Eng
France
USA
Login
Start for free
Eng
France
USA
Login
Start for free

GDPR Policy

Last Updated: 10th July 2025

1. Introduction

NexGlobal, LLC (“NexGlobal”, “we”, “our”, or “us”) is committed to protecting your privacy and handling your personal data responsibly, ethically, and in accordance with applicable data protection laws including the General Data Protection Regulation (GDPR), UK GDPR, and other international standards.

This Privacy Policy explains how we collect, process, store, disclose, and secure your data when you interact with our websites, platforms, products, or services. This Policy applies to data collected via our digital properties (such as nexglobal.io) and associated software and service platforms.

By using our services, you agree to the terms of this Privacy Policy and our published Terms & Conditions.

2. Who We Are – Data Controller Identity

Under GDPR, NexGlobal, LLC is the Data Controller responsible for the processing of your personal data, except where otherwise specified for data processed on behalf of enterprise clients.

Company Details

  • Legal Entity: NexGlobal, LLC
  • Incorporation: State of Wyoming, United States
  • Registered Address: 30 N Gould St, Ste R, Sheridan, WY 82801, United States
  • Operational Address: 2097, 8549 Wilshire Blvd, Beverly Hills, CA 90211-3104, USA
  • Contact Email: privacy@nexglobal.io

We also maintain operational partnerships in the UAE, United Kingdom, and Asia-Pacific, enabling service delivery across 40+ countries. All cross-border operations are conducted in alignment with GDPR adequacy principles and subject to appropriate data transfer mechanisms.

3. Lawful Basis for Processing

We process your personal data only when legally permissible under Article 6 of GDPR. Depending on the context, we rely on the following bases:

Lawful BasisExample Purpose
Performance of a ContractTo deliver software features, support, and platform services under service agreements
Legal ObligationTo fulfill AML/CFT, KYC, audit trail, and record retention requirements
Legitimate InterestsTo secure platforms, improve services, or send communications to business clients
ConsentFor optional marketing or the use of cookies and trackers on our website
Public InterestFor AML/CFT-related disclosures to competent authorities where mandated

4. Data We Collect (Expanded)

NexGlobal collects and processes information necessary to deliver our services effectively and meet compliance, operational, and legal requirements. We adhere to the principle of data minimization—only collecting what is necessary for a legitimate purpose.

4.1 Categories of Data Collected

CategoryExamples
Personal IdentifiersName, title, email, phone, ID/passport, address, nationality, signature, country of birth
Business InformationCompany name, legal form, registration number, beneficial ownership (UBO)
Compliance RecordsAudit logs, transaction monitoring alerts, STRs/SARs, risk scores
Usage DataIP address, browser info, pages visited, time spent, session identifiers
Platform InteractionsLogins, document uploads, audit trail data, AI-tool interactions
Communication DataEmail correspondence, chat transcripts, support requests

4.2 Sources of Data

We collect information from:

  • Direct interactions (client onboarding forms, service agreements)
  • Client uploads (via NexAML™, NexEKYC™, etc.)
  • Third-party integrations (e.g., sanctions lists, ID verification APIs)
  • Website cookies and tracking tools (with consent, where applicable)

4.3 Special Categories

NexGlobal does not intentionally collect:

  • Biometric data
  • Health information
  • Sensitive personal data (unless required for specific compliance tasks, in which case we apply heightened safeguards)

5. How We Use Your Data (Expanded)

NexGlobal processes your data to fulfill contractual obligations, support regulatory compliance, and improve platform performance, in full alignment with lawful bases under applicable data protection laws.

5.1 Primary Uses

PurposeDetails
Service DeliveryExecute advisory work, AML audits, policy reviews, remediation plans, etc.
Platform FunctionalityAllow access to NexGlobal systems, track user sessions, and enable dashboard visibility
Risk & Compliance OperationsGenerate STRs, conduct UBO reviews, manage alerts, support licensing and inspections
Account Management & SupportRespond to inquiries, assist with troubleshooting, manage billing and renewals
Improvement of AI ToolsAnalyze usage trends (on anonymized basis) to enhance features and detect anomalies

5.2 AI and Automation Disclosure

  • Your data is never used to train our AI models.
  • AI modules (e.g., HammurabiGPT™, NexFraudRadar™) operate within-session only unless expressly saved.
  • Sensitive tasks such as STR writing or fraud detection are subject to human oversight in enterprise setups.

5.3 Legal & Regulatory Compliance

We may process and disclose data to:

  • Meet AML/CFT obligations under local and international law
  • Respond to lawful requests from regulators or law enforcement agencies
  • Support investigations, audits, or supervisory reviews

5.4 Marketing and Communication

We may use business contact information (name, work email, company) to:

  • Send service updates, whitepapers, or newsletters (you can opt-out anytime)
  • Invite clients to product demos, training sessions, or research initiatives

We do not sell or rent your data to third parties.

