Legal

Privacy Policy

NexBDM (Pty) Ltd · Global Privacy Policy (GDPR & POPIA) · Effective 25 May 2026

NexBDM (Pty) Ltd ("NexBDM", "we", "us") is a South African technology company registered in accordance with the Companies Act, No. 71 of 2008. We provide AI chatbot agent development, business automation consulting, SaaS platform services, and related technology services to businesses worldwide. This policy describes what personal information we collect, why, how we protect it, your rights as a data subject, and how we handle third-party and client data. Because this site serves a global audience, we comply with both the EU/UK General Data Protection Regulation (GDPR) and South Africa's Protection of Personal Information Act (POPIA), and we apply the stricter protection where the two differ.

Information Officer / Data Protection Contact: Heinoux Jakobus Roux, Founder and Information Officer · hjr@nexbdm.com · 079 607 5372

EU/UK visitors: our lead supervisory authority is the relevant member-state authority; you may also lodge a complaint with your local authority. South African visitors: you may lodge a complaint with the Information Regulator of South Africa.

What personal information we collect

Why we collect it (lawful basis)

How we store and protect it

We implement appropriate technical and organisational measures: only the Information Officer has access to sensitive client data; strong unique passwords and a password manager are used at all times; client credentials and sensitive data are stored in encrypted form; the website and all SaaS platforms use SSL/HTTPS encryption. Following a security audit in May 2026, NexBDM implemented server-level hardening (firewall rules, access-key rotation, deployment-pipeline security controls) on Hetzner/Coolify infrastructure. Session tokens are short-lived, signed, and not stored in plain text.

Third-party service providers and data sharing

NexBDM uses third-party platforms to deliver its services and operate its SaaS products. Personal information may be processed by these platforms as sub-processors. We do not sell personal information to third parties under any circumstances.

Cookies and website tracking

The NexBDM website uses cookies. Strictly necessary cookies (session management, security tokens, load balancing) require no consent. Analytics and performance cookies are aggregated and anonymised and may be opted out of at any time. Non-essential marketing or retargeting cookies are never placed without your prior, informed, freely given consent via the cookie consent banner.

Retention of personal information

Your rights (GDPR and POPIA)

Whether you are in the EU/UK (GDPR) or South Africa (POPIA), you have the following rights, and we honour the broader set where the two laws differ:

To exercise any of these rights, contact the Information Officer at hjr@nexbdm.com with subject line "Privacy Request: [Your Name]: [Request Type]". We respond within 30 days of receipt, or within the GDPR statutory period where that is shorter.

International transfers

Because we serve clients worldwide, personal information may be transferred to and processed in countries outside both South Africa and the European Economic Area. Where we transfer personal information out of the EEA, we rely on the European Commission's Standard Contractual Clauses (SCCs) and/or the UK International Data Transfer Agreement, and we maintain a contractual Data Processing Agreement with each sub-processor. Where we transfer out of South Africa, we rely on POPIA's recognised safeguards (including SCCs and binding corporate rules). We do not transfer personal information to a country that does not provide an adequate level of protection unless appropriate safeguards are in place.

The formal legal copy of this policy is published as privacy-policy.pdf (POPIA Privacy Policy v1.2). This web page is the global, plain-language summary covering both GDPR and POPIA.

Book Your Discovery Session
Contact: hjr@nexbdm.com
Machine-readable site directory for LLMs: /llms.txt and /llms-full.txt