NXT Labs Privacy Policy

Introduction:

  • NXT Labs llc., and/or its affiliates, subsidiaries, and parent companies (NXT) is a commercial enterprise that is registered in the United States, among other jurisdictions. It is therefore obliged to protect all personal data it processes in compliance with the General Data Protection Regulations 2018. In addition to these requirements, as a professional company, NXT is passionate about protecting the personal data and Special Categories of Personal Data (previously Sensitive Personal Data) of those who interact with them, be that in relation to NXT's services and products, those employed by them, and those who, for whatever reason, share their personal data with the company.

  • NXT is the Data Controller and is responsible for ensuring that all necessary processes and protocols are in place to ensure that the organization fully complies with the requirements of the General Data Protection Regulations 2018 (GDPR), the Regulations that govern all aspects of the processing personal data within the European Union.

 

Policy responsibility

  • The Managing Director of NXT has overall responsibility for ensuring that this policy is managed, reviewed and implemented effectively. Day-to-day implementation is the responsibility of the Group Data Protection Officer (DPO). This Policy applies to ALL offices, businesses and remote working locations within the NXT's sphere of operation.

Intention and application of the document

  • This Policy has been published to give shape, form, and substance to the NXT's desire to fulfill its requirements under GDPR. Its application is fully supported by the Directors and Senior Management of the company. The Policy and its associated processes and protocols fully apply to ALL who are directly employed by NXT or who undertake activities related to personal data on behalf of NXT. Failure to comply with any or all of the requirements of this Policy and its Annexes will result in an investigation of the compliance failure and may lead to disciplinary action being taken. In certain circumstances, this may lead to dismissal or the cancellation of contracts.

 

Whom does the policy apply to?

  • ALL NXT employees.

  • Directors and Board Members.

  • The management, staff, and agents of all NXT parent and subsidiary companies when working within the European Union sphere of influence or on personal data that may be from time to time shared with them.

  • Contractors/Consultants or those who provide services that interface with any or all personal data processed by or that comes into the possession of NXT.

  • Any suspected, an actual or potential breach of the policy, whether unintended or otherwise, must be reported immediately (no time delay is permissible) to the relevant manager AND the Data Protection Officer who will take all necessary steps to manage and mitigate the impact of a breach. The DPO will put in place remedial actions to prevent a recurrence of the incident.

 

GDPR, what is it?

  • The GDPR came into force on 25th May 2018 and it replaced the previous Data Protection Act 1998. The introduction of the GDPR 2018 places a higher and more stringent requirement on Data Controllers and Data Processors to protect personal data that comes into their possession. This applies equally to hard copy and electronic formats and a combination of the same. Data Controllers must:

    • Use personal data only in a way that is consistent with what the Data Subject was informed of and agreed to at the time of gathering the data;

    • Keep the data safe;

    • Ensure that the Data Subject remains in control of the data at all times; and

    • Only keep the data for as long as it is necessary to do so.

  • The GDPR reflects the tension between the rights of the Data Subject and that of the Data Controller to, in this case, undertake business activities that require the processing of the personal data belonging to the Data Subject. However, unless there is a legitimate and demonstrable overriding legal or regulatory reason for doing so, the rights of the Data Subject as listed below will always take precedence over the rights of the Data Controller. An example of this would be the passing of personal information relating to a member of NXT staff to HMRC or if NXT were directed to pass personal data by a Court of Law.

 

GDPR EU Legislation – UK Compliance

  • GDPR is EU legislation, however, whatever action results from the BREXIT negotiations, the UK Government has stated that the UK will continue to be fully GDPR compliant or will conform to the pending UK Data Protection Bill, which has been designed to totally mirror EU GDPR regulations and will be brought into law on the UK leaving the EU.

 

Personal data – what is it?

  • The GDPR regulations indicate that personal data is primarily data ‘that relates to a living individual who can be identified from that data or from that data plus other personal data the Data Controller holds on that Data Subject(the person to whom the data relates).

  • The word ‘processing’ is the collective term for any and all activities carried out on the data. The GDPR governs the processing of personal data in any format including hard and electronic formats.

 

Data Subject Rights

  • Data Subjects have eight clear rights. They are as follows:

  • The right to be informed: This right gives the Data Subject the right to be informed about what their personal data is being used for. NXT provides this in the form of a Privacy Notice which is made available prior to gathering the personal data. GDPR states that such information must be:​

    • Concise, transparent, intelligible and easily accessible;

    • Written in clear and plain language, particularly if addressed to a child; and

    • Provided free of charge.