6. Data Sharing & Disclosure

NexGlobal treats all client and user data with the highest standard of confidentiality and applies strict access controls. However, there are limited circumstances under which we may share data:

6.1 Internal Access (Need-to-Know Basis)

Access to personal and compliance-related data is restricted to authorized personnel who require it to perform their duties. These include:

  • AML/Compliance advisory teams
  • Engineering and product teams (for support/diagnostics)
  • Legal and audit departments (for regulatory matters)

All internal users are bound by confidentiality obligations and role-based access controls.

6.2 Third-Party Service Providers

We may engage vetted service providers to support technical operations, data hosting, verification services, or analytics. These providers may include:

Vendor TypePurpose of Access
Cloud InfrastructureAWS, Google Cloud – secure hosting and database services
Identity Verification APIsKYC/UBO screening tools (e.g., Jumio, Refinitiv, ComplyAdvantage)
Email and CRM ServicesSendGrid, HubSpot – client communication & support
Payment ProcessorsStripe, PayPal (only if invoicing is digital)
External AuditorsSecurity and financial audit reviewers (under NDA)

All third-party contracts contain data protection clauses and are reviewed annually.

6.3 Cross-Border Data Transfers

As a U.S.-based company with global clientele, data may be transferred across jurisdictions. These transfers are:

  • Governed by Standard Contractual Clauses (SCCs) or similar safeguards
  • Stored on encrypted U.S.-based or multi-region servers (based on client preference)
  • Restricted from use outside of designated service purposes

6.4 Disclosure for Legal or Regulatory Purposes

We may disclose your data if:

  • Required by applicable law, subpoena, court order, or government request
  • Necessary to investigate or prevent fraud, abuse, or technical issues
  • To enforce our Terms & Conditions or protect the rights of NexGlobal and its clients

NexGlobal does not share data with advertisers or unrelated third parties.

7. Data Retention

We retain data in accordance with applicable laws, industry standards, and internal compliance policies.

7.1 Standard Retention Periods

Data TypeRetention Duration
General client recordsMinimum 5 years from last system activity
AML compliance logs (e.g., STRs)Up to 10 years, unless regulatory exception applies
Audit trails & access logs5–10 years based on jurisdiction and use-case
Contractual and billing records5 years for financial audit compliance
Support and communications3–5 years after closure of inquiry or case

7.2 Client-Controlled Deletion

  • Clients may request deletion of non-mandatory data in writing.
  • Requests are subject to verification and cannot violate legal hold obligations.
  • Deletion is performed using industry-accepted secure wiping methods.

7.3 Exceptions

Data may be retained beyond standard periods if:

  • Required by law enforcement investigations
  • Part of an ongoing audit or regulatory review
  • Under formal legal hold by client or jurisdictional authority

NexGlobal ensures periodic purging of expired data to minimize unnecessary storage.

8. Data Subject Rights

NexGlobal respects the privacy rights of all individuals and entities whose data is processed through our systems or services. Depending on your jurisdiction and applicable law (e.g., GDPR, CCPA), you may have the following rights:

8.1 Right to Access

You may request confirmation of whether we process your personal data and obtain a copy of such data, including:

  • Categories of data held
  • Processing purposes
  • Data sources
  • Third-party recipients (if any)

Access requests must be submitted via email to privacy@nexglobal.io. We reserve the right to verify your identity prior to disclosure.

8.2 Right to Rectification

If your personal or organizational data is incomplete, outdated, or incorrect, you may submit a request for correction.

  • Requests must specify the fields to be updated and provide proof of accuracy.
  • We will respond within applicable legal timeframes (typically 30 days).

8.3 Right to Erasure (“Right to Be Forgotten”)

You may request deletion of personal data under the following conditions:

  • The data is no longer necessary for the purpose collected
  • You withdraw consent (if processing was consent-based)
  • Processing was unlawful or violates contractual terms

Exceptions apply for:

  • Legal, regulatory, or investigative obligations
  • Retention required by financial sector compliance (e.g., AML, KYC)

8.4 Right to Restrict or Object to Processing

You may request that we suspend processing if:

  • You contest data accuracy
  • Processing is unlawful but you oppose deletion
  • You object to profiling or automated decision-making

If granted, NexGlobal will flag and suspend processing activities for the applicable records until the dispute is resolved.

8.5 Right to Data Portability

For services where applicable, we will provide a machine-readable export of your data upon request, allowing you to transmit it to another service provider, subject to legal restrictions.

8.6 Right to File a Complaint

If you believe your rights are being infringed, you may:

  • Contact us at privacy@nexglobal.io
  • File a complaint with the relevant data protection authority (e.g., ICO in the UK, DPC in Ireland, or your regional authority)

9. Use of Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance user experience, analyze traffic, and personalize content across our platforms.

9.1 Types of Cookies Used

Cookie TypePurpose
Strictly NecessaryEnable basic platform functions such as authentication
Functional CookiesRemember user settings (e.g., language, session state)
Analytics CookiesUnderstand user interaction and performance metrics
Third-Party CookiesEnable integrations with tools like Google Analytics, HubSpot

No marketing or retargeting cookies are used without user consent.

9.2 Consent Mechanism

  • Users are notified of cookie usage upon first visit to the website.
  • Consent is recorded via a banner with opt-in/opt-out features.
  • You can update preferences at any time through your browser settings or via the cookie consent panel on our site.

