This Privacy Policy explains how Contract Nexus collects, uses, stores, and protects personal data, and how individuals can exercise their rights.

This policy applies to personal data processed by Contract Nexus when you:

• visit or interact with our website;
• contact us (email, phone, forms, social media);
• receive marketing communications;
• attend training, webinars, or events;
• procure our consultancy/dispute support services;
• work with us as a supplier, partner, or subcontractor.

• Personal data: information relating to an identified or identifiable individual.
• Special category data: sensitive data (e.g., health, race/ethnicity, religious beliefs).
• Processing: any operation performed on personal data (collection, storage, use, disclosure, deletion).
• Controller: organisation deciding how/why personal data is processed (Contract Nexus).
• Processor: organisation processing personal data on behalf of a controller.

We may collect the following categories (depending on your interaction with us):

A) Identity and contact data
Name, job title, employer, business address, email, phone number, and communication preferences.

B) Engagement and project data
Enquiry details, meeting notes, project context, stakeholder lists, instructions, correspondence, and documents you provide during delivery (including commercial and contractual records).

C) Training and event data
Registration details, attendance, CPD/participation records, feedback.

D) Financial and transaction data
Purchase orders, invoices, VAT details, payment status. If card payments are used, they are processed by third-party payment providers; we do not store full card numbers.

E) Technical and usage data
IP address, device identifiers, browser type, referral source, pages visited, approximate location, and cookie identifiers (see Cookie Policy).

F) Compliance and legal data
Records needed to comply with law or to establish, exercise, or defend legal claims, including dispute support records.

• directly from you (forms, email, calls, contracts);
• from your employer or colleagues (business contact details);
• from public sources (e.g., corporate websites, LinkedIn) for B2B networking;
• from technology providers (analytics, security logs) when you use our website.

We process personal data for the following purposes:

1. Respond to enquiries and provide requested information.
2. Deliver services under an engagement (contract drafting, commercial governance, claims/dispute support).
3. Administer training/events including registration, logistics, CPD evidence, and attendee communications.
4. Manage billing and payments and maintain accounting records.
5. Operate and secure our website and systems (fraud prevention, monitoring, access control).
6. Business operations: internal reporting, resource planning, supplier management.
7. Marketing and relationship management (where lawful): sending relevant updates and insights.
8. Legal and compliance: meet statutory obligations, and protect legal rights.

We rely on one or more of the following lawful bases:

• Contract: to perform a contract with you or take steps at your request before entering into a contract.
• Legitimate interests: to run our business effectively, respond to B2B enquiries, improve services, and keep systems secure, balanced against your rights.
• Legal obligation: to comply with legal requirements (tax/accounting, regulatory, anti-fraud).
• Consent: for certain marketing and non-essential cookies where required.

We do not seek to collect special category data. Where you voluntarily provide it (e.g., accessibility accommodations), we process it only when necessary and under an appropriate condition, typically:

• explicit consent, and/or
• substantial public interest where applicable (limited cases).

We may send B2B marketing (e.g., updates on contract practice, training, insights) where permitted by law and consistent with your role and interests.

Opt out: You can opt out at any time via the unsubscribe link or by emailing info@contractnexus.co.uk.
We do not sell personal data and do not share it with third parties for their marketing.

We do not conduct automated decision-making or profiling that produces legal or similarly significant effects.

We share personal data only when necessary, with:

• IT/hosting providers (website hosting, email, cloud storage);
• analytics providers (if enabled and consented where required);
• CRM and communications tools;
• payment processors (if used);
• professional advisers (accountants, lawyers, insurers) under confidentiality;
• subcontractors/associates supporting delivery (only under contractual confidentiality and data protection controls);
• public authorities where required by law.

We maintain appropriate contracts with suppliers, including confidentiality and data protection terms.

If personal data is transferred outside the UK, we use recognised safeguards, such as:

• UK adequacy regulations;
• UK International Data Transfer Agreement (IDTA) and addendum;
• provider risk assessments and contractual security obligations.

We implement proportionate technical and organisational measures, typically including:

• least-privilege access controls and role-based permissions;
• multi-factor authentication (where available);
• secure storage and controlled sharing (permissioned links, expiry where possible);
• device security (locking, encryption where feasible);
• logging and monitoring;
• incident response and breach assessment procedures.

We keep personal data only for as long as necessary. Typical retention periods:

• Enquiries (no engagement): [12–24] months after last contact.
• Client delivery files: typically 6 years after completion/termination (or longer if contractual limitation periods, dispute risk, or client requirements apply).
• Financial records: typically 6 years (UK tax and accounting).
• Training/event records: [3–6] years (for audit/CPD support).
• Security logs: [30–180] days unless needed for investigation.

