_{Version: 1.0
Effective Date: January 2026}

UK GDPR & DATA PROTECTION NOTICE

Nexus Network Group Limited is a private limited company registered in the United Kingdom and acts as the Data Controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Contact details for data protection matters:
Data Protection Officer (DPO)
Email: dpo@nexusnetworkgroup.co.uk

This notice explains how personal data is collected, used, stored, and protected when individuals interact with our platforms, services, and communities, and is intended to fulfil Nexus Network Group Limited’s transparency obligations under Articles 13 and 14 UK GDPR.

Nexus Network Group Limited operates on the principles of lawfulness, fairness, transparency, accuracy, storage limitation, integrity, confidentiality, and data minimisation. We do not routinely collect or retain personal data from individuals who interact only casually with our public-facing platforms or content.

Personal data is processed only where strictly necessary for defined and legitimate purposes. This includes circumstances where individuals participate in ScotCity ERPC (FiveM), ScotCity Logistics, or associated simulation servers; apply for, hold, or carry out roles as staff members, volunteers, contractors, or leadership personnel; or contact Nexus Network Group Limited for support, moderation, safeguarding, complaints handling, or other operational purposes.

Where individuals do not fall within these categories, processing is limited to minimal technical identifiers such as platform usernames, Discord user IDs, and server connection or security logs. Such identifiers are processed solely for security, moderation, abuse prevention, and platform functionality, and are not retained beyond the period strictly necessary for those purposes. Nexus Network Group Limited does not sell, rent, trade, or commercially exploit personal data under any circumstances.

Categories of personal data that may be processed include, where applicable: usernames and display names; platform-specific identifiers; roleplay identifiers; contact details voluntarily provided by the individual; application, vetting, or staffing information; moderation, safeguarding, or disciplinary records; IP addresses; device or connection metadata; and server or security logs. Nexus Network Group Limited does not knowingly process special category data as defined under Article 9 UK GDPR, nor criminal offence data under Article 10, except where required by law.

All processing is carried out in accordance with Article 6 UK GDPR and is based on one or more of the following lawful bases, as applicable: the data subject’s consent; the necessity of processing for the performance of a contract or role; compliance with a legal obligation; or Nexus Network Group Limited’s legitimate interests in safeguarding, security, service integrity, and community management, balanced against the rights and freedoms of individuals.

In accordance with Article 30 UK GDPR, Nexus Network Group Limited maintains internal records of processing activities, including but not limited to community and platform administration, applications and staffing, safeguarding and disciplinary functions, security monitoring, and anti-abuse measures. Access to personal data is strictly limited to authorised personnel with a legitimate operational need. Personal data is retained only for as long as necessary for the purpose for which it was collected and is subject to periodic review.

Appropriate technical and organisational measures are implemented to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures include access controls, role-based permissions, audit logging, secure storage practices, and internal governance procedures.

Personal data breaches are handled in accordance with Articles 33 and 34 UK GDPR. All suspected or actual breaches are reported internally without delay, assessed for severity and risk to individuals, and notified to the Information Commissioner’s Office within 72 hours where required. Where a breach is likely to result in a high risk to the rights and freedoms of individuals, affected persons will be informed without undue delay. All breaches are fully documented.

Nexus Network Group Limited’s services are not directed at children under the age of 13. Where individuals aged 13 to 17 participate in Nexus Network Group Limited’s communities or services, personal data is processed only where necessary, is not used for profiling or marketing purposes, and is subject to enhanced safeguards and reduced retention periods. Safeguarding obligations override confidentiality where there is a credible risk of harm.

Individuals have the right to access their personal data, request rectification, request erasure where legally permissible, restrict or object to processing, request data portability where applicable, and withdraw consent at any time where processing is based on consent. Complaints may be raised with Nexus Network Group Limited in the first instance or directly with the Information Commissioner’s Office.

This notice is reviewed periodically and updated as necessary to reflect changes in law, regulatory guidance, or Nexus Network Group Limited’s processing activities.

Impossibility & Lack of Technical Access

Where Nexus Network Group Limited does not have technical, administrative, or contractual access to personal data, it is not legally or practically capable of complying with requests under Articles 15–22 UK GDPR in respect of that data. This includes circumstances where personal data is hosted, retained, controlled, or technically managed by third-party platforms, service providers, or infrastructure operators over which Nexus Network Group Limited has no control, credentials, permissions, or authority.

For the avoidance of doubt, UK GDPR does not impose an obligation on a controller to perform acts which are objectively impossible, technically infeasible, or unlawful. Consistent with established ICO guidance and regulatory decision-making practice, a controller cannot be required to retrieve, erase, restrict, rectify, port, or otherwise process personal data which it does not possess, does not control, and cannot lawfully access. Any purported obligation to do so would exceed the scope of Articles 5, 12, and 24 UK GDPR and would conflict with the principle of accountability as applied to processing actually undertaken.

In circumstances where compliance would require Nexus Network Group Limited to obtain unauthorised access to third-party systems, to compel action by an independent controller, or to reconstitute data sets no longer within its custody, such actions are expressly excluded. UK GDPR does not require controllers to take speculative, disproportionate, or legally impermissible steps to satisfy a request.

Where a request relates to data processed solely by an independent third-party data controller, the requester will be directed to the appropriate controller without delay. Nexus Network Group Limited will not assume responsibility for processing activities outside its factual and legal control, nor will it accept liability for the acts or omissions of third parties acting as independent controllers.

This position is without prejudice to Nexus Network Group Limited’s obligations in respect of personal data it does control, and does not limit the exercise of data subject rights where processing falls within Nexus Network Group Limited’s actual scope of control.

No Duty to Re‑Acquire Data

Nexus Network Group Limited has no duty under UK GDPR to re‑acquire, recover, request, or otherwise obtain personal data from third parties for the purpose of responding to a data subject request where such data is no longer held, accessed, or controlled by Nexus Network Group Limited. The accountability obligations under Article 5(2) and the facilitation requirements under Article 12 UK GDPR extend only to personal data processed by the controller itself.

There is no requirement, express or implied, for a controller to solicit, retrieve, or reconstruct personal data from an independent controller, platform provider, or former service relationship in order to enable compliance. Any such expectation would amount to the creation of new processing operations and would be incompatible with the principles of data minimisation and storage limitation.

Accordingly, where Nexus Network Group Limited has lawfully ceased processing, relinquished access, or never held the data in question, the absence of technical access is conclusive. Requests seeking to compel Nexus Network Group Limited to re‑establish access, regain credentials, or intervene in third‑party systems will be refused as unfounded and outside the scope of UK GDPR obligations.

No Obligation to Compel Third Parties

UK GDPR does not impose any obligation on Nexus Network Group Limited to compel, instruct, direct, pressure, or otherwise seek to influence the actions of independent third‑party data controllers, platform operators, service providers, or infrastructure hosts in response to a data subject request. Nexus Network Group Limited has no statutory, contractual, or practical authority to mandate compliance by such third parties and will not represent that it can do so.

The facilitation duty under Article 12 UK GDPR does not extend to the pursuit, coordination, enforcement, or supervision of third‑party compliance, nor does it require a controller to act as an intermediary, agent, or enforcement proxy in respect of independent controllers. Any interpretation to the contrary would improperly extend Nexus Network Group Limited’s obligations beyond its own processing activities and would be inconsistent with established ICO guidance on role determination, accountability, and responsibility allocation.

Where appropriate, individuals will be signposted to the relevant third‑party controller. Nexus Network Group Limited does not assume liability for the acts or omissions of third parties, including any failure, refusal, or delay in responding to a data subject request, where such processing is carried out independently of Nexus Network Group Limited.

Jurisdictional Scope and Regulatory Authority

Nexus Network Group Limited is established in the United Kingdom and is subject to the jurisdiction and regulatory authority of the Information Commissioner’s Office in respect of its own processing activities. This notice is governed exclusively by United Kingdom data protection law, including the UK General Data Protection Regulation and the Data Protection Act 2018.

Nothing in this notice constitutes acceptance of investigative competence, supervisory authority, or enforcement jurisdiction by non‑UK supervisory authorities over Nexus Network Group Limited except where such jurisdiction is expressly required by UK law. Where personal data is processed by third‑party controllers established outside the United Kingdom, responsibility for compliance rests solely with those entities under their applicable legal frameworks.

Any cross‑border data protection request, complaint, or regulatory correspondence will be assessed solely by reference to UK law and Nexus Network Group Limited’s actual role in the processing concerned. Nexus Network Group Limited does not consent to extraterritorial enforcement, sanctions, or remedial measures beyond those explicitly provided for under UK GDPR.

© Nexus Network Group Limited. All rights reserved.

_{Privacy Policy}

Nexus Network Group Limited

Last Updated: January 2026

_{1. Purpose, Scope, and Legal Standing of This Privacy Policy}

This Privacy Policy is issued by Nexus Network Group Limited (“the Company”, “we”, “us”, or “our”) and sets out, in comprehensive, definitive, and authoritative terms, the manner in which personal data is collected, processed, stored, protected, disclosed, and retained in connection with the Company’s activities.

This Policy applies to all personal data processed by or on behalf of the Company, whether such processing occurs directly or indirectly, electronically or manually, and whether data subjects interact with the Company through digital platforms, communication systems, applications, communities, governance structures, or administrative processes.

This Policy is intended to satisfy the Company’s obligations under the United Kingdom General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all applicable subordinate legislation, regulatory guidance, and authoritative interpretations issued by the Information Commissioner’s Office (ICO).

This Policy constitutes the Company’s definitive public statement on data protection practices and supersedes all prior privacy notices, statements, summaries, or informal representations, whether written or oral.

_{2. Commitment to Data Protection, Privacy by Design, and Regulatory Compliance}

The Company recognises personal data protection as a matter of fundamental importance and treats data protection as a core governance responsibility.

All personal data processing activities are designed and implemented in accordance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, and confidentiality.

The Company adopts a privacy by design and privacy by default approach. Systems, platforms, processes, and organisational practices are structured so that personal data is processed only where necessary, only for lawful purposes, and only to the minimum extent required.

The Company does not engage in speculative, excessive, bulk, or precautionary data collection and actively seeks to reduce the volume, sensitivity, and retention period of personal data wherever practicable.

_{3. Absolute No-Cookies, No-Tracking, No-Advertising Position}

Nexus Network Group Limited does not operate cookies on its website.

No cookies of any kind are used, deployed, stored, transmitted, or permitted. This includes first-party cookies, third-party cookies, session cookies, persistent cookies, tracking cookies, analytics cookies, marketing cookies, advertising cookies, or preference cookies.

The Company does not track users, does not profile users, does not conduct behavioural analysis, and does not operate analytics platforms, monitoring tools, heatmaps, session replay technologies, fingerprinting techniques, or similar systems.

The Company does not operate advertising of any kind. No paid adverts, sponsored content, promotional material, interest-based advertising, targeted advertising, personalised advertising, affiliate links, or commercial marketing mechanisms are displayed or permitted.

No personal data is processed for marketing, advertising, profiling, analytics, or commercial exploitation.

This position is absolute and without exception.

_{4. Categories of Individuals Whose Data May Be Processed}

The Company processes personal data only in relation to individuals whose interaction with the Company necessitates identification, accountability, safeguarding, moderation, administration, or governance oversight.

This includes, without limitation, individuals who participate in ScotCity ERPC (FiveM), ScotCity Logistics, or associated simulation, gaming, or digital community platforms; individuals who apply for, hold, or undertake voluntary, administrative, moderation, leadership, or governance roles; and individuals who contact the Company for support, dispute resolution, safeguarding, moderation, or operational matters.

Individuals who interact only passively or casually with public-facing platforms are not subject to routine personal data processing beyond transient technical identifiers strictly necessary for functionality, security, or abuse prevention.

_{5. Nature and Categories of Personal Data Processed}

Depending on context, the Company may process personal data including usernames, display names, platform identifiers, communication handles, account-related information, contact details voluntarily provided, application or role-related information, moderation or safeguarding records, and technical server-side data such as IP addresses, timestamps, and connection logs.

The Company does not knowingly collect or process special category personal data under Article 9 UK GDPR or criminal conviction data under Article 10, unless such processing becomes strictly necessary for safeguarding or legal compliance and is supported by a valid lawful basis and appropriate safeguards.

Individuals are strongly discouraged from submitting sensitive personal data unless expressly requested and clearly justified.

_{6. Lawful Bases for Processing}

All personal data is processed under one or more lawful bases set out in Article 6 UK GDPR, including consent where validly given, necessity for organisational functions or role performance, compliance with legal obligations, or the Company’s legitimate interests.

Legitimate interests include moderation, safeguarding, security, dispute resolution, governance, and the protection of platform and community integrity. Such interests are assessed to ensure they do not override the rights and freedoms of data subjects.

The Company does not carry out automated decision-making or profiling that produces legal or similarly significant effects.

_{7. Absolute Prohibition on Commercial Use of Personal Data}

The Company does not sell, rent, trade, license, monetise, or commercially exploit personal data under any circumstances.

Personal data is never used for advertising, marketing, profiling, analytics for commercial gain, or third-party commercial purposes.

The Company operates on a non-commercial, non-trading basis and does not derive revenue from the exploitation of personal data.

_{8. Data Retention, Storage Limitation, and Deletion}

Personal data is retained only for as long as strictly necessary to fulfil its lawful purpose, including operational administration, enforcement of rules, safeguarding obligations, dispute resolution, or compliance with legal requirements.

Retention periods are determined by necessity, proportionality, and risk. When data is no longer required, it is securely deleted, anonymised, or irreversibly de-identified.

