Platform
  • Welcome to the Nexudus Platform
  • Planning your Nexudus set-up
  • Training
    • Training modules
      • Introductory Session I
      • Introductory Session II
      • Inventory
      • Operations I
      • Operations II
      • Billing
      • CRM
      • Bookings (Set-up)
      • Bookings (Operations)
      • Contracts
      • Community
      • Billing Reports
      • KPI Reports
      • Integrations
        • PaperCut
        • Salto KS
    • Webinars
    • Training Module Videos
    • AMA (Ask Me Anything)
  • The Basics
    • Dashboard Home
    • CRM module
    • Community module
    • Operations module
    • Finance module
    • Inventory module
    • Settings module
    • Networks
  • Day-to-day
    • Inventory
      • Products
        • What is a product?
        • Recurrent products
        • Adding a product
        • Product details
        • Product benefits
        • Product advanced options
        • Deleting or archiving a product
      • Managing Plans
        • What is a plan?
        • Managing plans
        • Adding a plan
        • Plan details
        • Plan price
        • Plan benefits
          • Assigning credit to a plan
        • Plan limits
        • Plan deposits
        • Deleting or archiving a plan
        • Prorating a plan
        • Plan legal terms and conditions
        • Plan discounts
        • Plan components
      • Passes
        • What are passes?
        • Type of passes
        • Adding a pass
        • Editing a pass
        • Customers with multiple passes
        • Pay As You Go passes
      • Resources
        • What is a resource?
        • Adding a resource
        • Resource details
        • Resource features
        • Resource prices
        • Resource rules
        • Resource access rules
        • Linking resources to each other
        • Resource products
        • Deleting or archiving a resource
        • Displaying resources in NexBoard
        • Using resource types to group related resources
      • Floor plans, offices and desks
        • Managing floor plans, offices and desks
        • Adding or editing a floor plan
        • Adding or editing an office or desk
        • Associating a contract with a desk
        • Linking an office or desk to a member or contact
    • Operations
      • Members & Contacts
        • About customers
        • Signing up a member
        • Signing up a contact
        • Viewing different types of customers
        • Editing a member
        • Editing a contact
        • Allowing access to the customer portal
        • Suspending members and contacts
        • Deleting a member or contact
      • Teams and groups
        • About teams
        • Adding a team
        • Editing a team
        • Teams and invoicing
        • Setting up a team profile on the website
      • Visitors
        • Managing visitors
        • Viewing the visitor list
        • Visitor Terms and Conditions
        • Checking in visitors
        • Adding visitors to a booking
        • Adding visitors directly in the members portal or administrator panel
      • Check-in
        • About checking in
        • Viewing who's in right now
        • Checking in manually
        • Checking in using Wi-Fi
        • Checking in by using NexIO
        • Checking in by using RFID readers and cards
        • Enabling access control integration
        • Enabling Pay As You Go
      • Deliveries
        • About deliveries
        • Viewing deliveries in the member portal
        • Receiving a mail delivery
        • Notifying a team when a delivery arrives
    • Finance
      • Managing Invoices
        • Invoices
        • Automatically creating invoices
        • Manually creating an invoice
        • How to invoice a customer for specific products, bookings, charges or event tickets.
        • Issuing refunds
        • Partial refunds
        • Cancelling an invoice
        • Editing invoices
        • Viewing invoices
        • Deleting invoice lines
        • Deleting invoices
      • Customer Balances
        • Viewing a customer balance
        • Editing a balance, adding/deleting payments
        • Exporting a balance
      • Payments
        • Managing Payments
        • Payment types
        • Manual payments
        • Online payments
        • Credit
      • Taxes
        • About tax rates
        • Using different tax rates
        • Tax rate settings
      • Accounts
        • About accounts
        • Adding and editing accounts
        • Linking plans, resource prices, passes and products to accounts
        • Viewing accounts in reports
        • Finding an invoice line without an account and how to fix it
      • Contracts
        • About contracts
        • Adding a contract
        • Editing a contract
        • Contracts and billing cycles
