors
        Data Recipients none
        Data Longevity does not automatically expire
        Security Measures G Suite security, 2-factor authentication
        Processor Service Promote partners
        Lawful basis of processing We use Google Drive to create documents that contain partner data
        Data Type
        • First name
        • Last name
        • Brand name
        • Website
        • Country
        • Address
        Data Origin Partner
        Data Recipients none
        Data Longevity does not automatically expire
        Security Measures G Suite security, 2-factor authentication, AWS Cloud Security, VPS backups
        Processor Service Process email
        Lawful basis of processing We use Google's Gmail as our preferred email handler for all questions related to support. This means all questions send to the address connected to our support platform passes through and is stored by Gmail.
        Data Type
        • email content
        Data Origin (pre-sale) client
        Data Recipients none
        Data Longevity does not automatically expire
        Security Measures G Suite security, 2-factor authentication
        Processor Service Track AdWords conversions
        Lawful basis of processing We use Google Adwords for paid marketing purposes. We track click-through rates and the subsequent user journey on our site.
        Data Type
          Data Origin Website visitors
          Data Recipients none
          Data Longevity does not automatically expire
          Security Measures G Suite security, 2-factor authentication
          Processor Service Display teammembers
          Lawful basis of processing To show people who've contributed to our organization as a teammember in various roles we store specific data in Google Drive.
          Data Type
          • Name
          • Role
          • Bio
          Data Origin Teammember
          Data Recipients none
          Data Longevity does not automatically expire
          Security Measures G Suite security, 2-factor authentication, AWS Cloud Security, VPS backups
        • Helpscout

          https://www.helpscout.net/company/legal/dpa/
          Processor Service Provide email support
          Lawful basis of processing We decided to go for email support and Helpscout as our tool of choice. All of our support email is managed with the help of the Helpscout tool.
          Data Type
          • First name
          • Last name
          • Order date
          • SKU (Stock Keeping Unit)
          • Order ID
          • Order status
          • Site domain
          • Email conversation
          Data Origin (pre-sale) client
          Data Recipients none
          Data Longevity does not automatically expire
          Security Measures AWS Cloud Security
        • Oxxa

          DPA available
          Processor Service Register domain
          Lawful basis of processing Oxxa is our preferred ICANN accredited registrar of domain names.
          Data Type
            Data Origin Client
            Data Recipients none
            Data Longevity does not automatically expire
            Security Measures
          • Paypal

            https://www.paypal.com/gi/webapps/mpp/ua/privacy-full
            Processor Service Process payment
            Lawful basis of processing PayPal is an online payment provider and our core means of receiving the money from purchase placements.
            Data Type
            • Order date
            • SKU (Stock Keeping Unit)
            • First name
            • Last name
            Data Origin Client
            Data Recipients none
            Data Longevity does not automatically expire
            Security Measures Paypal Security, 2-factor authentication
          • Tawk.to

            https://www.tawk.to/data-protection/dpa-data-processing-addendum/
            Processor Service Provide chat support
            Lawful basis of processing Tawk.to is our online chat tool. We use this tool to have ad-hoc one-on-one conversations with potential leads and existing clients.
            Data Type
            • Visitor name
            • Chat text
            • Chat date
            • Chat duration
            • IP address
            Data Origin (pre-sale) client
            Data Recipients none
            Data Longevity does not automatically expire
            Security Measures 128 bit ssl encryption
          • GitHub

            DPA available
            Processor Service Code versioning
            Lawful basis of processing Some user data is part of a closed code repository.
            Data Type
            • Partner meta data for billing
            Data Origin Client
            Data Recipients none
            Data Longevity does not automatically expire
            Security Measures Github Security