Privacy Policy

NexDigital Ltd ("NexDigital", "we", "us", or "our") is the data controller responsible for your personal data collected through nexdigital.co.uk and related pages on this website. We are a UK-based AI advisory and implementation firm registered in England and Wales.

For privacy enquiries, data subject requests, or questions about this policy, contact us at info@nexdigital.co.uk.

Contact form: When you submit our contact form, we collect your name, email address, optional phone number, organisation name, selected topic, and message, together with the time you gave consent.

AI Readiness Assessment: You can complete the assessment in your browser without providing contact details. Your answers and scores are calculated on your device to show your results. If you choose to receive a PDF by email, we collect your name, company name, email address, your assessment answers, and the generated readiness scores and tier. We email your PDF to you and send a copy to NexDigital (including via BCC to our readiness inbox) so we can support follow-up where you have agreed to this.

Spam protection: Our contact form and AI Readiness report request form use Google reCAPTCHA v3. Google may process technical data (such as IP address, browser characteristics, and interaction signals) to assess whether a submission appears human. We do not receive your reCAPTCHA score directly; we only receive a pass or fail result from Google's verification service.

Website analytics: Where Google Analytics 4 (GA4) is enabled on this site, Google may collect information about how you use the website, such as pages viewed, approximate location (derived from IP address), device and browser type, and referral source. This is typically collected using cookies or similar technologies. We do not use GA4 to identify you by name unless you have separately provided that information through a form.

Browser storage: The AI Readiness Assessment may store a simple flag in your browser's session storage to remember that you have already requested your PDF in the current browsing session. This stays on your device and is not sent to us until you submit the email request form.

Technical and hosting data: Our hosting and email delivery providers process server and delivery logs (such as IP addresses, timestamps, and request metadata) in the ordinary course of operating the website and sending email. We do not use these logs to build marketing profiles.

We do not collect special category data (such as health, biometric, or financial information) through this website.

Responding to enquiries — We use contact form information to read and reply to your message, arrange a conversation, and keep a record of the communication.

Legal basis (contact form): Consent. You give explicit consent when you confirm you have read this policy and submit the contact form. You may withdraw consent at any time by emailing info@nexdigital.co.uk; withdrawal does not affect the lawfulness of processing before withdrawal.

AI Readiness Assessment reports — We use your details and assessment results to generate your PDF report, deliver it to your email address, and retain a copy at NexDigital (including in our email systems) so we can follow up where you have agreed.

Legal basis (report request): Consent. You give explicit consent when you agree that NexDigital will receive a copy of your assessment results and submit the report request form.

Security and abuse prevention — We use reCAPTCHA to reduce spam and automated abuse on forms that send email.

Legal basis (reCAPTCHA): Legitimate interests — protecting our website and inbox from misuse, balanced against your rights. Where consent is required for non-essential cookies used by reCAPTCHA, we rely on your continued use of the form after being informed in this policy.

Understanding website use — Where GA4 is enabled, we use aggregated analytics to understand which pages are visited and how the site performs, so we can improve content and usability.

Legal basis (analytics): Legitimate interests — measuring and improving our public website, balanced against your rights. You can limit analytics through cookie controls, browser settings, and Google's opt-out tools (see Section 8).

Business administration — Where an enquiry or assessment request develops into an ongoing relationship, we may retain relevant correspondence and reports as part of normal business records.

Legal basis (business records): Legitimate interests — maintaining accurate records and managing client and prospective client relationships.

The AI Readiness Assessment produces indicative maturity scores for your information only. It does not grant or deny access to services and is not used for automated decision-making that produces legal or similarly significant effects on you. Completing the contact form or assessment does not add you to a marketing email list.

Brevo (formerly Sendinblue): We use Brevo to send and deliver email. Contact form notifications, AI Readiness report emails to you, and copies to NexDigital are transmitted through Brevo. Brevo acts as a data processor under a written data processing agreement and is not permitted to use your data for its own marketing purposes.

Google: We use Google reCAPTCHA v3 on forms and may use Google Analytics 4 on the website. Google acts as a separate controller or processor for data it collects to provide those services, under Google's own terms and privacy policies.

Hosting infrastructure: Our website is hosted on infrastructure operated by our hosting provider (including self-hosted deployment tooling such as Coolify where applicable). The provider processes technical logs needed to serve the site securely.

We do not sell, rent, or trade your personal data to third parties for their marketing or commercial purposes.

We may disclose personal data if required by law, court order, or a UK regulator with jurisdiction over us.

