Privacy policy

Last updated: 19 May 2026

1. Data controller

The controller of the personal data collected through this site is:

• NEXO Cognitive S.L. — Tax ID B-88728589
• Address: Avda. Edelmira Alfonso Alfonso, 1, 38628 Aldea Blanca — San Miguel de Abona, Santa Cruz de Tenerife, Canary Islands, Spain
• Contact email: info@nexocoop.com
• Registered with the Mercantile Registry of Santa Cruz de Tenerife, Sheet TF-77388, 1st entry dated 28 May 2026 (electronic folio; IRUS 1000474615151, EUID ES38013.000549445).

As this is a low-risk processing activity (contact form without special categories of data, no profiling, no large-scale processing), the appointment of a Data Protection Officer is not mandatory under Article 37 GDPR. Any privacy matter may be addressed to the email above.

2. Data we process and purposes

We process only the data you voluntarily provide and the minimum technical data resulting from your visit:

• Contact form data: name, email, phone and message content. Purpose: respond to your sales or support request and, where applicable, initiate a contractual relationship.
• Technical usage data (only with consent): aggregate browsing metrics through Google Analytics 4 with anonymised IP. Purpose: internal site usage statistics.
• Form security data: reCAPTCHA Enterprise token to prevent automated submissions. Purpose: anti-fraud protection.

3. Legal basis (per purpose)

• Handling your sales or support request: performance of pre-contractual measures at the data subject's request (Art. 6.1.b GDPR).
• Entering into or executing a subsequent contractual relationship: performance of a contract (Art. 6.1.b GDPR).
• Web analytics via Google Analytics 4: your explicit consent (Art. 6.1.a GDPR; Art. 22 LSSI-CE).
• Anti-fraud protection of the form (reCAPTCHA): legitimate interest of the controller in service integrity (Art. 6.1.f GDPR).
• Compliance with legal obligations (tax, accounting, commercial): Art. 6.1.c GDPR.

4. Retention periods

• Contact requests not followed by a contract (leads): 2 years from the last contact, unless you request earlier deletion.
• Customer data with an active contractual relationship: for the duration of the contract and, once terminated, the legal retention periods that apply.
• Tax obligations: 4 years under Article 66 of the Spanish General Tax Act.
• Accounting and commercial documentation: 6 years under Article 30 of the Spanish Commercial Code.
• Aggregate Google Analytics 4 metrics: maximum 14 months as configured by the controller.

5. Processors and providers

To deliver the service we rely on the following processors, all of them bound by a processing agreement under Article 28 GDPR:

• Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) — static site hosting (Firebase Hosting), corporate email (Google Workspace), web analytics (Google Analytics 4) and anti-fraud protection (reCAPTCHA Enterprise).
• Stripe Payments Europe Limited (1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) — payment processing where applicable. Stripe acts as an independent controller for the payment data it collects directly under PCI-DSS rules.

6. International data transfers

Some of the above providers may involve international transfers to Google and Stripe group entities located in the United States. These transfers rely on the following layered safeguards, in this order:

• Primary framework — EU-US Data Privacy Framework (DPF): Google LLC and Stripe Inc. are certified under the DPF issued by the U.S. Department of Commerce, which constitutes a valid adequacy decision under Article 45 GDPR.
• Subsidiary safeguard — EU Standard Contractual Clauses (SCCs): as a complementary measure, the processing agreements incorporate the Standard Contractual Clauses approved by the European Commission (Decision 2021/914) together with additional technical measures (encryption in transit and at rest, IP anonymisation, access controls).

7. Your rights

As a data subject you may exercise the following rights before NEXO Cognitive S.L.:

• Access, rectification, erasure and portability of your data.
• Objection and restriction of processing.
• Withdrawal of consent at any time, without affecting the lawfulness of previous processing.

To exercise any right, write to info@nexocoop.com stating the right exercised and attaching a copy of an ID document where necessary to verify your identity. We will reply within one month of receipt, extendable by up to two further months in cases of particular complexity, pursuant to Article 12.3 GDPR.

If you consider that the processing does not comply with the regulation, you may file a complaint with the supervisory authority:

Spanish Data Protection Agency (AEPD)
C/ Jorge Juan, 6, 28001 Madrid, Spain
Phone: +34 901 100 099 / +34 912 663 517
Electronic Office: sedeagpd.gob.es · Web: www.aepd.es

8. Automated decisions and profiling

NEXO Cognitive S.L. does not make automated decisions, with neither legal nor significant effects, regarding visitors to this site, and does not profile data subjects on the basis of data collected via the contact form or web analytics.

9. Minors

This site is aimed at professionals and businesses. We do not knowingly collect personal data from minors under 14. If you believe a minor has provided data through this site, please write to info@nexocoop.com so it can be deleted immediately.

10. Security measures (accountability)

In accordance with the accountability principle of Article 5.2 GDPR, NEXO Cognitive S.L. applies the appropriate technical and organisational measures to ensure a level of security adequate to the risk, including HTTPS encryption in transit, encryption at rest in the hosting provider's infrastructure, least-privilege access controls, a record of processing activities and periodic risk assessments.

11. Updates

This policy may be updated to reflect regulatory, operational or technological changes. The date of the last revision appears at the top of the document. We recommend you review it periodically.