Privacy Policy

Last updated: 01/01/2026

1. Introduction

NexCache Limited ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services. We are a UK-based company and comply with both the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the EU General Data Protection Regulation (EU GDPR) for our EU customers and visitors.

2. Data Controller

NexCache Limited
Registered in England and Wales
Email: privacy@nexcache.com
Phone: +44 20 7946 0958

EU Representative (Article 27 GDPR):
For EU-related data protection matters:
Email: eu-privacy@nexcache.com

3. Information We Collect

3.1 Personal Information

  • Name and contact information (email, phone number)
  • Company name and job title
  • Billing and payment information
  • Communication preferences
  • Account credentials and security information

3.2 Technical Information

  • IP address and location data
  • Browser type and version
  • Device information and operating system
  • Usage data and analytics
  • Cookies and tracking technologies
  • Log files and error reports

3.3 Special Categories of Data

We do not intentionally collect special categories of personal data (racial origin, political opinions, religious beliefs, health data, etc.). If such data is inadvertently collected, we will delete it promptly.

4. How We Use Your Information

  • Provide and maintain our caching services
  • Process transactions and billing
  • Communicate with you about our services
  • Provide customer support and technical assistance
  • Improve our website and services through analytics
  • Send marketing communications (with consent)
  • Comply with legal obligations
  • Protect against fraud and security threats
  • Conduct business analytics and reporting

5. Legal Basis for Processing

Under UK GDPR and EU GDPR, we process your personal data based on:

  • Contract (Article 6(1)(b)): To perform our contractual obligations and provide services
  • Legitimate Interest (Article 6(1)(f)): To improve our services, prevent fraud, and conduct analytics
  • Consent (Article 6(1)(a)): For marketing communications and non-essential cookies
  • Legal Obligation (Article 6(1)(c)): To comply with applicable laws and regulations
  • Vital Interests (Article 6(1)(d)): To protect someone's life or physical safety

6. Data Sharing and Disclosure

We do not sell your personal data. We may share information with:

  • Service Providers: Cloud hosting, payment processors, email services (under data processing agreements)
  • Business Partners: For joint service delivery (with appropriate safeguards)
  • Legal Authorities: When required by law or to protect legal rights
  • Professional Advisors: Lawyers, accountants, auditors (under confidentiality obligations)
  • Business Transfers: In case of merger, acquisition, or asset sale (with notice)

7. International Transfers

UK Transfers

We primarily store data within the UK and EU. Any international transfers from the UK are protected by adequacy regulations or International Data Transfer Agreements (IDTAs) approved by the UK ICO.

EU Transfers

For EU data subjects, international transfers are protected by European Commission adequacy decisions or Standard Contractual Clauses (SCCs) under Article 46 GDPR, with appropriate technical and organizational measures.

Third Country Transfers: When we transfer data to countries outside the UK/EU, we ensure appropriate safeguards including binding corporate rules, codes of conduct, or certification mechanisms as applicable.

8. Your Rights

Under UK GDPR and EU GDPR, you have the following rights:

Access (Article 15)

Request copies of your personal data and information about processing

Rectification (Article 16)

Correct inaccurate or incomplete data

Erasure (Article 17)

Request deletion of your data (right to be forgotten)

Portability (Article 20)

Receive your data in a structured, machine-readable format

Restriction (Article 18)

Limit how we process your data

Objection (Article 21)

Object to processing based on legitimate interests

Response Time: We will respond to your requests within one month (extendable to three months for complex requests). For EU requests, we follow Article 12 GDPR timelines.

9. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy or as required by law:

  • Customer Data: 7 years after contract termination (legal and business purposes)
  • Marketing Data: Until consent is withdrawn or 3 years of inactivity
  • Website Analytics: 26 months (Google Analytics default)
  • Security Logs: 12 months for incident investigation
  • Legal Compliance: As required by applicable retention laws

We regularly review our retention periods and will delete or anonymize data when no longer needed, in accordance with Article 5(1)(e) GDPR (storage limitation principle).

10. Security Measures

We implement appropriate technical and organizational measures under Article 32 GDPR:

Technical Measures

  • • End-to-end encryption
  • • Regular security assessments
  • • Access controls and authentication
  • • Network security monitoring
  • • Regular software updates

Organizational Measures

  • • Staff training on data protection
  • • Data processing agreements
  • • Privacy by design principles
  • • Incident response procedures
  • • Regular compliance audits

11. Data Breach Notification

In the event of a personal data breach, we will:

  • Notify the UK ICO within 72 hours (if UK data is affected)
  • Notify relevant EU supervisory authorities within 72 hours (if EU data is affected)
  • Inform affected individuals without undue delay if high risk to their rights
  • Document the breach and our response measures
  • Take immediate steps to contain and remediate the breach

12. Cookies and Tracking

Our website uses cookies in compliance with the UK PECR (Privacy and Electronic Communications Regulations) and EU ePrivacy Directive. Please see our Cookie Policy for detailed information about the cookies we use and how to manage them.

13. Age Restrictions

Our services are not intended for individuals under 16 years of age (EU) or 13 years of age (UK). We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly and notify parents/guardians where required.

14. Contact Us

General Data Protection Queries

Email: privacy@nexcache.com
Phone: +44 20 7946 0958
Post: Data Protection Officer, NexCache Limited, London, UK

EU-Specific Queries

Email: eu-privacy@nexcache.com
EU Representative under Article 27 GDPR

15. Supervisory Authority Complaints

UK Residents

Information Commissioner's Office (ICO)
Website: ico.org.uk
Phone: 0303 123 1113

EU Residents

You have the right to lodge a complaint with your local supervisory authority in the EU Member State where you live, work, or where the alleged infringement occurred. A list of supervisory authorities is available at edpb.europa.eu.

16. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. Material changes will be communicated through prominent notice on our website or direct notification to you. The "Last updated" date at the top indicates when the policy was last revised.

We use cookies

We use cookies to enhance your browsing experience, serve personalized content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies. You can manage your preferences or learn more in our Privacy Policy and Cookie Policy.