Introduction
Welcome to the Privacy Notice of Nexyan (“Nexyan”, “we”, “us”, or “our”). At Nexyan, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Notice outlines how we collect, use, disclose, and safeguard your information when you visit our website, https://www.nexyan.be, or use our services.
If you have any questions or concerns about this Privacy Notice or our data practices, please contact us at DPO@nexyan.be
Who are we?
Nexyan is a consulting firm established in 2005, specializing in actuarial valuations, employee benefit consulting, and merger and acquisition advisory. We provide services related to occupational benefits, pension fund administration, and international benefit management. Our expertise lies in designing and setting up company-sponsored employee benefit plans, focusing on group insurance and pension plans. We offer legal and technical advice, communication strategies, and training services, leveraging a network of international partners to provide local knowledge and expertise.
Our company is particularly experienced in Belgian legal and fiscal legislation concerning pensions and employee benefits, offering comprehensive consulting services including actuarial, financing, administration, and accounting advice for pension funds and group insurance contracts.
For any inquiries or concerns regarding our privacy practices, you can reach us at our address:
• Company Name: Nexyan
• Address: Excelsiorlaan 23, Zaventem 1930
• Website: www.nexyan.be
What types of data do we process and of whom?
Website visitors – individuals who visit our website. The types of personal data we process include:
• Contact information – we collect name and email address if you voluntarily submit them (for example, through our contact form).
• Log files and analytics data – we collect information about the way you interact with and use our Site through log files and website analytics tools (using cookies). This information includes IP address, referral and exit URLs, browser type, operating system, date/time of access, pages visited, and clickstream data.
Individuals who contact us – those who submit inquiries or requests via our contact form or other communication channels. The types of personal data we process include:
• Name and email address provided when completing the contact form or sending us an email.
• Message content and any other information you choose to share in your correspondence (such as subject and related personal or business details).
Newsletter subscribers – individuals who sign up to receive our newsletter. The types of personal data we process include:
• Email address collected upon subscription to our newsletter.
Clients and prospective clients – individuals or representatives of organizations who engage with us for consulting services, including actuarial valuations, employee benefit consulting, mergers & acquisitions, pension fund administration, and related legal or technical advice. The types of personal data we process include:
• Basic identification information, such as name, position, company name, and contact details (email address and phone number).
• Communications data, including any information shared during meetings, calls, or written exchanges.
• Financial data, contracts, and transaction details, where necessary to provide the requested services.
Employees of our clients or partners – individuals whose personal data we handle when providing services to their employer or affiliated organization, such as pension administration or benefit planning. The types of personal data we process include:
• Personal and employment details, such as name, date of birth, address, job title, and work history.
• Pension and benefit information, including benefit plan details, pension fund data, employee benefits data, and related financial information.
• Legal or administrative data relevant to compliance with Belgian or international legislation concerning pensions and employee benefits.
Other – individuals who do not fit into the above categories but interact with us or our Site through any other means, such as external experts, suppliers, or partners. The types of personal data we process include:
• Contact, identification, and professional information provided by or about these individuals in the course of our business operations.
What data sources do we use?
At Nexyan, we collect personal data from a variety of sources to provide and enhance our services. These sources include:
• We collect data directly from you when you interact with our website and services. This includes information you provide when filling out contact forms or subscribing to our newsletter. The data collected may include your name, email address, and any messages or correspondence you send us.
• Cookies: Our website uses cookies to collect data about your browsing activities. These cookies help us understand how you use our site and improve your experience. For more details, please refer to our Cookie Policy.
We ensure that all data collected is handled in compliance with applicable privacy regulations, and we are committed to maintaining the confidentiality and security of your personal information.
Why do we process your data and on what basis?
We process personal data for various purposes required to deliver our services, communicate with you, and comply with our legal and contractual obligations. Below is a clear overview of why we do so and the legal grounds we rely on:
• Providing and managing our consulting services (such as actuarial valuations, employee benefit consulting, merger & acquisition advisory, pension fund administration, and related advice) to fulfill our agreements with clients. The legal basis for this processing is the performance of a contract.
• Assessing, coordinating, and administering occupational benefits, pension plans, and associated legal and accounting requirements in line with applicable fiscal and employment legislation. The legal basis for this processing is our legal obligation under relevant laws and regulations.
• Responding to inquiries sent through our contact form, including handling any correspondence and follow-up communications. The legal basis for this processing is our legitimate interest in providing prompt and effective customer service, balanced against your rights and freedoms. We only collect what is necessary to handle your requests.
• Managing newsletter subscriptions, including sending monthly or periodic email updates and relevant information. The legal basis for this processing is your consent, which you can withdraw at any time.
• Enhancing, improving, and supporting our services and website, including technical maintenance, usage analytics, and security measures. The legal basis for this processing is our legitimate interest in securing and refining our consulting offerings, balanced carefully against your privacy and data protection rights.
• Complying with legal and regulatory obligations, such as record-keeping requirements, tax laws, social security regulations, or government inquiries. The legal basis for this processing is our legal obligation.