The Company does not operate indefinite or precautionary retention practices.

_{9. Data Security and Organisational Safeguards}

The Company implements appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage.

Access to personal data is restricted to authorised individuals with a legitimate organisational need and subject to confidentiality obligations and internal governance controls.

_{10. Children and Young People}

The Company’s platforms and services are not intended for children under the age of 13, and personal data relating to children under this age is not knowingly processed.

Where individuals aged 13 to 17 participate, enhanced data minimisation, safeguarding controls, restricted access, and limited retention apply. Personal data relating to minors is never used for marketing, profiling, analytics, or advertising.

Safeguarding disclosures may be shared with appropriate authorities where required by law.

_{11. Data Sharing and Disclosure}

The Company does not disclose personal data to third parties except where required by law, necessary to protect individuals, required for safeguarding purposes, or essential to protect organisational integrity.

All disclosures are limited to what is strictly necessary and proportionate.

_{12. Individual Rights Under UK GDPR}

Data subjects have rights under UK GDPR, including access, rectification, erasure where legally permissible, restriction or objection to processing, data portability where applicable, and withdrawal of consent where consent is relied upon.

Requests are handled within statutory time limits and subject to lawful exemptions.

_{13. Data Controller and Regulatory Oversight}

Data Controller:
Nexus Network Group Limited
United Kingdom

📧 privacy@nexusnetworkgroup.co.uk

Data subjects may also lodge a complaint with the Information Commissioner’s Office (ICO).

_{14. Interpretation, Reliance, and Limitation of Liability}

This Policy provides transparency regarding data protection practices. It does not create contractual rights, override statutory obligations, or replace applicable law.

In the event of conflict, applicable law prevails. This Policy shall be interpreted consistently with UK GDPR principles and the Company’s non-commercial, non-trading status.

_{15. Review, Authority, and Continuing Effect}

This Privacy Policy is authoritative as at the date stated above and forms part of the Company’s governance framework. It remains in force unless formally amended and republished.

© Nexus Network Group Limited. All rights reserved.

_{NEXUS NETWORK GROUP LIMITED}

_{MASTER HEALTH & SAFETY POLICY}

_{(Statement of Intent, Organisation and Arrangements)}

_{DOCUMENT CONTROL}

This document is titled Master Health & Safety Policy and applies to Nexus Network Group Limited, a private limited company operating within the United Kingdom. Ownership of this policy rests with the Executive Leadership Team, who also hold responsibility for its approval, implementation, and ongoing review. Professional health and safety advisory support is provided by Peninsula Group, whose guidance informs the structure, language, and compliance framework of this policy. This document is issued as Version 1.0, is currently active, was approved on 5 December 2025, and is scheduled for formal review twelve months from the date of approval. This policy applies to all employees, volunteers, contractors, and any other persons who may be affected by the activities of Nexus Network Group Limited.

_{1. STATEMENT OF INTENT}

Nexus Network Group Limited recognises and accepts its responsibilities under the Health and Safety at Work etc. Act 1974, together with all associated regulations, approved codes of practice, and relevant guidance applicable to the nature and scale of its activities.

The organisation is committed to ensuring, so far as is reasonably practicable, the health, safety, and welfare of its employees and volunteers and to protecting other persons who may be affected by its activities, including contractors, visitors, and members of the public.

Health and safety is regarded as a fundamental component of organisational governance and leadership responsibility. The organisation recognises that effective health and safety management is essential to lawful operation, individual wellbeing, and the prevention of injury, ill health, and loss.

This policy sets out the overarching framework for health and safety management within Nexus Network Group Limited and establishes the basis upon which risks are identified, assessed, and controlled. It defines organisational responsibilities, clarifies the limits of organisational control, and sets out the arrangements in place to manage foreseeable risks.

Nothing in this policy shall be interpreted as creating absolute duties, guaranteeing outcomes, or extending responsibilities beyond those imposed by statute. All duties are qualified by the principle of reasonable practicability and by the extent of the organisation’s control or influence, in accordance with established legal principles.

_{2. SCOPE AND APPLICATION}

This policy applies to all activities undertaken by or on behalf of Nexus Network Group Limited.

It applies to all employees of the organisation, all volunteers acting under its authority, and all contractors and third parties engaged to carry out work for or with the organisation.

The policy applies across all operational contexts, including physical workplaces where applicable, remote and digital working environments, homeworking arrangements, administrative functions, and governance activities. It applies to routine operations as well as to foreseeable non-routine activities arising from the organisation’s functions.

_{3. ORGANISATIONAL POSITION ON DUTY OF CARE}

Nexus Network Group Limited acknowledges that its duty of care is defined by legislation and case law and is limited to what is reasonably practicable and within the organisation’s control or influence.

The organisation does not exercise control over private residential premises and does not accept responsibility for the general condition, maintenance, or safety of employees’ or volunteers’ homes. The organisation recognises that it is not possible to eliminate all risk and that some level of risk is inherent in all activities.

Notwithstanding these limitations, the organisation is committed to identifying foreseeable hazards arising from its activities and to implementing proportionate measures to reduce risks where it is reasonably practicable to do so. This includes providing appropriate information, instruction, guidance, and oversight and responding appropriately to reported concerns, incidents, and near misses.

This distinction between legal responsibility and practical control underpins all health and safety arrangements within the organisation and is applied consistently across policies and procedures.

_{4. ORGANISATION AND RESPONSIBILITIES}

_{Executive Leadership Team}

The Executive Leadership Team holds overall responsibility for health and safety within Nexus Network Group Limited. The Team is responsible for ensuring that this policy is implemented, maintained, and reviewed, that sufficient resources are allocated to manage health and safety effectively, and that competent advice is obtained where required.

The Executive Leadership Team reviews health and safety performance, considers incident trends and audit findings, and ensures that corrective actions are implemented. Ultimate accountability for health and safety rests with the Executive Leadership Team.

_{Managers and Supervisors}

Managers and supervisors are responsible for the day-to-day implementation of health and safety arrangements within their areas of responsibility. This includes identifying hazards, ensuring that suitable and sufficient risk assessments are completed and reviewed, implementing agreed control measures, providing appropriate instruction and supervision, and investigating incidents and near misses.

_Employees

Employees are required to take reasonable care of their own health and safety and of others who may be affected by their acts or omissions. Employees must cooperate with the organisation on health and safety matters, follow instructions and training provided, use equipment correctly, and report hazards, incidents, and near misses promptly.

_{Volunteers (Homeworking Arrangements)}

Volunteers engaged by Nexus Network Group Limited undertake their roles on a remote homeworking basis from their own private residential premises. The organisation does not exercise direct control over these environments.

So far as is reasonably practicable, the organisation will consider foreseeable risks arising from volunteer activities, provide guidance on safe homeworking and wellbeing, and review reported concerns or incidents. Volunteers are responsible for ensuring that their working environment is suitable, that equipment used is visually safe, that working time is managed responsibly, and that work-related incidents are reported.

_{Contractors and Third Parties}

Contractors and third parties engaged by the organisation are required to cooperate on health and safety matters, comply with organisational arrangements, demonstrate competence where required, and ensure that their activities do not place themselves or others at risk.

_{5. ARRANGEMENTS FOR HEALTH AND SAFETY MANAGEMENT}

Nexus Network Group Limited ensures that suitable and sufficient risk assessments are undertaken for activities under its control and that control measures are implemented where reasonably practicable. Risk assessments are reviewed periodically and whenever circumstances change.

Where necessary, safe systems of work are developed and communicated to reduce risks to an acceptable level. Training and instruction are provided where risks require it, and competence is reviewed periodically.

All accidents, incidents, near misses, and dangerous occurrences must be reported without delay. Incidents are investigated proportionately, corrective actions are identified and implemented, and statutory reporting requirements, including RIDDOR where applicable, are complied with. No individual will suffer detriment for raising a genuine health and safety concern.

The organisation recognises that health includes mental wellbeing and will take reasonable steps to manage foreseeable stress-related risks arising from workload or organisational factors.

Fire safety and emergency arrangements are implemented where applicable. For homeworking volunteers, domestic fire safety remains the responsibility of the individual.

_{6. COMPETENT ADVICE AND AUDIT}

Nexus Network Group Limited obtains professional health and safety advice and audit support from Peninsula Group. This advisory support assists the organisation in meeting its legal obligations and maintaining best practice but does not transfer statutory duties.

Audit findings and recommendations are reviewed by leadership, and actions are monitored to completion as part of continual improvement.

_{7. MONITORING AND REVIEW}

Health and safety performance is monitored through incident data, audit outcomes, training compliance, and feedback. This policy is reviewed annually, following significant organisational change, or after serious incidents or audit findings.

_{8. POLICY STATUS}

This document constitutes the authoritative Health and Safety Policy of Nexus Network Group Limited. All supporting procedures, guidance, and appendices must align with this policy and do not override its principles, scope, or limitations.

_{FORMAL APPROVAL}

This policy is approved and adopted by the Executive Leadership Team of Nexus Network Group Limited.

Signed:
Executive Leadership Team
Nexus Network Group Limited

_{SAFEGUARDING & CHILD PROTECTION POLICY}

Nexus Network Group Limited

_{1. Policy Statement and Organisational Commitment}

Nexus Network Group Limited affirms its absolute and unequivocal commitment to safeguarding and promoting the welfare, safety, and wellbeing of all children and young people who engage with, access, or are otherwise affected by the organisation’s platforms, services, communities, activities, and associated environments.

The organisation recognises safeguarding as a fundamental, non-delegable organisational responsibility. The protection of children and young people is paramount and takes precedence over all other organisational, operational, reputational, or commercial considerations. Safeguarding concerns override confidentiality, hierarchy, convenience, and organisational interests where there is a risk of harm.

Nexus Network Group Limited acknowledges that failures in safeguarding can result in serious and lasting harm. Accordingly, robust preventative measures, clear reporting pathways, decisive responses, and strong governance oversight are essential. This policy establishes the standards, principles, responsibilities, and procedures by which the organisation seeks to prevent harm, identify risk, respond appropriately to safeguarding concerns, and ensure accountability at all levels.

_{2. Scope and Application of This Policy}

This policy applies to all activities undertaken by or on behalf of Nexus Network Group Limited and to all individuals who interact with, represent, or operate within the organisation’s sphere of responsibility or influence.

It applies to all staff members, volunteers, contractors, leadership, moderators, administrators, role-holders with delegated authority, and community members interacting with platforms managed, operated, or moderated by Nexus Network Group Limited. The policy applies across all organisational services, including online platforms, simulation servers, digital environments, voice and text communications, and any associated or linked spaces under organisational control or moderation.

This policy applies irrespective of geographic location, recognising the cross-jurisdictional and international nature of online platforms and digital communities.

_{3. Definitions and Interpretation}

For the purposes of this policy, a child or young person is defined as any individual under the age of eighteen years.

Safeguarding refers to all actions taken to protect children and young people from harm, abuse, neglect, exploitation, radicalisation, or other forms of maltreatment, and to promote their welfare and development.

Abuse includes physical abuse, emotional abuse, sexual abuse, neglect, exploitation, coercion, and online abuse, whether perpetrated by adults or by other children or young people.

Grooming refers to any pattern of behaviour, whether online or offline, intended to build trust with a child or young person for the purpose of exploitation, manipulation, or abuse.

Designated Safeguarding Leads are senior personnel appointed by Nexus Network Group Limited with authority and responsibility for safeguarding oversight, decision-making, and liaison with external safeguarding agencies.

_{4. Core Safeguarding Principles}

Nexus Network Group Limited operates in accordance with established safeguarding principles. The welfare of the child is always paramount. Safeguarding is the responsibility of every individual associated with the organisation, regardless of role or seniority.

Children and young people have the right to be heard, believed, taken seriously, and supported. Safeguarding responses must be timely, proportionate, and effective. Information must be shared lawfully and appropriately in the best interests of the child.

Safeguarding must be embedded into organisational culture, leadership, governance, and accountability structures.

These principles underpin all safeguarding-related policies, procedures, and actions taken by the organisation.

_{5. Legal and Statutory Framework}

This policy is informed by and aligned with relevant safeguarding legislation and statutory guidance across the jurisdictions in which Nexus Network Group Limited operates or has service users.

In England, this includes the Children Act 1989 and 2004, Working Together to Safeguard Children, Keeping Children Safe in Education where applicable, and the Sexual Offences Act 2003.

In Scotland, this includes the Children and Young People (Scotland) Act 2014, the National Guidance for Child Protection in Scotland, and the Getting It Right for Every Child (GIRFEC) framework.

In Wales, this includes the Social Services and Well-being (Wales) Act 2014, Working Together to Safeguard People, and the All Wales Safeguarding Procedures.

In Ireland, this includes the Children First Act 2015 and Children First: National Guidance for the Protection and Welfare of Children.

This policy also operates in conjunction with the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR), recognising that lawful information sharing is essential where safeguarding concerns arise.

_{6. Organisational Safeguarding Structure and Oversight}

Nexus Network Group Limited maintains executive-level oversight of safeguarding and child protection.

Designated Safeguarding and Child Protection Officers are appointed with authority to make safeguarding decisions, initiate protective actions, and liaise with statutory agencies. These officers are Tyler Davidson, Executive Lead Authority for Corporate Risk Management; Daniel Wojciechowski, Chief Executive Officer; and Leo King, Director of Customer Service.

All Designated Safeguarding Officers hold recognised safeguarding qualifications, including a Diploma in Child Safeguarding and Protection at Level 4 and a Diploma in Health and Social Care at Level 5, and have completed enhanced safeguarding and child protection training appropriate to their roles.

