Privacy Policy

1. Introduction and Data Controller Information

NextGen Ops Limited ("we", "us", "our", or "the Company") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, process, store, and protect your personal information when you:

• Visit our website at nextgenops.uk
• Use our retail solutions and services
• Communicate with us via email, phone, or other channels
• Attend our events or webinars
• Engage with our marketing materials

Data Controller Details:

NextGen Ops Limited
Registered Address: 8 Coventry Road, Beeston, NG9 2EG, United Kingdom
Company Registration Number: 16339482
Email: info@nextgenops.uk
Phone: +44 (0)7783189501

Please read this Privacy Policy carefully. By using our website or services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part of this policy, please do not use our services.

2. Information We Collect

We collect and process various types of personal data depending on how you interact with us:

2.1 Personal Data You Provide Directly

• Contact Information: Name, email address, phone number, job title, company name, postal address
• Communication Data: Messages, feedback, and correspondence you send to us
• Account Information: Username, password, and account preferences (for registered users)
• Business Information: Company details, industry sector, business requirements, and operational data
• Event Data: Registration information for webinars, demonstrations, or events
• Marketing Preferences: Communication preferences and consent records
• Payment Information: Billing details and payment method information (processed securely through third-party payment processors)

2.2 Automatically Collected Data

• Technical Data: IP address, browser type and version, operating system, device type, screen resolution
• Usage Data: Pages visited, time spent on pages, click-through rates, download activity, search terms
• Location Data: General geographic location based on IP address
• Referral Data: Source website or search terms that led you to our site
• Performance Data: Website loading times, error reports, and system performance metrics

2.3 Data from Third Parties

• LinkedIn and Social Media: Professional information when you connect via social platforms
• Business Partners: Contact information from authorized business partners or referrals
• Public Sources: Publicly available business information to verify and update your details
• Event Organizers: Registration data when you attend industry events where we participate

3. Legal Basis for Processing

Under UK GDPR and Data Protection Act 2018, we process your personal data based on the following legal grounds:

3.1 Contractual Necessity (Article 6(1)(b))

• Providing our retail solutions and services
• Processing orders and managing customer accounts
• Delivering customer support and technical assistance
• Processing payments and managing billing

3.2 Legitimate Interests (Article 6(1)(f))

• Website functionality, security, and optimization
• Business development and improving our services
• Fraud prevention and security monitoring
• Direct marketing to existing customers (subject to opt-out rights)
• Analytics and business intelligence

3.3 Consent (Article 6(1)(a))

• Marketing communications to prospects
• Non-essential cookies and tracking technologies
• Newsletter subscriptions
• Participation in surveys or research

3.4 Legal Compliance (Article 6(1)(c))

• Compliance with tax and accounting requirements
• Regulatory reporting obligations
• Response to legal requests from authorities

4. How We Use Your Information

4.1 Service Provision

• Delivering our Pre-Retail, WGR, Inbound Management, and Custom Screens solutions
• Creating and managing user accounts and access credentials
• Processing service requests and providing technical support
• Customizing services to meet your specific business requirements
• Training and onboarding for new implementations

4.2 Communication and Support

• Responding to inquiries, requests, and providing customer support
• Sending service-related notifications and updates
• Providing technical documentation and user guides
• Scheduling and conducting product demonstrations
• Collecting feedback to improve our services

4.3 Business Operations

• Processing payments and managing financial transactions
• Maintaining accurate customer records and billing information
• Conducting business analysis and market research
• Developing new features and improving existing services
• Planning capacity and resource allocation

4.4 Marketing and Sales

• Sending relevant product information and updates (with consent)
• Inviting you to webinars, events, and educational content
• Conducting market research and customer satisfaction surveys
• Personalizing our website and marketing communications
• Lead generation and business development activities

4.5 Legal and Security

• Preventing fraud, security breaches, and unauthorized access
• Monitoring system performance and identifying technical issues
• Complying with legal obligations and regulatory requirements
• Protecting our intellectual property and business interests
• Resolving disputes and enforcing our terms of service

5. Comprehensive Cookie Policy

5.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us recognize your device and remember information about your visits. We also use similar technologies such as web beacons, pixels, and local storage.