        • Cancelling a contract
        • Prorating a contract
        • Setting a main contract for a member
        • Setting multiple contracts for a member
        • Contracts and proposals
        • Digital signatures on contracts
        • Contracts: the most common scenarios
      • Discounts
    • Sales
      • Selling Products
        • About selling products
        • Managing products from the dashboard
        • Including a product in a plan
        • Selling a product directly to a member or contact
        • Buying products from the members portal
      • Bookings
        • About bookings
        • Making a booking
        • Editing a booking
        • Setting up a repeat booking
        • Cancelling a booking
        • The difference between invoicing and charging a booking
        • Invoicing bookings
        • Assigning credit for bookings
        • Defining booking notifications
        • Bookings and integrations
    • CRM
      • Managing CRM
        • About CRM
        • Viewing a CRM board
        • Configuring a CRM board
        • Automating a CRM board
        • Adding an opportunity
        • Boards and processes
        • Reminders
        • Managing message macros
        • Sending message macros from a member/contact account
        • Managing email accounts
        • Tasks and task lists
          • Managing tasks
          • Managing task lists
        • CRM boards and task lists
        • Custom fields
        • Using custom fields for directory filtering
        • Document templates
          • Merge Fields
        • Generating documents from templates
      • Proposals
        • About proposals
        • Adding and sending a new proposal
        • Understanding Proposal Documents
        • Creating multi-contract proposals
        • Adding products to a proposal
      • Sign up Form Customization
    • Community
      • Managing Surveys
        • About surveys
        • Adding a survey
        • Viewing a survey
        • Editing a survey
        • Managing survey questions
          • Types of survey questions
          • Adding a survey question
          • Editing a survey question
          • Deleting a survey question
        • Viewing survey results
      • Managing Events
        • About events
        • Viewing events
        • Adding an event
        • Editing an event
        • Recurring events
        • Grouping events with categories
        • Cancelling an event
        • Selling event tickets
        • Checking in event attendees
      • Managing News Articles
        • About News Articles
        • Creating and managing news articles
        • Managing article categories
        • Moderating article comments
      • Managing Community Boards
        • About the Community Board
        • Viewing a community board
        • Community board elements
        • Managing conversations
        • Managing messages in conversations
        • Managing groups on the community board
      • Managing Newsletters
        • About Newsletters
        • Adding a newsletter
        • Sending a newsletter
        • Subscribers
          • About subscribers
          • Managing subscribers
          • Managing subscriber lists
          • Nexudus and Mailchimp
      • Help Desk
  • Settings
    • General Settings
      • Name & Logo
      • Contact & Location Details
      • Timezone
    • Billing and Accounting
      • Invoice Details
      • Notifications
      • Contents
      • Formatting
      • Locked Period
      • Tax
      • Accounts
    • Payments
      • Setting up automatic payments
      • Payment currency
      • Default payment method
      • Configuring payment gateways
        • PayPal
        • GoCardless
        • Stripe ACH
        • Forte ACH
        • Authorize.net
          • Setting up Forte ACH
        • Quickbooks (Payments)
      • Supported payment service providers
      • Making a Test Payment
      • Strong Customer Authentication
    • Website
      • Website Settings
      • General
      • Setting up your own domain on Nexudus
        • Configuring your own domain in Nexudus
        • Configuring your DNS settings
        • DNS Settings: Configuring your Cloudflare Account
      • Enabling and disabling website sections
      • Configuring access rights
      • Adding contact details
      • Viewing translations for website terms
      • Adding and editing language tokens
      • Adding a custom page
      • Editing your website templates
        • Editing common files
        • Dropbox
      • Integrating services with your website
    • Website modules
      • Customising your website
    • Bookings/Reservations
    • Check-in System
      • General
      • Pay As You Go (PAYG) settings
    • Integrations
      • About integrations
      • Access Control
        • Salto - Clay
        • Kisi
