Effective date: 15 September 2025

1) Who we are
NEXA (“we”, “us”, “our”) is the data controller for the personal data described in this policy, except where we act on behalf of a client as a service provider or processor. This policy explains what we collect, why we collect it, how long we keep it, who we share it with, how we protect it, and the rights available to you under the laws of the United Arab Emirates.

2) Scope
This policy applies to personal data collected through our websites, forms, emails, and other interactions with NEXA in the UAE. Our services are primarily intended for business users. If a client engages us to process personal data on their behalf, their privacy notice will apply to that processing and we will act in accordance with their instructions and our contract.

3) What we collect
We may collect and process the following categories of personal data:
• Identity and contact data: name, job title, company, email address, telephone number, postal address.
• Account data: usernames and hashed passwords if we create an account for you.
• Transactional data: enquiries, proposals, contracts, invoices and payment references. For card payments handled by third party processors, we only store the last four digits for fraud prevention and customer service.
• Communications: records of emails, calls and messages with our teams.
• Marketing preferences: your opt in or opt out choices.
• Usage and device data: IP address, browser and device identifiers, pages viewed, forms submitted, and similar data collected via cookies and comparable technologies.
• Surveys and feedback: information you choose to provide in surveys and forms.
We do not intentionally collect special category data. Please do not include it in free text fields.

4) How we use personal data
We use personal data for the following purposes:
• To provide services, respond to enquiries and manage our relationship with you.
• To operate, secure and improve our websites, platforms and services.
• To send service communications that are necessary for proposals, orders, contracts or support.
• To send marketing communications about our services when you have given consent or where permitted by law. You can opt out at any time.
• To prevent fraud, enforce our terms, and comply with legal obligations.
We do not make solely automated decisions that produce legal or similarly significant effects about you without appropriate safeguards.

5) Cookies and similar technologies
We use cookies, pixels, tags and similar technologies to operate our site, remember preferences, analyse traffic and, where you agree, personalise content and advertising. You can manage your choices through our cookie tools and your browser settings. Some cookies are essential for the site to function and cannot be switched off.

6) Sharing your data
We share personal data with trusted service providers who assist us in operating our business. These include providers of customer relationship management, marketing, analytics, cloud hosting, payment processing and communications services. We require recipients to protect personal data and to use it only as instructed by us. We do not sell personal data. If required by law, we may disclose personal data to authorities or other parties.

7) International transfers
Where personal data is transferred outside the UAE, we use appropriate safeguards required by applicable law. These may include contractual protections and technical and organisational measures designed to keep your data secure.

8) Security
We implement administrative, technical and physical safeguards appropriate to the nature of the data and the risks of processing. While no system is perfectly secure, we regularly assess our controls and vendor practices.

9) Retention
We keep personal data only for as long as necessary for the purposes set out in this policy. As a general rule we retain customer records for up to six years from the last interaction unless a different period is required for legal, regulatory, tax or accounting reasons or to establish or defend legal claims. When data is no longer needed, we delete or anonymise it.

10) Your rights
Subject to applicable UAE laws, you may have rights to:
• access your personal data and obtain information about how we process it
• correct inaccurate or incomplete personal data
• request deletion of personal data where it is no longer needed
• request restriction of processing in certain circumstances
• object to certain processing, including direct marketing
• withdraw consent where we rely on consent
• request a copy of your data in a portable format
To exercise your rights, email support@digitialnexa.com. We may need to verify your identity and will respond within a reasonable period in line with applicable law. If you have concerns about how we handle your data, please contact us first so we can try to resolve them.

11) Children
Our services are intended for business use and are not directed at children. We do not knowingly collect personal data from children.

12) Changes to this policy
We may update this policy from time to time. We will post changes on this page and update the effective date above.

13) Contact
If you have questions about this policy or your personal data, please email support@digitialnexa.com.