      • The right of access: Data Subjects residing anywhere in the world have the right to ask any EU-based organization if they hold or are processing any personal data about them (there is NO geographical limitation placed on the location of the requestor). If the organization is processing data, the subject can request a copy of that data. This is known as a Subject Access Request (SAR). After having verified the identity of the requestor, the data must be provided in a clear way and must not include the code of any type that would render the data meaningless to the Data Subject. A SAR must be complied without delay and within 20 working days of receiving the request; that is, the data requested will be in the possession of the Data Subject, in a format that they request, on or before the 20th working day of the request being received. The request must be completed free of charge. In exceptional circumstances– if the request is considered complex, the time to respond can be extended to 40 working days. However, the Data Subject must be notified of the delay within the initial 20 days. They must also be provided with the reasons for that delay. The Information Commissioner will scrutinize the delay justification if a complaint is made by the Data Subject in relation to the extension and make a decision as to its validity.

  • The right of rectification: The Data Subject can have personal data rectified if it is found to be inaccurate or incomplete. As above, the rectification must be carried out within 20 working days or, where it is complex, within 40 working days. NB: where personal data has been disclosed to third parties you must inform them of the rectification where possible. Where appropriate, the Data Controller must also inform the Data Subject about the third parties to whom the data has been disclosed. Similarly, the DS has the right to be informed as to the source of any personal data that has been transferred to or come into the possession of NXT. This has implications for the tracking of personal data from such sources as trade shows, exhibitions, and third-party sources, etc.

  • The right to erasure: Also known as the ‘Right to be forgotten’. The broad principle here is to enable a Data Subject to request the deletion or removal of personal data where there is no compelling reason for its continued processing. Erasure must be done thoroughly and completely; it is not acceptable for the data to be removed from the organization’s computer system but still be recoverable from a backup of the system. Where data has been disclosed to third parties, NXT must inform those third parties about the requirement to erase personal data that has been shared by them unless it is impossible or involves a disproportionate effort to do so. There are also some specific Regulatory and Legislative requirements where the Data Controller can refuse to comply either fully or partially with a request for erasure.

  • The right to restrict processing: The DS can at any time and without giving reason require that all processing of their data be restricted or stopped completely. When processing has been restricted by the Data Subject, NXT may continue to store the data, but cannot further process it. It is vitally important that systems are in place to ensure the restriction is fully respected by all functions that make up the NXT organization. If the data has been supplied to third parties, it is the responsibility of the Data Controller to ensure that third parties are aware of the restrictions and fully comply with the rights of the Data Subject.

  • The right to data portability: This is a new feature of the GDPR and it permits a Data Subject to obtain their personal data from a Data Controller for their own purposes and use it across a range of different organizations and services. The data must be transferred by NXT in a safe and secure way and should be provided in a useable format. This right must be complied with within 20 working days or, in the case of a complex request, within 40 working days.

  • The right to object: Data Subjects have the right to object to the processing of their personal data including processing carried out for the purposes of profiling or direct marketing. In the case of a request to cease using data for direct marketing, the processing must stop as soon as the objection is received. NB: there are NO exemptions or grounds to refuse or delay this request.

 

NB: NXT must inform individuals of their right to object at the point of first communication and in their Privacy Notice. The right to object must be ‘explicitly brought to the attention of a Data Subject and must be presented clearly and separately from other information’.

  • Rights in relation to automated decision making and profiling. Data Subjects have the right not to be subject to decisions based solely on automated processing where the decision has legal or similarly significant effects on the individual.

 

\Recruitment and discipline processes

  • All of the above have implications in relation to recruitment and wider HR processes.

 

How does NXT process personal data?

  • NXT will seek to fully comply with our obligations under the GDP Regulations and we do that in a range of ways. These include:

    • Keeping personal data up to date.

    • Only collect personal data that is applicable to our needs.

    • Not retaining data that becomes excess to our needs.

    • Protecting personal data from loss, misuse, unauthorized access or disclosure.

    • We will do this by ensuring that appropriate physical, technical, electronic and operational data security measures are in place and that our staff are suitably trained and managed with regard to the processes and protocols required to comply with the Regulations.

 

What is the legal basis that allows NXT to process personal data?