Safeguarding authority within the organisation is clearly defined and cannot be overridden by operational, technical, or managerial considerations.

_{7. Roles, Responsibilities and Expectations}

All individuals associated with Nexus Network Group Limited are required to maintain appropriate professional boundaries with children and young people, remain vigilant to safeguarding risks, and report concerns immediately. No individual may assume that another person will take responsibility for reporting.

Staff members and role-holders must act as positive role models, follow safeguarding procedures without exception, complete required safeguarding training, and cooperate fully with safeguarding processes.

Leadership is responsible for ensuring safeguarding is prioritised at a strategic level, that sufficient resources are allocated, and that decisive action is taken where risks are identified. Failure to comply with safeguarding responsibilities may result in removal from role, disciplinary action, or referral to external authorities.

_{8. Safer Behaviour and Online Conduct}

Nexus Network Group Limited enforces strict standards of behaviour to protect children and young people. Grooming, sexualised behaviour, inappropriate language, or exploitative conduct is strictly prohibited. Private, secretive, or unmonitored communication with minors is not permitted unless expressly authorised for safeguarding or operational reasons and subject to oversight.

The sharing of personal contact details with minors is prohibited. Authority, influence, or trust must never be exploited. All interactions with children and young people must be appropriate, transparent, accountable, and capable of scrutiny.

_{9. Recruitment, Vetting and Training}

Where individuals hold positions of responsibility or authority, Nexus Network Group Limited undertakes role suitability assessments, mandates completion of safeguarding training, and reviews safeguarding competence periodically.

Access to roles, systems, or platforms may be restricted or withdrawn where safeguarding risk is identified. Failure to meet safeguarding standards may result in removal from role or termination of involvement.

_{10. Recognising Abuse and Harm}

Safeguarding concerns may arise from behavioural changes, distress, fear, withdrawal, aggression, inappropriate relationships or communications, sexualised language or behaviour, or indicators of online exploitation or coercion.

Concerns must never be ignored, minimised, or dismissed on the basis of uncertainty, status, or reputation.

_{11. Reporting Safeguarding Concerns}

All safeguarding concerns must be reported immediately to a Designated Safeguarding Officer. Where a child or young person is believed to be in immediate danger, emergency services must be contacted without delay.

Reports must be factual, accurate, and timely and should include relevant dates, times, context, and the exact words used by the child or others where appropriate.

_{12. Responding to Safeguarding Concerns}

Nexus Network Group Limited will respond to safeguarding concerns with seriousness and urgency. The organisation will listen carefully, avoid leading questions, record concerns accurately, assess risk and urgency, and escalate matters to statutory agencies where required.

Confidentiality is respected but cannot be guaranteed where information must be shared to protect a child or young person from harm.

_{13. Information Sharing and Confidentiality}

Information relating to safeguarding concerns is shared only where necessary to protect a child, required by law, or required by safeguarding authorities. All information sharing is carried out in accordance with data protection legislation and safeguarding guidance.

The welfare of the child overrides confidentiality considerations where risk is present.

_{14. Working With External Agencies and Support Services}

Nexus Network Group Limited works in partnership with statutory safeguarding services, law enforcement, local authorities, and recognised safeguarding organisations.

Confidential advice and support services include the NSPCC helpline on 0808 800 5000 and Childline on 0800 1111.

_{15. Allegations Against Staff or Role-Holders}

Any allegation against a staff member, volunteer, or role-holder is treated as a serious safeguarding matter. Immediate protective measures may be taken, including suspension of duties or restriction of access.

Investigations are conducted fairly, confidentially, and lawfully, with referrals to external authorities made where required.

_{16. Record Keeping}

All safeguarding concerns are recorded securely, access-restricted, and retained in accordance with legal and safeguarding requirements. Records are factual, objective, contemporaneous, and auditable.

_{17. Monitoring, Audit and Review}

Safeguarding practice is monitored continuously, reviewed following incidents, and audited at leadership level. This policy is reviewed annually or sooner where legislation, statutory guidance, or organisational structure changes.

_{18. Policy Approval and Status}

This policy is approved and adopted by the Executive Leadership Team of Nexus Network Group Limited. It is authoritative and binding across the organisation.

Approval Date: 17 October 2025
Last Updated: 3 January 2026

© Nexus Network Group Limited. All rights reserved.

_{Asset Protection, Ownership, Governance, and Absolute Non-Trading Policy}

Nexus Network Group Limited

_{1. Authority, Purpose, and Supremacy}

This Asset Protection, Ownership, Governance, and Absolute Non-Trading Policy (“the Policy”) is issued by Nexus Network Group Limited (“the Organisation”) under the authority of its constitutional documents and governing body. This Policy forms a core and inseparable part of the Organisation’s internal governance framework and has binding effect on all persons and entities to whom it applies.

The purpose of this Policy is to define with absolute clarity the ownership, control, custody, use, and protection of all organisational assets; to prevent unauthorised use, diversion, or misappropriation; to eliminate ambiguity concerning rights, authority, or entitlement; and to ensure the Organisation’s continued operation on a strictly non-trading basis.

This Policy is intended to be comprehensive, restrictive, and defensive. Where any ambiguity, uncertainty, or competing interpretation arises, this Policy shall be interpreted strictly in favour of the Organisation’s ownership of assets, the preservation of the Organisation’s non-trading status, and the exclusion of individual or third-party claims. This Policy takes precedence over any verbal statement, informal practice, historic arrangement, tolerated behaviour, online communication, onboarding material, role description, assumption, or expectation.

No failure, delay, inconsistency, or selective enforcement shall be construed as a waiver of rights. No person is entitled to rely on silence, omission, custom, past conduct, or informal assurance as evidence of consent, permission, licence, ownership, or entitlement.

_{2. Corporate Form, Legal Nature, and Non-Trading Position}

Nexus Network Group Limited is a private company limited by guarantee incorporated in the United Kingdom under the Companies Act 2006. The Organisation has no share capital and no shareholders. Individuals recorded at Companies House are Members or Guarantors only and do not own the Organisation or any part of its assets.

Membership confers governance participation only and does not confer ownership, proprietary rights, beneficial interest, or entitlement to assets, income, or value of any kind. Each Member’s liability is strictly limited to one pound sterling, payable only in the event of winding up and only where required to satisfy outstanding liabilities. Membership is not transferable and does not create any form of beneficial or equitable interest.

The Organisation is non-profit-distributing and operates on a strictly non-trading basis. The Organisation does not, and shall not under any circumstances, engage in commercial trading, monetisation, profit-making activity, or revenue-generating exploitation of any asset. This prohibition is absolute and applies regardless of platform rules that may permit monetisation, regardless of community size, popularity, or growth, regardless of technical feasibility, and regardless of financial pressure, opportunity, or external incentive.

No individual, including any Director, Executive Officer, Member, or senior role-holder, has authority to alter, suspend, bypass, dilute, or reinterpret the Organisation’s non-trading position. Any attempt to do so is void from inception and constitutes a serious breach of governance and fiduciary duty.

_{3. Persons Bound and Acceptance}

This Policy applies to all persons and entities who interact with the Organisation or its assets in any capacity. This includes Members, Directors, Executive Officers, employees, volunteers, contractors, developers, scripters, designers, moderators, administrators, contributors, collaborators, and service providers, regardless of title, seniority, contractual status, or whether the role is paid or unpaid.

Acceptance of this Policy occurs through conduct. Any person who accepts a role, accesses organisational systems, contributes work, content, or ideas, exercises authority, or represents the Organisation in any manner is deemed to have accepted and agreed to be bound by this Policy in full. No signature, countersignature, or express acknowledgement is required.

_{4. Definition and Scope of Organisational Assets}

For the purposes of this Policy, “Assets” means anything of value belonging to or controlled by the Organisation, whether tangible or intangible, whether existing now or created in the future, whether registered or unregistered, whether stored locally, remotely, or with third-party service providers.

Assets include, without limitation, all intellectual property, digital property, data, systems, infrastructure, access rights, credentials, and goodwill. Assets include all names, branding, logos, identities, visual materials, and reputational elements associated with the Organisation. Assets include all software, scripts, frameworks, configurations, automation, databases, records, logs, analytics, documentation, policies, procedures, training materials, media content, audio-visual works, designs, and written works.

Assets further include all gaming servers, virtual environments, game instances, maps, models, textures, builds, scripts, moderation systems, and associated services, together with all platform accounts, permissions, dashboards, repositories, and access mechanisms used in connection with the Organisation.

This definition is intentionally expansive and shall not be interpreted narrowly. Any item reasonably connected to the Organisation’s operations, systems, platforms, or identity shall be deemed an Asset.

_{5. Absolute Ownership and Custodial Holding}

All Assets are owned solely, exclusively, irrevocably, and perpetually by Nexus Network Group Limited. Ownership is unconditional and does not depend on contribution, effort, creativity, technical skill, seniority, funding, or duration of involvement. Ownership does not diminish through inactivity, tolerance, informal practice, or changes in governance or leadership.

No individual acquires any legal title, beneficial interest, equitable interest, joint interest, moral interest, implied interest, or residual interest in any Asset. Concepts such as partial ownership, shared ownership, sweat equity, moral entitlement, community ownership, or implied rights are expressly rejected and have no force or effect.

Any claim that ownership arises from having built, created, configured, hosted, managed, administered, or funded an Asset is invalid. Contribution does not create ownership.

Where Assets are registered, hosted, controlled, or administered through accounts, credentials, devices, or services held in an individual’s name, such holding is deemed purely custodial and undertaken solely on behalf of the Organisation. Custodial holding confers no ownership, leverage, or bargaining power and does not survive termination of involvement. Any refusal, delay, obstruction, or conditionality in transferring control upon request constitutes misappropriation and bad-faith conduct.

Platform mechanics, technical limitations, or third-party terms of service do not override this Policy. Where formal transfer is technically impossible, the individual is deemed to hold the Asset on trust for the Organisation and must act strictly in accordance with organisational direction.

_{6. Intellectual Property and Contributions}

All intellectual property created in connection with the Organisation vests automatically and irrevocably in Nexus Network Group Limited upon creation, to the fullest extent permitted by law. This applies to work created for the Organisation, in connection with the Organisation, using organisational knowledge, systems, data, branding, or direction, or while holding any role or access within the Organisation.

This Policy operates as a present assignment of existing intellectual property rights and a future assignment of rights not yet created. Where automatic vesting is not recognised by law, rights shall vest at the earliest moment permitted.

This includes all derivative works, adaptations, improvements, modifications, updates, and extensions. To the fullest extent permitted by law, all contributors waive moral rights, rights of attribution, rights of integrity, and any similar personal rights.

No licence, permission, or right of reuse is granted by implication, silence, tolerance, or historical practice. Contributors do not acquire portfolio rights, resale rights, or external publication rights unless expressly granted in writing by the Organisation with proper authority, and any such permission may be revoked at any time.

_{7. Gaming Servers and Virtual Environments}

All gaming servers, virtual environments, and associated systems operated by the Organisation constitute core organisational infrastructure. They are not personal projects, community-owned assets, joint ventures, or collaborative enterprises. They exist solely as organisational Assets and are governed exclusively by this Policy.

This applies to all servers, instances, worlds, maps, builds, configurations, scripts, assets, data, and supporting services regardless of platform, engine, or hosting arrangement. No individual acquires special status or entitlement by virtue of technical responsibility, development leadership, or operational control.

All gaming environments are operated strictly on a non-commercial basis. No monetisation, revenue extraction, fee charging, profit generation, advertising exploitation, or indirect commercial benefit is permitted under any circumstances.

_{8. Roblox and Platform-Specific Governance}

All Roblox experiences, places, models, scripts, group holdings, permissions, funds, and related services operated under the Nexus name or in connection with the Organisation are organisational Assets owned exclusively by Nexus Network Group Limited.

Roblox accounts used to manage such assets are custodial only. Registration to an individual account does not confer ownership, leverage, or negotiating position. No Robux, platform credit, in-game currency, or indirect value may be extracted, retained, transferred, or used for personal benefit. Any such activity constitutes a severe and material breach of governance.

_{9. Executive Authority and Limits}

Directors and Executive Officers, including the Chief Executive Officer, act solely in a fiduciary and custodial capacity. They have no authority to sell, trade, license, monetise, encumber, or commercially exploit Assets, nor to alter, suspend, or reinterpret the Organisation’s non-trading status.

Any attempt to do so is void from inception and constitutes a serious breach of duty.

_{10. Access, Termination, and Survival}

Access to Assets is a privilege, not a right. All access is temporary, conditional, role-limited, and revocable at any time with or without notice. Upon termination of involvement for any reason, all access ceases immediately. Credentials must be surrendered, copies deleted, and full cooperation in asset return is mandatory.

Ownership, intellectual property, non-trading, enforcement, interpretation, and jurisdiction provisions survive termination indefinitely.

_{11. Enforcement and Remedies}

The Organisation may enforce this Policy through internal governance measures and external legal or platform remedies, including removal from roles, permanent exclusion, recovery of accounts or assets, platform enforcement actions, injunctive relief, and civil proceedings. All remedies are cumulative and non-exclusive.

_{12. Governing Law and Jurisdiction}

This Policy is governed by and construed in accordance with the law of Scotland. The Scottish courts have exclusive jurisdiction.

_{Final Declaration}

This Policy is intentionally comprehensive, restrictive, and protective. Any person unwilling to accept these terms in full must not participate in, contribute to, or interact with Nexus Network Group Limited or its assets.

Nexus Network Group Limited
Asset Protection, Ownership, Governance, and Absolute Non-Trading Policy

© Nexus Network Group Limited. All rights reserved.

