Effective Date: 4th July 2025
Introduction
This Privacy & Cookie Policy (“Policy”, “Privacy Policy”, or “Agreement”) is entered into by and between any person or entity (“you” or “your”) accessing or using our websites, platforms, products, or services—whether as a Client, Expert, or Visitor—and Nextyn Advisory Pvt. Limited (if you are located in India) or Nextyn Pte. Ltd. (if you are located outside India) (each, as applicable, referred to as “Nextyn,” “we,” “our,” or “us”). By accessing or using all our platforms, products, tools, and activities offered by Nextyn, including an Interchange, Client access, content delivery and related support functionalities (“Services”) you acknowledge and consent to the practices described herein regarding the collection, use, processing, disclosure, transfer, and safeguarding of your Personal Data. If you do not agree with the terms of this Agreement, you must refrain from accessing, using, or continuing to use our Services in any manner.
If you are based in India, you will be registered with Nextyn Advisory Private Limited, a company incorporated under the laws of India, and if you are based outside India, you will be registered with Nextyn Pte. Ltd., a company incorporated under the laws of Singapore.
This Policy applies to all individuals whose Personal Data is processed by Nextyn, including Experts, Clients, Visitors, Vendors, and authorized users. For individuals in the European Economic Area (EEA) or the United Kingdom (UK), please refer to the Supplemental Disclosures for additional rights under the GDPR and UK GDPR. For individuals residing in the United States, including California, please refer to the Supplemental Disclosures for additional rights available under applicable U.S. state privacy laws, including the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).
This Privacy Policy is to be read in conjunction with Nextyn’s Terms and Conditions and Code of Conduct, and all statements, obligations, and definitions contained therein shall be deemed incorporated into this Policy and shall apply with full force and effect.
1. Definitions
For the purposes of this Privacy & Cookie Policy, the following terms shall have the meanings set forth below. Defined terms apply consistently throughout the Agreement, whether used in the singular or plural form.
“Visitor” means any user who accesses our Website(s) or platforms without registering as an Expert or Client.
“Services” means all functionalities, interactions, tools, platforms, engagements, Website(s), and offering, including but not limited to an Interchange, content hosting, platform tools, and support services.
“Personal Data” or “Personal Information” means any information that relates to an identified or identifiable natural person and that is collected, stored, or processed by Nextyn. This includes, but is not limited to, names, contact information, government-issued IDs, employment history, educational background, bank account details, IP addresses, session data, and user preferences.
“Processing” means any operation or set of operations performed on Personal Data, whether or not by automated means, including but not limited to collection, recording, storage, use, disclosure, sharing, transfer, deletion, and erasure.
“Cookies” means small text files or other tracking technologies placed on a user’s device by a website or application to enable functionalities, track preferences, or analyse user behaviour.
“EEA” means the European Economic Area, which includes the member states of the European Union, as well as Iceland, Liechtenstein, and Norway.
“GDPR” refers to the General Data Protection Regulation (EU) 2016/679, which governs the processing of Personal Data within the EEA.
“UK GDPR” refers to the retained version of the EU GDPR applicable in the United Kingdom following Brexit.
“DPDP Act” refers to India’s Digital Personal Data Protection Act, 2023, which governs the processing of Personal Data in India.
“PDPA” refers to Singapore’s Personal Data Protection Act 2012, which governs the collection, use, disclosure, and care of personal data by private organizations in Singapore.
“Standard Contractual Clauses (SCCs)” means a set of model clauses adopted by the European Commission or relevant authority to provide appropriate safeguards for the transfer of Personal Data to third countries.
“Third Party” refers to any natural or legal person other than the data subject, Nextyn, or any authorized processor acting on behalf of Nextyn.
