Data controller
The controller responsible for the processing of your personal data is:
- Rodrigo Reyes (trading as NexaUno) — autónomo
- NIF: Z1837378M
- Address: Av. Lazarejo 86, 28232 Las Rozas de Madrid, Madrid, Spain
- Email: rodrigo@nexa.uno
This policy complies with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 on the Protection of Personal Data and the guarantee of digital rights (LOPDGDD).
What data we collect
We process the following categories of personal data:
- Contact data you provide voluntarily through our contact form or by email — such as your name, email address, company and the content of your message.
- Customer and billing data if you become a customer — such as billing name, tax identification, address and payment-related details necessary to issue invoices and provide the service.
- Service data processed on your behalf when you use NexaUno — such as transaction, payout and order metadata retrieved from your connected payment processors and e-commerce platforms via their official APIs, for the sole purpose of reconciliation and reporting.
- Technical data strictly necessary for the website to function (see our Cookies Policy).
Purposes and legal bases
| Purpose | Legal basis |
|---|---|
| Responding to enquiries you send us | Your consent / pre-contractual steps at your request |
| Providing the NexaUno service and reconciliation | Performance of a contract |
| Issuing invoices and meeting accounting and tax obligations | Legal obligation |
| Sending service-related communications | Legitimate interest / performance of a contract |
| Keeping the website secure and functional | Legitimate interest |
We do not sell your personal data, and we do not use it for automated decisions producing legal effects.
How long we keep your data
We keep contact data for as long as necessary to handle your request and, where applicable, for the duration of our business relationship. Billing and accounting records are retained for the periods required by Spanish tax and commercial law (generally up to 6 years). Service data is retained only while you have an active account and is deleted or anonymised afterwards, subject to legal retention requirements.
Who we share data with
We only share personal data with third parties where necessary to provide the service or comply with the law, including:
- Hosting and infrastructure providers that host this website and our service.
- Payment processors and e-commerce platforms (such as Stripe, Mollie, Magento and WooCommerce) that you connect, accessed through their official APIs.
- Professional advisers (such as our gestoría) and public authorities where legally required.
Where data is processed outside the European Economic Area, we ensure appropriate safeguards (such as adequacy decisions or Standard Contractual Clauses) are in place.
Your rights
You have the right to access, rectify, erase, restrict and object to the processing of your personal data, as well as the right to data portability. You may exercise these rights at any time by emailing rodrigo@nexa.uno, including proof of identity where necessary.
If you believe your rights have not been respected, you may lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos, www.aepd.es).
Security
We apply appropriate technical and organisational measures to protect your personal data, including encryption in transit, access controls and the principle of least privilege. When connecting to payment processors and e-commerce platforms we request only the access strictly necessary and prefer read-only access where possible.
This privacy policy is provided as a starting point. We recommend having it reviewed by a qualified data protection professional before relying on it.