Privacy Policy

Below we have gathered information on how we collect, store and use personal data. Because we care about your privacy. Processing is undertaken to allow us to send out communications about our products and services, activities, and relevant market events to customers, prospects, and other interested parties as well as contact candidates for recruitment purposes. We will not disclose any identifiable personal data otherwise than stated in this Privacy Policy or when we have our customer’s/user’s permission or under special circumstances, for instance when the law requires it.


This Privacy Policy describes the type of Personal Data collected by us as well the purpose for which we collect the data. The Code Nexus Group of companies consists of Code Nexus Oy, FaceX Nordic and Code Everest Ltd (“we” & “us”). Personal Data given to one of the companies may, when necessary for the purpose of collecting the data, also be accessed by a person employed by one of the Code Nexus companies that is not the Code Nexus company initially collecting the data.


“Personal Data” refers to data which can identify a data subject directly or indirectly as defined in the European Union’s General Data Protection Regulation 2016/679 (“GDPR”) and other applicable data protection legislation in force at the time (hereinafter “Data Protection Legislation”). This is opposite to “non-personal data” meaning data that cannot be used to specifically identify any person. When processing your personal data, we comply with the GDPR and other applicable laws regulating the processing of personal data. Key terms used in this Privacy Policy, such as data subject, processing, controller and data subject’s rights shall have the meaning defined in the GDPR and other applicable Data Protection Legislation. We collect personal information from Data Subjects for the purposes stated below. “Data Subject” refers to the subject that provides personal data to us. “Consent” refers to the Data Subject’s given consent to processing of the Data Subject’s Personal Data.

Legal Basis

The legal basis for the processing of your Personal Data is, where not stated otherwise or another legal basis is otherwise applicable, the performance of the contract for providing Services to you, as permitted by Data Protection Legislation.

We can also process your Personal Data where We have a legitimate interest to do so, as permitted by Data Protection Legislation, such as for marketing purposes. Where we rely on legitimate interests as a reason and legal basis for processing personal data, it has considered whether or not those interests are overridden by the rights and freedoms of the data subjects and has concluded that they are not.

Where the processing is such that your consent is required by the applicable legislation, We will state so and obtain your consent, and this will be the legal basis for the processing of your Personal Data, as permitted by Data Protection Legislation. However, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. If such withdrawal means that We are no longer able to provide the Services to you, We may cease providing the Services.

With regard to certain communication You may opt-in to receive emails and communications from us about information and news that you have either indicated your wish to receive from us, or that we believe may be of interest to you. Processing of such information is based on the specific consent given by the recipient or, in the case of contact persons at our customers or prospects, our legitimate business interest to send updates and information about our products and services, our activities, relevant market events, and to conduct business transactions with you.

Where we utilize biometric data such as an image of your face, we will only utilize such data to provide the service to you and the gathering of such data is based on your consent, which can always be withdrawn, subject to certain timelimits of the service. The biometric data is turned into a vector that is then encrypted before analyzing it with our algorithms. The vector is in no way identifiable data and cannot be converted back into an image.

What information does Code Nexus collect and for what purpose?


We collect anonymous data from every visitor of the website to monitor traffic and improve our website performance, content, and user experience. We keep the personal data, both information you give to us as well as technically gathered data, as long as necessary to fulfill the purpose the personal data has been gathered for or as required by applicable laws.

