gnxs
FeaturesDocsPricing

PRIVACY STATEMENT AND DATA PROCESSING AGREEMENT

Version: March 2025

This privacy policy will explain how our organization, Genie Nexus (hereafter referred to as "genie-nexus", “gnxs.io”, "we", "our", or "us") uses the personal collected from you when you use the Genie Nexus software platform (hereafter referred to as the "Genie Nexus Platform" or “the Services”)

Topics:

  • What data do we collect?
  • Legal basis
  • How do we collect your data?
  • How will we use your data?
  • How do we store your data?
  • What are your data protection rights?
  • Changes to our privacy policy
  • How to contact us
  • How to contact the appropriate authorities

What data do we collect?

We collect the following data:

User data saved within our database:

  • Name
  • Email address
  • Password (hashed)
  • Data you added yourself to your own genie-nexus environment (hereafter: “Customer Data”)

How do we collect your data?

You directly provide us with most of the data we collect. We collect data and process data when you:

  • Register for the Services
  • Use the Services

Legal Basis

Processing of your personal data can be based on your explicit consent for one or
more specific purposes, because it is necessary for the performance of a contract (for instance to provide you with the use of the Services), and on legitimated interests pursued by us (such as improving our Service) provided such interests are not overridden by your interests or
fundamental rights and freedoms which require protection of your personal data.

How will we use your data?

We collect your data so that we can:

  • Manage your account
  • Deliver the Services to you
  • Provide your data to our sub-processors

How do we store your data?

We securely store your data at Contabo servers located in the European Union. We will keep your data only as long as you have a datasthor account.

What are your data protection rights?

We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

The right to access and copy - You have the right to request us for access to and copies of your personal data.

The right to rectification
- You have the right to request that we correct any information you believe is inaccurate. You also have the right to request us to complete information you believe is incomplete.

The right to erasure - You have the right to request us to erase your personal data, under certain conditions.

The right to object to processing
- You have the right to object to our processing of your personal data, under certain conditions. For example, if we use your Personal Data for marketing purposes.

The right to data portability
- You have the right that we transfer that data that we have collected to another organization, or directly to you, under certain conditions.

The right to complain
- You have the right to complain to the relevant European data protection authority about the manner in which we process your personal data. You can file a complaint with the Dutch Data Protection Authority using this link: https://autoriteitpersoonsgegevens.nl/nl/zelf- doen/privacyrechten/klacht-indienen-bij-de-ap

If you make a request, we have one month to respond to you. If you would
like to exercise any of these rights, please send an e-mail to dan@gnxs.io.

Changes to our privacy policy

We keep our privacy policy under regular review and place any updates on this web page.

How to contact us

If you have any questions about our privacy policy, the data we hold on
you, or you would like to exercise one of your data protection rights,
please do not hesitate to contact us. Email us at: dan@gnxs.io

DATA PROCESSING AGREEMENT

1. datasthor (hereinafter: Processor),

and

2. Customer (hereinafter: Controller),

considering, that

  • the Controller has access to personal data of various data subjects,
  • the Controller intends to have the Processor perform certain processing
    operations, for which the Controller determines purpose and means,
  • the Processor is willing to do so, and further is willing to adhere to the
    obligations regarding security and other aspects of data processing
    legislation to the best of its abilities,
  • the Parties are required under data processing legislation to record their rights and obligations in a written instrument,

have agreed as follows:

Article 1. Purposes of processing; nature of personal data

  1. Processor hereby agrees under the terms of this Data Processing Agreement to
    process personal data on behalf of the Controller. Processing shall be
    done solely for the purpose of:Providing personal dashboard functionalitiesfor the benefit of Controller, and associated online services (hereafter: the Services) and all purposes compatible therewith or as determined jointly, during the term of the corresponding services agreement between Controller and Processor.
  2. Processor processes data provided by Controller (Customer Data). Customer Data may contain personal data and/or special categories of data depending on how Processor’s services
    are used by Controller.
  3. All personal data processed on behalf of Controller shall remain the property of Controller and/or the data subjects in question.