  • The GDPR requires that a legal justification be established before personal data is processed; this is dependent upon the use to which the data will be put by NXT. This protects both the Data Subject and the Data Controller by ensuring that personal data will only be used for the purposes that the Data Subject has explicitly agreed to. These are:

  • Processing is necessary for the purposes of the legitimate interests pursued by NXT or a third party except where such interests are overridden by the interests, rights or freedoms of the data subject.

  • Explicit, informed and verifiable consent is given by the data subject.

  • Processing is necessary for NXT to comply with Legal or Regulatory requirements.

 

How does NXT use personal data?

  • NXT will use personal data:

  • To enable us to provide professional business-related services.

  • To enable employee management and administration and for those who from time to time provide services to NXT as consultants or contractors.

  • To comply with organizational Legal and Regulatory requirements placed upon NXT.

  • For direct marketing purposes including informing the DS of NXT product news, events, activities, and services – direct marketing will only be undertaken with prior, informed, express and verifiable consent; this consent can be removed by the Data Subject at any time. NB: a DS may opt-out of receiving marketing materials yet still remain a customer of NXT.

 

Data sharing agreements

  • NXT LLC is a standalone enterprise registered in the United Kingdom and is the sole Data Controller for all personal data that it processes or is processed on its behalf. NXT is therefore responsible for the safety and security of that data. Data sharing is defined as the disclosure of personal data by NXT to any third-party organization; this includes but is not limited to NXT’s parent and subsidiary organizations. An example of this would be the sharing of the personal data (name etc.) of a private individual, a client who had made a complaint about a product or services supplied by NXT with MHL Inc. For this reason, the NXT complaints procedure will be based upon a ‘Complaint Number’ which will be allocated to each individual complaint. This number can be shared with the NXT network of companies, allowing the complaint to be dealt with effectively but access to the remainder of the complainant’s personal details to remain restricted.

  • Data Sharing may be considered appropriate when the Data Subject has given informed, express and verifiable consent to the data sharing taking place with that specified organization or a third party, or where there is a justified UK or EU compliant legal or regulatory requirement on NXT to do so.

  • Data Sharing Agreements (DSA) must be in writing, retained as a record of permission and adequately address the following issues:

  • The informed and express consent of the Data Subject.

  • The purpose of sharing.

  • The organizations with whom the data will be shared.

  • The geographical location of the organization with whom the data will be shared.

  • The data items to be shared.

  • The quality of the data – accuracy, relevance, and usability.

  • Data security.

  • Retention and disposal of the data.

  • Data Subjects rights to exercise their rights.

 

When will personal data be shared with third parties?

  • Personal data will be treated as strictly confidential and will only be shared with third parties when:

    • NXT has the Data Subject’s express, informed and verifiable consent in writing to do so; or

    • When there is a UK or EU Legal or Regulatory requirement for that sharing to take place.

  • NXT may use other organizations to provide a service such as cloud-based IT management software and applications for administrative support, the bulk storage of data, website hosting, or for necessary IT support. The organizations selected and appointed to provide these services will only be engaged if they can demonstrate that they are fully GDPR compliant and that they have signed a contract with NXT to the effect that they fully comply with the data security policies and processes prescribed by NXT.

 

Retention and disposal of personal data

  • NXT is committed to processing personal data in a responsible and compliant manner. It has developed and will maintain a compliant Retention and Disposal Schedule which will delineate the timescales for the retention or disposal of personal data; this will apply equally to data held in hard-copy, electronic versions and any combination of the same. In the case of hard copy data, it will only be disposed of onsite either by self-shredding or by contracting the services to a reputable service provider. The Retention and Disposal Schedule will also govern:

  • Who is responsible to authorize the disposal of personal data;

  • How the disposal will be undertaken; and

  • How the disposal will be recorded and signed off.

  • The retention requirements of personal data vary greatly dependent upon the type of data that is being processed. NXT will use the guidance provided by the ICO to inform this process. There are three broad areas:

  • The Regulatory, Legislative;

  • Operational requirements placed upon NXT;

  • The Data Subject’s agreement with the information that is being processed. However, Data Subjects have the right to require NXT to cease processing their data at any time, and NXT will do that providing there is no Legal, Regulatory or operational requirement to prevent it.

 

Accessing personal data

  • There are two broad avenues for people to access personal data. They are as follows:

  • Subject Access Request (SAR) – A request made directly by the Data Subject for access to their personal data.

  • Third-Party Access Request – A request made by anyone other than the Data Subject for personal data belonging relating to another data subject.