2. Collection of Personal Data
Nextyn collects Personal Data through various means when you engage with our Services—whether directly through your interactions with Nextyn in any manner, through automated technologies, or from third-party and/or publicly available sources. This includes, but is not limited to, information you provide during communications with Nextyn’s employees or authorised representatives via phone calls, LinkedIn messages, emails, text messages, or other messaging platforms, as well as data submitted through forms or profiles on Nextyn’s proprietary platform, dashboard and/or Websites. This Personal Data may include, but is not limited to, your name, professional title, contact details (including email address, phone number, home or work address), nationality or residence, Government ID’s, tax identification or social security numbers (where legally required), employment and academic history, biographical information, payment preferences, and bank account details for honoraria or reimbursements.
We may also collect documentation submitted by you during the onboarding process, such as CVs/resumes, identification documents, compliance declarations, or credentials that support your professional background. We may additionally maintain records of your communication with Nextyn—including emails, chats, calls, surveys, and other correspondence—as well as details of transactions carried out via our platform or services.
For Experts, we may obtain Personal Data from third-party background verification providers, sanction and regulatory databases, law enforcement watchlists, or other publicly available sources including but not limited to company websites, search engines, and professional networking platforms. We may also receive Client feedback relating to your engagement history, performance, or suitability for future projects.
When you visit or interact with Nextyn’s Websites or digital tools, we may collect technical and behavioural data through automated means. This includes but is not limited to your Internet Protocol (IP) address, device identifiers, browser type and version, operating system, referral URLs, pages visited, time spent on pages, clickstream data, session timestamps, and geographic location based on IP-derived data. We may also use third-party analytics providers to collect statistical and demographic data relating to Website usage, performance metrics, and engagement with specific features. These third parties may use cookies and similar technologies to perform these services.
All Personal Data is used exclusively for the purposes for which it was collected or reasonably expected to be used, and is handled only by Nextyn personnel or authorized processors subject to contractual obligations and data protection safeguards.
3. How and Why We Process Your Data
Nextyn processes your Personal Data to operate, manage, and enhance the Services we provide to Experts and users of our platforms. This includes facilitating onboarding, verifying your credentials, matching you with relevant Interchange opportunities, scheduling, facilitating and hosting an Interchange, moderating, transcribing or recording Interchanges (where applicable), processing invoices and honoraria, administer compensation, or collect feedback related to your participation and performance and maintaining internal compliance and recordkeeping systems.
We may also use your Personal Data to fulfill legal and regulatory obligations, detect and prevent fraud, bribery, money laundering, insider trading, or other prohibited conduct, conduct internal audits, and communicate important service-related updates or Policy changes. In some instances, we use Personal Data to send you marketing communications or notify you of new services or platform features.
Nextyn may use and share limited personal data of Experts—including but not limited to name, professional background, industry expertise, educational qualifications and prior engagement history—with Clients for the sole purpose of evaluating suitability for specific consulting opportunities. As part of our compliance and risk assessment protocols, we may engage trusted third-party service providers for purposes including but not limited to conducting background verifications, sanction list screenings, or for credential validations. For these purposes, we may share your Personal Data with such providers solely to enable the completion of these checks. All third-party service providers engaged by Nextyn are contractually bound to maintain confidentiality, process data only on our instructions, and implement appropriate safeguards to protect your Personal Data.
We may use your data to analyse your preferences, interests, and use of our Services in order to better understand user needs and improve our offerings, platform functionality, and experience. Your data may also be used to facilitate internal analytics, platform diagnostics, and service improvement initiatives using third-party analytics providers bound by confidentiality and security obligations.
We may record and monitor certain activities, including calls and transactions, to ensure service quality, adherence to our procedures, and the prevention of fraud or misuse.
Your data may also be processed to support internal business management functions across our corporate group, and to assist in due diligence or transitional processes related to any potential or actual merger, acquisition, restructuring, business transfer, or other corporate transaction. In such cases, Personal Data may be shared with counterparties, legal advisers, and successor entities under strict confidentiality protections.
Your Personal Data may be used to contact you for service-related announcements or operational messages essential to your participation.
