Privacy Policy

General information
Nextrasoft Limited respects your privacy, and is committed to protecting the privacy, confidentiality and security of the personal data you provide to us or that we collect about you when you use our web-based services, our mobile application and other online products and services ("Services"), when you contact customer services, or when you otherwise interact with us. We are aware of our responsibilities to protect your personal data, to keep it secure and comply with applicable privacy and data protection laws. Within data protection legislation, organisations are either classified as “Data Controllers” or “Data Processors”. A Data Controller is a person who, or an organisation which, determines the purposes for which and the manner in which any personal data are processed. A Data Processor is a person who, or organisation which. processes the data on behalf of the Data Controller Nextra is a "Data Processor", processing personal data on behalf of our customers, who are “Data Controllers”. This Privacy Notice explains our personal data practices and the choices you can make about the way your personal data is used. This Privacy Notice gives effect to our commitment to protect your personal data and serves as the guidelines to be observed by all of our staff and third parties in all locations in which we operate.
Who are we
When we say ‘we’ or ‘us’ in this Privacy Notice, we are referring to Nextrasoft Limited who has its principal office at 1st Floor, The Barn, Nup End Business Centre, Nup End Green, Old Knebworth, Hertfordshire SG3 6QJ.Our Data Protection Officer can be contacted at dataprotectionofficer@nextrasoft.com or at 1st Floor, The Barn, Nup End Business Centre, Nup End Green, Old Knebworth, Hertfordshire SG3 6QJ.
Types of Personal Data We Collect from our Customers
• Contact Details (e.g. Name, address and phone number(s))
• Other identifiers (e.g. NI Number and Payroll ID)
• Details of Hours Worked
• Details of Holidays / Other Leave taken
• Relevant Documents and Certifications; and
• Any other personal data you choose to provide to us.
Third Party Services
The Services do not contain any links to other websites, apps, content, services or resources on the internet which are operated by third parties.
Information We Collect Automatically When You Use the Services:
When you access or use the Services, we automatically collect personal data about you, including:

• Log Information: we may collect system log information about your use of the Services, including the type of browser you use, access times, pages viewed, your IP address and the page you visited before navigating to our Services.
• Device Information: we may collect information about the computer or mobile device you use to access our Services, including the hardware model, operating system and version, unique device identifiers (such as, IP address, IMEI number, the address of the device's wireless network interface, or mobile phone number used by the device) and mobile network information.
• Location Information: we may collect information about the location of your device each time you access or use one of our mobile applications or otherwise consent to the collection of this information. You can turn off location services for a device at any time, but this may turn off some useful features.
• Information Collected by Cookies and Other Tracking Technologies: we and our service providers use various technologies to collect information, including cookies and web beacons. Cookies are small data files stored on your hard drive or in device memory that help us improve our Services and your experience, see which areas and features of our Services are popular and count visits. Web beacons are electronic images that may be used in our Services or emails and help deliver cookies, count visits and understand usage. For more information about cookies, and how to disable them, please contact our data protection officer.
Information We Collect from Other Sources:
we do not collect data from any other sources
How We Use Your Personal Data:
The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:

• Contractual Obligations - In most circumstances, we need your personal data to comply with our contractual obligations. For example, providing data to your payroll system so that you are paid the correct amount.
• Legal Compliance - If the law requires us to, we may need to collect and process your data. For example, keeping records as required by HMRC.
• Legitimate Interest - In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
Disclosures of Your Personal Data
We may share your personal data with:

• Your employer/our customer
• Government bodies
• Any other party at your consent or at your direction; and otherwise as permitted or required by applicable laws and regulations. We may also disclose aggregate or de-identified data that is not personally identifiable with third parties, including our commercial and strategic partners.
Overseas Transfers of Your Personal Data
No personal data is transferred from the EU to outside the EU or, indeed, to any other countries.
Direct Marketing
We will not use your personal data for direct marketing.
Retention of Personal Data
To the extent required by law, we take reasonable steps to destroy, or de-identify or redact, personal data in a secure manner when we no longer need it for the purposes for which it was collected (as set out in this Privacy Notice) and retention is no longer necessary for legal or business purposes. In any event, we do not retain your personal data for longer than six (6) years, subject to local laws and regulations.
Our Commitment to Data Security
We have in place reasonable technical and organisational measures to prevent unauthorised or accidental access, processing, erasure, loss or use of your personal data and to keep your personal data confidential. These measures are subject to ongoing review and monitoring. To protect your personal data, we also require our third-party service providers and strategic partners to take reasonable precautions to keep your personal data confidential and to prevent unauthorised or accidental access, processing, erasure, loss or use of personal data, and to act at all times in compliance with applicable data protection laws.
Your Rights and Contact Us
You are entitled to the following rights:

• Right of access to the personal data we hold about you
• Right of rectification
• Right to erasure
• Right to restrict data processing
• Right to object against profiling; and
• Your personal right to data portability.

Whenever reasonably possible and required, we will strive to grant these rights within one month. You may also request us to stop processing your personal data, at any time, and you may in certain circumstances ask us to delete your personal data. However, if you entirely withdraw your consent or ask us to delete your personal data entirely, we may not be `able to continue providing services to you and our Customer. To make these requests, or if you have any questions or complaints about how we handle your personal data, or would like us to update the data we maintain about you and your preferences, please contact our data protection officer by email at dataprotectionofficer@nextrasoft.com or by post at 1st Floor, The Barn, Nup End Business Centre, Nup End Green, Old Knebworth, Hertfordshire SG3 6QJ.
Changes to the Privacy Notice
We may modify this Privacy Notice from time to time. Any changes to this Privacy Notice will be posted to the Services so that you are always informed of the way we collect and use your personal data, and we encourage you to review this Privacy Notice whenever you access the Services or otherwise interact with us to stay informed about our information practices and the ways you can help protect your privacy.
Last Updated: 21 June 2018