top of page

Privacy Notice

 

Last updated: 11/12/2025

 

Nexum Technologies Ltd ("Nexum", "we", "us") is committed to protecting personal data and ensuring transparency in how we process information. This Privacy Notice explains how we collect, use, store, and protect personal data across all our services, including:

  • The Nexum platform is used by employers, payroll firms and pension providers.

  • Request forms used by employees.

  • Our website and enquiry channels.

  • Our business operations, billing activities, and communications.
     

1. Who we are

Nexum Technologies Ltd is a UK private limited company providing pension contribution administration and payroll-related software services.

We act as either a Data Controller or Data Processor, depending on the context:

 

Controller:

We act as a Data Controller when processing:

  • Website enquiries.

  • Employee requests form submissions.

  • Billing and account information for clients.

  • Contact details of employer users, delegates, and pension provider users.

  • Marketing communications (where opted in)

  • Our own operational and business data

 

Processor:

We act as a Data Processor when processing employee and employer data provided by clients through the Nexum platform, including:

  • Employee identifiers.

  • Pension contributions.

  • Payroll-related information.

In these cases, employers remain the Data Controller.

 

2. What personal data we process

The data we process depends on how you interact with Nexum.

 

A. Data processed as a Controller

We may collect and process:

Website & enquiry data

  • Name

  • Email address

  • Any information you submit via enquiry forms
     

Pension contribution request form data

  • First name

  • Last name

  • Work email

  • Personal email

  • Requested pension provider
     

Client and business contact data

  • Employer admin names and emails

  • Delegate user names and emails (e.g., payroll firms)

  • Pension provider contact details

  • Billing and invoicing details
     

Marketing data

  • Email address

  • Communication preferences
     

B. Data processed as a Processor

When providing services to employers, we process employee and payroll-related data on their behalf, including:

  • Employee name and address

  • Work email

  • National Insurance number

  • Date of birth

  • Earnings and contribution details

  • Pension provider details

  • Employer identifiers (Companies House number, bank account details)

  • Pension account identifiers received from pension providers

This data is controlled by the employer. Nexum processes it solely to provide pension administration services.

 

3. How we use personal data

We use personal data for:

 

A. Purposes as a Controller

  • Responding to enquiries.

  • Managing pension contribution requests.

  • Communicating with clients and platform users.

  • Billing and invoicing.

  • Providing product updates and service notifications.

  • Sending marketing communications where consent is given.

  • Maintaining business records

 

B. Purposes as a Processor

  • Enabling employers to submit pension contributions.

  • Facilitating data transfers to pension providers.

  • Providing secure access to employer and delegate users.

  • Maintaining audit logs.

  • Operating and improving the Nexum platform.
     

4. Legal bases for processing

We rely on the following legal bases:

 

Controller activities

  • Contract: communicating with clients, delivering services, billing.

  • Legitimate interests: responding to enquiries, managing pension contribution requests, improving our service.

  • Consent: optional marketing communications.

  • Legal obligation: AML data retention and identity verification.

 

Processor activities

  • Contract: processing employer and employee data to provide services under client agreements
     

5. Who we share personal data with

We only share personal data where necessary.

 

A. Third-party processors supporting our services

We store and process your data using secure third-party databases and hosting providers that support the operation of our platform. These providers act as data processors on our behalf.

We do not sell your personal data or share it with advertisers.

All processors are contractually bound by data protection agreements.

 

B. Other recipients

  • Employers, when employees submit pension contribution requests.

  • Pension providers, when transmitting contributions or identifiers.

 

6. International data transfers

Data is stored in the United Kingdom. If any transfers occur outside these regions via our service providers, they will be protected by lawful safeguards such as standard contractual clauses. In the event that we transfer information to countries other than the UK, we will only do so where these transfers are protected using:

  • The UK Addendum to the EU Standard Contractual Clauses (SCCs)

  • Additional security controls, including encryption in transit and MFA

 

7. Data retention

We retain data only for as long as necessary.

  • Employee/employer data (processor role): 6 years

  • Audit logs: 5 years

  • Website enquiries: 5 years

  • Pension contribution request forms: up to 5 years

  • Billing and client records: 6 years

When retention periods expire, data is securely deleted or anonymised.

 

8. Cookies and tracking

Our website does not use tracking cookies, analytics tools, or marketing pixels.

Only essential operational cookies may be applied by hosting providers to ensure core functionality.

 

9. Your rights

Under UK GDPR, you have the right to:

  • Access your personal data.

  • Request correction of inaccurate information.

  • Request deletion where applicable.

  • Object to processing based on legitimate interests.

  • Withdraw consent (for marketing).

  • Request restriction of processing.
     

To exercise your rights, contact us at: support@nexumpensions.com

 

10. How we protect personal data

We apply a comprehensive security programme including:

  • Cyber Essentials certification.

  • Access control and MFA for administrative systems.

  • Encryption in transit and at rest.

  • Regular audits and policy reviews.

  • Supplier risk assessments.

  • Security incident response procedures.

 

11. Changes to this privacy notice

We may update this notice periodically to reflect changes in our services or legal requirements. The latest version will always be available on our website.

If changes are significant, we will notify affected users directly.

If you have any questions about this Privacy Notice or how we handle personal data, please contact us at support@nexumpensions.com.

bottom of page