Nexus Network Group Limited (“Nexus Network Group”, “we”, “us”, or “our”) is a private company limited by guarantee, registered in the United Kingdom. We are committed to protecting the privacy, rights, and freedoms of individuals whose personal data we process. This Privacy Policy explains how we collect, use, store, protect, and disclose personal data in accordance with the United Kingdom General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018, and other applicable UK data protection legislation.
This Privacy Policy applies to all interactions with Nexus Network Group Limited, including but not limited to participation in our digital platforms, simulation environments, community services, communication channels, internal operations, and governance structures. It is intended to provide transparency regarding how personal data is handled, the lawful bases upon which processing occurs, and the rights available to individuals whose data we process.
We recognise that trust is fundamental to the operation of our communities and services. As such, we apply the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, and confidentiality across all data processing activities.
Nexus Network Group Limited operates and oversees a range of simulation-based platforms, community environments, and associated services. These may include, without limitation, role-play servers, logistics simulations, operational coordination platforms, moderation and safeguarding systems, and internal administrative structures.
Our activities may involve interaction with individuals in various capacities, including casual users, registered participants, applicants, volunteers, staff members, contractors, leadership personnel, and individuals communicating with us for support, safeguarding, or regulatory reasons.
This Privacy Policy applies regardless of whether interactions occur through websites, third-party platforms, voice or text communication services, internal systems, or external correspondence, provided that Nexus Network Group Limited determines the purposes and means of processing.
We process personal data in accordance with the core principles set out in Article 5 of the UK GDPR. Specifically:
Personal data is processed lawfully, fairly, and transparently.
Personal data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
Personal data is adequate, relevant, and limited to what is necessary.
Personal data is accurate and, where necessary, kept up to date.
Personal data is kept in a form which permits identification of data subjects for no longer than necessary.
Personal data is processed in a manner that ensures appropriate security.
These principles underpin all operational, technical, and organisational decisions relating to data protection within Nexus Network Group Limited.
We may process personal data relating to the following categories of individuals:
Individuals who participate in Nexus Network Group-managed simulation servers or community environments.
Individuals who apply for, hold, or previously held staff, volunteer, contractor, or leadership positions.
Individuals who communicate with us for support, moderation, safeguarding, complaints, appeals, or regulatory matters.
Individuals whose data is processed in connection with security, integrity, or lawful operation of our services.
Individuals interacting casually with public-facing platforms, where processing is limited to technical identifiers.
Where individuals do not fall into operational or administrative categories, processing is strictly limited and temporary.
Depending on the nature of the interaction, we may process the following categories of personal data:
Usernames, display names, and platform identifiers.
Discord IDs, server identifiers, and similar technical identifiers.
Contact details voluntarily provided, such as email addresses.
Application, vetting, or role-related information.
Internal moderation, conduct, or safeguarding records.
Technical data such as IP addresses, access logs, and server connection metadata.
Communications content where necessary for operational, security, or safeguarding purposes.
We do not knowingly collect special category personal data as defined by Article 9 UK GDPR. Where such data is inadvertently disclosed, it is not processed beyond what is strictly necessary and is subject to enhanced protection.
All personal data processed by Nexus Network Group Limited is processed under one or more lawful bases set out in Article 6 UK GDPR, including:
Consent, where individuals have freely given clear permission.
Contractual necessity, where processing is required to perform a contract or take steps at the request of the individual.
Legal obligation, where processing is required to comply with UK law.
Legitimate interests, where processing is necessary for the safe, secure, and lawful operation of our services and does not override individual rights.
Legitimate interests may include moderation, safeguarding, security, dispute resolution, organisational governance, and protection of community integrity.
We operate on a principle of strict data minimisation. Individuals who interact casually with public platforms, without participating in operational roles or formal systems, are not subject to routine personal data collection.
In such cases, processing is limited to temporary technical identifiers, including platform IDs or connection logs, used solely for functionality, security, and moderation. These identifiers are not retained longer than necessary and are not used for profiling or secondary purposes.
Our services are not intended for children under the age of 13. We do not knowingly process personal data relating to children under this age.
Where individuals aged 13 to 17 participate, personal data is collected only where strictly necessary for operational or safeguarding purposes. Such data is subject to enhanced safeguards, restricted access, and limited retention.
Personal data relating to minors is never used for marketing, profiling, or commercial exploitation. Where safeguarding concerns arise, information may be shared with appropriate authorities in accordance with UK law.
Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected. Retention periods may vary depending on operational requirements, legal obligations, safeguarding needs, and dispute resolution.
When personal data is no longer required, it is securely deleted, anonymised, or irreversibly rendered inaccessible. Retention decisions are documented and reviewed periodically to ensure compliance with storage limitation principles.
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or disclosure. These measures may include access controls, role-based permissions, encryption where appropriate, logging, and internal governance controls.
Access to personal data is restricted to authorised individuals who require it for legitimate purposes and who are subject to confidentiality obligations.
We do not sell, trade, or commercially exploit personal data. Personal data is not shared with third parties except where:
Required by law or legal process.
Necessary for safeguarding or protection of individuals.
Essential to enforce community rules or protect organisational integrity.
Required to respond to lawful requests from authorities.
Any data sharing is limited to what is strictly necessary and proportionate.
We do not routinely transfer personal data outside the United Kingdom. Where limited transfers occur through third-party platforms, appropriate safeguards are relied upon in accordance with UK GDPR requirements.
Under the UK GDPR, individuals have the right to:
Access their personal data.
Request rectification of inaccurate data.
Request erasure where legally permissible.
Restrict or object to processing.
Request data portability where applicable.
Withdraw consent at any time where processing is based on consent.
Requests may be submitted using the contact details below and will be handled within statutory time limits.
Individuals have the right to lodge a complaint with the Information Commissioner’s Office if they believe their data protection rights have been infringed. We encourage individuals to contact us first so we can address concerns promptly and constructively.
The Data Controller for all processing covered by this Privacy Policy is:
Nexus Network Group Limited
United Kingdom
Email: privacy@nexusnetworkgroup.co.uk
This Privacy Policy may be updated from time to time to reflect legal, regulatory, or operational changes. The most recent version will always apply and will be made available through our official platforms.
© Nexus Network Group Limited. All rights reserved.