4. Background Information and Due Diligence
As part of your participation in the Nextyn platform, you acknowledge that all background information you provide to us, including but not limited to your resume, professional biography, employment and academic history, regulatory status, and personal declarations, must be accurate, complete, and current. You are responsible for promptly informing us of any changes to this information, and you may request to review and update the Personal Data we hold about you at any time to ensure its accuracy.
You expressly authorize Nextyn to conduct background verification and due diligence checks, either internally or through reputable third-party service providers, in accordance with applicable laws. These checks may include, without limitation, verification of your qualifications, employment and licensing history, sanctions screenings, and the validation of publicly available professional information. Nextyn may also supplement or correct your submitted data using information obtained from third parties or public databases where legally permissible.
This verification process is essential to maintaining the integrity, compliance, and credibility of Nextyn and its Services.
5. Cookies and Tracking Technologies
We use cookies, beacons, pixels, and other similar technologies to authenticate users, remember preferences, analyse traffic patterns, and personalize content on our Website and platform. Some of these technologies are strictly necessary for the website’s core functionality, while others are used—with your consent—for analytics, performance tracking, user behaviour analysis, and marketing purposes.
Cookies are small data files stored on your device or browser that help us understand how users interact with our website, including pages visited, time spent, and navigation flows. This insight allows us to improve our services, enhance user experience, and deliver more relevant content.
We do not collect personally identifiable information through cookies unless you voluntarily provide it to us through forms or other direct submissions on our website. We do not sell, rent, or share any personally identifiable information collected via cookies to third parties for their own marketing purposes.
We may engage trusted third-party service providers to place or access cookies on our behalf for analytics, performance measurement, and website optimization. These providers may collect aggregated or anonymized data to evaluate website usage and assist us in improving functionality. All such third-party providers are contractually obligated to process data in accordance with applicable data protection laws and only on our instructions. Our use of cookies complies with applicable laws including the ePrivacy Directive, GDPR, and India’s DPDP rules and PDPA rules. Non-essential cookies will only be used with your explicit consent.
You can control or disable the use of non-essential cookies at any time by adjusting your browser settings or using available cookie consent tools on our website. However, disabling certain cookies may affect the performance, availability, or functionality of parts of our site.
6. Expert Call Recordings and Use
To support transparency, compliance, and Client-specific control, all Interchange recordings are stored in secure, access-controlled environments using industry-standard encryption and data protection safeguards. Recordings and any associated transcripts are accessible exclusively to the Client who initiated or moderated the session and Nextyn, thereby maintaining strict confidentiality. By participating in recorded Interchanges, as an Expert, you waive any claims or rights over the resulting recordings and transcripts.
7. Sharing and Transfers of Personal Data
Your data may be shared with authorized employees, background verification partners, IT service providers, and Clients where necessary. All such transfers are governed by confidentiality, data protection agreements, and strict access control.
In connection with Expert engagements, and only upon your consent or confirmation of participation, we may share limited Personal Data such as your name, title, and professional background with Clients, including within transcripts or recorded content available through Nextyn's proprietary knowledge Library. Your Personal Data may also be used to display your participation or profile within our Client-facing platforms or in transcript-based products where relevant and contractually permitted. Your biographical data may appear in transcript-based products.
Nextyn does not sell, rent, or share your Personal Data with third parties for their own marketing, advertising, or solicitation purposes. However, we may use third-party tools and vendors to help analyse aggregated user behaviour on our platform and to support remarketing or campaign performance tracking, strictly for Nextyn’s internal business development and improvement purposes.
If legally required or compelled, we may disclose your Personal Data to law enforcement agencies, regulators, courts, or other authorities in connection with investigations, legal claims, or compliance with applicable laws.
