Legal notice

Privacy policy

Nexi Data Protection Notice

1. Data privacy is fundamental for the Nexi Group

Nexi Group prioritises relationships with its clients, taking, from the initial stages of service design and development, all the organisational, technical and security measures needed to safeguard the personal data of data subjects involved in managing its services (clients, end-users of services, employees and suppliers) in compliance with EU Regulation 2016/679 (“GDPR”) and data protection legislation in jurisdictions we operate. We also strive for best practices for the use of the information systems that make it possible for such services to function properly.

Indeed, our mission is to earn and increase our clients’ trust every day, in accordance with the following fundamental principles of data protection:

  • Transparency: we provide transparent information on the collection and use of data;
  • Security: we protect the data entrusted to us with sophisticated security solutions;
  • Control: clients have control over their privacy with easy-to-use instruments and clear options.
  • Reporting: we provide periodic disclosures of any reports of data breaches when required by law.

 

Nexi Group offer Banks, Small and Medium-sized Enterprises, Large International Corporations, Institutions and Public Administrations a complete range of innovative solutions for digital payments in both card‑present and card‑not‑present acceptance, e-commerce and multi-channel solutions. Therefore, we provide banks and financial institutions with end-to-end, modular and customised services to manage their customers' payment cards with respect to: processing, card management, dispute resolution, security services, fraud prevention and customer value management.

References to Nexi Group services contained in this notice include the use of websites, apps, servers and various devices made available to clients for the provision of such services.

With this notice, Nexi Group intends to explain why and how the Group Companies process personal data.

2. Personal data collected by Nexi

Nexi Group collects a client’s data directly from the client (i.e., data collection from the data subject) and from third-party sources (e.g., its partner banks in order to sell services to end clients, national and international payment circuits, etc.).

In the case of the former, Nexi Group collects the client’s data when the contracts are signed (e.g., general personal information like the client’s name and contact information and financial information like their IBAN and payment card number, etc.) and subsequently, based on and following the client’s use of the services provided (e.g., data regarding transactions, authentication on Nexi Group apps, etc.) or when the client requests assistance with any questions or to report issues that arise in the use of the services.

Nexi Group collects a client’s data from third parties as well, both to meet legal obligations, such as from public databases or authorised parties (e.g., the Company Register) when clients are surveyed in accordance with anti-money laundering regulations, and in the course of ordinary operations, such as from national and international payment circuits (e.g. PagoBancomat, Visa, MasterCard, etc.) for transaction authorisation and accounting.

Moreover, Nexi Group also collects information on users’ visits to its institutional website, portals and apps. In some regards, personal data is collected with the direct consent of the end-user for the services. In other regards using technical, analytical and statistical cookies and similar technologies and profiling cookies for marketing purposes, which, unlike the aforementioned cookies, require the user’s explicit consent before they may be installed. 

3. Use of personal data

Nexi Group collects and processes personal data and information necessary to provide its services and comply with the related legal requirements, for which it does not need to obtain the data subject’s consent.

Nexi Group obtains explicit consent from the data subjects for certain types of activities like marketing.

In some cases, the personal data may be used without the data subject’s consent in order to conduct statistical, quantitative and qualitative analyses and to meet Nexi Group’s specific needs (legitimate interest) including, but not limited to, analysing its clients’ transactions to update its offer to the market, analysing the performance of its applications, searching for new technological solutions to improve the client experience, etc. The outputs of these analyses are aggregate and Nexi Group uses them to examine and identify trends in its products and/or services, study and develop new products and/or solutions and improve promotions in line with clients’ needs and expectations.

Nexi Group could use the personal data and information collected for purposes other than those for which they were collected, such as marketing, in compliance with the principles of data protection regulations currently in force, specifically the obligation to inform the data subject of these other purposes and the data subject’s rights, including the right to object.

Given the nature of the services provided, the processing of personal data for the purposes indicated above is mainly automated but may include manual processing by the appropriately authorised personnel. These two methods complete one another for the provision of the services.

Automated processing entails using the best technologies available on the market and implementing multiple security systems (e.g., firewalls, credentials, tokens, etc.) to prevent the unintentional and/or temporary loss or unavailability of the personal data processed. To ensure this is accomplished, Nexi Group has set up specific internal procedures for the initial development and implementation of the applications based on several levels of authorisation for their activation in the production environment.