Facial recognition app service

When you use our facial recognition app services, or install the related App you’re trusting us with your information. We understand this is a big responsibility and work hard to protect your information and put you in control. This section is to help you understand what information we collect, why we collect it, and how you can update, manage, export, and delete your information. We only collect or store your facial data to provide the service to you and the use of said data is based on your consent, which may be withdrawn. We do not track your usage, location, or any other information except where the data is needed to provide you access to the event you wish to attend and only for the duration of the event. We may use APIs which use the front camera system to take the required picture to provide the service to you or to track the movement of your eyes, mouth, and face but this will only be done when required and you will receive a notification. In order for this functionality to be possible, the app requires access to your device’s camera. This access can be toggled on or off at any time in your device’s settings and is only required when you use the app. If the camera is off, when the service requires the use of the facial data, we will not be able to provide the service to you. The camera images and resulting depth data are only used when you wish to use the service in question. Camera access is required to provide the service and get certain data to provide the service to you. Face data is only given to the third party you consent to give it to, for example to enter the event organized by said third party. The face data will not be used for any purposes other than providing the service to you. The data will be stored in accordance with this privacy policy and related retention periods. The data is only required to be stored for the duration of the event you wish to attend to be able to provide the service to you. Prior to and/or following the event, the face data is kept on the app subject to your consent, which may be withdrawn at any time. After deleting the App account all face data within the app will also be deleted.


For recruitment purposes we may collaborate with a third party service provider. Information gathered for recruitment purposes from the candidate will be collected by the third-party service provider and processed by the third-party service provider. We may change the third-party service provider if necessary. The data submitted by the Data Subject for recruitment purposes will only be available to the people taking part in the recruitment process. The data will be removed once it is no longer relevant for recruitment purposes unless the applicant gives consent to store the data for future references.

Sales and Marketing

For sales and marketing purposes we collect contact information such as name, e-mail address and phone numbers to clients and prospective clients. Collected information is only stored as long as the information is relevant and then removed. We use third-party secured platforms for information storage.

How and where

We only process your data for the purposes specified in the applicable privacy policy. Access to the data is limited to those of our officers, employees, and service providers who need access to fulfill their respective duties and functions. We keep your data safe by employing appropriate technical and organizational measures to all our data processing activities.

We primarily store data on servers located in the European Economic Area (“EEA”) or European Union (“EU”). Personal Data may also be transferred regularly outside the EU and the EEA . When your data is transferred outside the EEA, we will make sure that the data transfer is covered by appropriate safeguards such as standard contractual clauses approved by the European Commission (“EC”) or the EC’s adequacy decision. More information can be provided on request.

Third parties

We may collect information from third parties, such as our trusted partners or marketing agencies, when you provide data to them. This includes your contact information from partners when we engage in joint marketing or co-branding activities, and data from social networks based on campaigns we may run or to easily gather information you wish to provide us in job applications.

For the purposes stated in this Privacy Policy, Personal Data may be disclosed to third parties, such as third-party service providers. In such a case, the Personal Data will only be disclosed for purposes set-out in this Privacy Policy. A list of the processors and other recipients can be provided upon request.


Like most websites, we use cookies. Cookies are small text files that allow your device to be identified. They may be used to collect information about your use of the Sites, your device, the operating system and browser you use, and other similar things. Browser tools and extensions provide simple means to review the full list of cookies currently used on the Sites. Browsers also provide you with increasingly effective tools for managing individual cookies (e.g. blocking unwanted cookies) and general settings for cookies (e.g. disabling all use of cookies). We encourage you to familiarize yourself with the cookie-related settings and tools provided by the browser of your choice as well as our cookie banner.
Some cookies-based services we use on our site include site analytics and performance services, along with marketing and sales prospect registers and our Site chatbox. These services use cookies to collect information relating to the use of the Sites, including but not limited to information such as viewing time, or the website or page from which a visitor came to the websites. This data helps us understand how people use our websites, and we therefore use it to maintain and improve the Sites and to present content on the Sites that is relevant for you. Moreover, we use data collected by providers such as Google Analytics for lead generation, business development, and marketing communications with the help of automated third-party services. These services use cookies to identify the organization a visitor represents or based on their network information, and inform what content a user has downloaded using the website. To clarify if we send you email communications or newsletters based on your consent and you may unsubscribe to these communications at any time by clicking the “Unsubscribe” link found in the email or by contacting us directly.

