Privacy Policy
Effective:
Nexus Audit, operated by Panamic ICT, is dedicated to protecting your personal data. This document explains how we collect, use, store, share, and secure information when you interact with our services, contact us, or request a demonstration.
Controller Information
Panamic ICT
Street Bedri Berisha Mati 1, C-2, Nr. 1
Pristina, Kosovo
Email: support@panamic-ict.com
We may designate a Data Protection Officer (DPO). If appointed, DPO contact details will be made available on our website.
What Personal Data We Collect
A) Account and Profile Data
Full name, business email, phone number, organization, role, login credentials.
B) Service Usage Data
Authentication records, audit logs, activity records, session identifiers, device/browser type, IP addresses, timestamps.
C) Support and Communication Data
Information you provide in support tickets, inquiries, or demo requests (name, email, phone, company, message content).
D) Billing and Contract Data
Customer organization details, billing contact, invoices, payment records, and legally required tax information.
E) Cookies and Technical Identifiers
Strictly necessary cookies for session handling, login authentication, and CSRF protection.
No advertising, analytics, or third-party tracking cookies are used.
F) Optional Information
Any additional information voluntarily provided in forms or communications.
Purposes of Processing
- Account Management: creating and maintaining accounts.
- Service Delivery: operating Nexus Audit and providing audit and compliance features.
- Customer Support: responding to inquiries, demo requests, and technical issues.
- Contractual Fulfilment: executing and managing service contracts.
- Security and Monitoring: detecting and preventing unauthorized access, misuse, or fraud.
- Billing and Legal Compliance: managing payments, issuing invoices, and meeting tax obligations.
- Service Improvements: analyzing system logs to maintain performance and reliability.
We do not use personal data for profiling, targeted advertising, or automated decision-making.
Legal Basis for Processing (GDPR)
- Contractual Necessity (Art. 6(1)(b)): to provide Nexus Audit services and respond to demo requests.
- Legitimate Interests (Art. 6(1)(f)): maintaining service security, fraud prevention, and efficient communication.
- Legal Obligation (Art. 6(1)(c)): compliance with billing, accounting, and tax requirements.
- Consent (Art. 6(1)(a)): only where explicitly required, e.g., optional communications.
Data Storage and Location
Data is hosted in the European Union (Frankfurt, Germany, IDrive E2 infrastructure). Routine data transfers outside the EEA/UK do not occur.
If subprocessors are engaged outside the EEA/UK, safeguards such as Standard Contractual Clauses (SCCs) and transfer risk assessments will be applied. Subprocessor information will be transparently published and updated.
Data Sharing and Recipients
We only share personal data when necessary and GDPR-compliant:
- Service Providers: cloud hosting, storage, and support vendors, bound by confidentiality and data protection contracts.
- Legal Authorities: when required to comply with investigations or court orders.
- Corporate Transactions: in mergers, acquisitions, or restructuring, subject to confidentiality and data protection obligations.
- Customer Requests: when explicitly instructed by the customer (e.g., data export).
We never sell or rent personal data.
Security Measures
- TLS encryption for data in transit
- Provider-managed encryption for data at rest
- Multi-Factor Authentication (MFA) for administrative accounts
- Role-Based Access Control (RBAC) with least-privilege
- Immutable audit logs and monitoring
- Regular vulnerability assessments and access reviews
- Incident response and breach notification procedures
Data Retention
- Account Data: retained while the account is active, and deleted upon termination or request.
- Logs: retained for a limited time (typically 90 days) to ensure system integrity and security.
- Support Data: retained until the inquiry is resolved plus a reasonable retention period.
- Billing Data: retained as required by law (up to 10 years in some jurisdictions).
- Backups: securely stored with controlled retention schedules and deleted after expiry.
International Transfers
At present, no regular transfers outside the EEA/UK occur.
If transfers become necessary, we will use Standard Contractual Clauses (SCCs) and apply supplementary technical and organizational safeguards. Subprocessor lists will be kept up to date.
Your Rights under GDPR
- Right of Access
- Right to Rectification
- Right to Erasure (“right to be forgotten”)
- Right to Restriction of processing
- Right to Data Portability
- Right to Object (legitimate interests)
- Right to Withdraw Consent (where applicable)
To exercise rights, contact support@panamic-ict.com. We respond within 30 days (extensions may apply for complex requests). You may also lodge a complaint with a supervisory authority in your country of residence.
Children’s Privacy
Nexus Audit is intended solely for business users. We do not knowingly collect personal data from individuals under 18 years of age. If we discover such data, it will be promptly deleted.
Cookies and Tracking
We use only essential cookies for:
- Session management
- Login authentication
- CSRF protection
We do not use:
- Analytics cookies
- Advertising cookies
- Third-party tracking pixels
If this changes, users will be notified and given a choice to consent.
Automated Processing
We do not conduct automated decision-making or profiling that produces legal or similarly significant effects on individuals.
Data Breach Notification
In the event of a data breach involving personal data:
- Affected customers will be notified without undue delay.
- We will provide details on the nature of the breach, potential consequences, and remedial measures.
- Notifications will also be made to supervisory authorities, if legally required.
Contact