        • Brivo
      • Accounting
        • Quickbooks Online
          • Quickbooks: Cancelled and Refunded Invoices
        • Xero
        • Moloni
      • Printing
        • Managing printers in your space
          • Printers: Ezeep
            • Installing Ezeep
            • Setting up your Ezeep account
          • Printers: Papercut
      • Video Conferencing
        • Zoom
          • Zoom for Events
          • Zoom for Meeting Rooms
          • Zoom for Bookings
          • Zoom for Community Board Messages
        • Jitsi
          • Managing Virtual Rooms
      • WiFi-based check-in
        • About WiFi-based check-in
        • Setting up WiFi-based check-in using MikroTik
        • Setting up WiFi-based check-in using RADIUS servers
          • WiFi-based check-in: Aruba virtual controller
          • WiFi-based check-in: Cisco Meraki
          • WiFi-based check-in: Cisco WLC
          • WiFi-based check-in: Ruckus Cloud
          • WiFi-based check-in: SonicWall
          • WiFi-based check-in: Ubiquiti UniFi
      • Other Integrations
        • Square
        • Setting up Zapier
          • Sample Connection with Zapier: Mailchimp
          • Advanced Options with Zapier
        • Envoy
        • Space Dashboard
        • Calendar Integration
          • Calendar integration: Google (one-way)
          • Calendar integration: Google (two-way)
          • Calendar integration: Outlook (one-way)
        • Google BigQuery
        • Configuring reCAPTCHA
        • Configuring Google Maps
        • Google Analytics
      • Validation Rules
      • Webhooks
    • Imports
    • Notifications
    • Defining Email Templates
    • Email Server
    • Email Queue
    • Users
      • Managing Users
      • Managing standard and admin users
    • Security
      • Users and security
      • Security considerations
      • About user roles
      • Adding and assigning a role
      • Example user roles
    • How to access the Nexudus Spaces API
  • Bookmarks
  • Reports
    • About reports
    • Viewing reports
    • KPI reports
    • Occupancy reports
    • Checkins reports
    • Bookings reports
    • Events reports
    • Passes reports
    • Visitors reports
    • Desks reports
    • MRM reports
    • Members & Contacts reports
    • Survey reports
    • Tasks reports
    • Products (invoiced) reports
    • Finance reports
    • Deferred Revenue Reports
    • Deposits reports
    • Debtors reports
    • Invoicing reports
    • Revenue reports
    • Revenue Exchange reports
  • Website
    • Managing Your Website
    • Website directory
    • About the Member Portal
      • Your account
      • My Team
      • Managing payments
      • Your bookings
      • Changing to a different plan
      • Checking available credit
      • Buying additional products
  • FAQ
    • Untitled
    • FAQ: Nexudus subscription
    • FAQ: Account settings
    • FAQ: CRM
      • FAQ: How to customize the sign-up form
    • FAQ: Community
      • FAQ: Events
      • FAQ: Newsletters
      • FAQ: Message Boards
    • FAQ: Operations
      • FAQ: Members, contacts and users
      • FAQ: Bookings
    • FAQ: Finance
      • FAQ: Discounts
      • FAQ: Invoicing
      • FAQ: Currency
      • FAQ: Contracts
      • FAQ: Taxes
    • FAQ: Inventory
      • FAQ: Plans
      • FAQ: Products
      • FAQ: Passes and check-in
      • FAQ: Resources
      • FAQ: Floor plans, desks and offices
    • FAQ: Settings
      • FAQ: General settings
      • FAQ: Online payments and payment gateways
        • FAQ: Migrating from Quickbook Merchant Services (QBMS) to Quickbooks payments
      • FAQ: Users and User Roles
      • FAQ: Notifications
      • FAQ: Integrations
      • FAQ: Networked accounts
    • FAQ: Reports
    • FAQ: Members Portal
    • How to setup an iTunes Development Account for the Passport (White-label Mobile App)
  • What's New?
  • Privacy Policy
  • Terms and Conditions
  • GDPR and Nexudus
    • Data Processing Agreement
  • Reseller Partners Program
    • Managing your Reseller Account
    • Managing Customers
    • Reseller Agreement
  • Contact Us
  • Apps
    • Passport by Nexudus
      • iBeacon setup for Passport app
    • NexBoard
    • NexDelivery
    • NexEvents
    • NexIO
    • NexClicker
    • Companion Apps
  • Third Party Apps
    • Square (ePOS)
      • Before you start
      • Square ePOS App
Powered by GitBook
On this page
  • WHEREAS
  • Definitions and Interpretation
  • Processing of Customer Personal Data
  • Processor Personnel
  • Security
  • Subprocessing
  • Data Subject Rights
  • Personal Data Breach
  • Data Protection Impact Assessment and Prior Consultation
  • Deletion or return of Customer Personal Data
  • Data Transfer
  • General Terms
  • Governing Law and Jurisdiction
  • Schedule 2: Data Processing and Security