We may retain data longer to establish, exercise, or defend legal claims.

You may have rights to:

• access and obtain a copy of your personal data;
• rectification of inaccurate data;
• erasure (where applicable);
• restriction of processing; 
• object to processing (including direct marketing);
• data portability (in limited circumstances);
• withdraw consent at any time where processing relies on consent.

Email [privacy@contractnexus.co.uk]. We may request verification of identity and sufficient information to locate records. We respond within applicable legal timelines (typically one month, extendable for complex requests).

You can complain to us at [privacy@contractnexus.co.uk]. You also have the right to complain to the UK Information Commissioner’s Office (ICO).

We may update this policy. The latest version will be published on the website.

Effective date: 15/12/2025
Website operator: Contract Nexus Ltd

By accessing or using this website, you agree to these Terms. If you do not agree, do not use the site.

This website provides information about our services, insights, and training. Content is general and may change without notice.

All content (text, design, branding, templates, graphics, downloads) is owned or licensed by Contract Nexus. You may view and print for internal business use only. You must not reproduce, republish, distribute, or commercially exploit content without prior written permission.

You must not:

• attempt unauthorised access, disrupt service, or introduce malware;
• scrape or harvest content or data at scale;
• use the site to transmit unlawful, abusive, or misleading content;
• impersonate others or misrepresent affiliation.

External links are provided for convenience only. We are not responsible for third-party content or practices.

We aim to keep the site available but do not guarantee uninterrupted access. We may suspend or withdraw the site without notice.

To the fullest extent permitted by law, we exclude liability for loss arising from:

• reliance on website content;
• inability to access the site;
• viruses or harmful components (except where caused by our negligence and not excludable).

Nothing excludes liability for fraud or any liability that cannot be excluded by law.

These Terms are governed by the laws of England and Wales.

 Effective date: 15/12/2025
We use cookies and similar technologies to operate our site, improve performance, and (where enabled) analyse usage.

Cookies are small files stored on your device. Some cookies are essential; others are optional and require consent.

Strictly necessary
Required for site operation (security, consent management, load balancing).

Performance/analytics
Helps us understand how visitors use the site (pages visited, journeys, errors). Requires consent where applicable.

Functional
Remembers preferences (e.g., language). Requires consent where applicable.

Marketing
Used for advertising measurement/targeting. Requires explicit consent.

We use a cookie banner and preference centre. You can:

• accept all cookies;
• reject non-essential cookies;
• customise choices by category.

You can change preferences anytime via Cookie Preferences in the footer.

Third-party tools may set cookies (analytics, embedded video). Their cookies are governed by their own policies.

We maintain a cookie register in our preference centre that sets out each cookie’s:
name, provider, purpose, duration, and category.

 Effective date: 15/12/2025
Website operator: Contract Nexus Ltd

By accessing or using this website, you agree to these Terms. If you do not agree, do not use the site.

This website provides information about our services, insights, and training. Content is general and may change without notice.

All content (text, design, branding, templates, graphics, downloads) is owned or licensed by Contract Nexus. You may view and print for internal business use only. You must not reproduce, republish, distribute, or commercially exploit content without prior written permission.

You must not:

• attempt unauthorised access, disrupt service, or introduce malware;
• scrape or harvest content or data at scale;
• use the site to transmit unlawful, abusive, or misleading content;
• impersonate others or misrepresent affiliation.

External links are provided for convenience only. We are not responsible for third-party content or practices.

We aim to keep the site available but do not guarantee uninterrupted access. We may suspend or withdraw the site without notice.

To the fullest extent permitted by law, we exclude liability for loss arising from:

• reliance on website content;
• inability to access the site;
• viruses or harmful components (except where caused by our negligence and not excludable).

Nothing excludes liability for fraud or any liability that cannot be excluded by law.

These Terms are governed by the laws of England and Wales.

Contract Nexus provides commercial and contract consultancy. Website content, articles, templates, and general guidance:

• are provided for information only;
• do not constitute legal advice;
• may not reflect the latest statutory/regulatory changes at the time you read them;
• should not be relied upon as the sole basis for decisions.

Where you engage Contract Nexus, the scope, deliverables, and liability framework are defined in a written SOW/engagement terms.

This AUP protects website users, our systems, and our business.

• breach security, attempt unauthorised access, probe, scan, or test vulnerabilities;
• deploy malware, bots, scrapers, or automated tools that degrade performance;
• interfere with or disrupt the site or networks
• misuse forms or email addresses for spam;
• upload or transmit unlawful, defamatory, or abusive content;
• infringe intellectual property.

We may block access, restrict IPs, remove content, and report unlawful conduct to relevant authorities.