Last updated: June 17, 2026

1. Introduction

NEXESS Solutions (“NEXESS,” “we,” “our,” or “us”) is committed to protecting the privacy, confidentiality, integrity, and security of personal data processed in connection with our business activities, website, products, and services.

This Privacy Notice explains how we collect, use, disclose, retain, and protect personal data, including:

  • personal data collected through the NEXESS website;
  • personal data processed through NEXESS software and hardware solutions, including the NexCap platform, RFID cabinets, mobile applications, and related services;
  • the rights available to individuals under applicable privacy laws;
  • the security and governance measures implemented by NEXESS.

This Privacy Notice is designed to support transparency and accountability in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”), where applicable.

2. Company Information

Nexess SAS, 2455 Route des Dolines, 06560 Sophia Antipolis – Valbonne
06560 Valbonne – France

General contact: [email protected]
Privacy contact: [email protected]
Security contact: [email protected]

3. Scope of this Privacy Notice

This Privacy Notice applies to:

  • visitors to the NEXESS website;
  • prospects, customers, and business partners;
  • users of NexCap and other NEXESS solutions;
  • job applicants;
  • users of NEXESS mobile applications and connected RFID solutions.

4. Personal Data Collected Through the Website

4.1 Information You Provide Directly

When you contact us, request a demo, download documentation, submit a job application, or request support, we may collect:

  • first and last name;
  • business email address;
  • phone number;
  • company name;
  • job title or function;
  • country or region;
  • content of your request or message;
  • resume, cover letter, and recruitment-related information when you apply for a job.

4.2 Information Collected Automatically

When you browse our website, we may automatically collect certain technical information, including:

  • IP address;
  • browser type and version;
  • operating system;
  • pages visited;
  • date and time of access;
  • referring website;
  • analytics and usage data;
  • cookie preferences.

5. Personal Data Processed Through NexCap and NEXESS Solutions

5.1 User Account Data

NEXESS solutions, including NexCap, may process personal data related to user accounts, such as:

  • user identifiers;
  • business email addresses;
  • names or usernames;
  • roles and permissions;
  • authentication and login information;
  • access rights and authorization settings;
  • activity logs and audit trails.

5.2 Operational Traceability Data

Depending on the features used by the customer, NexCap and related NEXESS solutions may process operational traceability data, including:

  • equipment check-outs and returns;
  • RFID inventory events;
  • asset tracking events;
  • operational alerts;
  • maintenance events;
  • calibration events;
  • asset status and location-related events;
  • usage history associated with tracked assets.

5.3 Technical and Security Data

NEXESS may process technical and security-related data necessary to operate, maintain, and secure its services, including:

  • system logs;
  • application logs;
  • audit logs;
  • diagnostic information;
  • security events;
  • device and terminal information;
  • support and troubleshooting information.

6. Role of NEXESS: Website vs. NexCap

6.1 Website Data

For personal data collected through the NEXESS website, NEXESS acts as the Data Controller. This means NEXESS determines the purposes and means of the processing.

6.2 Customer Data Processed Through NexCap

For Customer Data processed through NexCap and other NEXESS solutions, NEXESS generally acts as a Data Processor, while the customer remains the Data Controller.

The customer determines the purposes, categories of data, authorized users, access permissions, retention rules, and lawful basis for processing Customer Data within NexCap.

NEXESS processes Customer Data only in accordance with the customer’s documented instructions, applicable contractual terms, and applicable data protection laws.

7. Purposes of Processing

We process personal data for the following purposes:

  • responding to inquiries and contact requests;
  • organizing product demonstrations;
  • managing customer and prospect relationships;
  • providing, operating, and maintaining our services;
  • delivering technical support;
  • securing our systems and services;
  • detecting, preventing, and investigating fraud, abuse, or security incidents;
  • improving our products, services, and website;
  • managing recruitment processes;
  • sending relevant business communications;
  • complying with legal, regulatory, and contractual obligations.

8. Legal Bases for Processing

Where GDPR or similar laws apply, we rely on one or more of the following legal bases:

Processing Purpose Legal Basis
Responding to inquiries Legitimate interest
Demo requests and sales communications Legitimate interest or consent, where required
Customer contract management Performance of a contract
Service delivery and support Performance of a contract
Security monitoring and incident prevention Legitimate interest
Recruitment Pre-contractual measures or legitimate interest
Compliance with legal obligations Legal obligation
Cookies and analytics Consent, where required

9. Disclosure of Personal Data

We may disclose personal data to:

  • authorized NEXESS personnel;
  • technical service providers;
  • hosting and cloud infrastructure providers;
  • analytics providers;
  • support and maintenance providers;
  • security and monitoring providers;
  • professional advisors, where necessary;
  • public authorities or regulators, where required by law.

