Privacy Policy
Effective date: 17 May 2026 · Last updated: 17 May 2026
This Privacy Policy explains how Neximos s.r.o.("Neximos", "we", "us", or "our") collects, uses, stores, and protects your personal data when you visit our website or use our services. We are committed to protecting your privacy and processing your personal data in full compliance with the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and applicable Slovak data protection law.
1. Data Controller
The data controller responsible for your personal data is:
2. What Personal Data We Collect
We collect personal data only when you actively provide it to us, specifically when you submit a Request for Quote (RFQ) through our website. The categories of data we collect are:
| Data Category | Examples | Required? |
|---|---|---|
| Identity data | Full name, company name | Yes (name required) |
| Contact data | Email address, phone number | Yes |
| Location data | Country, city, postal address | Country required |
| Project data | Project description, quantities, materials | No (voluntary) |
| Technical files | CAD files, drawings, PDFs, images | At least one required |
| Usage data | IP address, browser type, pages visited | Automatic / analytics |
3. Purposes of Processing and Legal Basis
We process your personal data for the following purposes and rely on the legal bases as defined in Article 6 GDPR:
✓Processing your RFQ and preparing a CNC machining quote
Legal basis: Performance of a contract or pre-contractual steps (Art. 6(1)(b) GDPR)
✓Communicating with you about your quote request
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR)
✓Notifying our team of your submission via email
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) — internal operations
✓Complying with legal and accounting obligations
Legal basis: Legal obligation (Art. 6(1)(c) GDPR)
✓Website analytics and improving our services
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) — business improvement
✓Sending service-related communications (e.g., quote status updates)
Legal basis: Consent (Art. 6(1)(a) GDPR) where explicitly given
4. Data Retention
We retain your personal data only for as long as necessary to fulfil the purpose for which it was collected, subject to applicable legal requirements:
- RFQ submissions and contact data: Retained for 3 years from the date of submission, or until you request deletion, whichever comes first.
- Uploaded technical files: Retained for 3 years or until your project is completed and confirmed closed.
- Accounting and invoicing records: Retained for 10 years as required by Slovak accounting law (Act No. 431/2002 Coll.).
- Website analytics data: Aggregated / anonymised data retained indefinitely; individual data retained for up to 26 months.
5. Data Sharing and Recipients
We do not sell your personal data. We may share it with the following categories of recipients, strictly as necessary:
Supabase Inc. (USA)
Cloud database and file storage provider
Basis: Standard Contractual Clauses (SCCs) under Art. 46 GDPR. Supabase is SOC 2 Type 2 certified.
Resend Inc. (USA)
Transactional email delivery
Basis: Standard Contractual Clauses (SCCs) under Art. 46 GDPR.
Neximos manufacturing partners (Slovakia / EU)
CNC machining suppliers who prepare your quote
Basis: Performance of contract. Only project-relevant technical files and specifications are shared — never full personal contact details without necessity.
Legal / regulatory authorities
Tax, accounting, or law enforcement authorities
Basis: Legal obligation (Art. 6(1)(c) GDPR).
6. International Data Transfers
Some of our service providers (Supabase, Resend) are located in the United States. When transferring personal data outside the European Economic Area (EEA), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission under Article 46(2)(c) GDPR to ensure an adequate level of data protection. We have conducted transfer impact assessments where required.
7. Your Rights Under GDPR
As a data subject under the GDPR, you have the following rights. You may exercise any of these rights at any time by contacting us at info@neximos.com. We will respond within 30 days.
Right of Access (Art. 15)
Request a copy of the personal data we hold about you.
Right to Rectification (Art. 16)
Request correction of inaccurate or incomplete data.
Right to Erasure (Art. 17)
Request deletion of your data ('right to be forgotten').
Right to Restriction (Art. 18)
Request that we restrict processing of your data.
Right to Data Portability (Art. 20)
Receive your data in a structured, machine-readable format.
Right to Object (Art. 21)
Object to processing based on legitimate interests or direct marketing.
Right to Withdraw Consent (Art. 7(3))
Withdraw consent at any time where processing is consent-based.
Right to Lodge a Complaint
File a complaint with the Slovak Data Protection Authority (ÚOOÚ SR) at dataprotection.gov.sk.
8. Data Security
We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access (Article 32 GDPR). These measures include:
- Encryption of data in transit (HTTPS/TLS 1.3)
- Encryption of data at rest in Supabase Storage (AES-256)
- Access to uploaded files restricted via Supabase Row Level Security (RLS)
- Server-side API routes using service role keys — never exposed to browsers
- Regular security reviews and dependency audits
- Minimal data collection principle — we only collect what is necessary
9. Cookies and Tracking Technologies
Our website uses cookies and similar technologies to improve performance, analyze traffic, and ensure security. We only use cookies in the following categories:
Strictly Necessary Cookies
These cookies are essential for our website to function (such as managing your cookie consent preferences and secure sessions). They cannot be disabled.
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Analytics Cookies (Google Analytics 4)
We use Google Analytics 4 (GA4), a web analysis service provided by Google LLC, to measure and analyze how users interact with our website (e.g., page views, session duration, and RFQ funnel interactions). GA4 stores cookies (such as _ga and _ga_*) on your device.
Consent-based tracking:These cookies are disabled by default. They are only loaded and activated if you explicitly grant consent by clicking "Accept All" on our Cookie Consent Banner. You can withdraw or modify your consent at any time by clearing your browser cookies or cache, which will reprompt the banner.
Legal basis: Consent (Art. 6(1)(a) GDPR)
10. Children's Privacy
Our services are intended for business users only and are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will indicate the effective date at the top of this page. For material changes, we will take reasonable steps to notify you (e.g., via email if you are an existing customer). Your continued use of our services after the effective date constitutes acceptance of the updated policy.
12. Contact & Data Protection Enquiries
If you have any questions about this Privacy Policy, wish to exercise your data subject rights, or have a concern about how we handle your personal data, please contact us:
Data Controller: Neximos s.r.o.
Email: info@neximos.com
You also have the right to lodge a complaint with the supervisory authority in your EU member state. In Slovakia, this is the Úrad na ochranu osobných údajov SR (ÚOOÚ SR).