Was this helpful?

  1. GDPR and Nexudus

Data Processing Agreement

This Data Processing Agreement ("Agreement") forms part of the Terms and Conditions or other written or electronic agreement for Services between Nexudus Limited ("The Provider") and the “Customer” that wishes to be granted access to Nexudus Services ("The Platform") and to receive the Support Services according to the general Terms and Conditions of the Platform ("Principal Agreement").

WHEREAS

(A) The Customer acts as a Data Controller.

(B) The Customer wishes to be granted access to Nexudus Services ("The Platform") and to receive the Support Services, which imply the processing of personal data, to Nexudus Limited, acting as a Data Processor (the "Processor").

(C) The Parties seek to implement a data processing agreement that complies with the requirements of the current legal framework in relation to data processing and with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

(D) The Parties wish to lay down their rights and obligations.

IT IS AGREED AS FOLLOWS

Definitions and Interpretation

"Agreement" means this Data Processing Agreement and all Schedules;

"Customer Data" Any data inputted by the CUSTOMER or the PROVIDER on the CUSTOMER's behalf for the purpose of using THE PLATFORM or facilitating the CUSTOMER's use of THE PLATFORM

"Customer Personal Data" means any Personal Data Processed by a Contracted Processor on Controller's behalf pursuant to or in connection with the Principal Agreement;

"Contracted Processor" means a Subprocessor;

"Data Protection Laws" means EU Data Protection Laws and, to the extent applicable, the data protection or privacy laws of any other country;

"EEA" means the European Economic Area

"EU Data Protection Laws" means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR;

"GDPR" means EU General Data Protection Regulation 2016/679;

"Data Transfer" means

- a transfer of Customer Personal Data from the Customer to a Contracted Processor; or

- an onward transfer of Customer Personal Data from a Contracted Processor to a Subcontracted Processor, or between two establishments of a Contracted Processor,

- in each case, where such transfer would be prohibited by Data Protection Laws (or by the terms of data transfer agreements put in place to address the data transfer restrictions of Data Protection Laws);

"Services" means the software as a service Nexudus (the “Platform”) and the Support Services provided by Nexudus Limited.

"Subprocessor" means any person appointed by or on behalf of Processor to process Personal Data on behalf of the Customer in connection with the Agreement.

The terms, "Commission", "Controller", "Data Subject", "Member State", "Personal Data", "Personal Data Breach", "Processing" and "Supervisory Authority" shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly.

Processing of Customer Personal Data

Processor shall comply with all applicable Data Protection Laws in the Processing of Customer Personal Data.

The Customer instructs or requires Processor to process Customer Personal Data.

Controller ("The Customer") Responsibility:

Within the scope of the Agreement and in its use of Nexudus Services ("The Platform"), Controller shall be solely responsible for complying with the statutory requirements relating to data protection and privacy, in particular regarding the disclosure and transfer of Personal Data to the Processor and the Processing of Personal Data.

Controller shall inform Processor without undue delay and comprehensively about any errors or irregularities related to statutory provisions on the Processing of Personal Data.

Processor Personnel

Processor shall take reasonable steps to ensure the reliability of any employee, agent or contractor of any Contracted Processor who may have access to the Customer Personal Data, ensuring in each case that access is strictly limited to those individuals who need to know / access the relevant Customer Personal Data, as strictly necessary for the purposes of the Principal Agreement, and to comply with Applicable Laws in the context of that individual's duties to the Contracted Processor.

Security

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Processor shall in relation to the Customer Personal Data implement appropriate technical and organisational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.

In assessing the appropriate level of security, Processor shall take account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach.

Subprocessing

Processor shall not appoint (or disclose any Customer Personal Data to) any Subprocessor unless required or authorised by the Customer or the Customer or an Authorised User enabling that option on The Platform. The table below lists all sub-processors currently integrated with. Enabling an integration with these services will automatically share the data below with these services.

If you require the geographical area these services operate in, please reach out to their support or sales teams.

You should assume all services collect the IP address of your customers, even if not specifically mentioned.

When "All customer details" is used below, this means the service get the full record of a customer. As Nexudus customer, you will have control over what information abuot your customers you type which will, inturn, affect that data these services get.

Subprocessor

Brief details of Processing activities

Category(ies) of Nexudus Personal Data concerned.

AWS

Storage

SendGrid

Email Delivery

KISI

Access Control

Full name and email.

Doorflow

Access Control

Full name and email.

Brivo

Access Control

Full name and email.

SALTO

Access Control

Full name and email.

Avigilon

Access Control

Full name and emai.

Ezeep

Printing

Full name and email.

Papercut

Printing

Full name and email.

HelloSign

Digital Signature

Full name and email.

Xero

Accounting

Full name, email and postal address.

Quickbooks

Accounting

Full name, email and postal address.

Stripe

Payment Processing

Full name, email, postal address and payment details.

