Last updated: April 2026
This privacy policy informs you about the nature, scope, and purpose of the collection and use of personal data on our website nxs.digital and within our SaaS platform NEXUS V2. The responsible entity is Broos Project GmbH (see legal notice for details).
Broos Project GmbH
Ungelsheimer Weg 14
40472 Düsseldorf, Germany
Phone: +49 211 493 935 17
Email: buero@broos-project.de
Each time our website is accessed, information is automatically collected that your browser transmits: IP address, date and time of the request, page accessed, HTTP status code, data volume transferred, referrer URL, browser and operating system. This data is used exclusively to ensure operation and system security (legal basis: Art. 6 Para. 1 lit. f GDPR). It is not merged with other data sources.
When you contact us via the contact form, your information (name, email address, company, message) will be processed for handling your inquiry and forwarded to us by email. Email delivery is handled by Resend (Resend Inc., EU region). This data will not be shared with third parties. Legal basis: Art. 6 Para. 1 lit. b GDPR (pre-contractual measures) or Art. 6 Para. 1 lit. f GDPR (legitimate interest in responding to inquiries).
Our platform uses Google Firebase for authentication (Firebase Authentication), database (Cloud Firestore), and file storage (Cloud Storage). All data is stored in the EU (database region europe-west3, Frankfurt am Main).
Application hosting is provided via Google App Hosting (region europe-west4, Netherlands). Server log files (IP addresses, access times, requested pages) may be processed as part of hosting.
Google LLC is certified under the EU-US Data Privacy Framework and has concluded Standard Contractual Clauses (SCCs). For more information: policies.google.com/privacy
We use Sentry (Functional Software Inc. dba Sentry, EU region Frankfurt) for the detection and diagnosis of technical errors. Sentry captures anonymised error messages, stack traces, and technical device data. All text fields, input fields, and media content are masked — no content (messages, form data) is transmitted to Sentry. IP addresses are not forwarded (sendDefaultPii: false). Legal basis: Art. 6 Para. 1 lit. f GDPR (legitimate interest in error-free operation).
Our website uses exclusively technically necessary cookies that are required for operation (e.g. session cookies for authentication). These cookies are automatically deleted at the end of your browser session. Consent is not required for technically necessary cookies pursuant to § 25 Para. 2 TDDDG. Analytics, advertising, or tracking cookies are not used.
In the context of using NEXUS V2, we process personal data on behalf of our business clients (data processing agreement pursuant to Art. 28 GDPR). The respective business client as controller is responsible for the lawfulness of this processing. Data is stored separately per tenant and is accessible exclusively to authorised users of the respective tenant. Categories of processed data: employee master and employment data, time recording data (incl. GPS location on clock-in/out), project data, financial data, and documents. All data is stored in the EU (Firestore region europe-west3, Frankfurt).
Under the GDPR, you have the following rights against Broos Project GmbH as the responsible party:
To exercise your rights, please contact: buero@broos-project.de
You have the right to lodge a complaint with the competent data protection supervisory authority (Art. 77 GDPR). The competent authority for Broos Project GmbH is the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW), Postfach 20 04 44, 40102 Düsseldorf, www.ldi.nrw.de
We implement technical and organisational security measures pursuant to Art. 32 GDPR. These include: AES-256 encryption of data at rest, TLS 1.2+ encryption in transit, role-based access control (RBAC), complete tenant-based data separation, and monthly data backups. A detailed description of our measures is available in our TOMs document upon request.
We reserve the right to update this privacy policy from time to time to ensure it always complies with current legal requirements or to implement changes to our services. The version current at the time of your visit always applies.