Manual processing is carried out based on the procedures that Nexi Group has established for its personnel and the personnel of third parties that the Group Companies may use, with the support of ongoing general and specialised training provided remotely and in person, according to the assigned duties.

The personal data are mainly processed electronically. However, some hard-copy processing remains, such as for the management of complaints and disputes, etc.

Nexi Group shares the personal data collected with suppliers operating on its behalf, which are appointed as data processors in accordance with article 28 of the GDPR, or with other controllers, to meet either operating needs (e.g., payment circuits) or legal obligations (e.g., tax authorities).

Suppliers must process the personal data exclusively for the purposes of performing their contract with Nexi Group and are required to inform Nexi Group of all the operating methods they apply for compliance with the GDPR, such as keeping a record of the processing activities, appointing any sub-suppliers as processor, the contractual clauses used for any transfers to third countries, etc. In any case, all suppliers are subject to periodic checks by Nexi Group in order to assess data protection risk.

4. Data subject’s right to access and check the personal data

Data subjects may check the personal data that Nexi Group has collected and exercise their data protection rights by using either available data subject rights request portals or by contacting locally appointed Data Protection Officer via the channels made available over time and published in the Privacy section of the Group Company website.

In particular, data subjects may request access to their data and the rectification or erasure of their data and the restriction of processing in any of the circumstances provided for by article 18 of the GDPR. They may also object to processing under article 21 of the GDPR.

Furthermore, data subjects may exercise their right to data portability pursuant to article 20 of the GDPR, i.e., the right to receive the data in a structured, commonly used and machine-readable format and, where technically feasible, the right to transmit those data to another controller without hindrance.

Lastly, data subjects have the right to file a complaint with the Data Protection Authority. 

5. Data DeletionNexi Group retains the collected data solely for the amount of time necessary to provide the services for which the data are stored and, therefore, the data are deleted when no longer used in accordance with the provisions of the GDPR and other legal obligations. The retention periods vary from jurisdiction to jurisdiction and data subjects are informed accordingly in relevant privacy notices.

6. Security measures

For the adequate and secure management of the personal data that each Group Company collects, stores or processes in any other way, Nexi Group has established a data protection governance system that ensures compliance with the regulatory requirements in place over time and the security measures adopted, in accordance with the principle of accountability (article 24 of the GDPR).

This governance system consists of policies, rules, operating procedures and manuals that are periodically updated to reflect the most recent applicable regulatory requirements and in line with each Group Company’s organisational structure.

The security measures that each Group Company has adopted are organisational, procedural and technical.

With specific regard to the definition and implementation of technical measures, the Compliance Department and the DPO support the Cybersecurity Department, which is responsible for overseeing information security, the governance of business continuity and security incident management processes and monitoring the effective application of security standards and processes.

The main security measures cover all aspects of data and information security, as regulated by the main standards for the sector, such as secure software development and maintenance, data backup and disaster recovery, logical and physical access management, protection against cyberattacks (e.g., firewalls, anti- malware, etc.) and so on.

Ad hoc security measures are implemented for the processing of hard-copy data and documents, with specific regard to their secure use and storage (e.g., clean desk policy), to protect against the loss of integrity and ensure they are disposed of in accordance with the law when no longer useful or necessary, etc.

The security measures are defined taking a risk-based approach, in accordance with the principles of accountability and privacy by design and by default and considering other applicable standards and regulations in the sector, such as the security requirements that a Group Company must meet to maintain its PCI-DSS certification, which often overlap and complement each other. These measures are reviewed and updated whenever necessary to ensure that the data are processed in compliance with current data protection regulations. Privacy policy systems and procedures are embedded in group-wide risk/compliance management. Privacy protection is included in the overall operational risk/compliance management structures of the company.

The relevant functions of the Group periodically monitor and test the effectiveness of privacy policy compliance.

In case of violation of relevant guidelines, the Group adopts the necessary escalation procedures, including any disciplinary actions that may become necessary.