  • The difference being that a Data Subject can exercise their rights under the Regulations to obtain access to their personal data by making a SAR, however, a person or organization making a Third Party Access Request must have an explicit and justifiable Legal or Regulatory authority to have access to the personal data before the Data Controller can make personal data available to them.

  • The response procedures and protocols for responding to a SAR and a Third-Party Access Request is outlined in the attached Annexes.

 

Further processing

  • If NXT wishes to use a Data Subject’s personal data for a new purpose (not covered by the use expressly agreed by the DS with NXT before providing the data), then NXT is required to provide the DS with a notice fully explaining this new use, purposes, and processing conditions and seek the agreement of the DS before any processing takes place. NB: If permission is not granted then the new use is not permitted. The notification and request process and support documentation must be recorded and logged for future use in the event of a complaint or review.

 

Will Data Subjects be informed about any data breaches that impact them?

  • Yes, NXT will do this in compliance with GDPR requirements.

 

How do you make a complaint relating to the processing of your data?

  • There are two options by which a data subject can exercise their rights, make requests for further information, or make a complaint in relation to NXT’s processing of their personal data.

  • Option 1. To NXT

 

Address:

If within the United States:

 

The Data Protection Officer

 

NXT, LLC.

17725 Commerce Dr.

Suite 200-400

Westfield, IN

 

  • If, despite the security measures that have been put in place (Information Security Policy), a suspected, actual or potential breach in data security occurs, it is essential that it is dealt with effectively and expeditiously. A breach may arise from a theft, a deliberate attack on NXT data processing, unauthorized use of personal data by a member of staff, accidental loss or equipment failure. No matter how the breach occurs, all NXT management, staff, employees, and contractors MUST respond appropriately by:

    • Reporting the breach without delay to their Manager AND the Data Protection Officer or, in their absence, the Director of Finance or the MD.

    • Follow the processes laid out in the Personal Data Breach Protocol including the notification of the DS and the ICO if deemed to fall within their requirements.

    • Record their actions in the Data Breach Audit Log.

    • Identify the potential scope, source, impact and risk of the breach on the Data Subject and the organization.

    • Review associated Policies, Processes, Protocols and retraining requirements.

    • Retrain all staff.

 

GDPR Induction, training and performance

  • It is a requirement of employment with NXT that ALL staff and those who supply services on a contracted or consultancy basis fully comply with the requirements of this and other associated Policies. In order to do that effectively, it is vital that training and information be supplied to ALL of the above individuals before they commence any activities that bring them into contact with personal data. Training is mandatory. Attendance will be formally recorded, as will the outcomes of any competency tests undertaken by participants. Training interventions will be as follows:

  • Induction / Onboarding of new members of staff. It is essential that all new full and part-time joiners be made aware of the competencies (skills and knowledge) requirements under GPDR.

  • Initial training for ALL existing members of staff.

  • Refresher training conducted on an annual basis and when a change in legislation or process makes upskilling necessary.

  • Overview training for any contractor or service supply staff who may have contact with or access to personal data of any type.

  • Training will include a multi-choice knowledge test.

 

  • A Training Register will be completed for each training intervention. This will include:

    • The content of the training.

    • The date and duration of the training.

    • The name of the person who delivered the training.

    • The name and the business identifier of those who attend the training.

 

Pre-planned Data Protection Audits

  • It is essential that NXT DPO undertakes regular Data Protection Audits in order to:

  •  

    • Keep pace with changes in GDPR and related legislation;

    • Maintain high levels of GDPR compliance, and to

    • Ensure that processes, procedures, and protocols are applied effectively across the organization.

  •  

    • DPA Compliance Audits will be undertaken on a minimum of a sixth-monthly unannounced basis to allow an effective understanding of GDPR performance to be developed.  An audit report will be furnished to the MD outlining performance, any remedial action to be taken and this will form part of the ongoing ISO QA reports.

 

Hemp Processor

Botanical Processor

CBD Wholesale

SECTION ‘B’ Annexes

 

ANNEX ‘A’

 

GDPR Principles

 

GDPR principles lay out the responsibilities placed on a Data Controller to process data. The following are extracted from Article 5 of the Regulations. The GDPR requires that personal data be:

  • Processed lawfully, fairly and in a transparent manner in relation to individuals.

  • Collected for specified, explicit and legitimate purposes only and not further processed in a manner that is incompatible with those purposes.

  • Adequate, relevant and limited to what is necessary for relation to the purpose for which they are processed.

  • Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.

  • Kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

  • Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage. Using appropriate technical or organizational measures.