_{Company Status, Non-Trading Declaration & Governance Policy}

Nexus Network Group Limited

_{1. Legal Status and Corporate Form}

Nexus Network Group Limited is a body corporate incorporated in the United Kingdom as a private company limited by guarantee without share capital, pursuant to the Companies Act 2006 and all other applicable statutory instruments, regulations, and guidance in force at the time of incorporation and thereafter.

The Company has no issued share capital and is not capable of issuing shares. It is not constituted, structured, or operated for the purpose of generating distributable profits, capital appreciation, or financial gain for any individual or entity. No shareholders exist, and no ownership interest capable of financial realisation exists within the Company.

The Company is governed exclusively by its Articles of Association, the Companies Act 2006, and other applicable laws. Its constitutional framework expressly limits the scope of its activities, powers, and financial arrangements to those consistent with its status as a company limited by guarantee and its declared non-trading nature.

The liability of each member of the Company is limited strictly and exclusively to the amount that member has undertaken to contribute to the assets of the Company in the event of its winding up. Such liability is capped at the guarantee amount specified in the Company’s constitutional documents and does not extend beyond that sum under any circumstances.

No provision exists, whether expressly stated, implied, inferred, or otherwise constructed, for the distribution of profits, dividends, surpluses, capital assets, or other financial benefits to members, directors, officers, or any connected persons. Any interpretation suggesting otherwise is expressly excluded and disclaimed.

_{2. Nature of Business, Operational Scope and SIC Classification}

The Company is registered with Companies House under Standard Industrial Classification (SIC) code 74990 – Non-trading company. This classification has been selected deliberately and accurately reflects the Company’s operational reality, organisational intent, and legal posture.

Nexus Network Group Limited does not carry on any trade, profession, vocation, or commercial enterprise and does not operate for commercial gain, profit, or financial return. The Company does not supply goods or services in the course of a business, does not hold itself out as a commercial undertaking, does not seek customers or clients, and does not compete in any market or sector.

The Company exists solely to provide governance, coordination, administrative oversight, policy development, organisational management, and community-based support functions. Any activity undertaken by the Company is ancillary or incidental to those purposes and does not constitute trading or business activity under UK company law.

The SIC classification is reviewed and confirmed as accurate at each statutory filing and is maintained in full compliance with Companies House requirements.

_{3. Formal Non-Trading Declaration}

Nexus Network Group Limited hereby makes a formal, unequivocal, and continuing declaration that it operates as a non-trading company for the purposes of Companies House registration, statutory reporting, and corporate governance.

All activities undertaken by the Company are non-commercial in character and substance and are conducted solely in furtherance of governance, oversight, coordination, administration, education, or community support. Such activities are undertaken without intent, expectation, or mechanism for generating profit, income, revenue, or financial return and are incidental to the Company’s stated objects.

The Company does not engage, and shall not engage, in commercial trading, business sales, profit-making ventures, or revenue-generating operations. Any incidental financial inflows received by the Company do not constitute consideration for goods or services and do not alter or undermine the Company’s declared non-trading status.

This declaration applies to all Company activities, whether conducted directly or indirectly, online or offline, and whether carried out by directors, officers, members, volunteers, agents, or representatives acting on behalf of the Company.

_{4. Distinction Between Non-Trading, Dormant Status and HMRC Requirements}

For the avoidance of doubt, the terms “non-trading” and “dormant” have distinct and separate meanings under UK company law and UK tax legislation. These concepts are assessed independently by Companies House and HM Revenue & Customs (HMRC) and are subject to different statutory tests and regulatory interpretations.

Nexus Networks Group Limited  is classified as a non-trading company for Companies House purposes and is registered under SIC code 74990 – Non-trading company.

The Company expressly acknowledges that HMRC applies its own statutory tests and criteria, including those set out in guidance such as CT41G, when determining whether a company is carrying on a trade or business, whether Corporation Tax registration is required, whether Corporation Tax returns must be submitted, or whether the company may be treated as dormant for tax purposes.

Based on the nature, scope, frequency, and substance of its activities, Nexus Network Group does not currently carry on, and has not at any time carried on, a trade, business, or other taxable activity for the purposes of Corporation Tax. The Company has not been notified by HMRC that Corporation Tax registration is required and has therefore not registered for Corporation Tax as at the date of this policy.

This position is definitive at the time of publication and is subject to ongoing monitoring. Should HMRC determine, whether now or in the future, that registration, notification, or reporting obligations arise, the Company will comply fully, promptly, and in good faith with all applicable statutory requirements.

_{5. Financial Conduct and Application of Funds}

The Company does not distribute, and shall not distribute, profits, dividends, capital, or financial benefits of any kind to members, directors, officers, employees, or connected persons.

Any funds received by the Company, whether by donation, grant, contribution, reimbursement, or other incidental receipt, are applied strictly and exclusively to necessary administrative and operational expenses, infrastructure and systems costs, compliance obligations, governance activities, and the sustainability of the organisation in furtherance of its stated objects.

No funds are applied in a manner inconsistent with the Company’s non-trading status, constitutional limitations, or statutory obligations. No financial arrangement exists that would permit personal enrichment, private benefit, or commercial gain.

_{6. Objects, Purpose and Limitations}

The Company is established exclusively to provide governance, oversight, coordination, and structural management for affiliated initiatives, projects, and communities operating on a non-commercial basis.

Its purpose is limited to maintaining organisational standards, policies, and compliance frameworks and to supporting digital, simulation-based, creative, and community-focused initiatives where such support is provided without commercial intent or financial return.

Activities falling outside these objects are neither authorised nor permitted. Nothing in this policy, nor in any Company action or omission, shall be interpreted as authorising trading, commercial operations, or business activity.

_{7. Governance, Accountability and Compliance}

Nexus Network Group Limited operates in strict and continuous compliance with the Companies Act 2006, its Articles of Association, Companies House guidance and filing requirements, and all applicable UK legal and regulatory obligations.

The directors are collectively and individually responsible for ensuring that the Company remains compliant with its declared non-trading status, maintains accurate, complete, and timely statutory filings, acts transparently and responsibly, and operates at all times within the limits of its legal capacity. The directors further ensure that the Company avoids activities that could reasonably be construed as trading or commercial in nature.

_{8. Transparency and Reliance Statement}

This policy is published to provide clear, accurate, comprehensive, and authoritative information regarding the legal status, operational nature, and governance framework of Nexus Network Group Limited.

Any reliance placed upon this policy by members, stakeholders, partners, regulators, financial institutions, counterparties, or members of the public is reasonable and justified based on the Company’s declared structure, conduct, and compliance commitments as set out herein.

_{9. Version Control, Authority and Review}

Last updated: 26 January 2026

This policy is authoritative as at the date stated above and supersedes all previous versions. It shall be reviewed periodically and amended only where required by changes in legislation, regulatory guidance, or the Company’s constitutional structure.

_{Equality, Diversity & Inclusion (EDI) Policy}

Nexus Network Group Limited

(Issued in accordance with the Equality Act 2010 and UK company governance standards)

_{1. Policy Purpose, Status and Intent}

Nexus Network Group Limited (“the Company”) is a private limited company registered in the United Kingdom. This Equality, Diversity & Inclusion Policy (“the Policy”) establishes the Company’s formal, binding, and authoritative position on equality of opportunity, non-discrimination, dignity, and inclusive conduct.

The Company is unequivocally committed to full compliance with the Equality Act 2010 and all associated statutory obligations, regulatory guidance, and relevant case law applicable within the United Kingdom. Equality, diversity, and inclusion are treated as core principles of lawful operation, good governance, and responsible organisational conduct.

This Policy forms an integral part of the Company’s governance framework. Compliance with this Policy is mandatory for all persons and entities to whom it applies. Failure to comply may result in disciplinary action, removal from role, termination of engagement, exclusion from participation, or legal escalation where appropriate.

This Policy is intended to remove ambiguity. Where interpretation arises, the plain meaning of the Equality Act 2010, relevant statutory guidance, and applicable case law shall prevail. Nothing in this Policy shall be interpreted so as to override, dilute, or contradict statutory protections or obligations.

_{2. Scope of Application}

This Policy applies to all persons engaged with, representing, or participating in Nexus Network Group Limited in any capacity whatsoever.

This includes Members and Guarantors, Directors and Executive Officers, employees, workers, volunteers, contractors, moderators, administrators, role-holders with delegated authority, partners, collaborators, contributors, and participants.

The Policy applies across all environments in which the Company operates or exercises authority or influence. This includes online platforms, digital services, communication systems, community and social spaces, events, training activities, operational functions, governance processes, leadership activity, and decision-making forums.

Compliance with this Policy is a condition of access, participation, appointment, and continued involvement. No individual has an entitlement to participate in Company environments other than in accordance with this Policy.

_{3. Legal Framework and Protected Characteristics}

Nexus Network Group Limited formally recognises and adopts the protected characteristics defined in Part 2 of the Equality Act 2010. Discrimination, harassment, or victimisation on the basis of any protected characteristic is unlawful and strictly prohibited.

Protected characteristics under this Policy include age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race (including colour, nationality, ethnic origin, and national origin), religion or belief, sex, and sexual orientation.

For the avoidance of doubt, prohibited conduct under this Policy includes direct discrimination, indirect discrimination, harassment, victimisation, instructions to discriminate, and failure to make reasonable adjustments where such adjustments are required by law.

Conduct may constitute discrimination regardless of intent where the effect of the conduct meets the legal threshold under the Equality Act 2010. A lack of malicious intent, ignorance, or informal justification does not excuse unlawful or prohibited conduct.

_{4. Equality of Opportunity and Lawful Decision-Making}

The Company is committed to ensuring equality of opportunity in all decisions affecting individuals within its environments.

All decisions relating to participation, appointment, access, moderation, responsibility, advancement, restriction, or removal shall be made on lawful, objective, and proportionate grounds. Decisions must be based on merit, behaviour, competence, capability, suitability, and legitimate organisational requirements.

Protected characteristics must not influence decision-making, whether consciously or unconsciously, except where specific and lawful exemptions apply under the Equality Act 2010.

The Company will take reasonable and proportionate steps to identify and remove barriers to participation and will make reasonable adjustments for disabled individuals where required by law. Adjustments are assessed on an individual basis, taking account of legal obligations, reasonableness, practicability, and organisational context.

_{5. Respect, Dignity and Behavioural Standards}

All individuals operating within environments managed, moderated, or influenced by Nexus Network Group Limited are required to treat others with dignity and respect at all times.

Conduct must be lawful, appropriate, inclusive, and non-discriminatory. Language, behaviour, or actions that may reasonably be perceived as discriminatory, hostile, degrading, humiliating, intimidating, or offensive are prohibited.

Bullying, harassment, intimidation, exclusion, or conduct that undermines equality or inclusion is not tolerated, regardless of whether a protected characteristic is explicitly referenced. Behaviour may constitute misconduct where it undermines the objectives or spirit of this Policy, even where no unlawful discrimination is ultimately established.

_{6. Harassment and Victimisation}

Harassment is defined as unwanted conduct related to a protected characteristic that has the purpose or effect of violating a person’s dignity or creating an intimidating, hostile, degrading, humiliating, or offensive environment.

Victimisation occurs where an individual is subjected to detriment because they have raised a concern, made a complaint, supported another person’s complaint, participated in an investigation, or asserted their rights under the Equality Act 2010.

Harassment and victimisation are treated as serious breaches of this Policy and will be addressed decisively.

_{7. Reporting, Investigation and Enforcement}

Any individual who experiences, witnesses, or reasonably suspects conduct that may breach this Policy is expected to report the matter through appropriate Company reporting or governance channels.

Reports will be considered impartially, investigated proportionately, and handled confidentially so far as is practicable and lawful.

Retaliation against any individual who raises a concern in good faith is strictly prohibited and will itself constitute a serious breach of this Policy.

Where breaches are substantiated, the Company may take appropriate action, including corrective measures, mandatory training, removal from roles or authority, suspension, exclusion, or legal escalation where necessary.

_{8. Responsibilities and Accountability}

Equality, diversity, and inclusion are shared responsibilities across Nexus Network Group Limited.

All individuals are required to comply with this Policy and to conduct themselves lawfully and appropriately.

Directors, leaders, and role-holders have an enhanced duty to lead by example, promote inclusive practice, prevent discriminatory conduct, and take prompt action where concerns arise.

The Executive Leadership Team holds ultimate responsibility for oversight, enforcement, monitoring, and review of this Policy.

_{9. Interaction With Other Policies}

This Policy operates alongside, and does not replace, the Company’s safeguarding and child protection policies, disciplinary and conduct policies, complaints and whistleblowing procedures, and data protection and privacy policies.

Where overlap exists between policies, the highest applicable standard shall apply.

_{10. Monitoring, Review and Continuous Improvement}

The Company will monitor compliance with this Policy and take appropriate action where deficiencies or risks are identified.

This Policy will be reviewed annually, upon legislative or regulatory change, or following significant incidents that indicate a need for review or improvement.

_{11. Document Control}

This document is titled Equality, Diversity & Inclusion (EDI) Policy. The organisation is Nexus Network Group Limited. The current version is Version 1.0. The Policy is approved by the Executive Leadership Team and is approved and active as of 3 January 2026. The review cycle is annual or upon legislative change, with the next review due on 3 January 2027.

© Nexus Network Group Limited. All rights reserved.

_{Whistleblowing Policy}

Nexus Network Group Limited

_{1. Purpose, Status and Policy Intent}

Nexus Network Group Limited (“the Company”) is committed to conducting its activities with integrity, transparency, and accountability. This Whistleblowing Policy establishes the framework through which individuals are encouraged and enabled to raise concerns about wrongdoing, misconduct, or unsafe practices in a responsible and protected manner.

