Privacy Policy

NestaDev Ltd

NestaDev Ltd is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, share and protect personal data when you:

• Visit www.nestadev.com
• Use our platforms (including ELSA and related digital services)
• Enquire about or purchase our services
• Subscribe to marketing communications
• Engage with us as a client, supplier or partner

This policy applies to health and social care providers, business clients, website visitors, and individuals whose personal data is processed through our services.

Data Controller

Personal Information We Collect

1. Information You Provide Directly

2. Information Automatically Collected

When you use our website or platforms, we may collect:

• Usage Data – Features accessed, time spent, AI feature interactions
• Technical Data – IP address, browser type, device type, operating system
• Log Data – Access logs, security logs, performance data
• Cookies & Tracking Technologies – Session cookies and analytics cookies (with consent)

3. Information from Third Parties

We may receive data from:

• Public registers (e.g., Companies House, public tender portals)
• Payment processors (payment confirmations, billing data)
• Analytics providers (aggregated performance data)
• CRM and marketing systems used to manage enquiries

How We Use Personal Information

We process personal data under UK GDPR lawful bases:

Purposes of Processing

1. Service Delivery

• Providing access to NestaDev platforms and services
• Generating AI-assisted recommendations
• Creating documentation and compliance tools
• Processing subscriptions and payments
• Providing support

2. Product & Service Improvement

• Improving AI accuracy and performance
• Developing new features
• Conducting usability testing
• Analysing usage patterns

3. Security & Fraud Prevention

• Monitoring for unauthorised access
• Investigating misuse or fraud
• Maintaining audit logs
• Responding to security incidents

4. Marketing & Communications

• Sending service updates
• Providing educational materials
• Sending promotional communications (with consent)
• Requesting feedback

You may opt out of marketing at any time.

How We Share Personal Information

We do not sell personal data.

We may share data with trusted service providers under Data Processing Agreements:

We may also disclose data where legally required.

International Data Transfers

Data is stored primarily in the UK and EEA.

If transferred outside the UK/EEA, we use:

• UK International Data Transfer Agreement (IDTA)
• Standard Contractual Clauses
• Adequacy decisions
• Supplementary safeguards where required

Data Retention

Your Data Protection Rights

Under UK GDPR, you have the right to:

• Access your personal data
• Correct inaccurate data
• Request erasure
• Restrict processing
• Data portability
• Object to processing
• Withdraw consent at any time
• Not be subject to solely automated decision-making

ELSA and other NestaDev tools are decision-support systems. AI outputs require human review and are not automated legal decisions.

To exercise your rights:

We respond within one month.

Right to Complain

You may lodge a complaint with:

Cookies

Essential Cookies

Used for:

• Login session management
• Security protection
• Platform functionality

These cannot be disabled.

Analytics Cookies (with consent)

Used to:

• Improve website performance
• Analyse user behaviour
• Optimise user experience

You can manage cookie preferences via browser settings.

Security Measures

NestaDev implements technical and organisational safeguards including:

Our practices align with recognised information security frameworks and best practice standards.

Children’s Privacy

NestaDev services are not intended for individuals under 18.
We do not knowingly collect data from children.

Changes to This Policy

We may update this Privacy Policy to reflect changes in law, operations or services.

Significant updates will be communicated via:

• Website notice
• Email (where applicable)

Contact Information