5.2 Types of Cookies We Use

Essential Cookies (Always Active)

These cookies are necessary for the basic functionality of our website and cannot be disabled:

• Session Management: Maintaining your login state and user preferences
• Security: Protecting against cross-site request forgery and ensuring secure connections
• Load Balancing: Directing your requests to the appropriate server
• Form Data: Remembering information you've entered in forms

Functional Cookies

These cookies enable enhanced functionality and personalization:

• Language Preferences: Remembering your language and regional settings
• User Interface: Storing your display preferences and accessibility settings
• Video Player: Remembering video playback preferences and progress
• Chat Support: Maintaining context in customer support conversations

Analytics and Performance Cookies

These cookies help us understand how visitors interact with our website:

• Google Analytics: Tracking page views, user journeys, and demographic information
• Performance Monitoring: Measuring page load times and identifying technical issues
• Heat Mapping: Understanding how users interact with page elements
• A/B Testing: Testing different versions of pages to improve user experience

Marketing and Advertising Cookies

These cookies are used for marketing purposes (only with your consent):

• LinkedIn Insight Tag: Tracking conversions and building audience segments
• Google Ads: Measuring advertising effectiveness and retargeting
• Email Marketing: Tracking email open rates and click-through rates
• Social Media: Enabling social sharing and measuring social media traffic

5.3 Cookie Duration

• Session Cookies: Deleted when you close your browser
• Persistent Cookies: Remain for a predetermined period (typically 30 days to 2 years)
• Third-Party Cookies: Controlled by external services and subject to their retention policies

5.4 Managing Your Cookie Preferences

You have several options for managing cookies:

• Browser Settings: Most browsers allow you to view, delete, and block cookies
• Cookie Banner: Use our cookie consent banner to adjust your preferences
• Opt-Out Tools: Use industry opt-out tools for advertising cookies
• Privacy Extensions: Install browser extensions that block tracking cookies

Important: Disabling certain cookies may affect website functionality and your user experience.

6. Data Sharing and Disclosure

6.1 We Do Not Sell Personal Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

6.2 Authorized Data Sharing

We may share your personal data in the following circumstances:

Service Providers and Processors

• Cloud Hosting: AWS, Google Cloud, or Microsoft Azure for data storage and processing
• Email Services: Mailchimp, SendGrid, or similar for email communications
• Customer Support: Zendesk, Intercom, or similar platforms for support ticket management
• Analytics: Google Analytics, Hotjar for website analytics and user behavior analysis
• Payment Processing: Stripe, PayPal, or other secure payment processors
• CRM Systems: Salesforce, HubSpot for customer relationship management

Business Partners

• Integration Partners: Companies that provide complementary services or integrations
• Referral Partners: Authorized partners who refer clients to our services
• Implementation Partners: Third-party consultants who help with service deployment

Legal Requirements

• Law Enforcement: When required by court orders, warrants, or legal process
• Regulatory Compliance: To comply with applicable laws and regulations
• Legal Protection: To protect our rights, property, or safety, or that of our customers
• Fraud Prevention: To investigate and prevent fraudulent or illegal activities

Business Transactions

• Mergers and Acquisitions: In connection with business transfers or restructuring
• Asset Sales: If we sell or transfer business assets
• Bankruptcy: In the event of insolvency or bankruptcy proceedings

6.3 International Data Transfers

Some of our service providers may be located outside the UK and European Economic Area (EEA). When we transfer personal data internationally, we ensure adequate protection through:

• Adequacy Decisions: Transfers to countries with adequate data protection laws
• Standard Contractual Clauses: EU-approved contractual safeguards
• Binding Corporate Rules: Internal data transfer agreements within multinational companies
• Certification Schemes: Privacy Shield successor frameworks or equivalent certifications

7. Your Data Protection Rights

Under UK GDPR and Data Protection Act 2018, you have the following rights:

7.1 Right of Access (Article 15)

You can request:

• Confirmation of whether we process your personal data
• A copy of your personal data in our possession
• Information about how we use your data and who we share it with
• Details about data retention periods and your other rights

7.2 Right to Rectification (Article 16)

You can request correction of:

• Inaccurate personal data
• Incomplete personal data
• Outdated contact information

7.3 Right to Erasure (Article 17)

You can request deletion of your personal data when:

• The data is no longer necessary for the original purpose
• You withdraw consent and there's no other legal basis
• The data has been unlawfully processed
• Deletion is required for legal compliance

7.4 Right to Restrict Processing (Article 18)

You can request restriction when:

• You contest the accuracy of your personal data
• Processing is unlawful but you prefer restriction over deletion
• We no longer need the data but you need it for legal claims
• You've objected to processing and we're verifying legitimate grounds

7.5 Right to Data Portability (Article 20)

For data processed based on consent or contract, you can:

• Receive your data in a structured, machine-readable format
• Request direct transfer to another data controller (where technically feasible)

7.6 Right to Object (Article 21)

You can object to processing based on:

• Legitimate interests (unless we demonstrate compelling grounds)
• Direct marketing (unconditional right to object)
• Profiling for marketing purposes

7.7 Rights Related to Automated Decision-Making

You have the right not to be subject to automated decision-making, including profiling, that significantly affects you, unless it's:

• Necessary for contract performance
• Authorized by law
• Based on your explicit consent

7.8 How to Exercise Your Rights

To exercise any of these rights:

• Email: info@nextgenops.uk with "Data Subject Request" in the subject line
• Post: NextGen Ops Limited, 8 Coventry Road, Beeston, NG9 2EG, United Kingdom
• Online Form: Use our contact form at nextgenops.uk

Response Time: We will respond to your request within 30 days. For complex requests, we may extend this by 60 days with explanation.