Nexi respects privacy and personal data protection as highly valued fundamental rights and pledge to handle all personal data in our care with the highest ethical standards, adhering to all applicable laws and regulations. Nexi will ensure the confidentiality, integrity, and availability of personal data in our own secure and state of the art technical environment and thus uphold the values of trust, transparency, and accountability. Nexi will adopt appropriate disciplinary actions in case of any violation of privacy and personal data protection.

Last update: 31 July 2023

Information on personal data processing while browsing site www.nexigroup.com

Below is an information pursuant to articles 13 and 14 of Regulation (EU) no. 2016/679 ("GDPR" or "Privacy Policy"), relating to personal data processing of users who consult the site www.nexigroup.com, and who interact with Nexi web services. The information relates only to this Nexi site and is not valid for other pages or websites external to Nexi that may be consulted through our links. This information, together with cookies information, constitutes the "Privacy Policy" of Nexi site and may be subject to updates.

1. Personal data collected

The computer systems and software procedures used to operate this website acquire, during their normal operation, some data whose transmission is automatic in the use of Internet communication protocols and are not associated with interested and identified users. In particular, these are data relating to the IP addresses or domain names of the computers used by users who connect to the site and other technical information sent automatically by the connection management programs. These data are used for the sole purpose of obtaining the connection. Apart from what is specified for navigation data, the user is free to provide personal data contained in the appropriate electronic forms in the website sections set up for particular services on request. It should also be noted that failure to provide them may make it impossible to obtain the requested service. 

2. Processing methods and purposes

Any data acquired are processed with automated tools for purposes related to navigation on this website, and are kept only for the time strictly necessary to achieve the purposes for which they were collected. The processing of this data is necessary to allow the use of the website. The systems are equipped with the appropriate and necessary security measures to prevent data loss, illicit or incorrect use and unauthorized access. As part of the personalized services for its users, Nexi uses tools such as "cookies". A cookie is a short string of text that is sent to your browser and, possibly, saved on your computer (alternatively on your smartphone or any other tool used to access the Internet), every time you visit a website. The cookies stored on your computer cannot be used to retrieve data from your hard disk, transmit computer viruses or identify and use your e-mail address. Each cookie is unique in relation to the browser and device you use to access the Nexi institutional site. Some of the functions performed by cookies can also be delegated to other technologies, with the term "cookie" in this document, we want to refer to cookies and all similar technologies. For more information on the cookies used by Nexi and how to manage them within the browser, you can consult the relevant Policy.

3. Rights of interested parties

The users to whom the personal data, possibly collected, refer have the right at any time to obtain confirmation of the existence or otherwise of the same data and to know its content and origin, verify its accuracy or request its integration or 'updating, or the rectification, cancellation, portability and limitation of processing pursuant to art. 15 et seq., of the GDPR. For processing based on consent, users can at any time and freely revoke their consent previously given. The aforementioned rights can be exercised by sending a written communication to the Data Protection Officer Office, c/o Nexi Payments S.p.A., Corso Sempione 55, 20149 Milan or by sending an e-mail to the e-mail address DPO@nexi.it.

Furthermore, users have the right to lodge a complaint with the Guarantor Authority for the protection of personal data.

4. Abroad data transfer

Any acquired data collected while browsing the site are not transferred abroad; in the event that such a need arises, with particular reference to the transfer of data outside the European Economic Area, it will be the responsibility of Nexi to take all the necessary measures to ensure that this treatment complies with the privacy legislation in force (Chapter V of GDPR).

5. Data Controller

The treatments connected to the web services of this site are handled by Nexi employees, who have been appointed authorized for the treatment, or by any external subjects in charge of maintenance or site technical management, in turn appointed as Data processor, pursuant to art. 28 of GDPR, by Data Controller, where necessary. No personal data deriving from the web service is disclosed.

The Data Controller is Nexi S.p.A. with registered office in Corso Sempione, 55, 20149 Milan. The Data Protection Officer can be contacted at Nexi Payments SpA, by writing to the e-mail address DPO@nexi.it, or by sending a written request to Nexi Payments SpA, Data Protection Officer’s office, Corso Sempione 55, 20149 Milan.            

