Skip to Content


PRIVACY POLICY

Last updated: 11 June 2026

1. General Provisions

Nixor EE AS (hereinafter referred to as "Nixor", "we", "us", or "our") respects and protects the privacy of its customers, business partners, website visitors, and other data subjects.

This Privacy Policy describes how Nixor collects, uses, stores, and protects personal data, as well as the rights of data subjects in relation to the processing of their personal data.

When processing personal data, we comply with the General Data Protection Regulation (EU) 2016/679 (GDPR), the applicable laws of the Republic of Estonia, and recognised good practices in data protection.

2. Data Controller

The controller responsible for the processing of personal data is:

Nixor EE AS

Commercial Register Code: 11333294

Registered Address: Kadaka tee 63/1, Tallinn 12915, Estonia

Phone: +372 668 8866

Email: info@nixor.ee

Website: www.nixor.ee

For any questions regarding the processing of personal data or the exercise of data subject rights, you may contact us at: andmekaitse@nixor.ee.

Where Nixor processes personal data on behalf of a customer and in accordance with the customer's instructions, Nixor acts as a data processor. In such cases, the customer, as the data controller, determines the purposes and means of the processing of personal data, while Nixor processes the personal data in accordance with the applicable agreement and/or the data processing agreement concluded with the customer.

3. Definitions

Personal Data

Any information relating to an identified or identifiable natural person.

Data Subject

A natural person whose personal data is processed by Nixor.

Processing

Any operation or set of operations performed on personal data, including the collection, recording, storage, use, alteration, disclosure, erasure, or destruction of personal data.

Data Controller

A natural or legal person, public authority, agency, or other organisation that determines the purposes and means of the processing of personal data.

Data Processor

A natural or legal person, public authority, agency, or other organisation that processes personal data on behalf of the data controller.

Website

The Nixor website available at www.nixor.ee and its subpages.

Services

The solutions, products, and services provided by Nixor, including payment solutions, point-of-sale (POS) solutions, self-service solutions, weighing solutions, video surveillance and security solutions, business software, IT infrastructure solutions, consulting services, maintenance and support services, and other services offered by Nixor.

4. What Personal Data Do We Collect?

Depending on the nature of our interaction, the services provided, and the business relationship, we may collect the following categories of personal data:

4.1. Contact Information

We may process the following contact information:

  • first and last name;
  • company name;
  • job title;
  • phone number;
  • email address;
  • postal address;
  • other contact information necessary for communication.

Where the customer or business partner is a legal entity, we generally process the personal data of its representatives and contact persons to the extent necessary for business communication, the performance of contractual obligations, and the provision of our services.

4.2. Enquiry and Communication Data

We may process data generated in the course of enquiries and other communications, including:

  • information submitted through contact forms;
  • email correspondence;
  • information provided via telephone or other communication channels;
  • customer support enquiries;
  • communications relating to quotations and projects;
  • information related to feedback and customer satisfaction surveys.

4.3. Marketing Data

We may process personal data related to marketing activities, including:

  • newsletter subscription information;
  • marketing consents;
  • marketing opt-out preferences;
  • registration information for webinars, training sessions, or events;
  • information relating to downloaded materials;
  • information relating to marketing campaigns and customer communications.

4.4. Website Usage Data

When you use our Website, we may process technical and usage data, including:

  • IP address;
  • technical information about your device and browser;
  • pages visited;
  • date, time, and duration of your visit;
  • website usage statistics;
  • information collected through cookies and similar technologies.

4.5. Social Media Data

If you interact with Nixor through social media channels, we may process:

  • publicly available profile information;
  • comments;
  • messages;
  • other content published by you or provided to Nixor.

4.6. Service, Maintenance, and Warranty Data

When providing services or arranging maintenance, technical support, or warranty services, we may process:

  • information relating to purchases and orders;
  • service and maintenance history;
  • information relating to warranty claims;
  • information required to identify devices or solutions;
  • information provided in the course of technical support.

In the course of providing technical support, maintenance, or troubleshooting, we may process technical information provided by the customer only to the extent necessary to diagnose and resolve the issue.

5. How Do We Collect Personal Data?

We primarily collect personal data in the following ways:

  • through the contact forms available on our Website;
  • via email and telephone;
  • when you subscribe to our newsletter;
  • when you register for webinars, training sessions, or events;
  • when you submit a request for a quotation;
  • in the course of preparing quotations and performing contractual cooperation;
  • when providing services, maintenance, or technical support;
  • through cookies and analytics tools when you use our Website;
  • through our social media channels;
  • rom customers, business partners, or service providers where necessary for the performance of a contract or the provision of our services.