Identity Verification: We may request proof of identity to prevent unauthorized access to personal data.

No Fee: We don't charge fees for most requests, unless they are excessive or repetitive.

8. Data Retention and Deletion

8.1 Retention Principles

We retain personal data only as long as necessary for the purposes outlined in this policy, considering:

• The nature and sensitivity of the data
• Legal and regulatory requirements
• Business and operational needs
• Risk of harm from unauthorized use or disclosure

8.2 Specific Retention Periods

Customer Data

• Active Customers: During the relationship plus 6 years after termination
• Former Customers: 6 years from last service provision for tax and legal compliance
• Support Records: 3 years from last interaction
• Payment Records: 7 years for financial and tax compliance

Prospect Data

• Sales Leads: 3 years from last interaction or until opt-out
• Newsletter Subscribers: Until unsubscription plus 1 year for suppression
• Event Attendees: 2 years from event date
• Website Visitors: Analytics data retained for 26 months

Employment Data

• Employee Records: 6 years after employment ends
• Unsuccessful Applicants: 1 year from application
• Contractor Records: 3 years after contract completion

Legal and Compliance Data

• Contracts: 6 years after expiration
• Insurance Claims: 6 years from resolution
• Audit Records: 7 years from creation
• Incident Reports: 6 years from incident

8.3 Secure Deletion

When retention periods expire, we:

• Securely delete digital files using industry-standard methods
• Physically destroy paper records using cross-cut shredding
• Anonymize data where deletion is not possible
• Verify deletion completion through audit procedures

9. Data Security and Protection Measures

9.1 Technical Safeguards

• Encryption: AES-256 encryption for data at rest and TLS 1.3 for data in transit
• Access Controls: Multi-factor authentication and role-based access permissions
• Network Security: Firewalls, intrusion detection systems, and secure VPNs
• Regular Updates: Automated security patches and system updates
• Backup Security: Encrypted backups with offline storage components
• Monitoring: 24/7 security monitoring and threat detection

9.2 Physical Safeguards

• Facility Security: Restricted access, security cameras, and alarm systems
• Equipment Protection: Locked cabinets, clean desk policies, and secure disposal
• Visitor Controls: Escort requirements and visitor logging
• Environmental Controls: Fire suppression, climate control, and power backup

9.3 Administrative Safeguards

• Staff Training: Regular privacy and security awareness training
• Background Checks: Security screening for employees with data access
• Incident Response: Documented procedures for security breaches
• Vendor Management: Due diligence and contractual security requirements
• Policy Reviews: Annual reviews and updates of security policies

9.4 Cloud Security

Our cloud infrastructure includes:

• Certified Providers: ISO 27001, SOC 2 Type II certified cloud services
• Data Residency: UK and EU data centers with location controls
• Redundancy: Multiple availability zones and disaster recovery
• Segregation: Isolated customer environments and network segmentation

10. Data Breach Notification and Response

10.1 Breach Detection and Assessment

We have procedures to:

• Detect potential data breaches within 24 hours
• Assess the scope, nature, and risk level of the breach
• Determine if personal data has been compromised
• Evaluate the likelihood of harm to affected individuals

10.2 Regulatory Notification

For high-risk breaches, we will:

• ICO Notification: Report to the Information Commissioner's Office within 72 hours
• Required Information: Include nature of breach, categories of data, number of affected individuals
• Measures Taken: Detail containment actions and remedial measures
• Follow-up: Provide additional information as it becomes available

10.3 Individual Notification

If a breach is likely to result in high risk to your rights and freedoms, we will:

• Direct Contact: Notify you without undue delay via email or phone
• Clear Communication: Explain the breach in clear, plain language
• Protective Measures: Recommend steps you can take to protect yourself
• Contact Information: Provide our contact details for questions and support

10.4 Breach Response and Recovery

Our response includes:

• Immediate Containment: Stop the breach and secure affected systems
• Investigation: Determine the cause and extent of the breach
• Evidence Preservation: Document evidence for regulatory and legal purposes
• System Recovery: Restore affected systems and implement additional safeguards
• Lessons Learned: Review and improve security measures based on findings

11. Children's Privacy

Our services are designed for business use and are not intended for children under 16 years of age. We do not knowingly:

• Collect personal information from children under 16
• Market our services to children
• Create profiles or accounts for children
• Process children's data without parental consent where required

If we discover that we have inadvertently collected personal information from a child under 16:

• We will delete the information as quickly as possible
• We will not use the information for any purpose
• We will not disclose the information to third parties
• We will notify parents/guardians if contact information is available

If you believe we have collected information from a child under 16, please contact us immediately at info@nextgenops.uk.

