Version 1.1
Last revised on: June 22, 2026
Nebex, Inc. (“Company”, “we”, “us”, “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal data in connection with the website at https://www.nebex.com/ together with its subdomains and subdirectories, the “Site”. It applies to personal data we process about visitors to and users of the Site, including individuals who submit our contact form, subscribe to our updates, or correspond with us.
This Policy covers the informational Site only. Access to the Nebra Exchange platform is governed by separate platform terms and a separate privacy notice, which will apply to any personal data processed in connection with the platform. This Policy is incorporated by reference into our Website Terms of Use.
For the purposes of the EU General Data Protection Regulation (EU GDPR) and the UK GDPR, the data controller is Nebex, Inc., 5 Penn Plaza, 19th floor, New York, New York 10001, USA. Contact: legal@nebex.com.
We collect:
When you visit the Site, we and our service providers may collect technical and usage data such as IP address, device and browser type, operating system, referring URLs, pages viewed, and dates/times of access, through cookies and similar technologies. See Section 8.
We do not intentionally collect special categories of data, such as health, biometric data, or political opinions, through the Site, and ask that you not submit such data in free-text fields.
Where we ask for personal data, we will indicate whether provision is required. If you do not provide data that is necessary to respond to your enquiry or to provide a feature you request, for example, your email address for the newsletter, we may be unable to provide that response or feature.
We use personal data for the following purposes, relying on the lawful bases indicated:
Where we rely on legitimate interests, those interests are: operating, securing, and improving the Site; understanding how the Site is used; communicating with business contacts and developing our business; and protecting Company, our users, and third parties from fraud, misuse, and legal or regulatory risk. We balance these interests against your rights and freedoms, and you may object to processing based on legitimate interests as described in Section 9.
We disclose personal data to: service providers and processors who act on our behalf, such as website hosting, analytics, email, and IT providers; professional advisors, including legal, accounting, and compliance advisors; authorities and regulators where required by law or to protect our rights; and acquirers or successors in connection with a corporate transaction.
We do not sell personal data, and we do not share data collected through the newsletter signup except with processors who help us deliver those communications.
We are based in the United States, and our service providers may process data in the United States and other countries. Where we transfer personal data from the EEA or UK to a country not deemed by the European Commission or the UK authorities to provide an adequate level of protection, we rely on appropriate safeguards, principally the European Commission’s Standard Contractual Clauses and, for UK transfers, the UK International Data Transfer Agreement or Addendum. You may request a copy of the relevant safeguards using the contact details in Section 13.
We retain personal data only as long as necessary for the purposes described in this Policy, after which we delete or anonymize it. In particular:
Where a precise period cannot be specified in advance, we determine the retention period based on the nature of the data, the purpose for which it was collected, and applicable legal, tax, and regulatory requirements.
The Site uses cookies and similar technologies. Strictly necessary cookies are required for the Site to function and do not require consent. Non-essential cookies, for example analytics and performance cookies, are used only with your consent, which you may give or decline, and later change, through our cookie banner and/or your browser settings.
Subject to conditions and exceptions under applicable law, you have the rights to: access your personal data; rectify inaccurate data; erase data, also known as the “right to be forgotten”; restrict processing; object to processing, including processing based on legitimate interests and, at any time, processing for direct marketing; data portability; and, where processing is based on consent, to withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
To exercise these rights, contact legal@nebex.com. We will respond within the timeframes required by applicable law, generally one month under the GDPR, extendable as permitted.
You also have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO), https://ico.org.uk. In the EEA, you may complain to the supervisory authority in your country of residence, place of work, or place of the alleged infringement.
We do not make decisions producing legal or similarly significant effects about you based solely on automated processing, including profiling.
California residents have the rights to know/access, delete, and correct personal information; to opt out of “sale” or “sharing” of personal information — we do not sell or share personal information as those terms are defined; to limit the use of sensitive personal information; and to non-discrimination for exercising these rights.
To make a request, contact legal@nebex.com. We will verify your request and respond within the timeframes the CCPA requires; you may use an authorized agent.
We maintain reasonable administrative, technical, and organizational measures designed to protect personal data against unauthorized access, loss, misuse, or alteration. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.
The Site is intended for businesses and professional users and is not directed to children. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at legal@nebex.com and we will take appropriate steps to delete it.
We may update this Policy from time to time. We will post the updated version on the Site and revise the “Last revised” date; where changes are material, we will provide additional notice as required by applicable law.
Nebex, Inc.
5 Penn Plaza, 19th floor
New York, New York 10001
USA
legal@nebex.com