Who is the controller?
For data you submit through this website — the contact form, the booking form, newsletter subscriptions — Nordix Systems is the data controller. For data your Nordix BIOS tenant produces while operating your business (conversations, orders, ad metrics, customer records), your company is the controller and Nordix Systems acts as processor under a written Data Processing Agreement.
What we collect on this website
- Form submissions — name, work email, optional company, role, message, and the date and time you picked when booking a demo. Stored to reply to your inquiry.
- Server logs — request URL, IP address (truncated), user agent, referrer, response code. Retained 30 days for security and capacity planning.
- Plausible analytics — anonymous, cookie-free, GDPR-compliant pageview events: URL, country (geo-IP), referrer, device type. No personal identifiers and no fingerprinting.
We do not use marketing or advertising cookies on this website. There is no consent banner because there are no consent-gated trackers.
What we do with it
- Reply to your inquiry.
- Maintain a record of the request for our sales pipeline.
- Detect abuse (rate-limiting, spam, automated abuse).
We do not sell personal data. We do not share it with third parties except subprocessors strictly necessary to deliver our service — see the subprocessors list.
How long we keep it
| Data | Retention |
|---|---|
| Form submission stored as email | 24 months from submission |
| Anonymous analytics | 36 months aggregate |
| Server logs | 30 days |
| Tenant operational data | As defined in your DPA — typically the active subscription term plus 90 days backup retention |
Where we store it
By default, all data is stored inside the European Union (Ireland or Stockholm region, depending on the service). For customers outside the EU we can negotiate a different residency.
Your rights under GDPR and LGPD
You have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate data.
- Erase ("right to be forgotten") any data, subject to legal retention obligations.
- Restrict processing.
- Data portability — receive a copy of your data in a machine-readable format.
- Object to processing for legitimate-interest purposes.
- Lodge a complaint with your local data protection authority (Spain: AEPD, Portugal: CNPD, Brazil: ANPD, Norway: Datatilsynet).
To exercise any of these rights, write to privacy@nordixsystems.com and we will respond within 30 days.
Contact
- Privacy enquiries: privacy@nordixsystems.com
- Security incidents: security@nordixsystems.com
- Postal: Nordix Systems, c/o NCS group, Madrid, Spain (full address on request)
This policy was last updated on 2026-05-12. Material changes are announced at the top of this page and dated.