Whenever we rely on our legitimate interests to process data, we ensure we carefully consider and balance any impact on your rights and interests. If you have questions about how we apply any of these legal bases, please contact us at dpo@nexyan.be
With whom do we share your personal data?
We share your personal data with the following categories of recipients, whenever it is necessary for delivering and improving our consulting and advisory services, or for supporting our website operations:
• Email marketing service: This enables us to send newsletters and other relevant updates to subscribed individuals.
• International network partners: These partners collaborate with us to provide global expertise and localized support for our services.
• Event organizers and IT service providers: They assist us in organizing events, webinars, or workshops and help maintain our online platforms and IT infrastructure.
• Third-party service providers: We may rely on specialist companies to assist us with tasks such as data storage, hosting, or other technical and administrative functions.
• Google Analytics: We use Google Analytics to collect and analyze website usage data, helping us understand visitor interactions and improve website performance. For more information, please see Google’s Privacy Policy.
These recipients will process your data only to the extent required to fulfill their tasks in line with our instructions and applicable data protection laws.
International Data Transfers
We transfer certain personal data to our partners and service providers located in countries outside the European Economic Area (EEA). This includes, for example, our international network partners and other third-party service providers operating in various locations around the world. Where personal data is transferred outside the EEA, we implement appropriate safeguards consistent with the requirements of applicable data protection legislation.
These safeguards include:
• Transfers to recipients in countries recognized by the European Commission as providing an adequate level of data protection.
• Use of Standard Contractual Clauses approved by the European Commission when transferring personal data to countries that have not been deemed adequate.
You can request access to the relevant transfer documentation by contacting us at DPO@nexyan.be.
Cookies
Our Site uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and understand user behavior. Cookies are small files stored on your device that allow us to remember your preferences and provide a more personalized experience.
For detailed information on how we use cookies and how you can manage your preferences, please refer to our Cookie Policy.
Security Measures
At Nexyan, we prioritize the security and confidentiality of your personal data. We have implemented a range of technical and organizational measures to protect your data from unauthorized access, use, or disclosure. These measures are designed to ensure a level of security appropriate to the risks associated with the processing of personal data.
Our security measures include:
• Encryption of data both in transit and at rest to safeguard sensitive information.
• Access controls to restrict access to personal data to authorized personnel only.
• Regular security audits and assessments to identify and mitigate potential vulnerabilities.
• Implementation of firewalls and intrusion detection systems to prevent unauthorized access to our systems.
• Training programs for employees to ensure awareness and understanding of data protection and security practices.
We continuously review and update our security practices to enhance the protection of your personal data and to comply with applicable privacy regulations.
In this respect, we have achieved the ISO27001 certified since 4/7/2025.
How long do we keep your personal data?
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, as outlined in this Privacy Policy, or as required by applicable laws and regulations.
Specifically:
• Personal data collected through our contact form, such as your name, email, and message, will be retained for as long as necessary to respond to your inquiry and maintain a record of our communication.
• Data collected for newsletter subscriptions, such as your email address, will be retained until you unsubscribe from our mailing list.
• Data related to our consulting services, including employee data, benefit details, and financial data, will be retained for the duration of our contractual relationship and as required by legal obligations, typically up to 7 years after the end of the contract.
Once the retention period expires, we will securely delete or anonymize your personal data, unless we are required to retain it longer to comply with legal obligations or to protect our legal rights.
Your rights regarding your personal data
You have the following rights in relation to the processing of your personal data, which we are committed to respecting:
• Right of Access – You can ask for a copy of your personal data and details on how we use it.
• Right to Rectification – If your data is incorrect or incomplete, you can ask us to fix or update it.
• Right to Erasure (Right to be Forgotten) – You can request deletion if your data is no longer needed, was collected unlawfully, or if you withdraw consent (unless we have a legal reason to keep it).
• Right to Data Portability – You can get a copy of your data in a usable format or ask us to send it to another service if possible.
• Right to Object – You can object to us processing your data, especially if it’s for marketing or profiling. We will stop unless we have strong legal reasons to continue.
• Right to Restriction of Processing – You can ask us to limit how we use your data in certain cases, like if you contest its accuracy or need it for a legal claim.
• Right to Withdraw Consent – If we rely on your consent to process your data, you can withdraw it anytime, and we’ll stop using your data for that purpose unless another legal reason applies.
To exercise any of these rights, please contact us at dpo@nexyan.be.
You also have the right to lodge a complaint with your local data protection authority if you believe we are not handling your data in accordance with the law. For Belgium:
Gegevensbeschermingsauthoriteit (GBA)
Rue de la Presse 35, 1000 Brussels, Belgium
Phone: +32 (0)2 274 48 00
Email: contact@apd-gba.be
Website: https://www.gegevensbeschermingsautoriteit.be/
Changes to the Privacy Notice
This Privacy Policy was last updated on 24.10.2025.
We reserve the right to modify this notice at any time. Any updates or changes will be posted on our website and, where appropriate, communicated to you via email. For any data processing-related questions and/or requests, please contact us at dpo@nexyan.be