6. Purposes and Legal Bases for Processing Personal Data

We process personal data only where there is a lawful basis for doing so and a clearly defined purpose.

Processing Activity

Purpose

Legal Basis

Responding to Contact Enquiries

Responding to enquiries and managing communications

Performance of pre-contractual measures at the request of the data subject or our legitimate interests

Preparation of a Quotation

Preparing and providing a quotation

Performance of pre-contractual measures at the request of the data subject or our legitimate interests

Conclusion and Performance of a Contract

Performance of the contract, provision of services, and invoicing

Performance of a contract and legal obligation

Customer Support, Maintenance, and Warranty

Provision of customer support, maintenance, warranty, and service

Performance of a contract, legal obligation, or legitimate interests

Business Partner Communications

Maintaining business communications and managing cooperation

Legitimate interests

Sending Newsletters and Marketing Communications

Promoting Nixor's services, products, events, and professional content

Consent, existing customer relationship, or legitimate interests

Organisation of Events, Training Sessions, and Webinars

Registration, sending event-related communications, managing participation, and providing follow-up materials

Performance of a contract, consent, or legitimate interests

Website Analytics and Improvement

Improving the functionality, security, and user experience of the Website

Legitimate interests or consent, depending on the type of cookie

Compliance with Legal Obligations

Compliance with accounting, tax, and other legal obligations

Legal obligation

Protection of Legal Claims

Establishing, exercising, or defending legal claims

Legitimate interests

7. Marketing and Newsletters

Nixor may use personal data to provide information about its services, products, events, webinars, training sessions, news, blog posts, and other information related to the company's activities.

We may send marketing communications on the following legal bases:

  • based on the data subject's consent;
  • based on an existing customer relationship, to the extent permitted by applicable law;
  • based on our legitimate interests where the recipient is a representative of a company and the information provided is relevant to their professional role or interests.

Marketing communications may include:

  • newsletters;
  • invitations to webinars, seminars, training sessions, and events;
  • information about new products and services;
  • information about partner solutions;
  • blog articles, guides, research, and other professional content.

The data subject has the right to opt out of receiving marketing communications at any time by using the unsubscribe link included in the email or by contacting us at: andmekaitse@nixor.ee.

8. Legitimate Interests

Where we process personal data on the basis of our legitimate interests, we assess, prior to the processing, whether Nixor's legitimate interests override the rights and freedoms of the data subject.

Nixor's legitimate interests may include, for example:

  • managing customer and business partner relationships;
  • communicating with representatives of business customers;
  • improving the quality of our services and the user experience;
  • ensuring the security of our Website, systems, and services;
  • preventing, detecting, and responding to information security incidents;
  • establishing, exercising, or defending legal claims;
  • planning marketing activities and providing relevant information to business customers.

The data subject has the right to object to the processing of personal data where such processing is based on legitimate interests. An objection may be submitted by contacting us at: andmekaitse@nixor.ee.

9. Disclosure of Personal Data and Data Processors

We may disclose personal data to service providers and data processors to the extent necessary for the provision of our services, the performance of contracts, compliance with legal obligations, or the protection of Nixor's legitimate interests.

Such partners may include:

  • website hosting providers;
  • IT service providers;
  • cloud service providers;
  • accounting and audit service providers;
  • legal advisers;
  • marketing and communications service providers;
  • analytics service providers;
  • CRM and customer relationship management software providers;
  • providers of webinar, online meeting, and training platforms;
  • email and newsletter management service providers;
  • analytics and marketing platform providers;
  • business partners involved in the provision of maintenance, installation, and support services.

Where a service provider processes personal data on behalf of Nixor, we enter into a data processing agreement or other appropriate contractual arrangement, where required, governing the processing of personal data, confidentiality obligations, and applicable security measures.

We may also disclose personal data where required by law, pursuant to a request from a competent authority, or where necessary for the establishment, exercise, or defence of legal claims.

10. Transfers of Personal Data Outside the European Economic Area

Some of our service providers, or the services they use, may process personal data outside the European Economic Area (EEA).

Where personal data is transferred outside the European Economic Area (EEA), we ensure that such transfers are carried out in accordance with applicable data protection laws. Where required, we implement appropriate safeguards provided for under the GDPR, such as an adequacy decision of the European Commission, the European Commission's Standard Contractual Clauses (SCCs), or other lawful transfer mechanisms permitted under applicable law.

Further information about the specific safeguards applied to such transfers may be requested by contacting us at: andmekaitse@nixor.ee.

11. Retention of Personal Data

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, perform our contractual obligations, comply with legal obligations, or establish, exercise, or defend legal claims.