Last update: June 2021

  • Nexi Austria GmbH [Austria]
  • PforCards GmbH [Austria]
  • SIA Croatia d.o.o. [Croatia]
  • Nexi Croatia d.o.o.[Croatia]
  • Nexi Czech Republic s.r.o. [Czech Republic]
  • Nets Denmark A/S [Denmark]
  • Nets Estonia [Estonia]
  • Nexi Digital Finland Oy [Finland]
  • Paytrail Technology Oy [Finland]
  • Nexi Germany GmbH  [Germany]
  • Nexi Germany Sales GmbH [Germany]
  • Ratepay GmbH [Germany]
  • Orderbird GmbH [Germany]
  • Computop Paygate GmbH [Germany]
  • Nexi Payments Greece S.A. [Greece]
  • Nexi Greece Processing Signel Member SA  [Greece]
  • Nexi Hungary Zrt. [Hungary]
  • Nexi Payments S.p.A. [Italy]
  • Orbital Cultura S.r.l [Italy]
  • SIApay S.r.l [Italy]
  • Service HUB S.p.A. [Italy]
  • Mercury Payments S.p.A. [Italy]
  • Help Line S.p.A. [Italy]
  • Numera Sistemi e Informatica S.p.A. [Italy]
  • Polskie ePłatności Sp. z o.o. [Poland]
  • Centrum Rozliczeń Elektronicznych Polskie ePłatności S.A. [Poland]
  • Billbird S.A. [Poland]
  • Team4U Sp. z o.o. [Poland]
  • PayPro S.A. [Poland]
  • Nexi RS d.o.o. [Serbia]
  • Nexi Central Europe AS [Slovakia]
  • Nexi Slovenia d.o.o. [Slovenia]
  • Nets Sweden AB [Sweden]
  • Nexi Schweiz AG [Switzerland]

This privacy notice (the "Notice") sets forth how Nexi Group* (hereinafter "Nexi", "we", "us") will use the information Nexi obtain when you

  1. apply for a position through the career site;
  2. proceed to the pre-employment screening as part of the final candidate pool; or
  3. want to be included in our candidate database for a potential position.

 