The purpose of this Policy is to provide a clear mechanism for reporting serious concerns, to ensure that such concerns are addressed appropriately, and to protect individuals who raise concerns in good faith from retaliation or detriment.

This Policy is issued in accordance with the Public Interest Disclosure Act 1998 and relevant UK governance standards. It forms part of the Company’s governance framework and applies alongside other conduct, safeguarding, and complaints policies.

_{2. Scope and Application}

This Policy applies to all individuals who engage with, represent, or act on behalf of Nexus Network Group Limited in any capacity.

This includes, without limitation, Directors, Members, Executive Officers, employees, workers, volunteers, contractors, moderators, administrators, role-holders with delegated authority, and service providers.

This Policy applies regardless of whether the individual raising a concern is currently engaged with the Company or has ceased involvement, provided the concern relates to matters arising during their involvement.

_{3. What Is Whistleblowing}

Whistleblowing refers to the disclosure of information which an individual reasonably believes shows wrongdoing, malpractice, or risk in the public interest.

Concerns that may fall within the scope of this Policy include, but are not limited to, criminal activity, fraud, theft, or financial mismanagement; safeguarding failures or risks to children or vulnerable persons; breaches of legal or regulatory obligations; serious breaches of Company policies or governance requirements; health and safety risks; abuse of authority; corruption; conflicts of interest; misuse or misappropriation of Company assets; data protection or information security failures; and deliberate concealment of any of the above.

This Policy is not intended to replace routine grievance, disciplinary, or complaints procedures where those are more appropriate. However, where an individual reasonably believes that an issue is serious, systemic, or cannot be addressed through normal channels, this Policy applies.

_{4. Principles Governing Whistleblowing}

Nexus Network Group Limited is committed to ensuring that individuals who raise concerns in good faith are treated fairly and protected.

The Company encourages a culture in which concerns can be raised without fear. All disclosures will be taken seriously, assessed objectively, and handled proportionately.

Concerns may be raised even where proof is not available, provided the disclosure is made honestly and with a reasonable belief that the information disclosed is true.

Malicious, knowingly false, or bad-faith disclosures are not protected under this Policy and may result in action being taken.

_{5. Protection Against Detriment and Retaliation}

No individual who raises a concern in good faith under this Policy shall be subjected to retaliation, victimisation, harassment, discrimination, or any other form of detriment as a result of doing so.

Any retaliation against a whistleblower will itself be treated as a serious breach of Company policy and may result in disciplinary action, removal from role, or other appropriate measures.

Protection under this Policy applies regardless of whether the concern is ultimately substantiated, provided it was raised honestly and in good faith.

_{6. Confidentiality and Anonymity}

The Company will take all reasonable steps to protect the confidentiality of individuals who raise concerns under this Policy.

Disclosures will be handled sensitively, and information will be shared only where necessary to investigate the concern, comply with legal obligations, or protect individuals from harm.

Anonymous disclosures will be accepted and considered. However, individuals are encouraged to provide contact details where possible, as anonymity may limit the Company’s ability to investigate fully or provide feedback.

_{7. How to Raise a Whistleblowing Concern}

Concerns may be raised through appropriate internal governance channels. Individuals are encouraged, where possible, to raise concerns with a member of the Executive Leadership Team or another senior role-holder independent of the issue being reported.

Where a concern involves senior leadership, safeguarding matters, or where the individual reasonably believes that internal reporting is inappropriate or unsafe, the concern may be escalated directly to an appropriate external authority.

Concerns should be raised as soon as reasonably practicable and should include sufficient detail to allow the matter to be assessed, including relevant facts, dates, and context.

_{8. Assessment, Investigation and Response}

All whistleblowing disclosures will be assessed promptly to determine the appropriate course of action.

Where appropriate, an investigation will be undertaken in a proportionate, impartial, and confidential manner. Investigations may be conducted internally or with external assistance where necessary.

The Company will take appropriate corrective action where wrongdoing is identified. This may include governance action, disciplinary measures, safeguarding escalation, policy changes, or referral to external authorities.

While confidentiality constraints may limit the level of detail shared, the Company will endeavour to provide feedback to the whistleblower where practicable.

_{9. External Reporting}

Nothing in this Policy prevents individuals from making disclosures to prescribed external bodies in accordance with the Public Interest Disclosure Act 1998, including regulatory authorities, safeguarding agencies, or law enforcement, where appropriate.

The Company encourages internal reporting in the first instance where it is safe and reasonable to do so but recognises that this may not always be appropriate.

_{10. Interaction With Other Policies}

This Policy operates alongside the Company’s Safeguarding & Child Protection Policy, Equality, Diversity & Inclusion Policy, Code of Conduct, Complaints Procedure, Disciplinary Framework, and Data Protection and Privacy policies.

Where overlap exists, the most protective and appropriate procedure shall apply.

_{11. Governance, Oversight and Review}

The Executive Leadership Team of Nexus Network Group Limited holds responsibility for oversight of this Policy and for ensuring that whistleblowing concerns are handled appropriately.

This Policy will be reviewed periodically to ensure continued compliance with legislation, regulatory guidance, and best practice. It may be updated where necessary to reflect organisational or legal change.

_{12. Policy Status and Document Control}

This document is the Whistleblowing Policy of Nexus Network Group Limited. It is approved and adopted by the Executive Leadership Team and is binding across the organisation.

Organisation: Nexus Network Group Limited
Policy Title: Whistleblowing Policy
Version: 1.0
Status: Approved and Active
Approval Date: January 2026
Review Cycle: Annual or upon legislative change

© Nexus Network Group Limited. All rights reserved.

_{Code of Conduct}

Nexus Network Group Limited

_{1. Purpose, Legal Standing and Absolute Authority}

This Code of Conduct (“the Code”) establishes the mandatory standards of behaviour, integrity, accountability, and responsibility required of all individuals who engage with, represent, contribute to, or participate in Nexus Network Group Limited (“the Company”) in any capacity.

This Code forms a core and inseparable part of the Company’s governance framework. It has binding effect and applies in conjunction with, and in support of, all other Company policies, including but not limited to safeguarding, equality and inclusion, whistleblowing, volunteer engagement, asset protection, non-trading governance, health and safety, privacy, and community rules.

Compliance with this Code is a condition of access, participation, appointment, role allocation, and continued involvement. No individual has a contractual, moral, equitable, or implied right to participate in Company environments except in accordance with this Code.

This Code is authoritative and supersedes any informal guidance, historic practices, community norms, tolerated behaviour, verbal assurances, assumptions, or expectations. No failure or delay in enforcement shall constitute consent, waiver, precedent, or estoppel.

_{2. Scope, Applicability and Acceptance by Conduct}

This Code applies to all individuals engaged with Nexus Network Group Limited, regardless of title, seniority, contractual status, duration of involvement, or geographic location.

This includes, without limitation, Members and Guarantors, Directors and Executive Officers, employees, workers, volunteers, contractors, moderators, administrators, role-holders, contributors, collaborators, developers, designers, technical staff, community members, and participants.

The Code applies across all environments in which the Company operates, exercises authority, or has a reasonable interest. This includes digital platforms, simulation servers, communication systems, governance forums, training activities, events, social spaces, and any activity undertaken under the Company’s name, branding, authority, or perceived endorsement.

Acceptance of this Code occurs through conduct. Any individual who accesses Company systems, accepts a role, contributes content or labour, exercises authority, or participates in Company-managed environments is deemed to have read, understood, and accepted this Code in full. No signature or express acknowledgment is required.

_{3. Fundamental Standards of Behaviour}

All individuals must act honestly, lawfully, responsibly, and in good faith at all times when engaging with Nexus Network Group Limited.

Conduct must uphold trust, safety, fairness, professionalism, and organisational integrity. Individuals must not engage in behaviour that undermines the Company’s governance, non-commercial nature, safeguarding obligations, or the wellbeing of others.

Abusive, threatening, deceptive, manipulative, exploitative, coercive, discriminatory, harassing, retaliatory, or deliberately disruptive conduct is prohibited. Behaviour may constitute a breach of this Code even where it falls short of criminality or where harm is indirect, cumulative, or contextual.

Lack of intent, ignorance, humour, provocation, cultural norms, personal belief, or prior tolerance shall not excuse behaviour that breaches this Code.

_{4. Respect, Dignity and Inclusive Conduct}

All individuals must treat others with dignity and respect at all times. Interactions must be appropriate, proportionate, and mindful of power imbalances, vulnerabilities, and context.

Language, behaviour, imagery, or conduct that is reasonably perceived as hostile, degrading, humiliating, intimidating, exclusionary, or offensive is prohibited. This applies regardless of whether a protected characteristic is explicitly referenced.

This Code operates alongside the Company’s Equality, Diversity & Inclusion Policy. Conduct that undermines equality or inclusion may constitute misconduct even where it does not meet the statutory threshold for unlawful discrimination.

Persistent low-level behaviour, patterns of exclusion, or cumulative conduct may constitute a breach even where individual incidents appear minor in isolation.

_{5. Safeguarding, Protection and Duty to Act}

Safeguarding is paramount. All individuals must comply fully with the Company’s Safeguarding & Child Protection Policy and act in a manner that prioritises the welfare of children and young people.

Any behaviour that places a child or young person at risk, including grooming, inappropriate communication, boundary violations, sexualised conduct, exploitation, or failure to maintain appropriate professional distance, is strictly prohibited.

All safeguarding concerns must be reported immediately through appropriate Company channels. Failure to report a safeguarding concern, or attempting to handle it privately or informally, may itself constitute a serious breach of this Code.

_{6. Authority, Leadership and Use of Power}

Individuals holding positions of authority, moderation, or leadership carry enhanced responsibilities.

Authority must be exercised lawfully, fairly, proportionately, and in good faith. It must never be used for personal benefit, retaliation, intimidation, coercion, favouritism, or suppression of dissent.

Role-holders must act strictly within the limits of their delegated authority and must not misrepresent their powers, status, or the Company’s position. Decisions must be based on objective criteria, behaviour, and organisational requirements.

Abuse of authority, whether overt or subtle, constitutes serious misconduct.

_{7. Integrity, Conflicts of Interest and Honesty}

All individuals must act with integrity and avoid situations where personal interests conflict, or reasonably appear to conflict, with the interests of Nexus Network Group Limited.

Any actual or potential conflict of interest must be disclosed promptly through appropriate governance channels. Failure to disclose conflicts may constitute misconduct.

Bribery, inducement, coercion, misrepresentation, or improper influence is strictly prohibited.

_{8. Use of Assets, Systems, Data and Information}

All Company assets, systems, platforms, credentials, and data must be used responsibly and solely for authorised purposes.

Unauthorised access, misuse, misappropriation, sharing of credentials, circumvention of controls, or retention of access beyond authorisation is prohibited.

Confidential information, personal data, safeguarding records, and governance material must be handled strictly in accordance with Company policies and legal obligations.

The Company’s non-trading status must be respected at all times. No individual may seek personal gain, monetisation, or indirect benefit through Company assets or platforms.

_{9. Online Conduct, Representation and External Behaviour}

When engaging in online environments managed or moderated by the Company, individuals must conduct themselves in accordance with this Code and all applicable policies.

Individuals must not represent themselves as speaking on behalf of the Company unless expressly authorised. Public communications must not misrepresent the Company, disclose confidential information, undermine trust, or bring the Company into disrepute.

Behaviour outside Company platforms may fall within the scope of this Code where it reasonably impacts the Company, its members, its communities, or its safeguarding, governance, or reputational interests.

_{10. Raising Concerns and Speaking Up}

Individuals are expected to raise concerns about conduct that may breach this Code or other Company policies.

Concerns may be reported through moderation, governance, safeguarding, or whistleblowing channels. Reports made in good faith are protected from retaliation.

Failure to report serious misconduct, particularly safeguarding, governance, or asset-related concerns, may itself constitute a breach of this Code.

_{11. Enforcement, Discretion and Consequences}

Breaches of this Code will be assessed and addressed fairly, proportionately, and consistently, taking into account the seriousness of the conduct, risk posed, and organisational context.

The Company reserves absolute discretion in determining appropriate enforcement action. Measures may include guidance, warnings, mandatory training, restriction or removal of access or authority, suspension, exclusion from platforms, termination of involvement, or escalation under other Company policies or to external authorities.

No individual has an automatic right to a role, level of access, appeal outcome, or continued participation.

_{12. Interpretation, Governance and Review}

This Code shall be interpreted in a manner that best protects the safety, integrity, governance, and lawful operation of Nexus Network Group Limited.

The Executive Leadership Team holds ultimate responsibility for oversight, interpretation, and enforcement of this Code. Their determinations are final, subject only to statutory requirements.

This Code will be reviewed periodically and updated where necessary to reflect changes in law, organisational structure, platform risk, or operational context.

_{13. Policy Status and Document Control}

This document constitutes the Code of Conduct of Nexus Network Group Limited and is binding across the organisation.

Organisation: Nexus Network Group Limited
Policy Title: Code of Conduct
Version: 2.0
Status: Approved and Active
Approval Date: January 2026
Review Cycle: Annual or upon significant change

© Nexus Network Group Limited. All rights reserved.

_{Community Rules & Acceptable Use Policy}

Nexus Network Group Limited

_{1. Purpose, Authority and Status}

This Community Rules & Acceptable Use Policy (“the Policy”) establishes the mandatory standards of behaviour, participation, and use applicable to all individuals who access, interact with, or participate in communities, platforms, services, and environments operated, managed, moderated, or otherwise controlled by Nexus Network Group Limited (“the Company”).