 

NB: Article 5(2) requires that: “The Data Controller (NXT) shall be responsible for, and be able to demonstrate, compliance with the principles.”

 

ANNEX ‘B’

 

Lawful Basis for Processing

 

Under the GDPR, NXT must have a lawful reason for processing personal data and they MUST be able to adequately demonstrate (justify) that reason when asked. There are six lawful bases available to NXT and each is of equal importance but not all are applicable to every contextual need. The application is determined by the relationship between NXT and the Data Subjects whose data they process. The reasons are as follows:

  • Consent: The Regulations require a high standard of consent by the Data Subject:

    • Consent MUST be opt-in rather than opt-out: GDPR specifically bans ‘pre-ticked’ opt-in boxes on websites.

    • The consent statement must be clear, concise and unambiguous.

    • Vague or blanket generic consent is not allowed – separate consent statements must be obtained for separate things – marketing separate from sales-related permission to process.

    • The Data Subject must be made aware of the purpose that the data will be used before the data is gathered. An effective and clear Privacy Notice will greatly assist in meeting this requirement.

    • Consent statements must be kept clear from any other documentation such as terms and conditions etc.

    • It is vitally important that clear records exist that demonstrate and confirm that permission was granted by the Data Subject.

    • The consent of the Data Subject for processing of their Personal Data can be withdrawn at any time. It is vital that the Data Subject is told before they consent that they have the right to withdraw consent and that the process is simple and foolproof. It is vitally important that the Data Controller can demonstrate prior informed consent was established.

  • The processing is necessary for the performance of a contract:

 

For example: if you need to process information in order to prepare and submit a contract. This again should be documented as a lawful basis.

  • The processing is necessary for compliance with a legal obligation.

 

For example: where an employer is obliged to disclose employee salary details to HMRC.

  • The processing is necessary to protect the vital interests of the Data Subject or some other person.

 

For example: To protect someone’s life.

  • The processing is necessary for the performance of a task carried out in the public interest.  For example, interests are normally set out in the law.

  • The processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party.

 

Legitimate interests are the most flexible lawful basis for processing but it may not always be the most

appropriate. There are three elements:

  • NXT can identify a legitimate interest;

  • NXT can demonstrate that processing is necessary to fulfill the legitimate interest; and

  • NXT can balance those legitimate interests against the Data Subject’s interests, rights, and freedoms.

 

Privacy Notice

 

Introduction

  • NXT International Inc., and/or its affiliates, subsidiaries, and parent companies (NXT) is a commercial enterprise registered in the United Kingdom. We are passionate about protecting the personal data of those who interact with us in relation to our services and products; those who work for us and those who, for whatever reason, share their personal data with us.

  • NXT is the Data Controller and is responsible for ensuring that all necessary processes and protocols are in place to ensure the organization fully complies with the requirements of the General Data Protection Regulations 2018 (GDPR), the Regulations that govern all aspects of the processing of personal data within the European Union.

 

Personal data – what is it?

  • The GDPR regulations indicate that personal data is primarily data ‘that relates to a living individual who can be identified from that data or from that data plus other personal data the Data Controller holds on that Data Subject(the person to whom the data relates).

  • The word ‘processing’ is the collective term for any and all activities carried out with the data and include: gathering, using, sharing, altering or disposal of personal data. GDPR governs the processing of personal data in any format including hard and electronic formats, or in any combination of the same.

 

How do we process your personal data?

  • NXT seeks to fully comply with our obligations under the GDPR and we do that in a range of ways. These include: keeping personal data up to date; only collecting personal data that is applicable to our needs, not retaining data that becomes excess to our needs; by protecting personal data from loss, misuse, unauthorized access or disclosure. We will do this by ensuring that appropriate technical and operational data security measures are in place and that our staff are suitably trained and managed with regard to the processes and compliance protocols required to comply with the Regulations.

 

What is the legal basis that allows NXT to process your personal data?

  • The GDPR requires a legal justification to be established before personal data is processed and this is dependent upon the use to which the data will be put. This protects you, the Data Subject, by ensuring that your personal data will only be used for the purposes that you have explicitly agreed to. These are:

  •  

    • Processing is necessary for the purposes of the legitimate interests pursued by NXT or a third party except where such interests are overridden by the interests, rights or freedoms of the data subject.

    • Explicit consent by you, the data subject. For example, by completing forms or entries on NXT’s website, even If you do not hit the “submit” button, NXT will collect the information you have entered.