12. Business-to-Business Data Processing

12.1 Data Processing Agreements (DPAs)

When providing services to business clients, we act as either a data controller or data processor depending on the specific service:

As Data Controller

• Marketing and sales activities
• Customer relationship management
• Billing and payment processing
• Service improvement and development

As Data Processor

• Processing client employee data through our retail solutions
• Handling customer data in client systems
• Managing inventory data containing personal information
• Processing transaction records with personal identifiers

12.2 Client Responsibilities

When we process data on behalf of our business clients, they remain responsible for:

• Ensuring lawful basis for data processing
• Providing privacy notices to their data subjects
• Handling data subject requests (with our assistance)
• Conducting Data Protection Impact Assessments where required
• Maintaining records of processing activities

12.3 Our Processor Obligations

When acting as a data processor, we:

• Process data only on documented client instructions
• Implement appropriate technical and organizational measures
• Maintain confidentiality of personal data
• Assist with data subject requests and breach notifications
• Return or delete data at the end of the service relationship
• Submit to audits and provide information for compliance

13. Updates to This Privacy Policy

13.1 Regular Reviews

We review this Privacy Policy annually and update it when:

• We introduce new services or features
• We change our data processing practices
• Laws or regulations change
• We receive regulatory guidance or feedback
• We identify improvements to our privacy practices

13.2 Notification of Changes

For material changes, we will:

• Website Notice: Post the updated policy on our website with the effective date
• Email Notification: Send notice to registered users and active customers
• Grace Period: Provide at least 30 days notice before changes take effect
• Consent: Obtain new consent where required by law

13.3 Version Control

We maintain a record of:

• Previous versions of this Privacy Policy
• Dates of changes and their nature
• Rationale for significant updates
• Compliance assessments for each version

14. Contact Information and Complaints

14.1 Privacy Contact Details

Data Protection Officer: Laurius Sestokas
Privacy Team: info@nextgenops.uk
Phone: +44 (0)7783189501
Address: NextGen Ops Limited, 8 Coventry Road, Beeston, NG9 2EG, United Kingdom

14.2 How to Contact Us

For privacy-related matters, you can:

• Email: Send detailed inquiries to info@nextgenops.uk
• Phone: Call during business hours (9 AM - 5 PM GMT, Monday-Friday)
• Post: Send written requests to our registered address
• Online Form: Use our secure contact form at nextgenops.uk/contact

14.3 Complaint Resolution

If you're not satisfied with our response:

Internal Escalation

• Request escalation to our senior management team
• We'll provide a final response within 8 weeks
• You'll receive a clear explanation of our decision

Regulatory Complaint

You have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Phone: 0303 123 1113
• Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
• Live Chat: Available on the ICO website

14.4 Alternative Dispute Resolution

We're committed to resolving privacy disputes fairly and may participate in:

• Mediation services approved by the ICO
• Industry-specific dispute resolution schemes
• Professional arbitration where appropriate

15. Glossary of Terms

Key Definitions

• Data Controller: An organization that determines the purposes and means of processing personal data
• Data Processor: An organization that processes personal data on behalf of a data controller
• Data Subject: An identified or identifiable living individual
• Personal Data: Any information relating to an identified or identifiable individual
• Processing: Any operation performed on personal data, including collection, storage, use, and deletion
• Profiling: Automated processing to evaluate personal aspects about an individual
• Pseudonymization: Processing data so it can't be attributed to a specific person without additional information
• Special Category Data: Sensitive personal data requiring extra protection (health, race, religion, etc.)

16. Effective Date and Jurisdiction

Effective Date: This Privacy Policy is effective from January 1, 2025.

Governing Law: This Privacy Policy is governed by UK data protection law, including the UK GDPR and Data Protection Act 2018.

Jurisdiction: Any disputes relating to this Privacy Policy will be subject to the jurisdiction of UK courts.

Language: This Privacy Policy is written in English. In case of conflicts with translations, the English version prevails.