Heading image

Heading icon Privacy policy

NestForms is a service offering from NestDesign, we are a registered data controller within the Republic of Ireland for the purposes of the GDPR on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data.

Nest Design recognises the office of the Data Protection Commissioner in Ireland as the Lead Supervisory Authority for regulating all data protection matters.

We are committed to follow and continuously evolving  specific best practices to support our legal obligations in respect of all the  data/information subject to certain legal safeguards as specified in the Data Protection Act, 1988 (as amended by the Data Protection (Amendment) Act, 2003) and the  General Data Protection Regulation (EU) 2016/679 (the “GDPR”) and other specific regulations.

NestForms recognises the need to treat data in an appropriate and lawful manner. We are committed to complying with our legal obligations in respect of all personal data we handle as set out in this policy.


Security #

At NestForms we take the security of your data very seriously. With this in mind, we chose a leader in cloud computing services, Amazon AWS Web Services. All NestForms live data is stored within Amazon AWS located in Dublin, Ireland (EU).

There are many great reasons we chose to build NestForms on Amazon’s AWS Infrastructure and security and dependability are the main ones.

Amazon AWS provides dozens of critical security features specifically designed to keep your data safe, secure and in your control.

The NestForms system is managed and hosted by NestDesign Ltd. A maximum of four NestDesign employees only ever have full access to the NestForms platform.

Administration access is via SSH console. Access is required for server software updates and maintenance. Outside of scheduled tasks, access to the server is undertaken on a per ticket-only permission basis.

User connection to the Application will be via the Internet. All connections to the Application use 2048-bit SSL (https) connections.  The application is set to respond on port 80 and port 443. All requests to port 80 are redirected to 443 (https).

We make every effort in protecting NestForms and our clients from unauthorised access as well as preventing unauthorised alteration, disclosure or destruction of information managed by Nest Forms.

In particular:

  • We review our information collection, storage and processing practices, to protect against unauthorised access to our systems.
  • We restrict access to personal information to our employees, contractors and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

Application #

Our Privacy Policy applies to all the services offered by NestForms and its affiliates, including services offered on other sites, but excludes services that have separate privacy policies that do not incorporate this Privacy Policy. Our Privacy Policy is not applicable to any services offered by other companies or individuals, including online products or sites that may be displayed to you in search results, or sites that include NestForms services, or any sites linked from our services. Our Privacy Policy does not cover the information practices of other companies and organisations who advertise our services.

For users of any of our online applications the terms and conditions of use, including details on privacy, security and data protection are laid out in our Terms & Conditions.

The licence agreement is provided to protect the rights of the clients and that of NestForms and to ensure that all clients & users are aware of their responsibilities as well as their obligations. The information uploaded onto the online database is for both clients and client employees, Sub-contractors or client agents are the responsibility of the client and their administrative users. NestForms recommends all client show appropriate diligence when managing sensitive data.


Enforcement #

We regularly review that we are in compliance with our Privacy Policy to the best of our ability.

When we receive formal written complaints, we will contact the person who made the initial complaint to follow up in a timely fashion. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.


Always backed up #

NestForms is automatically backing up your data every day in case of any issues that may arise.
As NestForms is a cloud based service, you do not need to worry about backing up your online data. If your computer is lost, stolen or destroyed - you can simply pick up again from where you left off.


World class security and reliability #

Having built Nest Forms on the AWS platform, we can and have with confidence rely on their exceptional uptime guarantees as well as their ability to remain resilient and receptive to system failures.


Our Privacy Policy explained #

  • What information we collect and why we collect it.
  • How we use that information.
  • The choices we offer, including how to access and update information.

We've tried to keep it as simple as possible, but if you're not familiar with terms like cookies, IP addresses and browsers, then read about these key terms first. Your privacy matters to us, whether you are new to Nest Forms or a long standing client, please take the time to get to know our practices - and if you have any questions, contact us.


Data Ownership #

All data entered into NestForms while filling Responses is managed and owned by the administrator of the master account, we guard your data closely and we do not sell or share your information with any third parties without your consent.


How We Collect and Use Your Information #


Account information #

When you create an account, we collect certain “personally identifiable information” or “PII.” This includes your username, email address, forename, surname, timezone and IP address. If you are using a paid account additional details are required. These include postal address, phone number, company VAT number. For paying subscribers, payment details may be required, but these details are not stored within the NestForms platform (They are stored within the Stripe payment gateway).

If you connect NestForms to any third party service, NestForms does not receive or store these passwords.


Information we collect #

We collect information to provide better services to all of our users - this can range from knowing basic information like language preferences, to more complex information like what content matters most to you.

