GDPR Policy

Last updated:

Introduction to GDPR

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. At nxtAcre, we are committed to ensuring compliance with GDPR requirements and protecting the rights of our users regarding their personal data.

Data Controller Information

nxtAcre acts as a data controller for the personal information collected through our platform. As a data controller, we determine the purposes and means of processing personal data.

Contact details for our Data Protection Officer (DPO):

Email: [email protected]
Phone: (555) 123-4567
Address: 123 Farm Lane, Agricultural City, AC 12345

Lawful Basis for Processing

Under GDPR, we process your personal data based on one or more of the following lawful bases:

  • Consent: You have given clear consent for us to process your personal data for a specific purpose.
  • Contract: The processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
  • Legal Obligation: The processing is necessary for us to comply with the law.
  • Legitimate Interests: The processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.

Your Rights Under GDPR

The GDPR provides the following rights for individuals:

  • Right to be informed: You have the right to be informed about the collection and use of your personal data.
  • Right of access: You have the right to request a copy of the information that we hold about you.
  • Right to rectification: You have the right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to erasure: In certain circumstances, you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing: You have the right to request that we restrict the processing of your personal data.
  • Right to data portability: You have the right to have the data we hold about you transferred to another organization.
  • Right to object: You have the right to object to certain types of processing such as direct marketing.
  • Rights in relation to automated decision making and profiling: You have the right not to be subject to a decision based solely on automated processing.

How to Exercise Your Rights

To exercise any of your rights under GDPR, please contact our Data Protection Officer using the contact details provided above. We will respond to your request within one month of receipt.

International Data Transfers

nxtAcre may transfer your personal data to countries outside the European Economic Area (EEA). When we do, we ensure a similar degree of protection is afforded to your data by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
  • Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.

Data Protection Measures

We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data
  • Regular testing, assessing, and evaluating the effectiveness of technical and organizational measures
  • Regular data protection training for our staff
  • Pseudonymization and data minimization where appropriate
  • Ability to restore availability and access to personal data in a timely manner in the event of a physical or technical incident

Data Breach Notification

In the case of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay.

Data Protection Impact Assessments

Where processing operations are likely to result in a high risk to your rights and freedoms, we will carry out data protection impact assessments to identify and minimize the data protection risks.

Contact Us

If you have any questions about this GDPR policy or our data protection practices, please contact our Data Protection Officer at:

Email: [email protected]
Phone: (555) 123-4567
Address: 123 Farm Lane, Agricultural City, AC 12345

Return to Home