The purpose of this Policy is to ensure that all Company-managed environments remain safe, lawful, inclusive, non-commercial, and appropriately moderated spaces. This Policy exists to protect users, volunteers, staff, children and young people, organisational assets, and the integrity of the Company.

This Policy forms part of the Company’s formal governance framework and applies alongside, and in support of, the Code of Conduct, Safeguarding & Child Protection Policy, Equality, Diversity & Inclusion Policy, Whistleblowing Policy, Asset Protection and Non-Trading Policy, Privacy Policy, and any platform-specific rules.

Compliance with this Policy is a condition of access and participation. No individual has a right to use Company-managed platforms or communities other than in accordance with this Policy.

_{2. Scope and Application}

This Policy applies to all individuals who interact with Nexus Network Group Limited in any capacity, including community members, participants, users, volunteers, moderators, administrators, developers, contributors, and role-holders.

The Policy applies across all environments operated, managed, moderated, or branded by the Company. This includes, without limitation, simulation servers, gaming servers, virtual environments, forums, Discord servers, voice and text communications, social spaces, events, and any associated digital or online platforms.

The Policy applies regardless of geographic location and regardless of whether access is direct, indirect, temporary, or ongoing.

Accessing or using Company-managed platforms constitutes acceptance of this Policy by conduct. No express agreement is required.

_{3. General Standard of Conduct}

All users must conduct themselves lawfully, respectfully, and responsibly at all times.

Behaviour must not undermine the safety, wellbeing, dignity, or enjoyment of others, nor the lawful and orderly operation of the Company’s platforms and communities.

Conduct that is disruptive, hostile, abusive, exploitative, deceptive, or otherwise incompatible with a safe and inclusive community environment is not permitted, even where such conduct is not explicitly listed elsewhere in this Policy.

The Company reserves discretion to assess behaviour in context and to take action where conduct undermines the spirit or objectives of this Policy.

_{4. Prohibited Behaviour}

Use of Company-managed platforms must not involve harassment, bullying, intimidation, threats, hate speech, discriminatory conduct, or targeted abuse.

Users must not engage in behaviour that is sexually explicit, sexually suggestive, exploitative, or inappropriate, particularly where children or young people may be present.

Grooming behaviour, boundary violations, or attempts to build inappropriate relationships with minors are strictly prohibited and will result in immediate action.

Users must not impersonate others, misrepresent their identity or role, spread false or misleading information, or engage in coordinated disruption.

The use of slurs, derogatory language, inflammatory content, or imagery that may reasonably be perceived as offensive, degrading, or hostile is prohibited.

Attempts to provoke, bait, harass, or incite others into rule-breaking or conflict are not permitted.

_{5. Safeguarding and Protection of Children and Young People}

Safeguarding is paramount in all Company-managed environments.

Users must comply fully with the Company’s Safeguarding & Child Protection Policy. Any behaviour that places a child or young person at risk is prohibited.

Users must not initiate or pursue private, secretive, or inappropriate communications with minors. Any safeguarding concern must be reported immediately through appropriate channels.

Failure to comply with safeguarding expectations may result in immediate restriction or removal of access and escalation to external authorities where required.

_{6. Acceptable Use of Platforms and Systems}

Company-managed platforms and systems must be used only for their intended, lawful, and authorised purposes.

Users must not attempt to bypass moderation, security, or access controls, exploit technical vulnerabilities, or interfere with the operation of systems.

The use of cheats, exploits, automation, unauthorised modifications, or third-party tools that undermine fairness, stability, or integrity is prohibited.

Users must not upload, share, or distribute malicious software, harmful content, or material that infringes intellectual property rights or platform rules.

_{7. Non-Commercial Use and Prohibition on Monetisation}

All Company-managed platforms and communities operate on a strictly non-commercial basis.

Users must not advertise, promote, solicit, or conduct commercial activity, fundraising, trading, monetisation, or personal financial gain through Company platforms without explicit written authorisation from the Company.

This includes advertising external services, selling digital or physical goods, soliciting donations, or seeking personal benefit through influence, access, or status.

Any attempt to monetise or commercially exploit Company platforms or communities constitutes a serious breach of this Policy.

_{8. Respect for Moderation and Governance}

Moderators and administrators act under delegated authority from Nexus Network Group Limited.

Users must comply with lawful moderation instructions and decisions. Attempts to undermine moderation, evade enforcement, harass moderators, or incite opposition to governance are prohibited.

Disagreement with moderation decisions must be raised respectfully through appropriate review or complaints channels. Public disputes, harassment, or retaliatory behaviour are not permitted.

_{9. Reporting Concerns and Rule Breaches}

Users are encouraged to report behaviour that may breach this Policy, safeguarding standards, or other Company policies.

Reports should be made through designated moderation, safeguarding, or governance channels.

Reports made in good faith are welcomed and protected. Abuse of reporting mechanisms, including false or malicious reports, may itself constitute a breach of this Policy.

_{10. Enforcement, Discretion and Consequences}

The Company reserves full discretion to assess conduct and determine appropriate enforcement action.

Enforcement measures may include warnings, guidance, content removal, temporary restrictions, suspensions, permanent bans, removal from roles, or escalation under other Company policies or to external authorities where appropriate.

No user has a right to a particular level of access, continued participation, or appeal outcome. Participation in Company-managed communities is a privilege, not an entitlement.

The Company may take immediate action without prior warning where necessary to protect individuals, platforms, or organisational integrity.

_{11. Interpretation and Interaction With Other Policies}

This Policy must be interpreted in a manner that best protects safety, safeguarding, lawful operation, and organisational governance.

Where this Policy overlaps with other Company policies, the highest applicable standard shall apply.

Nothing in this Policy limits the Company’s right to act in accordance with law, platform rules, or its broader governance responsibilities.

_{12. Review and Policy Status}

This Policy is reviewed periodically and may be updated at any time to reflect changes in law, platform risk, or operational requirements.

Continued use of Company-managed platforms following any update constitutes acceptance of the revised Policy.

_{13. Document Control}

Organisation: Nexus Network Group Limited
Policy Title: Community Rules & Acceptable Use Policy
Version: 1.0
Status: Approved and Active
Approval Date: January 2026
Review Cycle: Periodic or as required

© Nexus Network Group Limited. All rights reserved.

_{Complaints & Grievance Policy}

Nexus Network Group Limited

_{1. Purpose, Legal Status and Policy Intent}

Nexus Network Group Limited (“the Company”) is committed to maintaining high standards of governance, fairness, transparency, and accountability in the operation of its platforms, communities, and organisational activities. This Complaints & Grievance Policy (“the Policy”) establishes the formal framework through which concerns, complaints, or grievances relating to the Company may be raised and considered.

The purpose of this Policy is to provide an orderly, proportionate, and lawful mechanism for the review of complaints, while safeguarding the integrity, safety, and effective governance of the Company. This Policy is not intended to create contractual obligations, employment rights, guarantees of outcome, or legally enforceable expectations beyond those required by law.

This Policy forms part of the Company’s internal governance framework. Compliance with this Policy is mandatory for all individuals to whom it applies. The Company retains discretion over the interpretation, application, scope, and outcome of this Policy, subject only to statutory obligations.

_{2. Scope and Application}

This Policy applies to complaints and grievances raised by any individual who engages with Nexus Network Group Limited in any capacity, whether current or former, where the matter complained of arises from or relates to the Company’s activities, platforms, governance, moderation, or representatives.

This includes, without limitation, community members, participants, volunteers, staff, moderators, administrators, role-holders, contractors, collaborators, contributors, and service users.

This Policy applies only to matters within the reasonable responsibility, control, or influence of the Company. The Company does not accept responsibility for matters arising wholly outside its platforms, authority, or organisational remit.

_{3. Matters Covered and Matters Excluded}

A complaint or grievance under this Policy is an expression of dissatisfaction relating to the Company’s actions, omissions, decisions, conduct of representatives, application of policies, moderation actions, or procedural matters, where the individual seeks review, explanation, or corrective action.

This Policy does not apply to safeguarding concerns, whistleblowing disclosures, data protection rights requests, or statutory complaints, which are governed by separate specialist policies and procedures. Where overlap exists, the Company will determine the appropriate route in its sole discretion.

This Policy does not provide a forum for challenging the Company’s lawful governance decisions, non-trading status, strategic direction, asset ownership, or policy positions. It is not a mechanism for general disagreement, campaigning, or attempting to compel changes to Company values or governance structures.

_{4. Governing Principles}

Complaints will be handled in a manner that is fair, impartial, proportionate, and consistent with good governance.

The Company will consider complaints in good faith but retains discretion over whether, how, and to what extent a complaint is investigated. Complaints are not treated as adversarial proceedings and do not give rise to rights of cross-examination, representation, disclosure of internal deliberations, or formal hearings.

The Company will balance the interests of the complainant with the rights, safety, privacy, and wellbeing of others and with its safeguarding, legal, and governance obligations.

_{5. Good Faith Requirement and Abuse of Process}

Complaints must be raised in good faith. This means the complainant must reasonably believe the complaint to be genuine, accurate to the best of their knowledge, and raised for the purpose of resolution rather than harassment, retaliation, disruption, or leverage.

The Company reserves the right to restrict, suspend, or decline to engage with complaints that are vexatious, malicious, abusive, repetitive, trivial, disproportionate, or made in bad faith. This includes complaints that seek to relitigate matters already concluded without new and material information.

Abuse of the complaints process may itself constitute a breach of the Company’s Code of Conduct or Community Rules.

_{6. Informal Resolution}

Where appropriate, proportionate, and safe, the Company may seek to resolve concerns informally through explanation, clarification, guidance, or corrective action.

Informal resolution is not a right and may not be suitable where allegations are serious, involve safeguarding, governance integrity, or risk to others. The Company retains discretion to determine whether informal resolution is appropriate.

_{7. Formal Complaints Submission}

Formal complaints must be submitted through designated Company channels and within a reasonable time of the matter arising, unless there is a valid reason for delay.

Complaints must include sufficient detail to allow meaningful assessment. This includes a clear description of the issue, relevant dates and context, the individuals or actions involved where known, and the impact of the matter complained of.

The Company may decline to consider complaints that are anonymous, lack sufficient information, are excessively delayed, fall outside the scope of this Policy, or relate to matters for which the Company is not responsible.

_{8. Initial Assessment and Triage}

Upon receipt, the Company will assess whether the complaint falls within scope, whether it raises safeguarding or whistleblowing issues, and whether investigation is warranted.

The Company may dismiss, redirect, or prioritise complaints based on risk, seriousness, credibility, and relevance. Not all complaints will result in a full investigation.

_{9. Investigation Process}

Where an investigation is undertaken, it will be proportionate to the nature and seriousness of the complaint.

The Company may review records, communications, logs, and policies; seek explanations from relevant individuals; and obtain professional or external advice where appropriate.

The Company is not obliged to disclose confidential information, personal data of third parties, safeguarding material, internal assessments, or legal advice.

_{10. Findings, Decisions and Outcomes}

Following assessment or investigation, the Company will determine an appropriate outcome in its discretion.

Outcomes may include explanation, clarification, corrective action, policy review, training, enforcement under other policies, or no action where the complaint is not upheld.

The Company does not guarantee any particular outcome, remedy, or corrective action. Decisions are made in the context of organisational risk, fairness, and governance obligations.

_{11. Finality and Limited Review}

The Company’s decision represents its final position on the matter unless otherwise required by law.

A limited review may be permitted at the Company’s discretion where a complainant can demonstrate a clear and material procedural error or the emergence of significant new evidence that could not reasonably have been provided earlier.

Disagreement with the outcome, dissatisfaction with enforcement, or repetition of arguments previously considered does not constitute grounds for review.

_{12. Protection From Retaliation}

Individuals who raise complaints in good faith will not be subjected to retaliation, victimisation, or detriment as a result of doing so.

This protection does not extend to complaints raised maliciously, dishonestly, abusively, or in bad faith.

Retaliatory conduct may result in action under the Company’s Code of Conduct or other applicable policies.

_{13. Confidentiality and Data Protection}

Complaints will be handled sensitively and confidentially so far as is practicable and lawful.

Information will be shared only where necessary to assess or investigate the complaint, comply with legal obligations, safeguard individuals, or protect the Company’s legitimate interests.

All personal data is handled in accordance with the Company’s Privacy Policy and applicable data protection legislation.

_{14. Interaction With Other Policies}

This Policy operates alongside, and does not replace, the Company’s Code of Conduct, Community Rules & Acceptable Use Policy,

Safeguarding & Child Protection Policy, Whistleblowing Policy, Equality, Diversity & Inclusion Policy, Asset Protection Policy, Health & Safety Policy, and Privacy Policy.

Where issues overlap, the Company will apply the most appropriate policy or the highest applicable standard.

_{15. Governance, Oversight and Review}

The Executive Leadership Team of Nexus Network Group Limited holds ultimate responsibility for oversight, interpretation, and enforcement of this Policy.

This Policy will be reviewed periodically and updated where necessary to reflect changes in law, regulatory guidance, organisational structure, or operational risk.

_{16. Policy Status and Document Control}

This document constitutes the Complaints & Grievance Policy of Nexus Network Group Limited and is authoritative and binding across the organisation.

Made By J.Broderick
Organisation: Nexus Network Group Limited
Policy Title: Complaints & Grievance Policy
Version: 2.0
Status: Approved and Active
Approval Date: January 2026
Review Cycle: Periodic or upon significant change

© Nexus Network Group Limited. All rights reserved.