9.3 Do Not Track (DNT)

Our systems honor standard “Do Not Track” signals from modern web browsers, where technically feasible.

9.4 Disabling Cookies

You can configure your browser to:

  • Block all cookies
  • Alert you when cookies are being sent
  • Automatically delete cookies upon closing the browser

Note: Some services and features may be unavailable or impaired if cookies are disabled.

10. International Users & Data Transfers

NexGlobal operates globally with infrastructure and clients across multiple jurisdictions. As such, your personal or business data may be processed in or transferred to countries outside your country of residence — including, but not limited to, the United States, the United Arab Emirates, the United Kingdom, and other jurisdictions where NexGlobal or its service providers operate.

10.1 Data Transfer Mechanisms

To ensure lawful data transfers, NexGlobal adheres to recognized data protection safeguards:

  • Standard Contractual Clauses (SCCs): For data transfers from the European Economic Area (EEA), we utilize SCCs approved by the European Commission.
  • UK International Data Transfer Addendum (IDTA): For data originating in the United Kingdom, we apply the IDTA alongside SCCs as applicable.
  • Cross-Border Protocols: Where permitted by law, we ensure that equivalent data protection standards are upheld across all receiving entities or subcontractors.

10.2 Data Localization Requirements

In cases where local law mandates data localization (e.g., client jurisdictions with strict compliance protocols), we will, where feasible:

  • Host data on region-specific servers
  • Limit cross-border processing of sensitive categories of data
  • Sign localized agreements to comply with national regulatory frameworks

10.3 Jurisdictional Disclosures

By using our Services, you consent to the processing and transfer of your data as described, including storage on U.S.-based servers or other jurisdictions in which we or our cloud providers maintain operations.

11. Children’s Data

NexGlobal’s products, platforms, and services are not designed for or directed at individuals under the age of 18 years, nor do we knowingly collect data from children.

11.1 Policy on Minors

  • We do not offer any services that require or are suited for child participants.
  • Any data that may appear to be related to minors must be reviewed, validated, and removed unless there is a legitimate legal basis to retain it (e.g., under regulatory obligations of a client entity).

11.2 Parental Notification and Consent

If we become aware that personal data from a child under 18 has been collected without verified parental or guardian consent, we will take reasonable steps to:

  • Delete the data promptly from our records and backups
  • Notify the appropriate user account or contact of the incident
  • Review and revise processes to prevent future occurrences

11.3 Client Obligations

If your organization processes data that includes minors (e.g., for identity verification or onboarding in special cases), it is your sole responsibility to:

  • Obtain appropriate legal basis and consent
  • Follow applicable data protection laws in your jurisdiction
  • Notify NexGlobal to apply special handling, retention, or safeguards

12. Policy Updates and Notification

NexGlobal reserves the right to revise or update this Privacy Policy periodically to reflect changes in:

  • Legal and regulatory requirements
  • Technological developments or security practices
  • Business operations, including new services or jurisdictions

12.1 Update Frequency and Triggers

We will review this policy at least annually, and additionally when:

  • We launch new products or data categories
  • We change subprocessors or data hosting partners
  • Regulatory updates require alignment (e.g., changes to GDPR, CCPA, ADGM, etc.)

12.2 Notification of Changes

We will notify clients and users of material changes through one or more of the following means:

  • Email to registered account holders
  • Banner notifications on our platform or website
  • A change log maintained at the bottom of the policy page

It is your responsibility to periodically review the Privacy Policy. Continued use of our services after updates constitutes acceptance of the revised policy.

13. Contact & Data Rights Requests

If you have any questions, concerns, or requests regarding this Privacy Policy or how your data is handled, you may contact us using the details below:

13.1 Contact Details

Data Protection Contact / Privacy Office
NexGlobal, LLC
📍 Registered Office:
30 N Gould St, Ste R, Sheridan, WY 82801, United States
📍 Operational Address:
2097, 8549 Wilshire Blvd, Beverly Hills, CA 90211-3104, USA
📧 Email: privacy@nexglobal.io

13.2 Your Data Rights

Depending on your jurisdiction, you may be entitled to exercise one or more of the following rights:

RightDescription
AccessRequest a copy of the personal data we hold about you
RectificationRequest correction of inaccurate or incomplete data
Erasure (Right to be Forgotten)Request deletion of your data (subject to regulatory obligations)
Data PortabilityRequest transfer of your data to another provider
Restriction of ProcessingAsk us to limit how we process your data in certain situations
ObjectionObject to data processing based on legitimate interests
Withdraw ConsentWithdraw consent at any time where processing is based on consent

To exercise these rights, please email privacy@nexglobal.io with the subject line: “Data Rights Request – [Your Name]”. We may request proof of identity before processing your request.

14. Contact Us

For any privacy-related concerns, please contact:

Data Protection Officer (DPO)
privacy@nexglobal.io
NexGlobal, LLC, 30 N Gould St, Ste R, Sheridan, WY 82801, USA

Cart (0 items)