Nextyn processes Personal Data under lawful bases in accordance with the GDPR, UK GDPR, India’s DPDP Act, and Singapore’s PDPA. Your data may be stored and processed in India and/or Singapore and accessed by authorized staff or third-party service providers for purposes outlined in this Policy. It may also be transferred to and processed in other jurisdictions, including the EEA, UK, US, and parts of Asia, with appropriate safeguards in place to ensure its protection. Where necessary, we implement technical and organizational measures (such as encryption, anonymization, or access restrictions) to supplement international transfer safeguards.
8. Security and Retention
We are committed to protecting your Personal Data. Nextyn implements commercially reasonable physical, technical, and administrative safeguards to secure Personal Data against unauthorized access, loss, misuse, alteration, or disclosure. These measures include encryption, firewalls, access controls, secure servers, internal policies, and employee confidentiality training.
Access to Personal Data is strictly limited to authorized personnel, contractors, or service providers who require such access for legitimate business purposes and who are bound by confidentiality obligations.
While we strive to maintain the highest standards of data security, you acknowledge that no method of transmission over the internet or method of electronic storage is completely secure. We advise all users to exercise caution when transmitting data online and accept the inherent risks of doing so.
If you are provided with login credentials or passwords to access our services, you are responsible for maintaining their confidentiality and complying with any additional security procedures we may notify you of.
We have established procedures to detect, investigate, and respond to any suspected data breaches. Where legally required, we will notify affected individuals and regulatory authorities promptly.
9. Opting Out
You may elect to opt out as an Expert from the platform at any time by providing Nextyn with written or electronic notice at info@nextyn.com. Upon receipt of such notice, we will remove your profile and related information from our platform.
10. Changes to this Agreement
Nextyn may update this Agreement from time to time to reflect changes in law, technology, or service offerings. Updates will be posted on our website and the “Effective Date” at the top will be revised. Continued use of the Services after changes constitutes your acceptance of the updated terms.
11. Supplemental Disclosures for Individuals in the EEA and United Kingdom
This section applies to individuals residing in the European Economic Area (EEA) and the United Kingdom (UK), and also governs the processing of any personal data performed within those jurisdictions, regardless of the data subject’s residence. In the event of any conflict between this section and other provisions of this Privacy Policy, this section shall prevail for EEA and UK residents. These rights include access to your personal data, correction of inaccuracies, erasure of data, restriction of processing, objection to processing, and the right to data portability. Where our processing of your personal data is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. You also have the right to lodge a complaint with your local data protection authority, including the UK Information Commissioner’s Office (ICO) or an EU supervisory authority. In cases where we transfer your personal data outside of the EEA or UK to countries that may not offer the same level of data protection, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) and the UK Addendum to ensure your data remains protected. If you wish to exercise any of these rights or obtain further information, please contact us at compliance@nextyn.com.
In case of data transfers originating from the European Economic Area (EEA) or the United Kingdom (UK), we implement appropriate safeguards in accordance with applicable Data Protection Legislation. These safeguards may include Standard Contractual Clauses (SCCs) approved by the European Commission and the UK Addendum where applicable. Where data protection standards in the recipient country are not deemed equivalent to those in the EEA or UK, we will ensure the implementation of supplementary measures to protect your Personal Data. By accepting this Privacy Policy, you consent to the transfer, storage, and processing of your Personal Data outside your jurisdiction in accordance with this clause, provided it is necessary for the performance of our services, compliance obligations, or legitimate business operations.
Where necessary, we implement technical and organizational measures (such as encryption, anonymization, or access restrictions) to supplement international transfer safeguards.
A) Controller vs. Processor Role
Depending on the context of an engagement, Nextyn may act as either a Data Controller or a Data Processor. We act as a Data Controller in situations where we determine the purpose and means of processing personal data, such as during Expert registration, platform usage, marketing, or compliance screening. In contrast, we act as a Data Processor when processing data on behalf of Clients during an Interchange or engagement, following only their instructions and subject to contractual obligations. In both roles, we are committed to upholding all applicable privacy and data protection obligations under the GDPR, UK GDPR, India’s DPDP Act and the PDPA and any other relevant frameworks.
