Privacy Policy

Your privacy is important to us. Learn how we protect your information.

Privacy Policy

Your privacy is important to us. Learn how we protect your information.

Last Updated: January 15, 2025

Effective Date: January 15, 2025

1. Introduction

Welcome to NexaCrest International Private Limited (“NexaCrest,” “we,” “us,” or “our”). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you:

Visit our website at nexacrestinternational.com
Use our international trade facilitation services
Engage with our digital services, IT solutions, or marketing platforms
Communicate with us through any channel

By accessing our website or using our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access our website or use our services.

2. Information We Collect

We collect information that you provide directly to us, information we obtain automatically when you use our services, and information from third-party sources as described below:

2.1 Information You Provide to Us

When you engage with our services, you may provide us with the following types of information:

2.2 Information Collected Automatically

When you visit our website or use our digital services, we automatically collect certain information about your device and usage patterns:

Log Data: Server logs including IP address, browser type, pages visited…
Cookies and Tracking Technologies: Information stored through cookies, web beacons, and similar technologies
Device Information: Hardware model, operating system, unique device identifiers, mobile network information
Usage Data: Features accessed, interactions with our services, search queries, preferences
Location Data: General geographic location based on IP address (not precise GPS location)

2.3 Information from Third-Party Sources

We may receive information about you from third-party sources including:

Business Partners: Shipping carriers, customs brokers, freight forwarders, warehousing facilities
Government Authorities: Customs departments, trade regulatory bodies, tax authorities
Public Databases: Business registries, trade directories, credit bureaus (for B2B credit assessment)
Marketing Platforms: LinkedIn, Google Ads, trade portals where you may have interacted with our content
References: Information provided by your references or business contacts

3. How We Use Your Information

NexaCrest uses the collected information for various legitimate business purposes including but not limited to:

3.1 Service Delivery and Operations

Processing and fulfilling your import/export service requests
Coordinating logistics, customs clearance, and freight forwarding
Managing documentation, compliance, and regulatory requirements
Providing trade consulting and supply chain optimization services
Facilitating payment processing and financial transactions
Operating our IT solutions, websites, and digital platforms
Tracking shipments and providing real-time status updates

3.2 Communication and Customer Support

Responding to your inquiries, requests, and support tickets
Sending transactional communications (confirmations, invoices, updates)
Providing important service announcements and policy updates
Conducting customer satisfaction surveys and collecting feedback
Resolving disputes and addressing complaints

3.3 Marketing and Business Development

Sending promotional emails about our services, case studies, and industry insights (with your consent)
Displaying targeted advertising on third-party platforms (Google, LinkedIn, Facebook)
Conducting market research and analyzing business trends
Personalizing your experience on our website and marketing communications
Generating leads and identifying potential business opportunities

Your Marketing Preferences

You can opt out of marketing communications at any time by:

Note: Opting out of marketing does not affect transactional communications necessary for service delivery.

3.4 Legal Compliance and Protection

Complying with applicable laws, regulations, and legal obligations
Responding to legal requests from government authorities and law enforcement
Meeting customs, tax, and trade compliance requirements
Preventing fraud, security threats, and illegal activities
Protecting our rights, property, and safety, and those of our users
Enforcing our terms of service and contractual agreements
Resolving disputes and defending legal claims

3.5 Analytics and Improvement

Analyzing usage patterns and user behavior to improve our services
Conducting A/B testing and optimizing website performance
Developing new features, products, and service offerings
Monitoring and improving customer satisfaction
Training our staff and improving operational efficiency

4. Legal Basis for Processing Your Information

We process your personal information under the following legal bases:

4.1 Contractual Necessity

Processing is necessary to perform our contractual obligations to you when you engage our services, including:

Executing import/export transactions and trade facilitation services
Providing logistics, customs clearance, and supply chain management
Delivering IT solutions, website development, and digital marketing services
Processing payments and fulfilling financial obligations

4.2 Legal Obligations

Processing is required to comply with legal and regulatory requirements, including:

Customs regulations and international trade laws
Tax compliance and GST/IGST requirements
Anti-money laundering (AML) and Know Your Customer (KYC) regulations
Data protection laws including Information Technology Act, 2000 (India)
Data protection laws including Information Technology Act, 2000 (India)

4.3 Legitimate Interests

Processing is necessary for our legitimate business interests, provided these interests do not override your fundamental rights:

