Privacy Policy

Introduction

SDL Nexum ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you visit our website or use our services, in compliance with the General Data Protection Regulation (GDPR).

Data Controller

Data We Collect

We collect the following categories of personal data:

• Contact information: Name, email address, phone number when you contact us or request our services
• Business information: Company name, job title, project requirements when engaging our services
• Technical data: IP address, browser type, device information, and pages visited (collected automatically)
• Communication records: Correspondence and meeting notes related to projects

How We Use Your Data

We process your personal data for the following purposes:

• Responding to inquiries and providing requested information
• Delivering contracted services and managing projects
• Sending invoices and processing payments
• Improving our website and services
• Complying with legal and regulatory obligations
• Protecting our legitimate business interests

Legal Basis for Processing

We process your data based on the following legal grounds under GDPR:

• Contract performance: When processing is necessary to fulfill a contract with you or take pre-contractual steps
• Legitimate interests: For business operations, security, and service improvement, where not overridden by your rights
• Consent: When you have given explicit consent for specific processing activities
• Legal obligation: When processing is required to comply with applicable laws

Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy:

• Project data: 7 years after project completion (accounting/tax requirements)
• Contact inquiries: 2 years from last contact if no engagement follows
• Technical logs: 12 months

After these periods, data is securely deleted or anonymized.

Data Sharing

We do not sell your personal data. We may share data with:

• Service providers: Hosting, accounting, and other business service providers under strict data processing agreements
• Professional advisors: Lawyers, accountants when required for business operations
• Legal authorities: When required by law, court order, or to protect our legal rights

All third parties are required to respect the security of your data and process it in accordance with GDPR.

Your Rights Under GDPR

As a data subject, you have the following rights:

To exercise any of these rights, contact us using the details provided below. We will respond within 30 days.

Cookies

Our website currently uses only essential cookies required for basic functionality. We do not use tracking cookies, analytics cookies, or third-party advertising cookies. If this changes, we will update this policy and implement appropriate consent mechanisms.

Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (HTTPS/TLS)
• Secure access controls and authentication
• Regular security assessments and updates
• Employee training on data protection

International Transfers

Your data is primarily processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date. For significant changes, we will provide more prominent notice where appropriate.

Complaints

If you have concerns about how we handle your data, please contact us first. You also have the right to lodge a complaint with the Belgian Data Protection Authority:

Contact Us

For questions about this Privacy Policy or to exercise your data rights: