This GDPR Statement should be read in-conjunction with the Nxgen Privacy Policy , and this GDPR Statement applies to all EU Data Subjects (as defined below) in respect of any of their “Personal Data” (as defined in the GDPR).
For the purposes of this GDPR Statement:
EU Data Subject – means any living individual residing in an European Union Member State, and the United Kingdom;
GDPR – means Regulation (EU) 2016/679 of the European Parliament and Council, and all applicable data protection and privacy laws and regulations in any EU Member State, the European Economic Area, and the United Kingdom under the UK GDPR.
Generally, Nxgen does not seek to directly collect or act as a “Controller” (as defined in the GDPR) of Personal Data of EU Data Subjects but may from time-to-time act as a “Processor” (as defined in the GDPR) – usually under the direction of a customer, supplier or business partner, and under a specific agreement with them.
It is possible however that Nxgen may collect Personal Data if an EU Data Subject directly contacts Nxgen (for example, in relation to potential employment or business opportunities), interacts with the Nxgen website, portals or online forums, or otherwise shares Personal Data with Nxgen.
In the event of a data breach involving Personal Data, Nxgen is committed to notifying affected individuals and the relevant supervisory authorities in accordance with Articles 33 and 34 of GDPR.
Where Nxgen does collect, use, store or transfers Personal Data, it uses that Personal Data to manage its relationship with its customers, suppliers, contractors, employment candidates, employees, business partners and other third parties (“covered individuals”) and better serve covered individuals by personalising their experience and interaction with Nxgen. Such processing is done in compliance with applicable laws and agreements, including appropriate notice and consent.
The legal bases for processing Personal Data may include consent, performance of a contract, compliance with a legal obligation, protection of vital interests, performance of a task in the public interest, or legitimate interests pursued by Nxgen or a third party.
Where Nxgen is a Controller or Processor of Personal Data of EU Data Subjects, then those individuals (i.e. you) have a right to:
Object to any processing of your Personal Data, if you believe your fundamental rights and freedoms outweigh our basis for collecting, storing or processing your Personal Data. You can also request that we change the manner in which we contact you for marketing purposes or you can remove yourself from our marketing lists.
There may be instances where we cannot fully comply with your request due to legal obligations, confidentiality requirements, or other justified reasons, for example if it would impact the duty of confidentiality we owe to others, or if we are legally required to retain Personal Data, or we are entitled to deal with the request in a different way.
Nxgen retains Personal Data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal, regulatory, or contractual obligations.
EU Data Subjects also have the right to lodge a complaint with the relevant supervisory authority if they believe Nxgen has not complied with GDPR in handling their Personal Data.
If you wish to access, correct, update, restrict, or delete Personal Data that we hold about you, please write to us, using the contact details set out in our Privacy Policy. One of our Nxgen Privacy Officers will assist you.
Personal Data of EU Data Subjects will only be transferred outside the EEA or the UK where appropriate safeguards are in place to protect the rights and freedoms of the data subjects. Nxgen uses mechanisms such as EU Standard Contractual Clauses and implements supplementary measures as necessary, ensuring compliance with GDPR. Nxgen is committed to reviewing its data transfer arrangements regularly to maintain compliance with the latest legal requirements, including decisions such as Schrems II.
Nxgen does not knowingly collect information from individuals under the age of 16, unless permitted by applicable laws of an EU Member State or the UK. Where required, consent from a parent or guardian will be sought before collecting Personal Data from minors.
If we make material changes to this GDPR Statement, we will notify you via a banner on our homepage, through direct email communication for registered users, or by other appropriate means.
This GDPR Statement is available in accessible formats upon request to accommodate individuals with disabilities.
Any questions or complaints concerning this GDPR Statement or in relation to any Personal Data can be raised with a Nxgen Privacy Officer at the contact details set out in our Privacy Policy.
For inquiries or complaints, please contact our Privacy Officer at privacy@nxgen.co.nz, our dedicated Privacy Team will address inquiries or complaints raised.
Last review: Nov 2024