Spreedly

Payment Processing

GoCardless

Payment Processing

Full name, email, postal address and payment details.

Paypal

Payment Processing

Full name, email and postal address.

IronWifi

Network Management

Full name and email.

Envoy

Visitor Management

Full name and email (including visitors).

Bisner

Community Management

All customer details.

Google BigQuery

Data Warehousing

All customer details.

Zapier

Automation

All customer details

Liquidspace

Meeting Reservations

Full name and email.

Google Calendar

Meeting Reservations

Full name and email (including visitors).

Data Subject Rights

Taking into account the nature of the Processing, Processor shall assist the Customer by implementing appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Customer obligations, as reasonably understood by Customer, to respond to requests to exercise Data Subject rights under the Data Protection Laws.

Processor shall:

- Promptly notify Customer if it receives a request from a Data Subject under any Data Protection Law in respect of Customer Personal Data; and

- Ensure that it does not respond to that request except on the documented instructions of Customer or as required by Applicable Laws to which the Processor is subject, in which case Processor shall to the extent permitted by Applicable Laws

- Inform Customer of that legal requirement before the Contracted Processor responds to the request.

Personal Data Breach

Processor shall notify Customer without undue delay upon Processor becoming aware of a Personal Data Breach affecting Customer Personal Data, providing Customer with sufficient information to allow the Customer to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.

Processor shall co-operate with the Customer and take reasonable commercial steps as are directed by Customer to assist in the investigation, mitigation and remediation of each such Personal Data Breach.

Data Protection Impact Assessment and Prior Consultation

Processor shall provide reasonable assistance to the Customer with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which Customer reasonably considers to be required by article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Processing of Customer Personal Data by, and taking into account the nature of the Processing and information available to, the Contracted Processors.

Deletion or return of Customer Personal Data

Subject to this section 9 Processor shall promptly and in any event within 10 business days of the date of cessation of any Services involving the Processing of Customer Personal Data (the "Cessation Date"), delete and procure the deletion of all copies of those Customer Personal Data from the live/production environment of The Platform.

Processor shall provide written certification via email to Customer that it has fully complied with this section 9 within 10 business days of the Cessation Date.

Data Transfer

The Processor may not transfer or authorize the transfer of Data to countries outside the EU and/or the European Economic Area (EEA) without the prior consent of the Customer or an authorised user or by enabling that option on The Platform by the Customer or an authorised user. If personal data processed under this Agreement is transferred from a country within the European Economic Area to a country outside the European Economic Area, the Parties shall ensure that the personal data are adequately protected. To achieve this, the Parties shall, unless agreed otherwise, rely on EU approved standard contractual clauses for the transfer of personal data.

General Terms

Confidentiality. Each Party must keep this Agreement and information it receives about the other Party and its business in connection with this Agreement (“Confidential Information”) confidential and must not use or disclose that Confidential Information without the prior consent of the other Party except to the extent that:

(a) disclosure is required by law;

(b) the relevant information is already in the public domain.

Notices. All notices and communications given under this Agreement must be in writing and will be sent by email address to the Provider's email address [legal[at]nexudus.com] or the email address provided by the Customer at such other address as notified from time to time by the Parties changing address.

Governing Law and Jurisdiction

This Agreement and any dispute or claim arising out of, or in connection with, it, its subject matter or formation (including non-contractual disputes or claims) shall be governed by, and construed in accordance with, the laws of England and Wales.

Any dispute arising in connection with this Agreement, which the Parties will not be able to resolve amicably, will be submitted to the exclusive jurisdiction of the courts of England and Wales.

Schedule 2: Data Processing and Security

Description of the data processing carried out on behalf of the Controller

In addition to the information provided elsewhere in the Agreement, the Parties wish to document the following information in relation to the data processing activities.

The data processing details and procedure can be found in the Company's Privacy Policy at https://learn.nexudus.com/platform/privacy-policy

PreviousGDPR and NexudusNextReseller Partners Program

Last updated 5 years ago

Was this helpful?

Nexudus uses AWS to host and store all data in your account. Our relation with AWS is governed by .

Email address and email contents. Nexudus uses, by default, SendGrid to deliver emails to administrators, authorised users and end users. Our relation with SendGrid is governed by .

Full name, email, postal address and payment details. Nexudus uses Spreedly to connect to some of the payment gateways used to process credit and debit card payments. Our relation with Spreedly is governed by .

this contract
this contract
this contract