Article 2. Processor obligations

  1. Regarding the processing operations referred to in the previous clause, Processor shall comply with all applicable legislation, including at least all data processing legislation such as the General Data Protection Regulation.
  2. Upon first request Processor shall inform Controller about any measures taken to comply with its obligations under this Data Processing Agreement.
  3. All obligations for Processor under this Data Processing Agreement shall apply equally to any persons processing personal data under the supervision of Processor, including but not
    limited to employees in the broadest sense of the term.
  4. Processor shall inform Controller without delay if in its opinion an instruction
    of Controller would violate the legislation referred to in the first clause of this article.
  5. Processor shall provide reasonable assistance to Controller in the context of any privacy impact
    assessments to be made by Controller.

Article 3. Transfer of personal data

  1. Processor may process the personal data in any country within the European Union.
  2. In addition Processor may upon request of Controller transfer the personal data to a country outside the European Union, if such country ensures an adequate level of protection of personal data and Processor complies with other obligations imposed on it under this Data Processing Agreement and the General Data Protection Regulation, including the
    availability of appropriate safeguards and enforceable data subject rights and effective legal remedies for data subjects.

Article 4. Allocation of responsibilities

  1. The authorized processing operations shall be performed by employees of Processor within an automated environment.
  2. Processor is solely responsible for the processing of personal data under this Data Processing Agreement in accordance with the instructions of Controller and under the explicit supervision of Controller. For any other processing of personal data, including but not limited to any
    collection of personal data by Controller, processing for purposes not reported to Processor, processing by third parties and/or for other purposes, the Processor does not accept any responsibility.
  3. Controller represents and warrants that the content, usage and instructions to
    process the personal data as meant in this Data Processing Agreement are lawful and do not violate any right of any third party. Controller indemnifies Processor for any claims of third-parties in relation to Controller’s use of the Services.

Article 5. Involvement of sub-processors

  1. Processor shall involve third parties in the processing under this Data Processing Agreement. Processor shall ensure that any third parties are bound to at least the same obligations as agreed between Controller and Processor.
  2. Processor represents and warrants that these third parties shall comply with the obligations under this Data Processing Agreement and is liable for any damages caused by violations by these third parties as if it committed the violation itself.

Article 6. Security

  1. Processor shall use reasonable efforts to implement appropriate technical and
    organisational measures to ensure a level of security appropriate to the risk for the processing operations involved, and to protect the data against loss or unlawful processing (in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or
    access to personal data transmitted, stored or otherwise processed).
  2. Processor does not warrant that the security is effective under all circumstances. If any security measure explicitly agreed in this Data Processing Agreement is missing, then Processor shall use best efforts to ensure a level of security appropriate to the risk taking into
    account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
  3. Controller shall only provide personal data to Processor for processing if it has ensured that the required security measures have been taken. Controller is responsible for the parties’
    compliance with these security measures.

Article 7. Notification and communication of data breaches

  1. Controller is responsible at all times for notification of any security breaches and/or personal data breaches (which are understood as: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data
    transmitted, stored or otherwise processed) to the competent supervisory authority, and for communication of the same to data subjects. In order to enable Controller to comply with this legal requirement, Processor shall notify Controller within 48 hours after becoming aware of an
    actual or threatened security or personal data breach.
  2. A notification under the previous clause shall be made only for actual breaches with severe impact.
  3. The notification shall include at least the fact that a breach has occurred. In addition, the notification shall:

Article 8. Processing requests from data subjects

  1. In the event a data subject makes a request to exercise his or her legal rights under data protection legislation to Controller, Processor shall pass on such request to Controller, and Controller shall process the request. Processor may inform the data subject of this passing on.
    Taking into account the nature of the processing, Processor shall assist Controller where possible and appropriate in the fulfilment of Controller's obligation to respond to such requests.