Brevo is headquartered in France and operates within the European Economic Area (EEA). The UK Government has granted adequacy status to the EEA under the UK GDPR, meaning transfers to Brevo for email delivery are permitted without additional transfer safeguards in most cases.

Google services (reCAPTCHA and Analytics) may involve processing in the United States and other countries. Where personal data is transferred outside the UK, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, UK Addendum to EU Standard Contractual Clauses, or another mechanism recognised under UK GDPR, as applicable to the service.

We do not otherwise intend to transfer personal data you submit through our forms outside the United Kingdom except as described above and as necessary to operate this website.

Contact form enquiries: We retain enquiry records for up to two years from the date of last contact, unless a longer period is needed for an active client relationship or legal obligation.

AI Readiness Assessment report requests: We retain report request details (including assessment results we receive by email) for up to two years from the date of last contact, so we can respond to follow-up questions and manage prospective client relationships.

Inactive enquiries: Where contact does not lead to further work, we aim to review and delete records that are no longer needed within 12 months of the last communication.

Analytics: Data held in Google Analytics is subject to Google's retention settings configured in our analytics account (typically aggregated and not indefinitely linked to individuals).

If you ask us to delete your data sooner, we will do so unless we must retain it by law (for example, accounting records may be kept for up to six years).

As a data subject, you have the following rights. You can exercise any of them by emailing info@nexdigital.co.uk. We will respond within one calendar month and will not charge a fee for reasonable requests.

Right to be informed — to receive clear information about how we use your personal data. This policy fulfils that obligation.

Right of access — to request a copy of the personal data we hold about you (a Subject Access Request).

Right to rectification — to ask us to correct inaccurate or incomplete personal data.

Right to erasure — to ask us to delete your personal data where there is no compelling reason to continue processing it.

Right to restrict processing — to ask us to pause processing in certain circumstances, for example while a complaint is resolved.

Right to data portability — where processing is based on consent, to receive your data in a structured, commonly used, machine-readable format.

Right to object — to object to processing based on legitimate interests. We will stop unless we can demonstrate compelling legitimate grounds that override your interests.

Rights related to automated decision-making — we do not carry out automated decision-making with legal or similarly significant effects. Assessment scoring is indicative only.

Right to withdraw consent — where we rely on consent, you may withdraw it at any time without detriment. Withdrawal does not affect processing that took place before withdrawal.

Cookies are small text files stored on your device. Similar technologies (such as pixels or local storage) may serve comparable purposes. This section describes what we and our partners may use on nexdigital.co.uk.

Strictly necessary / functional: The site may use session storage in your browser for the AI Readiness Assessment (for example, to remember that you have requested your PDF in the current session). This does not require a cookie banner because it supports functionality you request and stays on your device until the session ends.

Google reCAPTCHA v3: May set cookies or use similar storage to distinguish humans from bots when you use our forms. See Google's privacy policy at policies.google.com/privacy for details.

Google Analytics 4: Where NEXT_PUBLIC_GA_MEASUREMENT_ID is configured, we use GA4 to collect usage statistics. GA4 may use cookies such as _ga to distinguish visitors. IP addresses may be anonymised or truncated depending on our Google account settings. You can opt out of Google Analytics using Google's browser add-on at tools.google.com/dlpage/gaoptout, adjust cookie preferences in your browser, or block analytics cookies through your browser settings.

We do not currently run a separate cookie consent banner on this website. If we introduce non-essential cookies that require consent under UK law, we will update this policy and implement appropriate consent controls before those tools collect data.

We use HTTPS, access controls on our hosting environment, and reputable service providers (including Brevo and Google) to protect data in transit and at rest within their systems.

No method of transmission over the internet is completely secure. While we take reasonable steps to protect your information, we cannot guarantee absolute security.

We may update this policy to reflect changes in our website, providers, or legal obligations. The "Last updated" date at the top of this page shows when the policy was last revised.

Where changes are material, we will make reasonable efforts to draw them to your attention. Continued use of this website after an update constitutes acceptance of the revised policy for browsing; form submissions remain subject to the policy in effect when you submit.

To ask a privacy question or exercise your rights, email info@nexdigital.co.uk. We aim to respond within one calendar month.

If you are not satisfied with our response, or believe we are processing your personal data unlawfully, you may lodge a complaint with the UK Information Commissioner's Office (ICO), the supervisory authority for data protection in the United Kingdom.

ICO website: https://ico.org.uk | Helpline: 0303 123 1113 | Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.