NEXESS does not sell personal data.

10. Hosting and International Data Transfers

Personal data is hosted on secure infrastructure, primarily located within the European Union.

Where international transfers are necessary, NEXESS implements appropriate safeguards as required by applicable data protection laws. These safeguards may include:

  • Standard Contractual Clauses approved by the European Commission;
  • recognized adequacy mechanisms;
  • contractual, organizational, and technical measures designed to protect personal data.

11. Data Retention

NEXESS retains personal data only for as long as necessary for the purposes described in this Privacy Notice, unless a longer retention period is required by law, contract, or legitimate business needs.

Data Category Retention Period
Website contact requests Up to 3 years after the last interaction
Prospect data Up to 3 years after the last business contact
Recruitment data Up to 2 years after the last contact, unless otherwise required or authorized
Customer contract data Duration of the contract plus applicable legal retention periods
Security logs Up to 12 months, unless longer retention is required for security or legal purposes
Audit logs As required by contract, security, or compliance obligations
Customer Data in NexCap According to customer configuration, contractual terms, and documented instructions

12. Security Safeguards

NEXESS implements administrative, technical, and organizational safeguards designed to protect personal data against unauthorized access, disclosure, alteration, loss, misuse, or destruction.

These safeguards may include:

  • role-based access control;
  • least-privilege access principles;
  • user authentication mechanisms;
  • access reviews;
  • logging and monitoring;
  • encryption of communications;
  • backup and recovery procedures;
  • vulnerability management;
  • security patch management;
  • incident response procedures;
  • business continuity and disaster recovery planning;
  • security awareness practices for authorized personnel.

These controls are designed to support confidentiality, availability, and processing integrity objectives consistent with recognized security frameworks, including SOC 2.

13. Incident Response and Breach Notification

NEXESS maintains procedures to identify, assess, respond to, and remediate security incidents.

Where a personal data breach is likely to result in a risk to the rights and freedoms of individuals, NEXESS will notify the relevant parties and/or supervisory authorities as required by applicable law.

For Customer Data processed through NexCap, NEXESS will notify the affected customer in accordance with applicable contractual commitments and legal requirements.

14. Subprocessors and Service Providers

NEXESS may use carefully selected service providers and subprocessors to support the delivery, operation, hosting, monitoring, support, and security of its services.

Such providers are required to process personal data only in accordance with NEXESS instructions and to implement appropriate confidentiality, security, and data protection measures.

15. Confidentiality of Customer Data

NEXESS treats Customer Data processed through NexCap and related services as confidential.

Access to Customer Data is restricted to authorized personnel and only where necessary to:

  • provide the services;
  • perform maintenance or support;
  • investigate and resolve technical issues;
  • protect the security and integrity of the services;
  • comply with legal or contractual obligations.

16. Cookies and Similar Technologies

The NEXESS website uses cookies and similar technologies to operate the website, improve user experience, measure audience, and, where applicable, support marketing activities.

Non-essential cookies are used only where permitted by applicable law and, where required, subject to user consent.

Additional information is available in our Cookie Policy.

17. Your Privacy Rights

Depending on your location and applicable law, you may have the right to:

  • access your personal data;
  • request correction of inaccurate or incomplete data;
  • request deletion of your personal data;
  • object to certain processing activities;
  • request restriction of processing;
  • request portability of your personal data;
  • withdraw consent where processing is based on consent;
  • lodge a complaint with a supervisory authority.

To exercise your rights, please contact us at:
[email protected]

We may request additional information to verify your identity before responding to your request.

18. Supervisory Authority

If you are located in the European Union and believe that your data protection rights have not been respected, you may contact the French Data Protection Authority:

Commission Nationale de l’Informatique et des Libertés (CNIL)
3 Place de Fontenoy
TSA 80715
75334 Paris Cedex 07
France

19. Changes to this Privacy Notice

NEXESS may update this Privacy Notice from time to time to reflect changes in our services, technologies, legal obligations, or privacy practices.

The most current version will always be available on our website.

20. Contact Us

For privacy-related questions:
[email protected]

For security-related questions:
[email protected]

For general inquiries:
[email protected]