Improving our services and user experience
Conducting business development and marketing activities
Detecting and preventing fraud and security threats
Analyzing business performance and market trends
Managing customer relationships and communication

4.4 Consent

In certain cases, we process your information based on your explicit consent, which you can withdraw at any time:

5. How We Share Your Information

NexaCrest does not sell, rent, or trade your personal information to third parties for their marketing purposes. However, we may share your information with the following categories of recipients as necessary for our business operations:

5.1 Service Providers and Business Partners

We share information with trusted third-party service providers who assist us in delivering our services:

Logistics Partners: Shipping lines, freight forwarders, airlines, trucking companies for cargo movement
Customs Brokers: Licensed customs brokers and clearing agents for customs clearance
Warehousing Facilities: Storage and distribution centers managing your inventory
Payment Processors: Banks, payment gateways, and financial institutions for transaction processing
Technology Providers: Cloud hosting services (AWS, Azure, Google Cloud), CRM platforms, communication tools
Professional Advisors: Legal counsel, accountants, auditors, insurance providers
Marketing Platforms: Email marketing services (Mailchimp), advertising platforms (Google Ads, LinkedIn Ads)

Your Marketing Preferences

All third-party service providers are bound by contractual obligations to protect your information and use it only for specified purposes. They are prohibited from using your data for their own purposes or sharing it further without authorization.

5.2 Government Authorities and Regulatory Bodies

Customs Departments: For import/export declarations and compliance verification
Tax Authorities: For GST/IGST compliance and tax filings
Trade Regulatory Bodies: DGFT, Export Promotion Councils, regulatory authorities
Law Enforcement: When required by law, court order, or legal process
Banking Authorities: For foreign exchange compliance under FEMA regulations

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred to the successor entity. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

5.4 With Your Consent

We may share your information with third parties when you have provided explicit consent, such as:

5.5 Aggregate and De-identified Information

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you, including:

6. International Data Transfers

As an international trade facilitation company, we may transfer your personal information across borders to facilitate our global operations. This includes transfers:

To Service Providers: Located in various countries where our logistics partners, technology providers, and business associates operate
To Business Partners: Suppliers, buyers, and partners in countries where you conduct trade
For Cloud Storage: Data centers operated by our cloud service providers (AWS, Azure, Google Cloud) in various jurisdictions

Data Transfer Safeguards

When transferring personal information internationally, we implement appropriate safeguards to ensure your data remains protected:

Standard Contractual Clauses (SCCs) approved by relevant authorities
Data Processing Agreements with adequate security provisions
Ensuring recipients are located in countries with adequate data protection laws
Implementing technical and organizational security measures
Obtaining your consent where required by law

Countries We Operate In: Our primary operations are in India, with service delivery across 25+ countries including USA, UK, UAE, Germany, Singapore, Australia, and others as required for international trade facilitation.

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred to the successor entity. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

We may share your information with third parties when you have provided explicit consent, such as:

7.2 Administrative Security Measures

We implement comprehensive technical, administrative, and physical security measures to protect your personal information against unauthorized access, loss, misuse, alteration, or destruction.

7.1 Technical Security Measures

Encryption: SSL/TLS encryption for data transmission; AES-256 encryption for data at rest
Access Controls: Role-based access controls (RBAC) limiting data access to authorized personnel only
Secure Hosting: Enterprise-grade cloud infrastructure with redundancy and backup systems
Firewalls: Network firewalls and intrusion detection/prevention systems (IDS/IPS)
Regular Updates: Timely security patches and software updates
Vulnerability Scanning: Regular security audits and penetration testing
Two-Factor Authentication (2FA): Available for user accounts accessing sensitive systems

7.2 Administrative Security Measures

Data Minimization: We collect only information necessary for stated purposes
Employee Training: Regular privacy and security training for all staff members
Confidentiality Agreements: All employees and contractors sign confidentiality agreements
Vendor Management: Due diligence assessments for third-party service providers
Incident Response Plan: Documented procedures for security breach detection and response
Data Retention Policies: Systematic deletion of data no longer required

7.3 Physical Security Measures

Data Breach Notification

Despite our security measures, no system is completely secure. In the unlikely event of a data breach affecting your personal information, we will:

