How CorroNexus handles personal data.
This notice describes what personal data CorroNexus collects through this website, why the practice collects it, how long it is retained, who it is shared with, and the rights available to data subjects under applicable data-protection law.
01Who we are
CorroNexus is an independent engineering practice based in Egypt. For the purposes of the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and Egypt's Personal Data Protection Law (Law No. 151 of 2020), CorroNexus is the data controller for personal data submitted through this website. You can reach the controller at info@corronexus.com.
02What personal data we collect
CorroNexus collects personal data primarily through the website contact form. When a visitor voluntarily submits the contact form, the following fields are collected: name, company, email address, topic of enquiry, and the free-text message. Where an engagement is entered into, CorroNexus additionally processes the personal and commercial data necessary to deliver that engagement.
CorroNexus does not operate cookies for tracking, advertising, behavioural analytics, or profiling. CorroNexus does not deploy third-party analytics scripts (Google Analytics, Meta Pixel, Hotjar, Mixpanel, Plausible, or similar). CorroNexus does not fingerprint visitors or attempt to identify returning anonymous users.
03Why we collect it — lawful basis
Contact-form data is processed on the lawful basis of legitimate interest (GDPR Article 6(1)(f)) — specifically, the legitimate interest of responding to unsolicited enquiries about CorroNexus engineering services and related professional matters. Where a subsequent engagement is entered into, personal data necessary to perform that engagement is processed on the basis of contract performance (GDPR Article 6(1)(b)).
Enquiries submitted through CorroNexus are not used for marketing, are not sold or rented to third parties, and are not processed for any purpose outside of the purposes stated above.
04How long we retain it
- Contact-form submissions that do not lead to an engagement — up to 12 months from the last correspondence, then deleted.
- Contact-form submissions that lead to an engagement — duration of the engagement plus any statutory record-keeping period (typically 5–7 years under Egyptian commercial law).
05Who we share it with
CorroNexus uses the following third-party data processors in support of delivering the website. Each is bound by its own contractual commitments and, where applicable, by a data-processing agreement with CorroNexus.
- Formspree, Inc. — handles the homepage contact form and forwards submissions to CorroNexus. Data handled: contact-form data only. Location: United States. See formspree.io/legal/privacy-policy.
- Vercel Inc. — hosts the website. Data handled: site data in transit and at rest on application servers. Location: primarily European regions; global edge network.
- Cloudflare, Inc. — authoritative DNS for corronexus.com. Data handled: DNS query logs (not linked to individuals). Location: global anycast network.
- Microsoft Corporation — provides Microsoft 365 / Exchange Online, which hosts CorroNexus email, including the info@corronexus.com mailbox. Data handled: the content and metadata of email sent to or from CorroNexus addresses, such as any message you send to info@corronexus.com. Location: Microsoft global data centres.
CorroNexus does not share submitted personal data with any third party outside of the processors listed above except where required by law (for example, a valid court order or a lawful request from a regulator).
06International transfers
Formspree, Inc. is headquartered in the United States. Contact-form submissions are therefore transferred to and stored on servers in the United States. CorroNexus relies on the processor's own contractual safeguards and, where they publish one, on their adherence to the EU–US Data Privacy Framework.
Vercel and Cloudflare operate global networks; requests may be routed through the nearest point of presence to the visitor. Visitors in the EEA, the UK, or other jurisdictions with cross-border-transfer restrictions are advised of these transfers before choosing to submit the contact form.
07Your rights
Under the GDPR, the UK Data Protection Act 2018, Egypt's Law No. 151 of 2020, and analogous legislation, data subjects have the right to: access, rectification, erasure, restriction, portability, objection, withdrawal of consent, and to lodge a complaint with the relevant supervisory authority.
To exercise any of these rights, email info@corronexus.com from the email address associated with the request. CorroNexus aims to respond to verified requests within thirty days, as required under the GDPR. Complaints may be lodged with the supervisory authority of the visitor's country of residence — (EEA) see the EDPB members directory; (UK) the Information Commissioner's Office, ico.org.uk; (Egypt) the Personal Data Protection Centre established under Law No. 151 of 2020.
08Cookies, tracking, and fonts
This website does not set tracking cookies, does not run third-party analytics or advertising trackers, and does not fingerprint visitors.
Display typography is served from the CorroNexus domain itself (self-hosted via build-time font optimisation); no requests are made to fonts.googleapis.com, fonts.gstatic.com, or any third-party font CDN, so visitors do not have their IP address disclosed to a font provider on page load. The only third-party network request a page load generates is the contact-form submission to Formspree — and that occurs only when a visitor clicks Send, not on page load.
09Security
CorroNexus applies appropriate technical and organisational measures to protect personal data, including: TLS encryption on all traffic (HSTS with a two-year max-age); server-side validation of every request; access-controlled storage of correspondence and engagement records; source-map generation disabled in production; and periodic rotation of credentials and secrets.
No security programme is absolute. CorroNexus commits to notifying affected data subjects and the relevant supervisory authority without undue delay, and in any event within 72 hours, in the event of a personal-data breach likely to result in a risk to the rights and freedoms of natural persons, as required under GDPR Article 33.
10Children and minors
The CorroNexus website is directed at qualified engineering professionals and is not intended for, targeted to, or suitable for persons under the age of 18. CorroNexus does not knowingly collect personal data from minors. Any personal data identified as belonging to a minor will be deleted promptly on discovery or on notification.
11Changes to this notice
This privacy notice may be revised to reflect changes in practice, law, or the services offered. Material revisions are indicated by an updated date and version number at the top of this page. Engagement clients are notified separately of changes that affect the processing of their specific data.
12Contact
For any question relating to this notice or to CorroNexus's handling of personal data, please write to info@corronexus.com. For requests exercising any of the rights set out in Section 07, please state clearly in the subject line which right is being exercised (for example, "GDPR — Access Request").