Nexera Technologies

Legal

Privacy Policy

Last updated: 9 May 2026

Nexera Technologies SL (“Nexera Technologies”, “we”, “us”) is committed to protecting the personal data of visitors, prospects, partners and clients. This Privacy Policy describes what data we collect through nexeraone.com, the legal basis for processing, how we use it and the rights you have under the EU General Data Protection Regulation (GDPR — Regulation (EU) 2016/679) and the Spanish Organic Law 3/2018 on Personal Data Protection (LOPDGDD).

1. Data controller

Nexera Technologies SL — NIF B27607621
Calle Impresores 20, 28660 Boadilla del Monte, Madrid, Spain
Email: kiril.emilov@esgfis.com
Phone: +34 608 916 728

2. Data we collect

Information you provide

  • Contact form: name, email address, organisation (optional) and the content of your message.
  • Direct correspondence: any information you share by email, phone or LinkedIn.

Technical information

  • IP address, user agent, device type, referrer and pages visited, collected through standard server logs for security and operational purposes.

3. Purposes and legal basis

  • Responding to inquiries — performance of pre-contractual measures at your request (Art. 6(1)(b) GDPR).
  • Managing institutional and commercial relationships — legitimate interest in operating our business (Art. 6(1)(f) GDPR).
  • Legal and regulatory compliance — compliance with legal obligations (Art. 6(1)(c) GDPR).
  • Site security and abuse prevention — legitimate interest in maintaining the integrity of our services (Art. 6(1)(f) GDPR).

4. Retention

Contact-form submissions and related correspondence are retained for as long as the relationship is active and, after that, for the period required by applicable commercial, tax and civil-liability laws (up to 6 years under Spanish commercial law). Server logs are retained for a maximum of 12 months unless required for incident investigation.

5. Recipients and processors

We rely on a limited number of carefully selected service providers acting as data processors under written agreements compliant with Article 28 GDPR:

  • Cloud hosting and application infrastructure providers (EU/EEA).
  • Transactional email delivery infrastructure used to send and confirm messages submitted through this site.

We do not sell personal data and we do not share it with third parties for their own marketing purposes.

6. International transfers

Where a processor is located outside the EEA, transfers are protected by the European Commission’s Standard Contractual Clauses (SCCs) and any additional safeguards required after the Schrems II ruling.

7. Your rights

Under the GDPR you may exercise the rights of access, rectification, erasure, restriction, portability and objection, as well as the right not to be subject to solely automated decisions. To exercise any of these rights, contact us at kiril.emilov@esgfis.com. You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD — aepd.es).

8. Security

We apply technical and organisational measures appropriate to the risk, including encryption in transit (TLS), access control, least-privilege permissions, and continuous monitoring of our infrastructure.

9. Changes to this policy

We may update this Privacy Policy to reflect operational, legal or regulatory changes. The “Last updated” date above indicates the most recent revision.