We collect information in the following ways:

  • Information you give us. We collect information about you and your company as you register for an account with us, create or modify your profile, use, access, or interact with our services or our websites (including but not limited to when you upload, download, collaborate on or share content) Such content includes any personal information or other sensitive information that you choose to include. The NestForms service requires you to sign up for an account with us. We may present your name, email address or image to other users in your organisation, or otherwise associated with your account in order to assist in sharing or recommendations. We also receive all information you or your colleagues enter to the forms.
  • Information we get from your use of our services. We may collect information about the services that you use and how you use them. This information includes:
  • Device information - We may collect device-specific information (such as your hardware model, operating system version, unique device identifiers, and mobile network information). We only associate your device identification or phone number with your account for diagnostic purposes.
  • Log in information - When you use our services or view content provided by us, we may automatically collect and store certain information in server logs. This may include:
    • details of how you used our service, such as your completed task
    • Internet Protocol address
    • device event information such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request.
    • We also use third party tools Google analytics and crashlytics.
    • Cookies that may uniquely identify your browser or your account.
  • Location information - When you use a location-enabled Nest Forms service, we may collect and process information about your actual location, like GPS data sent by a mobile device. We may also use various technologies to determine location, such as sensor data from your device that may, for example, provide information on nearby Wi-Fi access points and cell towers.
  • In some cases, we may convert your IP address into an approximate geolocation to improve and personalise Nest Forms (for example, to display time data in the correct local time).
  • Cookies and anonymous identifiers - We use various technologies to collect and store information when you visit our services, and this may include sending one or more cookies or anonymous identifiers to your device.
  • Information related to use of Nest Forms -We use long-term cookies to monitor aggregate usage and web traffic routing and automatically records information including IP addresses, browser types, operating systems, pages or features of NestForms used and time spent on each, search terms and other statistics. This information is used to analyse how users use Nest Forms, for the purpose of customising and improving user experience.

How we use the information we collect #

We may use the information we collect, including registered users personal information and transaction information, from all of our services in any one or more of the locations that NestForms has operations or otherwise conducts business for the following purposes:

  • For internal and service-related purposes, such as to provide, maintain, protect, improve, and personalise our services, to develop new services and to protect the rights, property, or safety of NestForms and our users.
  • To enforce the Privacy Policy and our terms and conditions for use of our service and website.
  • To communicate with you in order to provide you with information we think may be useful or relevant to you.
  • To monitor and analyse trends, usage, and activities in connection with our services and for marketing or advertising purposes or to offer you tailored content.
  • To investigate and prevent fraudulent transactions, unauthorised access to or use of our services, and other illegal or unusual activities.
  • If other users already have your email, or other information that identifies you, we may show them your publicly visible NestForms profile information, such as your name and photo.
  • When you contact us, to keep a record of your communication to help solve any issues you might be facing. We may contact you again specifically to let you know an update to your original query.
  • In the instance that you may report a feature request, issue or bug. We may access your
    account to review your data in order to review your requirements.
  • From cookies and other technologies, to improve your user experience and the overall quality of our services.


When resolving issues with the Nest Forms Service, we may require additional data (For example The NestForms app database). This will either be in the form of a crash report, error report that you as the client have sent or an automated diagnostic check performed by Nest Forms.

We will ask for your consent before using information for a purpose other than that described in this Privacy Policy.

In problem solving scenarios, NestForms may process personal information from our platform in either of our EU offices within the NestForms group.


Information we share with third parties #

We do not share personal information with other companies, organisations and individuals outside of the NestForm organisation, unless one of the follegislationing circumstances apply:

  • With your consent
    We will share personal information with companies, organisations or individuals outside of NestForms only when we have your consent to do so. We require opt-in consent for the sharing of any sensitive personal information.
    • Google - In order to be able to create folders in your Google drive account and to upload google spreadsheets along with images to your account, NestForms will require the following two permissions:
      • Drive: https://www.googleapis.com/auth/drive.file - Access to files created by NestForms.
      • Spreadsheets: https://spreadsheets.google.com/feeds - Access to all spreadsheets in your account.
    • DropBox - In order to upload files, NestForms will require permissions to access the “NestForms” directory in your account.
    • Microsoft - In order to be able to create folders in your Microsoft OneDrive or SharePoint account and to upload and update Excel documents along with images to your account, NestForms will require the following three permissions:
      • offline_access : Gives the NestForms app access to resources on behalf of the user.
      • User.Read - Gives NestForms the ability to read basic information about the user
      • Files.ReadWrite.All - Allows NestForms to read, create, update, and delete all files the signed-in user can access.
    • Emails - Your email account is a third party service and outside the control of NestForms. Trigger emails can disclose your Response data. Other automated emails can disclose more information like: Your name, VAT, invoice details, payment details etc.
    • Application API - You can set the NestForms API and then your third party application can access your data.
    • Other Triggers (Webhooks, (s)FTP, Boberdoo, etc) - In these cases you will set NestForms to send your data to your third party providers.
    • Custom permissions - in some scenarios, we can agree in writing, to share some data with another account (eg: user can request to transfer some form with responses to another account).
  • For external processing
    We provide and exchange personal information within the NestForms EU offices and this includes any other trusted organisations. We require our organisations to handle any personal information that we provide in accordance with our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.
  • For legal reasons
    We will only share personal information with companies, organisations or individuals outside of NestForms if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
    • Meet any applicable legislation, regulation, legal process or enforceable governmental request.
    • Enforce applicable Terms of Service, including investigation of potential violations.
    • Detect, prevent, or otherwise address fraud, security or technical issues.
    • Protect against harm to the rights, property or safety of NestForms, our users or the public as required or permitted by legislation.