_{Moderation & Enforcement Policy}

Nexus Network Group Limited

_{1. Purpose, Authority and Legal Standing}

Nexus Network Group Limited (“the Company”) operates moderated platforms, communities, and digital environments for lawful, safe, inclusive, and non-commercial participation. This Moderation & Enforcement Policy (“the Policy”) establishes the framework by which rules are applied, behaviour is assessed, and enforcement decisions are made.

The purpose of this Policy is to protect users, volunteers, children and young people, organisational assets, and the integrity of the Company’s platforms. It exists to ensure that moderation is consistent, proportionate, and aligned with governance responsibilities while preserving the Company’s discretion to act decisively where risk arises.

This Policy forms part of the Company’s governance framework. It does not create contractual rights, employment rights, guarantees of participation, or legally enforceable expectations beyond those required by law.

The Company retains full authority to moderate and enforce rules across all Company-managed environments.

_{2. Scope and Application}

This Policy applies to all platforms, services, communities, and environments operated, managed, moderated, or branded by Nexus Network Group Limited.

It applies to all individuals engaging with those environments, including community members, participants, volunteers, moderators, administrators, developers, contributors, role-holders, and service users.

The Policy applies regardless of geographic location, duration of involvement, or method of access.

Use of Company-managed platforms constitutes acceptance of this Policy by conduct.

_{3. Nature of Moderation and Discretion}

Moderation is a governance function exercised to protect safety, wellbeing, and lawful operation.

Moderation decisions are inherently discretionary. The Company is not obliged to permit participation, provide warnings, follow graduated steps, or exhaust lesser measures before taking enforcement action.

The absence of prior enforcement, inconsistency in historic enforcement, or tolerance of behaviour in the past does not create precedent, entitlement, or waiver of the Company’s right to act.

Moderation decisions are made based on context, cumulative behaviour, risk assessment, safeguarding considerations, and organisational integrity, not solely on isolated incidents.

_{4. Standards Applied in Moderation}

Moderation is guided by, but not limited to, the following considerations:

Compliance with the Code of Conduct, Community Rules & Acceptable Use Policy, Safeguarding & Child Protection Policy, Equality, Diversity & Inclusion Policy, Asset Protection & Non-Trading Policy, and applicable platform rules.

The impact of behaviour on others, including actual or potential harm.

Patterns of behaviour, escalation, or cumulative misconduct.

Risk to children and young people.

Risk to organisational integrity, safety, reputation, or lawful operation.

Moderation decisions may be taken even where behaviour does not meet a criminal or statutory threshold.

_{5. Safeguarding-Led Moderation}

Safeguarding considerations take absolute precedence over all other factors.

Where behaviour raises safeguarding concerns, the Company may take immediate protective action without notice, explanation, or prior warning.

This may include restriction or removal of access, suspension, permanent exclusion, preservation of evidence, and referral to safeguarding authorities or law enforcement where required.

The Company is not required to disclose safeguarding information or investigative details to affected individuals.

_{6. Moderation Roles and Authority}

Moderators and administrators act under delegated authority from Nexus Network Group Limited.

They are empowered to assess behaviour, issue instructions, apply restrictions, remove content, and escalate matters in accordance with governance direction.

Moderators act as agents of the Company. Disrespect, harassment, intimidation, or attempts to undermine moderation authority constitute serious misconduct.

The Company reserves the right to override, amend, or reverse moderation actions at any time.

_{7. Enforcement Measures}

Enforcement measures are selected at the Company’s discretion and may include, without limitation, guidance, warnings, content removal, temporary restrictions, muting, suspension, removal from roles, permanent bans, or exclusion from platforms.

The Company may take immediate enforcement action without prior warning where necessary to protect individuals, platforms, or organisational integrity.

No individual has a right to a warning, a particular enforcement pathway, or continued participation.

_{8. Evidence, Records and Decision-Making}

The Company may rely on any information reasonably available to it when making moderation decisions. This may include logs, reports, messages, recordings, platform data, screenshots, witness accounts, or professional judgement.

The Company is not required to disclose evidence, internal assessments, or decision-making rationale in full, particularly where doing so would compromise safeguarding, privacy, security, or governance interests.

_{9. No Entitlement to Appeal or Reinstatement}

Moderation decisions are final unless the Company expressly determines otherwise.

There is no automatic right to appeal, reinstatement, explanation, or review. Any review process offered is discretionary and does not create precedent.

Disagreement with moderation outcomes does not invalidate enforcement action.

_{10. Abuse of Moderation Processes}

Attempts to evade enforcement, create alternate accounts, manipulate reporting systems, harass moderators, incite others, or weaponise complaints processes are prohibited.

Such behaviour may result in escalated enforcement, including permanent exclusion.

_{11. Interaction With Complaints and Whistleblowing}

Moderation actions may be the subject of complaint only through the Company’s Complaints & Grievance Policy and only on procedural grounds.

Whistleblowing protections apply only to disclosures made in good faith and in the public interest and do not protect attempts to avoid moderation or enforcement.

_{12. External Platforms and Third-Party Rules}

This Policy operates alongside, and does not override, the rules and enforcement mechanisms of third-party platforms.

The Company may report conduct to platform operators or cooperate with external enforcement where required.

_{13. Limitation of Liability}

To the fullest extent permitted by law, the Company accepts no liability for loss of access, loss of content, reputational impact, or other consequences arising from moderation or enforcement actions.

Participation in Company-managed environments is voluntary and at the individual’s own risk.

_{14. Governance, Review and Amendment}

The Executive Leadership Team of Nexus Network Group Limited holds ultimate responsibility for moderation governance, interpretation, and enforcement.

This Policy may be amended at any time to reflect changes in law, platform risk, safeguarding standards, or organisational requirements.

Continued use of Company-managed platforms constitutes acceptance of the current version of this Policy.

_{15. Policy Status and Document Control}

Organisation: Nexus Network Group Limited
Policy Title: Moderation & Enforcement Policy
Version: 1.0
Status: Approved and Active
Approval Date: January 2026
Review Cycle: Periodic or as required

© Nexus Network Group Limited. All rights reserved.

_{Website Terms of Use}

Nexus Network Group Limited
Last updated: January 2026

_{IMPORTANT LEGAL NOTICE – BINDING TERMS OF ACCESS AND USE}

These Website Terms of Use (“Terms”) constitute a legally binding and enforceable agreement between you (“you”, “the user”, “visitor”, “individual”, “entity”, “organisation”, or “party”) and Nexus Network Group Limited (“the Company”, “we”, “us”, “our”).

By accessing, loading, requesting, rendering, viewing, browsing, crawling, indexing, interacting with, transmitting data to, receiving data from, or otherwise using this website in any manner whatsoever, whether directly or indirectly, manually or automatically, intentionally or unintentionally, you confirm that you have read, understood, and irrevocably agree to be legally bound by these Terms in their entirety.

If you do not agree with every provision of these Terms exactly as written, you must immediately and permanently cease all access to and use of this website and any associated systems.

No argument based on lack of notice, lack of understanding, implied permission, public accessibility, technical availability, silence, non-response, prior conduct, failure to enforce, industry custom, academic practice, asserted public interest, or claimed necessity shall be accepted.

_{1. Company Identity, Definitions, and Interpretation}

Nexus Network Group Limited is a private limited company incorporated and registered in the United Kingdom.

Company Name: Nexus Network Group Limited

Company Registration Number: 16069654

Registered Office: 17, Shap Road Industrial Estate, Kendal, LA9 6NZ, United Kingdom

For the purposes of these Terms, references to the “Website” include all websites, domains, subdomains, URLs, IP addresses, pages, services, portals, interfaces, APIs, systems, servers, infrastructure, and associated digital assets owned, operated, administered, controlled, or made available by the Company, whether now existing or created in the future.

“Access” includes any technical request, connection, fetch, load, render, execution, download, upload, interaction, or attempted interaction, whether successful or unsuccessful.

“Content” includes all text, data, graphics, layouts, designs, branding, logos, trademarks, service marks, media, audio-visual materials, code, scripts, stylesheets, metadata, documentation, and compilations.

These Terms shall be interpreted broadly and in a manner that favours the protection of the Company’s rights, systems, data, and lawful interests.

_{2. Acceptance, Eligibility, and Right of Access}

Acceptance of these Terms occurs by conduct alone. No registration, signature, checkbox, or explicit confirmation is required. Partial acceptance, selective compliance, conditional acceptance, or attempted modification is expressly prohibited and has no legal effect.

You represent and warrant that you have the legal capacity to enter into these Terms and that your access to the Website is lawful in all applicable jurisdictions.

The Company reserves the absolute and unfettered right to determine eligibility for access and may suspend, restrict, throttle, block, or terminate access at any time, with or without notice and without providing reasons. The availability of the Website does not create any right of access, continuity, service, or entitlement.

These Terms constitute the entire agreement relating to the Website and supersede all prior or contemporaneous understandings, representations, communications, or assumptions unless expressly stated otherwise in writing by a duly authorised officer of the Company.

_{3. Permitted Use and Absolute Prohibitions}

The Website is provided solely for lawful informational purposes and strictly authorised operational interaction as determined by the Company. Any use beyond this narrow permission is prohibited. The absence of technical restrictions does not imply consent, licence, or authorisation.

Without limitation, you must not, directly or indirectly, intentionally or unintentionally, manually or automatically, personally or via any third party, engage in any activity that interferes with the security, integrity, availability, or lawful operation of the Website or its systems.

 This includes attempting unauthorised access; bypassing authentication or security controls; exploiting vulnerabilities; conducting scanning, probing, or penetration testing; scraping, crawling, indexing, harvesting, mirroring, caching, reverse engineering, decompiling, analysing, profiling, fingerprinting, or extracting data, structure, behaviour, or metadata; deploying bots, scripts, automation, headless browsers, AI agents, or machine-learning tools; introducing analytics, telemetry, monitoring, performance testing, or measurement tools; overloading or disrupting systems; impersonation, deception, harassment, or abuse.

Any unauthorised use constitutes a material breach of these Terms.

_{4. Absolute Prohibition on Research, Analysis, and External Study}

The Company does not consent to and expressly prohibits any external research, analysis, study, monitoring, observation, evaluation, or investigation involving the Website, systems, platforms, or communities.

This prohibition applies without exception and includes academic, institutional, commercial, sociological, psychological, behavioural, technical, benchmarking, performance evaluation, AI training, dataset creation, surveys, interviews, questionnaires, case studies, reports, whitepapers, or publications, regardless of method, anonymisation, disclosure, or claimed consent.

No consent shall be implied by public accessibility, user participation, silence, non-response, prior correspondence, or platform norms. Only explicit written authorisation signed by a duly authorised officer of Nexus Network Group Limited is valid.

No data obtained through interaction with the Website or systems may be used for research, modelling, training, publication, reporting, or external analysis.

_{5. Intellectual Property, Monitoring, Enforcement, and Liability}

All Content is owned by or licensed to Nexus Network Group Limited. No licence, right, or permission is granted except where expressly stated in writing. Unauthorised use may result in civil or criminal action.

You acknowledge that activity may be monitored, logged, analysed, retained, and disclosed for security, governance, compliance, and legal purposes. Monitoring does not create any duty or obligation on the part of the Company.

Unauthorised activity may constitute offences under applicable law, including the Computer Misuse Act 1990, the Data Protection Act 2018, the UK GDPR, and the Fraud Act 2006. The Company reserves the unrestricted right to terminate access immediately, preserve evidence, cooperate with regulators or law enforcement, and seek injunctive relief, damages, costs, and other remedies.

To the maximum extent permitted by law, the Website is provided “as is” and “as available”, and the Company accepts no liability for loss or damage arising from access to or use of the Website, including indirect, consequential, incidental, or reputational loss. Nothing in these Terms excludes liability where exclusion is prohibited by law.

You agree to indemnify and hold harmless Nexus Network Group Limited from all claims, losses, costs, and expenses arising from your breach of these Terms or misuse of the Website.

_{6. Data Protection, Marketing Restrictions, and Contact}

Personal data is processed strictly in accordance with the UK GDPR and the Data Protection Act 2018. Further details are set out in the Company’s Privacy Policy.

No consent is given for marketing, sales, solicitation, analytics, SEO, hosting, monitoring, or unsolicited contact of any kind. Unauthorised contact may be reported to regulatory authorities without notice.

_{7. Amendments, Severability, and Governing Law}

These Terms may be amended at any time. Continued access to or use of the Website constitutes acceptance of the revised Terms.

If any provision is held invalid or unenforceable, the remaining provisions remain in full force and effect.

These Terms are governed by the laws of England and Wales. The courts of England and Wales have exclusive jurisdiction.

_{Final Acknowledgement}

By accessing or using this Website, you confirm beyond doubt that you have read, understood, and agree to be legally bound by these Terms of Use in full, without exception, limitation, or reservation.

© Nexus Network Group Limited. All rights reserved.

_{Cookie, Tracking and Advertising Policy}

Nexus Network Group Limited
Last updated: January 2026

_{1. Absolute Statement of Non-Use of Cookies}

Nexus Network Group Limited does not operate cookies on its website.

No cookies of any kind are used, deployed, stored, transmitted, or permitted in connection with the Company’s website. This statement applies without exception and without qualification.

This includes, but is not limited to, first-party cookies, third-party cookies, session cookies, persistent cookies, tracking cookies, analytics cookies, marketing cookies, advertising cookies, preference cookies, or any similar or equivalent technology.

At no point does the Company intentionally place, authorise, or rely upon any file, identifier, or storage mechanism on a user’s device for the purpose of identification, recognition, tracking, profiling, or persistence between visits.

