Skip to content
About Services Process Partners Contact

· Last updated

Privacy Policy

This policy explains how Brand Nexa Marketing Group (“we”, “us”) processes personal data in connection with the website brandnexa.agency (the “Site”) and when you communicate with Brand Nexa Agency. We process personal data in line with the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and applicable Maltese law.

The controller responsible for personal data processed via the Site and our business contact channels is:

Brand Nexa Marketing Group
161 St. Christopher's Street, Valletta VLT 1460, Malta
Email: support@brandnexa.agency

Depending on how you interact with us, we may process:

  • Contact and identity data — for example your name, email address, company name, job title, and telephone number when you email us or otherwise get in touch.
  • Communication content — the substance of your messages, meeting notes where relevant, and records needed to respond to or manage enquiries.
  • Technical and usage data — such as IP address, browser type, device type, general location derived from IP, pages viewed, and timestamps. This may be collected through server logs, analytics tools, or similar technologies if enabled.
  • Cookie and similar data — as described in the Cookies section below.

We do not ask you to provide special categories of personal data (such as health data) via the Site. Please do not send us such information unless we explicitly request it and establish an appropriate legal basis.

We use personal data for the following purposes:

  • To respond to enquiries and manage our relationship with clients and prospects — GDPR legal bases: performance of a contract or steps prior to entering a contract, and where applicable legitimate interests in developing our business (Article 6(1)(b) and (f) GDPR).
  • To operate, secure, and improve the Site — for example troubleshooting, abuse prevention, and understanding aggregate usage — legitimate interests (Article 6(1)(f) GDPR), and where required your consent for non-essential cookies (Article 6(1)(a)).
  • To comply with legal obligations — such as tax, accounting, or regulatory requirements where they apply — legal obligation (Article 6(1)(c) GDPR).
  • For direct marketing — where permitted, we may send relevant professional communications; you may opt out at any time. Legal basis: legitimate interests or consent as applicable (Article 6(1)(a) or (f) GDPR).

We may use cookies, local storage, or similar technologies that are strictly necessary for the Site to function, and — only if you consent through our cookie banner or settings — analytics or marketing cookies.

You can control cookies through your browser settings. Withdrawing consent for optional cookies does not affect essential functionality. Where we use Google Tag Manager, Google Analytics, or similar services, those providers may process data according to their own privacy notices.

We may share personal data with:

  • Service providers who host the Site, send email, or provide IT and security services (processors).
  • Professional advisers (for example lawyers or accountants) where required.
  • Authorities when we are legally obliged to disclose information.

We enter into data processing agreements with processors where required by law and only share what is necessary for the stated purpose.

If we transfer personal data outside the European Economic Area, we do so using appropriate safeguards recognised under GDPR — such as Standard Contractual Clauses approved by the European Commission — unless an adequacy decision applies.

We keep personal data only for as long as necessary for the purposes described above, including to satisfy legal, accounting, or reporting requirements. Enquiry records are typically retained for the duration of the business relationship and a reasonable period afterwards unless a longer period is required by law.

Under GDPR, you may have the right to:

  • Access your personal data and obtain certain information about processing;
  • Rectify inaccurate data;
  • Erase data in certain circumstances (“right to be forgotten”);
  • Restrict processing in certain circumstances;
  • Data portability where processing is based on consent or contract and automated;
  • Object to processing based on legitimate interests or for direct marketing;
  • Withdraw consent where processing is consent-based, without affecting prior lawful processing;
  • Lodge a complaint with a supervisory authority.

In Malta, the supervisory authority is the Office of the Information and Data Protection Commissioner (idpc.org.mt). You may exercise your rights by contacting us at support@brandnexa.agency.

We implement appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, or alteration. No method of transmission over the Internet is completely secure; we encourage you to use secure channels when sending sensitive information.

The Site is directed at businesses and professionals. We do not knowingly collect personal data from children under 16. If you believe we have collected such data, please contact us and we will take steps to delete it.

We may update this Privacy Policy from time to time. The “Last updated” date at the top will change when we do. Material changes may be highlighted on the Site or communicated where appropriate. Continued use of the Site after changes constitutes notice of the updated policy where this is legally permissible.

For privacy-related questions or requests, contact us at support@brandnexa.agency or write to the postal address above, marking your message for the attention of the data protection contact.