We may share aggregated, non-personally identifiable information publicly and with our partners - like publishers, advertisers or connected sites. For example, we may share information publicly to show trends about the general use of our services. If referenced, this data will be completely anonymous.

If NestForms is involved in a merger, acquisition, asset sale, corporate reorganization or similar, your information may be transferred as part of that deal. We will continue to ensure the confidentiality of any personal information and give affected users notice (for example, via a message to the email address associated with your account) before personal information is transferred or becomes subject to a different privacy policy.


We’ll only share your PII in the following cases: #

  • With companies that are contractually engaged in providing us with services, such as data storage, hosting and payment processing. These companies are obligated by contract to safeguard any PII they receive from us.
  • The need to protect ourselves or others, or for other legal reasons. We strongly believe in contesting claims that we believe to be invalid under applicable law, and in protecting you from privacy violations we consider to be abuse of legal systems, whether by individuals, entities or government. However, we reserve the right to disclose any information about you to government or law enforcement officials or private parties if we believe it is reasonably necessary to satisfy or comply with a law, regulation, valid legal process (e.g., subpoenas or warrants served on us), or to protect the rights, property and safety of us or others, and to prevent or stop activity we consider to be illegal or unethical.
  • We need to disclose it as part of a business transaction. Information collected from our users, including PII, could be disclosed or transferred to a third-party acquirer as a result of a transaction such as a merger, acquisition, or asset sale. We will notify you if a different company will receive your PII.
  • You expressly ask us to do so.

Transparency and choice #

People have different privacy concerns. Our goal is to be clear about what information we collect, so that you can make meaningful choices about how it is used and control whom you share information with.

You may also set your browser to block all cookies, including cookies associated with our services, or to indicate when a cookie is being set by us. However, it's important to remember that many of our services may not function properly if your cookies are disabled. For example, you may not be able to login to Nest Forms or utilise other services.


Information you share #

Our services let you share information with others. Remember that when you share information publicly, it may be indexable by search engines. Our services provide you with different options on sharing and removing your content.


Accessing and updating your personal information #

Whenever you use our services, we aim to provide you with access to your personal information. If that information is incorrect, we make every effort to enable you to update it or delete it - unless we have to keep that information for legitimate business or legal purposes. When updating your personal information, we may ask you to verify your identity before we can act on your request.

We may reject requests that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), risk the privacy of others, or would be extremely impractical (for instance, requests concerning information that are residing on backup tapes).

Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort.

We endeavour to maintain our services in a manner that protects information from accidental or malicious destruction. Because of this, after you requests the deletion of information from our services, we will not immediately delete residual copies from our active servers or remove information from our backup systems.


Retention policy #

If you delete any Forms, Responses or your own account, we keep this data for a further 14 days to allow clients that may have made an error and wish to revert their data or status to it’s previous state.

After these 14 days the requested data is permanently deleted. Only responses belonging to another account, will keep your name in the service and NestForms will anonymise any other personal information.


Dealing with subject access requests #

A formal request from a data subject for information that NestForms holds about clients must be made in writing. A fee is payable by the data subject for provision of this information.  Should a written request in respect of data held by NestForms be received the Data Controller is responsible for ensuring compliance with access requests.  

Data subjects will be provided with their data within 40 days of receiving the request.  

All employees of NestForms have been trained in Privacy Policy and adhere to the Data Protection Policy Procedures have been instructed not to disclose any data/information containing personal characteristics over the telephone/ email and that all requests must be made in writing to the NestForms Data Controller - C. Gargan.

Any company processing personal data must comply with the eight enforceable principles of good practice. These provide that personal data must be:  

(a) Obtained and processed fairly

(b) Kept only for one or more specified, explicit and lawful purposes

(c) Used and disclosed only in ways compatible with these purposes

(d) Kept safe and secure

(e) Kept accurate complete and up to date 

(f) Adequate, relevant and not excessive

(g) Retained for no longer than is necessary for the purpose or purposes for which it was collected

(h) Provided to data subjects on request 


International Transfer #

If you are located outside the European Union and choose to provide your PII to us, we transfer this information to computers located outside of your state, province, country or other governmental jurisdiction.


Email advertisements & newsletters #

You can subscribe to the NestForms email newsletter list if you are an existing customer or you register to receive information via our contact form / web demo form on NestForms.

Each email sent contains an easy, automated unsubscribe option for you to cease receiving email from us, or to change your requirements.


Testimonials #

We may at times post customer testimonials on our web site which may contain personally identifiable information such as the customer’s name. We always obtain the customer’s consent prior to publishing the testimonial with client approval to post their name along with their testimonial.


Changes to Privacy Policy #

Any information that we collect is subject to the Privacy Policy in effect at the time such information is collected.

We reserve the right to modify this privacy policy at any time, so please review it frequently. If we make material changes to this policy, we will notify you by site notification for your approval. The current version will always be posted to our Privacy Policy page.

Last Updated: 12/12/2023