12. Supplemental Disclosures for U.S. Residents
This section applies to individuals residing in the United States, including residents of California and other states with comprehensive privacy laws. It supplements the general provisions of this Privacy Policy and describes the additional rights afforded under applicable state legislation.
A) U.S. State Privacy Rights
Residents of certain other U.S. states, including Virginia, Colorado, Connecticut, and Utah, may have additional rights under their respective state privacy laws. These may include the right to access personal data, request corrections, obtain a copy of your data in a portable format, request deletion, and opt out of targeted advertising or profiling based on personal data.
Nextyn does not use personal data for automated decision-making, behavioral profiling, or targeted advertising as defined under these state laws, and does not sell personal information. If you are a resident of a state with applicable privacy legislation and wish to exercise your rights, you may contact us at compliance@nextyn.com. Your request will be reviewed and responded to in accordance with the procedures and timeframes required by law.
B) California Privacy Rights
This subsection applies solely to residents of the State of California, in accordance with the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). Terms defined under the CCPA/CPRA have the same meaning when used in this section.
If you are a California resident, you may have the right to know what categories of personal information we collect, use, disclose, and share; the right to access specific personal information collected about you; the right to request deletion of your personal data, subject to certain legal exceptions; the right to correct inaccurate personal data; the right to opt out of the sale or sharing of personal data; and the right to limit the use and disclosure of sensitive personal information where applicable. You also have the right not to be discriminated against for exercising these rights.
Nextyn does not sell personal information for monetary consideration. However, we may share limited categories of personal information with third-party service providers or vendors for business operations such as analytics, security, hosting, or compliance, in accordance with applicable law. We honor requests to opt out of such sharing where required.
To exercise any of your rights under California law, you may submit a verifiable consumer request to compliance@nextyn.com. We will respond in accordance with legal requirements and may verify your identity before fulfilling your request. Nextyn also respects browser-enabled “Do Not Track” signals and Global Privacy Control (GPC) mechanisms to the extent required under California law.
13. Dispute Resolution and Arbitration
In case of any dispute arising out of this Agreement, it shall be resolved exclusively through binding Arbitration in accordance with the provisions of the Arbitration and Conciliation Act, 1996, as amended from time to time (“the Act”). The Arbitration shall be conducted by a sole arbitrator mutually appointed by the parties. If the parties are unable to agree on an Arbitrator within thirty (30) days, the appointment shall be made in accordance with the provisions of the Act.
The seat and venue of Arbitration shall be Mumbai, India, and the Arbitration proceedings shall be conducted in English. The Arbitral Award shall be final, binding, and enforceable in any court of competent jurisdiction.
The existence of a dispute or the commencement of Arbitration shall not relieve either party of its ongoing obligations under this Agreement. This clause shall apply to both contractual and non-contractual disputes or claims arising out of or in connection with this Agreement.
14. Governing Law and Jurisdiction
This Agreement shall be governed by and construed in accordance with the laws of India. Subject to the Arbitration clause above, all disputes shall be subject to the exclusive jurisdiction of the courts of Mumbai, Maharashtra.
15. Contact Us
For questions, complaints, or to exercise your rights under this Agreement, contact:
Nextyn Advisory Private Limited
Address: 32 Madhuban Industrial Estate, Mahakali Caves Road, Andheri (East), Mumbai – 400093, Maharashtra, India.
Nextyn Pte. Ltd.
Address: 68 Circular Road, #02-01049422, Singapore.
Email: compliance@nextyn.com
This Agreement incorporates and is subject to Nextyn’s Terms and Conditions and Code on Conduct, which are hereby made part of this Agreement by reference. By using the Website and engaging in our services, you confirm that you have read, understood, and accepted these Terms and Conditions, Privacy Policy and the Code of Conduct.
