How Nexent processes personal data under the EU General Data Protection Regulation (GDPR) and Luxembourg's loi du 1er août 2018.
Last updated: 7 May 2026
The data controller is NEXENT S.à r.l-S (a Luxembourg simplified limited liability company), represented by its director Antony Mertens, registered in Luxembourg under RCS [FILL IN: B…], with its registered office at 37, rue Kleesenberg, L-4982 Reckange-sur-Mess, Luxembourg.
For any privacy question or to exercise your rights, contact contact@nexent.lu.
| Data | Purpose | Lawful basis (GDPR Art. 6) | Retention |
|---|---|---|---|
| Name, company, email, project description (contact form) | Reply to your enquiry, scope and quote a project | Pre-contractual measures at your request — Art. 6(1)(b) | 24 months from last contact, then deleted |
| Server logs (IP, user-agent, timestamp, URL) | Security, abuse prevention, debugging | Legitimate interest — Art. 6(1)(f) | Up to 30 days (Cloudflare default) |
| Language preference (browser localStorage) | Remember your chosen language between visits | Strictly necessary — no consent required (ePrivacy) | Until you clear browser storage |
We share personal data only with processors strictly necessary to operate the site:
We do not sell, rent, or share personal data with advertisers, brokers, or third parties for marketing purposes.
This site does not use advertising or analytics cookies. The only client-side storage we use is a single localStorage key (nexent.lang) to remember your language choice — strictly necessary, no consent banner required under ePrivacy. We do not embed third-party trackers, pixels, or social widgets.
Cloudflare may process traffic at edge points of presence outside the EU. Transfers rely on the European Commission's Standard Contractual Clauses and Cloudflare's supplementary safeguards. See Cloudflare's GDPR centre for details.
Under GDPR Articles 15–22 you have the right to:
To exercise any of these rights, email contact@nexent.lu. We respond within one month.
If you believe your rights have been violated, you may lodge a complaint with the Luxembourg supervisory authority: Commission Nationale pour la Protection des Données (CNPD), 15, Boulevard du Jazz, L-4370 Belvaux — cnpd.public.lu.
We do not engage in automated decision-making or profiling within the meaning of GDPR Article 22. Every reply, scoping decision, and engagement decision is made by a human.
The site is served exclusively over HTTPS with HSTS, a strict Content Security Policy, and modern security headers. Form data is transmitted over TLS. We follow the principle of data minimisation — we only ask for what's needed to reply to you. Spam protection on the contact form is provided by Cloudflare Turnstile, a privacy-friendly CAPTCHA replacement that does not use cookies or fingerprint visitors.
We may update this policy as our practices evolve. The "last updated" date above always reflects the latest version. Material changes will be communicated by a notice on this page.