As a general rule, we apply the following retention periods:

Category of Personal Data

Retention Period

Customer and Contractual Relationship Data

For the duration of the contract and thereafter for the period necessary to comply with legal obligations or establish, exercise, or defend legal claims.

Accounting Records

At least 7 years

Enquiry, Quotation, and Business Communication Data

Up to 3 years after the last interaction, unless a longer retention period is required for the performance of a contract or the establishment, exercise, or defence of legal claims.

Marketing and Newsletter Data

Until consent is withdrawn, the recipient unsubscribes, or the marketing relationship ends.

Event, Training, and Webinar Data

Up to 3 years after the event, training session, or webinar, unless a longer retention period is required.

Warranty, Maintenance, and Support Data

For the period necessary to fulfil service obligations, warranty obligations, or contractual commitments.

Website Cookies and Analytics Data

in accordance with the Cookie Policy or the retention periods specified in the consent management tool.

When the retention period expires, we delete or anonymise personal data, unless further retention is required to comply with a legal obligation or to establish, exercise, or defend legal claims.

12. Security of Personal Data

Nixor’s information security framework is based on the principles of the ISO/IEC 27001:2022 standard. We apply these principles to protect the confidentiality, integrity, and availability of personal data and other information.

We implement appropriate technical and organisational measures to protect personal data, including:

  • against unauthorised access;
  • against unlawful processing;
  • against accidental or unlawful destruction;
  • against loss;
  • against alteration or disclosure;
  • against misuse.

For the protection of personal data, we use, among other things, access rights management, authentication measures, data backups, logging, employee training, and information security incident management procedures.

Access to personal data is granted only to those employees and partners who require it for the performance of their duties or the provision of services.

13. Personal Data Breaches and Incidents

In the event of a personal data breach, we assess its impact and take the necessary measures to stop the breach and mitigate any potential harm.

Where necessary, we notify the Data Protection Inspectorate, the affected data subjects, or the client, where Nixor acts as a data processor.

14. Data Subject Rights

The data subject has the right to:

  • to receive information about the processing of their personal data;
  • to access personal data collected about them;
  • to request the rectification of inaccurate or incomplete personal data;
  • to request the erasure of personal data where permitted by law;
  • to request restriction of the processing of personal data;
  • to object to the processing of personal data;
  • vto withdraw consent at any time;
  • to receive their data in a structured, commonly used, and machine-readable format, where applicable;
  • to lodge a complaint with the Data Protection Inspectorate.

Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.

To exercise their rights, the data subject may contact us at: andmekaitse@nixor.ee. We generally respond to data subject requests within one month of receipt. If necessary, we may request additional information to verify the identity of the requester before fulfilling the request.

If a request is complex or if there are multiple requests, the response period may be extended in accordance with applicable legal requirements.

15. Automated Decision-Making and Profiling

Nixor does not make decisions concerning data subjects based solely on automated processing, including profiling, that produce legal effects or similarly significant effects on the data subject.

If such processing is introduced in the future, we will update this Privacy Policy and provide data subjects with the required information.

16. Cookies

Nixor’s Website uses cookies and similar technologies for the purposes of ensuring website functionality, collecting usage statistics, maintaining security, and improving the user experience.

We use the following categories of cookies:

  • necessary cookies, which are required for the operation of the Website;
  • analytical cookies, which help us understand how the Website is used and improve the user experience;
  • marketing cookies, which are used to provide more relevant content and marketing information where the user has given consent.

We generally use non-essential cookies based on the user’s consent. Cookie preferences can be managed through the cookie consent tool available on the Website.

More detailed information about the use of cookies is provided in a separate Cookie Policy.

17. Changes to the Privacy Policy

Nixor reserves the right to amend this Privacy Policy as necessary.

The current version is always published on the Website together with the date of the latest update.

If the changes significantly affect the processing of personal data, we will notify data subjects in an appropriate manner, for example via the Website or by email where applicable.

18. Contact and Dispute Resolution

If you have any questions regarding the processing of personal data or wish to exercise your rights, please contact us:

Nixor EE AS

Email: andmekaitse@nixor.ee

General contact: info@nixor.ee

Phone: +372 668 8866

Registered Address: Kadaka tee 63/1, Tallinn 12915, Estonia


The supervisory authority in Estonia is:

Supervisory authority in Estonia (Andmekaitse Inspektsioon)

Email: info@aki.ee

Website: www.aki.ee


Before contacting the Data Protection Inspectorate, we kindly ask you to contact Nixor first, if possible, so that we may try to resolve your question or concern.