*Nexi Group: Nexi S.p.A. Corso Sempione 55 - I-20149 Milan Italy

  • Nexi Germany Holding GmbH Helfmann-Park 7 - DE-65760 Eschborn Germany
  • Nets Holdco 5 AS Business: c/o Nets Branch Norway Haavard Martinsens vei 54 - NO-0978 OSLO Norwa
  • Mailing: c/o Advokatfirmaet Thommessen AS, Haakon VII's gate 10 - NO-0161 OSLO Norway
  • Nets Denmark A/S Klausdalsbrovej 601 - DK-2750 Ballerup Denmark (PO Box 500)
  • Nets Branch Norway Haavard Martinsens vei 54 - NO-0978 OSLO Norway
  • Nets Branch Sweden Hammarby allé 12, - SE-120 30 Stockholm Sweden - (Box 92006, SE-120 06 Stockholm) 
  • Nets Denmark A/S, Finnish Branch Teollisuuskatu 21 - FI-00510 Helsinki Finland
  • Nets Denmark A/S, UK Branch 1 Bartholomew Lane, - UK-London EC2N 2AXUK
  • Nets Denmark A/S, German Branch Helfmann-Park 7 - DE-65760 Eschborn Germany
  • Nets Denmark A/S, French Branch 78 Boulevard de la Reine - FR-78000 Versailles France
  • Nets Denmark A/S Eesti filiaal 3rd floor, Metro Plaza, Viru Square 2 - EE-10111 Tallinn Estonia
  • Nets Denmark A/S, Latvian Branch Terbatas iela 14 - 3 -   LV-1011 Riga Latvia
  • Nets Denmark A/S Lietuvos filialas Gedimino av. 44A - LT-01110 Vilnius Lithuania
  • Nets Estonia AS Tartu mnt. 63 - 4 - EE-10115 Tallinn Estonia
  • Nets Sweden AB Hammarby allé 12 - SE-120 30 Stockholm Sweden - (Box 92006, SE-120 06 Stockholm)
  • Signaturgruppen A/SInge Lehmanns Gade 10 - DK-8000 Aarhus C Denmark
  • Paytrail Oyjc/o Innova 2, Lutakonaukio 7 - FI-40100 Jyväskylä Finland
  • Poplatek OyLinnoitustie 4B (Quartetto Alto) - FI-02600 Espoo Finland
  • Centrum Rozliczeń Elektronicznych Polskie ePłatności S.A. (PeP) Tajęcina 113 -  PL-36-002 Jasionka Poland
  • PayPro S.A. ul. Pastelowa 8, PL-60-198 Poznań, Polska
  • (Correspondence address: 14 Szyperska St, 61-754 Poznań (Floor 6, Staircase B))Poland"
  • eCard S.A. ul. Krucza 16/22, PL-00-526 Warszawa, PolskaPoland
  • Nexi Germany GmbH Helfmann-Park 7 - DE-65760 Eschborn Germany
  • Nexi Austria GmbH ARED-Straße 11-13/5 - AT-2544 Leobersdorf Austria
  • Ratepay Franklinstraße 28-29 - DE-10587 Berlin Germany
  • Nexi Switzerland AG Richtistrasse 17 - CH-8304 Wallisellen Switzerland
  • Orderbird AT GmbH Austria 
  • Orderbird GmbH (DE) Ritterstraße 12-14 - DE-10969 Berlin Germany
  • Nexi Germany Sales GmbH Registered seat: Dürener Str. 403-405 - DE-50858 Köln Germany
    Business address: Helfmann-Park 7 - DE-65760 Eschborn Germany
  • Nexi Croatia d.o.o. Radnička cesta 50 - HR-10000 Zagreb Croatia
  • Nexi Slovenija d.o.o, Letališka cesta 29A - SI-1000 Ljubljana
    Pristaniška 14 SI-6502 Koper Slovenia
  • NEXI GREECE PROCESSING SERVICES Municipality of Dionysos (Agios Stefanos), Attica, Greece, 23rd km - GR - Athens-Lamia National Road, 14565- Greece 
  • NEXI PAYMENTS GREECE S.A. Str Charilaou Trikoupi 15, 10678 - GR Athens, Attica Greece
  • PforCards GmbH Donau-City - Straße 6, Top 6 -  AT 1220 Vienna - Austria
  • SIA Central Europe a.s. Röntgenova 1 - PO Box 79 - 851 01 Bratislava - Petržalka, Slovak Republic Slovakia
  • SIA RS d.o.o. Beograd Bulevar Zorana Djindica 144v, 11070 - Belgrade Serbia
  • SIA Czech Republic, s.r.o. V Celnici 1031/4 - 110 00 Prague 1 - Czech Republic
  • SIA Croatia d.o.o Varšavska 1 - 10000 Zagreb - Croatia
  • SIA Romania Payment Technologies S.r.l. Street Ing. G. Constantinescu no. 4B,  Floor 6, Building B and Street G. Constantinescu no. 2-4, LOT 2, 2nd District, 020339, Bucarest, Romania
  • SIA Central Europe, a.s. - Hungarian Branch Alíz utca 4. 7th floor Office Garden III - Budapest 1117 - Hungary
  • NEXI PAYMENTS SPA Corso Sempione 55, 20149 MilanItaly
  • SIAPAY S.r.l. Via Gonin 36-MilanoItaly
  • Numera SASSARI (SS) ZONA INDUSTRIALE PREDDA - NIEDDA NORD STRADA 6 SNC CAP 07100 Italy
  • NEXI PAYMENTS SPA INCORPORATED IN ITALY Irene Link, Building B, 2nd Floor 7, Impala Avenue, Doringkloof Centurion, 0157 South Africa
  • Nexi Payments SPA – Belgium Belgicastraat 1 -1930 Zaventem - Belgium
  • Nexi Payments SPA – Netherlands Winthontlaan 200 - 3526 KV Utrecht - Netherlands
  • NEXI PAYMENTS S.p.A. Zweigniederlassung Deutschland Albrechtstraße 14 - 80636 Munich - Germany
  • Service HUB S.p.A. Corso Sempione, 55 - Milan Italy
  • SERVICE HUB SPA. Zweigstelle Deutschland Flataustraße 14, 90411 Nuremberg - Germany
  • SERVICE HUB SPA Milano Sucursala București Street Ing. G. Constantinescu no. 4B, Floor 6, Building B and Street G. Constantinescu no. 2-4, LOT 2, 2nd District, 020339, Bucharest - Romania
  • MERCURY PAYMENT SERVICES S.p.A. Corso Sempione, 55 - Milan Italy
  • Help Line S.p.A.Via Sen. Guglielmo Pelizzo, 8‐8/1 Cividale del Friuli (UD)Italy

and every other company within the Nexi Group at any given time

Why do we process your personal data?