We also use certain advertising features enabled by Google Analytics, including Remarketing with Analytics, Demographics and Interests Reporting, Google Display Network (GDN) Impression Reporting, and Segments. For these parts of the service, Google uses advertising cookies to collect, share, and use your personal data for the personalization of ads. To control the information Google uses to show you ads, please review your Google Ads settings (see here).
Please note that you can opt out of Google Analytics by using Google’s browser add-on which is available here. If you do not agree with our use of cookies, please use your browser settings to disable cookies or the settings of the cookie banner. Should you choose to disable cookies, please be aware that some parts of the websites may not work as intended for you.

Our web server keeps automated logs that record visits to the Sites. The IP address from which you access the website is included in these logs as is standard practice for websites. We have a legitimate interest to record and keep these logs for troubleshooting and information security purposes. Logs are kept only for the necessary time and deleted immediately after.

Information security

We only collect necessary Personal Data, and do not store it longer than necessary. We only transfer and store collected data in accordance with applicable relevant regulations. In the event that we merge with another company or, are acquired or sell the company or any of the companies belonging to the Code Nexus group, relevant client information may be transferred to the acquiring party. Confidentiality regarding all Personal Data will be guaranteed through a non-disclosure agreement with the acquiring party. Personal information may upon demand from authority or court order be transferred to authorities or an administrator of justice based on statutory prerequisite.

Rights of the Data Subject

The Data Subject has the right to be informed about the Personal Data we have collected from the Data Subject. For marketing purposes the Data Subject has the right to choose not to receive direct marketing. Upon request by the Data Subject, the right to be forgotten may be applicable, also the Data Subject may request to have the Personal Data moved to another data controller or processor. According to applicable law, as Data Subject you are entitled to the following rights:

  • Right to withdraw consent

    The Data Subject has the right to withdraw consent at any time. For example, if you have given consent to direct marketing, you can revise it at any time.

  • Right to access to information

    The Data Subject has the right upon request to obtain information regarding the processing of one’s Personal Data and access to it. The Data Subject also has the right to be informed of the purpose and use of the collected Personal Data.

  • Right to rectification

    If the Data Subject discovers inaccuracy in the collected data, the Data Subject has the right to ask for rectification of the information.

  • Right to erasure

    You may also ask us to delete your Personal Data from our systems. We will comply with such a request unless we have a legitimate ground to not delete the data. After the data has been deleted, we may not immediately be able to delete all residual copies from all of our systems. Such copies shall be deleted as soon as reasonably possible.

  • Right to Object or Restrict Processing

    You may object to certain use of Personal Data when such processing is based on legitimate interest, including direct marketing or profiling. You may opt-out of receiving promotional emails by following the instructions in those emails. If You opt-out, we may still send you non-promotional customer information, such as emails about your account, providing Our services and products or our ongoing relationship with You.

    You may request us to restrict processing of certain Personal Data. Your Personal Data will then only be stored and not processed otherwise; this may however lead to fewer possibilities to use the Services. If such restriction means that We are no longer able to provide the Services to you, We shall be entitled to stop providing the Services.

  • Right to deny direct marketing

    You as the Data Subject has the right at any time to deny direct marketing.

  • Right to data portability

    You as the Data Subject has the right at any time to deny direct marketing.

  • Exercising your rights

    These rights may be used by sending a letter or e-mail to us on the addresses set out below. Your identity will be verified before the information is given out, which is why We may have to ask for necessary additional details. We will respond to the request within a reasonable amount of time and, where possible, within one month of the request and the verification of identity. If your request cannot be met, the refusal shall be communicated to you in writing. Code Nexus may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.

    You also have the right to lodge a complaint with the relevant data protection authority in case you have concerns about how we process your data. The contact details of each EU member state’s data protection authority are available here. However, we are committed to addressing and resolving any concerns you may have about our data processing practices with you directly.

Contact. Information

European Union
Code Nexus Oy & FaceX Nordic, (2831715-7), Helsinki, Finland
If you have any questions about our Privacy Policy, please contact us by email at or


We may modify this policy at any time with or without notifying you of the changes. Updated terms of use will be made available to you on this page. We recommend that you check back here regularly to review any changes.
This policy was last updated on April 4th, 2021.