    • Processing is necessary for NXT to comply with Legal or Regulatory requirements. Examples of this could be our legal obligations to maintain certain records so that we may carry out our obligations under employment, social security or social protection law, or a collective agreement.

 

How do we use your personal data?

  • Personal data will be used as follows:

    • To enable us to provide professional business-related services.

    • To enable employee management and administration and for those who from time to time provide services to NXT as consultants or contractors.

    • To comply with organizational Legal and Regulatory requirements placed upon NXT.

    • For direct marketing purposes including informing you of NXT product news, events, activities, and services – direct marketing will only be undertaken with your prior, informed and express consent; this consent can be removed by you at any time.

 

When will we share your personal data with third parties?

  • Your personal data will be treated as strictly confidential and will only be shared with third parties when:

    • NXT has your explicit, informed and express consent to do so.

    • When there is a Legal or Regulatory requirement for that sharing.

  • Where we use other organizations to provide a service, such as cloud-based IT management software or applications for administrative support, the storage of data, website hosting, or for necessary IT support, these organizations will only be selected and appointed if they can prove they are fully GDPR compliant and have signed a contract with NXT to the effect that they will fully comply with the data security policies and processes prescribed by NXT.

 

How long do we keep your personal data?

  • The retention requirements of personal data vary greatly dependent upon the type of data that is being processed. There are two broad areas:

  •  

    • The Regulatory, Legislative or operational requirements placed upon NXT.

    • Your agreement to the information that is being processed: You have the right to require NXT to cease processing your data at any time, and we will do that in as far as any Legal, Regulatory or operational requirements prevent that.

 

Your rights relating to your personal data and processing undertaken by NXT 

  • Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

  •  

    • The right to request to be informed as to the personal data which we process about you; this is known as making a Subject Access Request (SAR). If you are making a SAR it must be made in writing; email or letter format will suffice.

    • To allow us to process your SAR effectively, please include the following information:

      • Your full name;

      • Your full address including any Post Code;

      • Your telephone number in case we need to contact you;

      • Your email address in case we need to contact you;

      • Sufficient information that will allow us to clearly identify the information; where available an order or invoice number, an approximate data of NXT’s initial contact with you as information of this type will greatly assist us in responding to your SAR or inquiry in a timely manner.

      • The email address to forward your SAR is listed at Point 14 below.

    • The right to require NXT to correct without delay any errors/inaccuracies including out of date information that is identified in your personal data.

    • The right to request that your personal data be erased where it is no longer necessary for us to retain such data.

    • The right to withdraw your consent to the processing taking place at any time.

    • The right to request that NXT provides you the data subject with your personal data and where possible, to transmit on your written request, that data directly to a data controller that you have identified.

    • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing.

    • The right to object to the processing of personal data.

    • The right to lodge a complaint with the Information Commissioner’s Office.

 

Further processing

  • If we wish to use your personal data for a new purpose, not covered by the use expressly agreed by you with NXT, then we will provide you with a notice explaining this new use, purposes, and processing conditions.

 

Will I be informed about any data breaches that impact me?

  • Yes, we will do this in compliance with GDPR requirements.

 

How do you make a complaint relating to the processing of your data?

  • You have two options by which you can exercise your rights, make requests for further information, or make a complaint in relation to NXT’s processing of your personal data. This must be done in writing; email or letter format will suffice. Please send you requests to:

 

Address:

 

If within the United States:

 

The Data Protection Officer

NXT, LLC.

17725 Commerce Dr.

Suite 200-400

Westfield, IN

Email:   info@nxtlabsllc.com

If you require further information in relation to GDPR please contact the Information Commissioner’s Office. Contact details as follows:

 

The Information Officer’s email:

info@nxtlabsllc.com

I'm a paragraph. Click here to add your own text and edit me. It's easy.

I'm a paragraph. Click here to add your own text and edit me. It's easy.

Pleasant Title

MAIN FACILITY

NXT Labs, llc
17725 Commerce Dr.,
Suite 200-400
Westfield, Indiana
info@nxtlabsllc.com
660 11th St.,
Golden, Colorado
80401
aaron@nxtlabsllc.com

COLORADO SALES

DISCLAIMER: The information provided herein may include certain statements, assumptions, estimates and projections that are subject to change. Nothing contained herein should be construed as a guarantee. These statements have not been evaluated by the Food and Drug Administration. This product is not intended to diagnose, treat, cure, or prevent any disease.

Copyright 2020, NXT Labs llc.

  • Instagram
  • Facebook
  • LinkedIn