Notify affected individuals promptly (within 72 hours of discovery, where feasible)
Provide details about the breach, affected data, and remedial actions
Updating your preferences in your account settings
Offer guidance on steps you can take to protect yourself
Implement measures to prevent similar incidents

Your Role in Security

You also play an important role in protecting your information:

Keep your account credentials confidential and do not share passwords
Use strong, unique passwords and enable two-factor authentication
Be cautious of phishing attempts and verify sender authenticity
Report suspicious activity or unauthorized access immediately
Keep your contact information current so we can reach you if needed

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention Periods by Category

Deletion and Anonymization

Upon expiration of the retention period, we will:

Securely Delete: Permanently delete personal information from active systems
Archive: Move data to secure archival storage if required for legal/regulatory purposes
Anonymize: Remove identifiers so data can no longer be linked to you
Backup Removal: Overwrite or delete information from backup systems during routine backup cycles

Exception: We may retain certain information longer if required by law, legal proceedings, government investigations, or to protect our legal rights and interests.

9. Your Privacy Rights

Depending on your location and applicable laws, you may have certain rights regarding your personal information. We are committed to facilitating the exercise of these rights.

9.1 Access and Portability Rights

9.2 Correction and Deletion Rights

9.3 Control and Restriction Rights

Right to Restrict Processing: Request limitation of processing under certain conditions
Right to Object: Object to processing based on legitimate interests or for direct marketing purposes
Right to Opt-Out: Withdraw consent at any time for consent-based processing
Right to Opt-Out of Marketing: Unsubscribe from marketing communications at any time

9.4 Rights Related to Automated Decision-Making

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Limitations on Rights

Your rights are not absolute. We may deny or limit your request if:

Required to comply with legal obligations
Necessary for establishing, exercising, or defending legal claims
Processing is required for reasons of public interest
Request is manifestly unfounded or excessive
Data retention is required under applicable laws (customs, tax, commercial laws)

If we deny your request, we will explain the reasons and inform you of your right to lodge a complaint with a supervisory authority.

10. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website performance, and deliver personalized content and advertising.

What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us recognize your browser and capture certain information about your preferences and usage patterns.

Types of Cookies We Use

Third-Party Cookies

We use third-party services that may set their own cookies:

Google Analytics: Website traffic analysis and user behavior tracking
LinkedIn Insights: Professional audience tracking and B2B marketing
Facebook Pixel: Social media advertising and retargeting
HubSpot/Mailchimp: Marketing automation and email campaign tracking
Google Ads: Advertising campaign management and conversion tracking

Managing Cookies

You have several options to manage cookies:

Browser Settings: Most browsers allow you to refuse cookies or delete existing cookies. Refer to your browser's help section for instructions.
Opt-Out Tools: Use industry opt-out tools like the Network Advertising Initiative (NAI) or Digital Advertising Alliance (DAA)
Google Analytics Opt-Out: Install the Google Analytics Opt-out Browser Add-on
Cookie Consent Manager: Use our cookie preference center (if available) to customize your cookie settings

Note: Disabling certain cookies may affect website functionality and limit your ability to use some features of our services.

Do Not Track (DNT) Signals

Our website does not currently respond to "Do Not Track" browser signals. We will update this policy if we implement DNT signal recognition in the future.

11. Children's Privacy

Our services are designed for businesses and are not directed to individuals under the age of 18. We do not knowingly collect personal information from children.

If you are under 18 years of age, please do not:

If we become aware that we have inadvertently collected personal information from a child under 18, we will take immediate steps to delete such information from our systems.

For Parents/Guardians: If you believe your child has provided us with personal information, please contact us immediately at privacy@nexacrestinternational.com so we can delete the information.

12. Third-Party Websites and Services

Our website and communications may contain links to third-party websites, services, or resources that are not owned or controlled by NexaCrest International.

Our Responsibility

We are not responsible for:

Your Responsibility

When accessing third-party links, you should:

Examples of Third-Party Services: Payment gateways, social media platforms (LinkedIn, Facebook), shipping carrier tracking portals, government customs websites, trade directories, and business registries.

Your interactions with these third-party services are governed by their respective privacy policies, not this Privacy Policy.

13. Changes to This Privacy Policy

We reserve the right to update, modify, or replace this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or other operational reasons.