Article 9. Confidentiality obligations

  1. All personal data that Processor receives from Controller and/or collects itself is subject to strict obligations of confidentiality towards third parties. Processor shall not use this information for any goals other than for which it was obtained, not even if the information has been
    converted into a form that is no longer related to an identified or identifiable natural person.
  2. The confidentiality obligation shall not apply to the extent Controller has granted explicit permission to provide the information to third parties, the provision to third parties is reasonably necessary considering the nature of the assignment to Controller or the provision is legally required.

Article 10. Audit

  1. Controller has the right to have audits performed on Processor by an independent
    third party bound by confidentiality obligations to verify compliance with the security requirements, compliance with data processing regulations, compliance with the Data Processing Agreement, and all issues reasonably connected thereto.
  2. This audit may be performed once every year as well as in the event of a substantiated allegation of misuse of personal data.
  3. Processor shall give its full cooperation to the audit and shall make available employees and all reasonably relevant information, including supporting data such as system logs.
  4. The audit findings shall be assessed by Processor and implemented if and to the extent deemed reasonable by Processor.
  5. The costs of the audit shall be borne by Controller.

Article 11. Liability

  1. The liability of Processor for any claim in connection with this Data Processing Agreement, including claims based on liability due to any failure to comply with applicable data protection legislation, whether based on contract, tort (including negligence), statutory duty or
    otherwise, is limited to direct damages per event (a sequence of successive events counting as one event), up to a maximum of the total amount of fees Processor has received from Controller for its services in the year that the event giving rise to the liability has occurred.
    The total aggregate liability of Processor shall in any case be limited to a maximum of € 100,00.
  2. Direct damages shall include only:
  3. Any liability for indirect damages by Processor for indirect damages is excluded. Indirect damages are all damages that are not direct damages, and thus including but not limited to consequential damages, lost profits, missed savings, reductions in goodwill, standstill damages,
    failure to meet marketing requirements, damages as a result of using data prescribed by Controller, or loss, corruption or destruction of data.
  4. No limitation of liability shall exist if and to the extent the damages are a result of intentional misconduct or gross negligence on the part of Processor or its directors.
  5. Unless a failure by Processor is incapable of redress, any liability shall exist only if Controller puts Processor on notice of default, including a reasonable term for addressing the failure, and Processor fails to comply even after this term. The notice shall contain a detailed
    description of the failure to ensure that Processor has a reasonable opportunity to address the failure.
  6. Any claim for damages from Controller to Processor that is not specifically notified in detail
    shall be extinguished by the passage of twelve (12) months after the date its cause first arose.

Article 12. Term and termination

  1. This Data Processing Agreement enters into force upon signature by the parties and on the date of the last signature.
  2. This Data Processing Agreement is entered into for the duration of the cooperation between the parties.
  3. Upon termination of the Data Processing Agreement, regardless of reason or manner, Processor shall - at the choice of Controller - return in original format or destroy all personal data available to it.
  4. Parties may change this Data Processing Agreement only with mutual consent.

Article 13. T&C’s, Applicable law and competent venue

  1. If and to the extent that there is any conflict between the provisions of the applicable datasthor Terms of Service and this Data Processing Agreement, the latter shall apply.
  2. This Data Processing Agreement and its execution are subject to Dutch law.
  3. Any disputes that may arise between the parties in connection with this
    Data Processing Agreement shall be brought to the competent court for
    the place of business of Processor.

Genie Nexus

genie-nexus is the intelligent traffic router for developers working with APIs and LLMs. It puts you in control—so you can dynamically reroute requests, transform payloads, and adapt to any provider or condition, instantly.

© 2025 debuggingdan
Made with ❤️ by Dan

Community

GitHubBlueskyYouTube

Information

BlogDocumentationComparisons

Legal

TermsPrivacy Policy