Data Policy

Last updated: August 5, 2025

1. Overview

This Data Policy explains how Nelskinexus PRM collects, processes, stores, and protects data within our customer relationship management platform. We are committed to maintaining the highest standards of data governance and ensuring compliance with applicable data protection regulations.

2. Data Categories

2.1 Customer Data

Customer data includes:

Contact information (names, addresses, phone numbers, email addresses)
Company information and business details
Interaction history and communication records
Purchase history and transaction data
Preferences and behavioral data

2.2 Account Data

Account data includes:

User credentials and authentication information
Account settings and preferences
Subscription and billing information
Usage analytics and activity logs

2.3 System Data

System data includes:

Technical logs and error reports
Performance metrics and analytics
Security logs and audit trails
Backup and recovery data

3. Data Processing Principles

3.1 Lawfulness and Fairness

We process data lawfully, fairly, and transparently. We ensure that we have a legal basis for all data processing activities and that individuals are informed about how their data is used.

3.2 Purpose Limitation

Data is collected for specified, explicit, and legitimate purposes. We do not process data in a manner incompatible with those purposes without obtaining additional consent.

3.3 Data Minimization

We collect only the data that is necessary for the intended purpose. We regularly review our data collection practices to ensure we are not collecting excessive information.

3.4 Accuracy

We take reasonable steps to ensure that personal data is accurate and kept up to date. We provide mechanisms for users to correct or update their information.

4. Data Storage and Security

4.1 Storage Locations

Data is stored in secure, enterprise-grade data centers with appropriate physical and environmental controls. We use geographically distributed storage to ensure redundancy and availability.

4.2 Encryption

All data is encrypted both in transit and at rest using industry-standard encryption algorithms. We regularly update our encryption methods to maintain the highest security standards.

4.3 Access Controls

Access to data is restricted based on the principle of least privilege. We implement role-based access controls and regularly audit access permissions.

5. Data Retention

5.1 Retention Periods

We retain data for the following periods:

Active customer data: Duration of the business relationship plus 7 years
Account data: Duration of account activity plus 3 years
System logs: 12 months for operational logs, 7 years for security logs
Backup data: 30 days for operational backups, 1 year for archival backups

5.2 Data Deletion

When data reaches the end of its retention period, it is securely deleted using industry-standard data destruction methods. We maintain certificates of destruction for audit purposes.

6. Data Sharing and Transfers

6.1 Third-Party Integrations

We may share data with trusted third-party service providers who assist in delivering our services. All third parties are contractually bound to protect data and use it only for specified purposes.

6.2 International Transfers

When transferring data internationally, we ensure adequate safeguards are in place, including Standard Contractual Clauses and adequacy decisions where applicable.

7. Data Subject Rights

Individuals have the following rights regarding their data:

Right to be informed about data processing
Right of access to personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability
Right to object to processing

8. Data Breach Response

We have implemented comprehensive data breach response procedures. In the event of a breach, we will assess the risk, contain the incident, investigate the cause, and notify affected parties and relevant authorities as required by law.

9. Compliance and Auditing

We regularly conduct internal audits and work with external auditors to ensure compliance with data protection regulations. We maintain documentation of our data processing activities and are prepared for regulatory inspections.

10. Contact Information

For questions about our data practices or to exercise your data rights, please contact:

Email: admin@nelski.co.nz
Address: Northcross, Auckland, New Zealand 0632

Data Policy

1. Overview

2. Data Categories

2.1 Customer Data

2.2 Account Data

2.3 System Data

3. Data Processing Principles

3.1 Lawfulness and Fairness

3.2 Purpose Limitation

3.3 Data Minimization

3.4 Accuracy

4. Data Storage and Security

4.1 Storage Locations

4.2 Encryption

4.3 Access Controls

5. Data Retention

5.1 Retention Periods

5.2 Data Deletion

6. Data Sharing and Transfers

6.1 Third-Party Integrations

6.2 International Transfers

7. Data Subject Rights

8. Data Breach Response

9. Compliance and Auditing

10. Contact Information

Company

Policies

Our Platform

Help Center

Data Policy

1. Overview

2. Data Categories

2.1 Customer Data

2.2 Account Data

2.3 System Data

3. Data Processing Principles

3.1 Lawfulness and Fairness

3.2 Purpose Limitation

3.3 Data Minimization

3.4 Accuracy

4. Data Storage and Security

4.1 Storage Locations

4.2 Encryption

4.3 Access Controls

5. Data Retention

5.1 Retention Periods

5.2 Data Deletion

6. Data Sharing and Transfers

6.1 Third-Party Integrations

6.2 International Transfers

7. Data Subject Rights

8. Data Breach Response

9. Compliance and Auditing

10. Contact Information

Company

Policies

Our Platform

Help Center

Cookie Settings

Essential Cookies

Functional Cookies

Analytics Cookies

Marketing Cookies