We only process your personal data for recruiting and hiring purpose. Specifically, we will process your personal data

  • to consider your application in respect of a role for which you have applied;
  • to consider your application in respect of other roles if relevant;
  • to communicate with you in respect of the recruitment process;
  • to assess your skills, qualifications and background for a particular role;
  • to evaluate you in the pre-employment screening process as part of the final candidate pool.

What kind of personal data do we process?

Nexi will collect and process the following personal data about you as an applicant:

  • Your name and contact details (e.g.  first name and last name, email address, phone number, city and ZIP code, country of residence, nationality);
  • Your account details (such as username and password) to the recruitment portal in which you have submitted your personal data;
  • Your CV data (e.g. qualifications,, information relating to your employment history, skills and experience);
  • Your correspondence details if you contact us (e.g. via chat platforms such as Instant messengers, SMS or similar);
  • Organizational data in case of internal applications (e.g. email address);
  • Your IP-address, which device and operating system you are using (smartphone, PC, Mac, Windows, Mac OS, etc.) and how you use our recruitment platform (e.g. whether you are able to complete your application, which part of the recruitment platform you are using, etc.);
  • Personal data generated by interviewers and recruiters, based on their interactions with you or basic Internet searches (e.g. data from profile on LinkedIn) if compliant with local law;
  • Personal data provided by third-party headhunters and recruitment agencies, recruitment assessment providers for personality tests (if such are conducted by Nexi or on behalf of Nexi); or job-search websites, where applicable. In such cases of use of third-party providers, you will be duly notified in advance.

What are the legal bases for processing your personal data?

All EU/EEA countries except for DACH-region

Our processing of your personal data listed above is based on the execution of pre-contractual measures taken at your request (GDPR Article 6, litra b)  or on your consent if you choose to be part of our talent community. 

Where specific information about applicants must be processed in order to comply with local law, we rely on GDPR Article 6, litra c and the local legal basis.

During the recruitment process we may also contact you directly via SMS or WhatsApp, if applicable. Such contact is merely for practical coordination purposes.

You are not required to provide us with all personal data proposed during the recruitment process. However, if you decide not to provide us with the necessary personal data, we may not be able to consider you for a position.

DACH Region

Our processing of your personal data listed above is based on GDPR Article 6, litra b (Germany, Austria) and Art. 31para 2. litra a DSG (Switzerland) as the processing is necessary in order to take steps at your request prior to entering into an employee contract, or on your consent if you choose to be part of our talent community.

During the recruitment process we may also contact you directly via SMS, if applicable. Such contact is merely for practical coordination purposes.

You are not required to provide us with all personal data proposed during the recruitment process. However, if you decide not to provide us with the necessary personal data, we may not be able to consider you for a position.

Where do you get my personal data from?

First and foremost, we collect your personal data from you via the recruitment platform My HR (Oracle HCM) in which you have provided the required personal data.

In the event that, following the interviews carried out, you receive a letter of commitment to employment from Nexi, you will be enabled to register on Nexi's My HR Portal, as indicated in the appropriate Conditions of Registration, in order to provide the documentation necessary for your employment.

We may collect personal data about you, which is provided by third-party headhunters and recruitment agencies, recruitment assessment providers for personality tests (if such are conducted by Nexi or on behalf of Nexi) and/or job-search websites.

Further, we collect personal data about you generated by interviewers and recruiters, based on their interactions with you.

We might collect personal data about you via basic Internet searches (e.g. data from profile on LinkedIn; chats from Instant messengers) unless local law prohibits this. In that case, Nexi will not perform such searches.

Who receives my personal data?

Your personal data and your applicant profile can be viewed by the recruiting and human resources department and the specialist department involved in the selection process at Nexi. In principle, only those persons who need access to your data for the proper conduct of our application process have access to your data.

We use the service provider Oracle for the hosting, operation and maintenance of our applicant management system. You can view the Oracle data protection declaration here: https://www.oracle.com/legal/privacy/. Oracle is a data processor of Nexi and they are obligated to protect your personal data in the same way as Nexi does.

