Privacy Policy
How we collect, use, and protect your personal data.
1. Introduction
NexusRMS Limited (Company No. 16170889) ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our rental management platform ("the Service").
We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Data Controller
NexusRMS Limited is the data controller for the personal data we process. For data you upload to the Service (such as your clients' information), you are the data controller and we act as a data processor on your behalf.
Contact: [email protected]
3. Personal Data We Collect
3.1 Account Information
- Name, email address, phone number
- Company name and business address
- Job title and role
- Password (stored in encrypted form)
3.2 Billing Information
- Payment card details (processed by Stripe)
- Billing address
- VAT/tax registration numbers
3.3 Usage Data
- IP address and device information
- Browser type and version
- Pages visited and features used
- Time and date of access
- Error logs and crash reports
3.4 Customer Data
Data you upload to the Service, including client records, equipment details, project information, invoices, and crew details. You are the data controller for this data.
4. How We Use Your Data
| Purpose | Legal Basis |
|---|---|
| Provide and maintain the Service | Contract performance |
| Process payments | Contract performance |
| Send service notifications | Contract performance |
| Respond to support requests | Contract performance |
| Improve our Service | Legitimate interest |
| Send marketing communications | Consent |
| Comply with legal obligations | Legal obligation |
5. Data Sharing
We may share your personal data with:
- Service providers: Third parties who help us operate our Service (see our Subprocessor List)
- Payment processors: Stripe for payment processing
- Legal authorities: When required by law or to protect our rights
- Business transfers: In connection with a merger, acquisition, or sale of assets
We do not sell your personal data to third parties.
6. International Transfers
Your data may be transferred to and processed in countries outside the UK. When we transfer data internationally, we use appropriate safeguards such as Standard Contractual Clauses approved by the UK Government.
7. Data Retention
We retain your personal data for as long as:
- Your account remains active
- Necessary to provide our Service
- Required by law (e.g., financial records for 7 years)
- Needed to resolve disputes or enforce our agreements
Upon account termination, we retain your data for 30 days to allow export, after which it is permanently deleted from our systems.
8. Your Rights
Under UK GDPR, you have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Restriction: Limit how we process your data
- Portability: Receive your data in a machine-readable format
- Objection: Object to certain processing activities
- Withdraw consent: Where processing is based on consent
To exercise these rights, contact us at [email protected]. We will respond within one month.
9. Security
We implement appropriate technical and organizational measures to protect your data, including:
- Encryption of data in transit (TLS 1.3) and at rest (AES-256)
- Multi-factor authentication
- Regular security audits and penetration testing
- Access controls and audit logging
- Employee security training
10. Cookies
We use cookies and similar technologies to enhance your experience. For detailed information, please see our Cookie Policy.
11. Children's Privacy
Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last Updated" date at the top indicates when the policy was last revised.
13. Contact & Complaints
For privacy-related inquiries or to exercise your rights, contact our Data Protection Officer:
- Email: [email protected]
- Address: NexusRMS Limited (Company No. 16170889), The Gables, Westhope, Hereford, Herefordshire, HR4 8BL, United Kingdom
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
Questions about this document?
If you have any questions about this Privacy Policy, please contact us at [email protected]