Notification of Changes

When we make material changes to this Privacy Policy, we will:

Your Acceptance

Continued use of our website or services after changes become effective constitutes your acceptance of the revised Privacy Policy. If you do not agree with the changes, you should:

Version History

We maintain a version history of our Privacy Policy. Previous versions are available upon request by contacting privacy@nexacrestinternational.com.

14. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

NexaCrest International Private Limited

Data Protection Officer / Privacy Officer

Mailing Address: NO 33, T RAMAIAH GARDEN, 2 HULIMAVU VILLAGE, Hulimavu, Bangalore, Bangalore South, Karnataka, India, 560076

Email Address: letsconnect@nexacrestinternational.com

Phone: +91-7676463030 / +91-7676003447

Business Hours: Monday - Saturday, 9:00 AM - 6:00 PM IST

Emergency Support: 24/7 for existing clients

Response Timeline

We are committed to addressing your privacy concerns promptly:

General Inquiries: Response within 3-5 business days
Privacy Rights Requests: Response within 30 days (may be extended to 60 days for complex requests)
Data Breach Concerns: Immediate investigation and response within 24-48 hours
Complaints: Acknowledgment within 48 hours; resolution timeline communicated

Complaints to Supervisory Authority

If you are not satisfied with our response or believe we are processing your personal information unlawfully, you have the right to lodge a complaint with the appropriate data protection supervisory authority in your jurisdiction.

For India: You may contact the relevant authorities under the Information Technology Act, 2000, or await implementation of the Digital Personal Data Protection Act guidelines.

15. Legal Disclaimers and Limitations

15.1 No Guarantee of Security

While we implement industry-standard security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information and accept no liability for unauthorized access resulting from circumstances beyond our reasonable control.

15.2 Force Majeure

We shall not be liable for any failure to comply with this Privacy Policy due to circumstances beyond our reasonable control, including but not limited to:

Natural disasters, pandemics, wars, or acts of terrorism
Government actions, legal requirements, or court orders
Cyberattacks, hacking incidents, or system failures
Telecommunications or internet service disruptions
Actions or omissions of third-party service providers

15.3 Limitation of Liability

To the maximum extent permitted by applicable law, NexaCrest International shall not be liable for:

Indirect, incidental, special, consequential, or punitive damages
Loss of profits, revenues, business opportunities, or goodwill
Data loss or corruption (beyond our reasonable control)
Third-party actions or breaches of third-party privacy policies
Your failure to maintain confidentiality of account credentials

15.4 Indemnification

You agree to indemnify and hold harmless NexaCrest International, its officers, directors, employees, and agents from any claims, damages, losses, liabilities, and expenses (including legal fees) arising from:

15.5 Governing Law and Jurisdiction

This Privacy Policy is governed by and construed in accordance with the laws of India, without regard to conflict of law principles. Any disputes arising from this Privacy Policy shall be subject to the exclusive jurisdiction of the courts in Chennai, Tamil Nadu, India.

15.6 Severability

If any provision of this Privacy Policy is found to be unenforceable or invalid by a court of competent jurisdiction, such provision shall be modified to the minimum extent necessary or severed, and the remaining provisions shall continue in full force and effect.

15.7 Entire Agreement

This Privacy Policy, together with our Terms of Service, constitutes the entire agreement between you and NexaCrest International regarding the processing of your personal information and supersedes all prior communications and agreements.

16. Additional Information for Specific Jurisdictions

16.1 For Users in India

Under the Information Technology Act, 2000 and Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011:

We have implemented reasonable security practices to protect your sensitive personal data
You may review and correct your personal information by contacting us
We will not disclose sensitive personal data to third parties without your consent, except as permitted by law
You may file complaints with the Cyber Appellate Tribunal if your rights are violated

16.2 For Users in the European Union (EU/EEA)

Under the General Data Protection Regulation (GDPR), you have enhanced rights including:

Right to withdraw consent at any time
Right to lodge a complaint with your local supervisory authority
Right to data portability in machine-readable format
Right to object to processing based on legitimate interests
Right to restriction of processing under certain circumstances

Our EU representative (if applicable) can be contacted at: eu-representative@nexacrestinternational.com

16.3 For Users in California (USA)

Under the California Consumer Privacy Act (CCPA), California residents have specific rights. Please see our CCPA Notice for detailed information.

16.4 For Users in Other Jurisdictions

If you are located in a jurisdiction with specific data protection laws, you may have additional rights. Please contact us to understand how local laws apply to your personal information.