Personal data is stored on servers maintained by Oracle in Frankfurt (Germany, European Union)  and subject to security safeguards which are continuously audited, with certifications from accreditation bodies across geographies and verticals. You can read more about Oracle security and compliance here:

https://www.oracle.com/a/ocom/docs/ocloud-hosting-delivery-policies-3089853.pdf

https://www.oracle.com/corporate/cloud-compliance/

Nexi uses some data processors in the recruitment process. This includes assessment centers, such as providers of personality tests, which may have access to your personal data such about your name, e-mail and test result. In such cases, you will also be asked to give consent to personality tests to such assessment centers as data controllers which they will share with us. We also use some IT-providers for operation and management purposes associated with the recruitment process. Your personal data will be accessed by service providers that perform such services on behalf of Nexi. All data processors of Nexi are obligated to protect your personal data in the same way as Nexi does.

Nexi is an international group of companies with cross-national cooperation of employees in their functions. When filling positions it is possible that the selection process involves persons, who work in a different company of the group of companies than the one for which you have applied. It is therefore also possible that in such cases applicant information will be passed on to other companies within the group of during the selection process.

When we transfer to Nexi group entities in Switzerland, we rely on the GDPR Article 45 as a legal basis for transfer. When Nexi group entities transfer back to Nexi entities within the EU, the legal basis of transfer is DSG Article 16 para. 1

When is my personal data deleted?

Nexi will keep the information created for the purpose of processing the application for a specific vacancy for:

  • twelve months, in Croatia and Slovenia, 
  • six months, in DACH Region.

Where specific personal data about applicants must be retained in order to comply with local law, we rely on GDPR Article 6, litra c and the local legal basis for keeping such personal data.

Provided that you have given your consent to be part of our talent community, Nexi will keep your contact details and Curriculum Vitae for 24 months with the purpose of contacting you if Nexi assess that your profile will be fit for another vacant position within the Nexi Group. During this period Nexi may contact you directly or through recruitment campaigns to provide information about potential career opportunities within Nexi.

Upon the expiration of the data retention period, Nexi will provide you with an opportunity to update your Curriculum Vitae and other information and to renew your consent. In the event that you have registered on the My HR Portal following receipt of the engagement letter (see above) and subsequently decide not to finalise the engagement itself, your access credentials to the Portal will be immediately revoked and your documents, if already uploaded, will be deleted without undue delay.

Upon registration, you will be given the opportunity to create your own " Profile". With this you can get access to edit or delete the data registered. You will also have the option to initiate a request to delete your data stored with Nexi.

What are my rights?

As a data subject, you have several rights which you may use at your convenience:

  1. You have the right to request access to and rectification or erasure of your personal data.
  2. You also have the right to object to the processing of your personal data and have the processing of your personal data restricted provided that processing is based on the legitimate interest of Nexi.
  3. If processing of your personal information is based on your consent, you have the right to withdraw your consent at any time. Your withdrawal will not affect the lawfulness of the processing carried out before you withdrew your consent.
  4. You have the right to receive your personal information in a structured, commonly used and machine-readable format (data portability).
  5. You may always lodge a complaint with a data protection supervisory authority in the EU/EEA member state of your habitual residence, place of work or where the alleged infringement has taken place. You can find the contact information of data protection supervisory authorities for Switzerland here: https://www.edoeb.admin.ch/edoeb/de/home.html and for all the EU countries at the following link: https://edpb.europa.eu/about-edpb/about-edpb/members_en.

There may be conditions or limitations on these rights. It is therefore not certain for example you have the right of data portability or to be deleted in the specific case - this depends on the specific circumstances of the processing activity.

You can take steps to exercise your rights by submitting your request here: https://www.nexigroup.com/en/privacy-policy/

Contact us

  • The contact details of our Data Protection Officers are:
  • Germany, Austria and Switzerland DPO-DACH@nexigroup.com
  • Nexi Croatia and Nexi Slovenia (Croatia and Slovenia) dpo.CEE@nexigroup.com
  • Nexi Payments, Service Hub (Germany), PforCards (Austria) dpo@nexigroup.com
  • SIA CE (Croatia) CE_DPO@nexigroup.com