Nexin
00

Privacy.

Last updated: 7 May 2026.

This notice covers personal data processed through this marketing website (nexin.co.uk). It does not cover data processed inside the Nexin product, which is governed by the per-Trust Data Processing Agreement signed at deployment.

Who we are

Nexin Ltd ("Nexin", "we", "us") is the data controller for personal data submitted via this site. Registered in England & Wales. Registered office available on request. ICO registration number to follow.

What we collect on this site

  • Enquiries you send us: name, email, organisation, role, and the contents of your message, when you use the contact form or write to us directly.
  • Server request logs: IP address, user agent, request timestamp and path. Held in Cloudflare edge logs for security and abuse prevention.
  • Nothing else. No cookies, no analytics scripts, no tracking pixels, no advertising tags. Page rendering uses Google Fonts to deliver the Oxygen typeface; Google may log the request as part of its content-delivery service.

Lawful basis

  • Enquiries: Article 6(1)(f) legitimate interests (responding to a prospective NHS or partner contact who has approached us). Where you submit through a form, your submission also constitutes consent under Article 6(1)(a).
  • Server logs: Article 6(1)(f) legitimate interests (network security, abuse prevention, audit).

Retention

  • Enquiries: retained while a relationship is active, then for 24 months after last contact, then deleted.
  • Server logs: retained 30 days.
  • Once you become a contracted customer, retention is governed by the contract and DPA, not this notice.

Sharing and processors

We do not sell personal data. We use a small set of processors to run the site and respond to enquiries:

  • Cloudflare, Inc.: site hosting, DNS, edge security. UK / EU data centres. Standard Contractual Clauses in place where data crosses borders.
  • Email provider: for enquiry handling. Provider details available on request.

International transfers

Where personal data leaves the UK, we rely on the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs.

Your rights

Under UK GDPR you can:

  • request a copy of personal data we hold about you (right of access);
  • have inaccurate data corrected (rectification);
  • have your data deleted where we no longer have a lawful basis to hold it (erasure);
  • restrict or object to processing based on legitimate interests;
  • request portability of data you provided to us.

To exercise any of these rights, contact admin@nexin.co.uk. We respond within one calendar month. We will ask you to verify your identity before disclosing data.

Complaints

You can complain to the UK Information Commissioner's Office at ico.org.uk, but please contact us first; we'd rather fix it than have you escalate.

Contact

Dr Luke Innes, on behalf of Nexin Ltd
Email: admin@nexin.co.uk

Changes to this notice

Material changes are dated at the top of this page. The current version is always the one published here.