_{2. Absolute No-Tracking Position}

The Company does not track users of its website.

No behavioural tracking, usage tracking, profiling, monitoring, or measurement of individual users or groups of users is carried out. The Company does not collect or analyse browsing behaviour, page views, dwell time, interaction data, navigation paths, or engagement metrics.

The Company does not operate, integrate, or permit analytics platforms, tracking services, performance measurement tools, heatmaps, session replay technologies, fingerprinting techniques, or similar systems.

No user data is processed for the purpose of monitoring, analysing, influencing, or predicting behaviour.

_{3. Absolute Prohibition on Advertising}

The Company does not operate advertising on its website.

No paid advertisements, sponsored content, promotional material, banner advertisements, pop-ups, video advertisements, affiliate links, interest-based advertising, targeted advertising, personalised advertising, or contextual advertising are displayed or permitted.

The Company does not sell advertising space, does not participate in advertising networks, does not engage advertising intermediaries, and does not allow third parties to place or serve advertisements through its website.

As advertising is not conducted, no data is collected, processed, or retained for advertising, marketing, or promotional purposes.

_{4. Technical Operation Without Cookies, Tracking or Advertising}

The website is engineered to function entirely without cookies, tracking technologies, or advertising systems.

All content delivery occurs through transient server-side processes that do not store information on a user’s device and do not enable recognition of returning users.

The Company does not maintain user sessions, identifiers, or persistent states through client-side storage mechanisms.

_{5. Server-Side Operational Logs}

For security, integrity, and lawful operation, the Company may process limited server-side technical information, such as IP addresses, timestamps, and request headers.

This processing does not involve cookies, does not occur on user devices, and is not used for tracking, analytics, profiling, or advertising. Such information is access-restricted and retained only for as long as operationally necessary.

_{6. Third-Party Content and External Sites}

The Company does not intentionally embed third-party content that deploys cookies, tracking mechanisms, or advertising technologies.

Where users voluntarily navigate to external websites via links, those websites operate independently and are governed by their own policies. Nexus Network Group Limited has no control over and accepts no responsibility for the practices of external websites.

_{7. Prohibition on External Tracking or Advertising Injection}

No person or entity is authorised to introduce, inject, attach, overlay, or otherwise deploy cookies, tracking technologies, analytics tools, monitoring systems, or advertising mechanisms in relation to the Company’s website.

Any attempt to do so is unauthorised and prohibited.

_{8. Legal Compliance and Consent Position}

This Policy is compliant with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

As the Company does not use cookies, tracking technologies, or advertising, no consent mechanism, banner, or preference tool is required.

_{9. Policy Authority and Review}

This Policy represents the definitive and authoritative position of Nexus Network Group Limited regarding cookies, tracking, and advertising.

It shall remain in force unless and until formally amended and republished by the Company.

_{10. Contact}

For enquiries regarding this Policy, contact:

Nexus Network Group Limited
📧 privacy@nexusnetworkgroup.co.uk

Concerns may also be raised with the Information Commissioner’s Office (ICO).

© Nexus Network Group Limited. All rights reserved.

_{Risk Management Policy}

Nexus Network Group Limited

_{Policy Statement}

This document constitutes the formal Risk Management Policy of Nexus Network Group Limited (“the Company”). It sets out the authoritative framework through which the Company identifies, assesses, manages, monitors, and reviews risks arising from its governance, operations, activities, and strategic objectives.

This policy is intentionally written in a formal, narrative, policy-grade format suitable for external scrutiny by regulators, partners, auditors, and other stakeholders. It reflects the Company’s commitment to responsible governance, legal and regulatory compliance, safeguarding, and the protection of its people, communities, assets, and reputation.

This policy forms an integral part of the Company’s wider governance framework and shall be read in conjunction with related policies, including governance, safeguarding, data protection, incident management, whistleblowing, and code of conduct policies.

_{1. Purpose}

This Risk Management Policy sets out the formal framework by which Nexus Network Group Limited (“the Company”, “we”, “us”, or “our”) identifies, evaluates, manages, monitors, and reviews risks that may affect the organisation’s people, operations, assets, reputation, legal standing, and long-term strategic objectives.

The Company recognises that risk is inherent in all organisational activity. This policy exists to ensure that risks are not ignored, unmanaged, or addressed only after harm has occurred. Instead, the Company adopts a proactive, structured, and proportionate approach to risk management that supports informed decision-making, organisational resilience, and the protection of all stakeholders.

Risk management is not a standalone function but a core component of governance, leadership, operational planning, and service delivery across the Company.

_{2. Scope}

This policy applies across the entirety of the Company’s structure, activities, and platforms. It is binding upon all directors, members of the Executive Leadership Team, senior managers, departmental leads, employees, volunteers, contractors, and any individual acting on behalf of the Company in an official or representative capacity.

The scope of this policy extends to all operational environments operated, managed, or affiliated with the Company, including digital platforms, community spaces, moderation systems, safeguarding functions, data processing activities, and external engagements. It applies equally to strategic planning, routine operations, and exceptional or emergency circumstances.

All risks, whether internal or external, foreseeable or emerging, fall within the scope of this policy where they have the potential to impact the Company or those connected to it.

_{3. Risk Management Principles}

The Company is committed to embedding a culture of risk awareness, accountability, and responsibility at every level of the organisation. Risk management shall be conducted in a manner proportionate to the nature, scale, and complexity of the Company’s activities, while remaining sufficiently robust to protect individuals, communities, and organisational integrity.

The Company adopts a preventative and evidence-based approach, prioritising early identification and mitigation of risk over reactive response. Decisions shall be informed by a balanced consideration of opportunity and risk, ensuring that innovation and growth do not compromise safety, legality, or ethical standards.

Risk management processes shall be transparent, documented, and subject to regular review. Risk considerations shall be integrated into governance discussions, operational planning, and policy development, and learning from incidents and near-misses shall inform continuous improvement.

_{4. Risk Categories}

The Company acknowledges that risk may arise from a wide range of sources and may manifest differently depending on context. Risks are therefore considered holistically and may include strategic, operational, safeguarding, legal, financial, technological, reputational, and people-related risks.

Strategic risks relate to threats to the Company’s mission, governance arrangements, leadership effectiveness, or long-term sustainability. Operational risks arise from failures in systems, processes, staffing, or service delivery. Safeguarding risks concern actual or potential harm to children, vulnerable persons, or community members. Legal and compliance risks involve breaches of statutory obligations, regulatory requirements, or internal policies.

Data protection and cybersecurity risks include unauthorised access, loss, misuse, or compromise of information. Reputational risks arise where actions, omissions, or incidents may undermine public trust or stakeholder confidence. Financial risks include fraud, mismanagement, or inadequate controls. People risks include misconduct, capability gaps, burnout, or failures in supervision.

These categories are not exhaustive, and risks may overlap or evolve over time.

_{5. Roles and Responsibilities}

Overall accountability for the effective management of risk rests with the Company’s Board and Executive Leadership Team. They are collectively responsible for establishing a strong culture of risk awareness, setting the organisational tone for responsible governance, approving the risk management framework, and ensuring that significant and material risks are identified, assessed, controlled, monitored, and reviewed at an appropriate level. The Board and Executive Leadership Team must be satisfied that risk management arrangements are proportionate, effective, and aligned with the Company’s strategic objectives, legal obligations, and duty of care to stakeholders.

The Executive Lead Authority – Corporate Risk Management (or such other designated senior risk lead as appointed by the Company) holds operational responsibility for the design, implementation, and ongoing maintenance of the Company’s risk management framework. This includes oversight of the Risk Register, coordination of risk identification and assessment activities, monitoring the effectiveness of mitigation measures, and ensuring that material, emerging, or escalating risks are promptly escalated to senior leadership. This role also provides assurance that risk management processes are operating effectively and are subject to continuous improvement.

Directors, departmental leads, and senior managers are responsible for identifying, managing, and mitigating risks within their respective areas of authority and operational control. They must ensure that risks are properly documented, that suitable and proportionate controls are implemented, and that staff and volunteers understand their responsibilities in relation to risk. Where risks cannot be adequately controlled at departmental level, timely escalation in accordance with governance arrangements is required.

All staff, volunteers, and individuals acting on behalf of the Company have a personal responsibility to comply with Company policies and procedures, to remain vigilant to potential risks, and to report concerns, incidents, or weaknesses in controls without delay. Risk management is a shared organisational responsibility and forms a fundamental element of the Company’s expectations of professional conduct, accountability, and ethical behaviour.

_{6. Risk Identification and Assessment}

Risks shall be identified through a structured and continuous process that forms part of the Company’s strategic planning, operational oversight, and governance activity. Risk identification may arise from, but is not limited to, strategic reviews, operational monitoring, incident and near-miss reporting, audits, complaints, feedback mechanisms, regulatory developments, and professional judgement exercised by staff, volunteers, and leadership.

Risk identification may occur at any level of the organisation and at any time. Individuals are encouraged and expected to raise potential risks as soon as they are identified, regardless of perceived severity. The Company recognises that early identification of emerging risk is critical to effective mitigation and harm prevention.

Once identified, risks shall be assessed in a structured and consistent manner. Assessment shall consider both the likelihood of the risk occurring and the potential impact should it materialise. Impact assessment shall take into account potential harm to individuals, including physical, psychological, or emotional harm; legal or regulatory consequences; operational disruption; financial loss; and damage to reputation or stakeholder confidence.

Each risk shall be clearly described, assigned an appropriate risk rating, and allocated to a named risk owner who is accountable for its oversight, review, and mitigation.

_{7. Risk Register}

The Company shall maintain a central Risk Register as the authoritative record of identified organisational risks. The Risk Register shall capture, at a minimum, the nature of each risk, its assessed likelihood and impact, existing controls, planned mitigation actions, assigned ownership, and review status.

The Risk Register shall operate as a live governance tool rather than a static record. It shall be reviewed on a regular basis by senior leadership and updated to reflect changes in risk exposure, effectiveness of controls, or organisational activity. Risks assessed as high or critical shall be subject to enhanced oversight and, where appropriate, escalated for executive or board-level consideration.

The Risk Register shall also inform strategic decision-making, policy development, assurance activities, and organisational planning. Where appropriate, it may be used to demonstrate governance and due diligence to external stakeholders, regulators, or partners.

_{8. Risk Mitigation and Controls}

Where risks are identified, the Company shall determine and implement appropriate mitigation measures in line with proportionality, risk appetite, and best practice. Mitigation measures may include, but are not limited to, the introduction or revision of policies and procedures, training and supervision arrangements, technical or system controls, segregation of duties, enhanced oversight, or changes to operational practice.

In some circumstances, risks may be avoided entirely by altering, postponing, or discontinuing certain activities. In other cases, risks may be reduced to an acceptable level through effective controls or, where appropriate, transferred through contractual arrangements or insurance. Acceptance of risk shall only occur where it is justified, documented, and approved at the appropriate level of authority.

Risks relating to safeguarding, data protection, legal compliance, serious misconduct, or the potential for significant harm shall be subject to enhanced scrutiny and shall not be accepted without explicit executive approval. The Company will prioritise harm prevention and legal compliance over operational convenience.

_{9. Incident Reporting and Escalation}

Where a risk materialises, or where an incident or near-miss occurs, it must be reported promptly and accurately in accordance with the Company’s Incident Management, Safeguarding, and Data Protection policies. Timely reporting is essential to ensure effective response, mitigation of harm, and compliance with legal and regulatory obligations.

Reported incidents shall be assessed for severity and escalated in line with established escalation thresholds. Serious incidents, safeguarding concerns, or material data protection breaches shall be brought immediately to the attention of senior leadership and, where required, external authorities or regulators.

The Company will fulfil all applicable external reporting obligations, including notification to statutory bodies, regulators, platform providers, or other relevant organisations where required by law or best practice. Lessons learned from incidents and near-misses shall be documented and used to strengthen controls, improve processes, and reduce the likelihood of recurrence.

_{10. Monitoring and Review}

Risk management within the Company is an ongoing and dynamic process. This policy, together with the wider risk management framework, shall be subject to regular monitoring to ensure continued effectiveness and relevance.

A formal review of this policy shall take place at least annually and additionally where there are significant changes to legislation, regulatory expectations, organisational structure, operational activity, or following a serious incident or material risk event. Reviews shall consider the adequacy of controls, emerging risks, and lessons learned.

Findings from reviews, audits, and assurance activities shall be reported to senior leadership and acted upon in a timely manner. Where weaknesses are identified, corrective actions shall be implemented and monitored to completion.

_{11. Breach of Policy}

Failure to comply with this policy, or failure to appropriately discharge risk management responsibilities, may result in disciplinary action, removal from role, or other corrective measures in accordance with the Company’s governance and enforcement policies.

Serious, persistent, or deliberate breaches may result in escalation to external authorities, regulators, or partner organisations where required. The Company will take a firm and proportionate approach to enforcement in order to uphold governance standards, protect stakeholders, and maintain public trust.

_{12. Policy Ownership and Approval}

This policy is owned by the Executive Leadership Team of Nexus Networks Group Limited and is operationally overseen by the Executive Lead Authority – Corporate Risk Management or such other designated senior risk lead as appointed by the Company.

Final approval authority rests with the Company’s Board or Executive Leadership Team, in accordance with the Company’s governance and delegation arrangements. This policy shall remain in force until formally reviewed, amended, or replaced.

_{Sponsorships and Partnerships Policy}

Nexus Network Group Limited

_{Policy Statement}

This document constitutes the formal Sponsorships and Partnerships Policy of Nexus Network Group Limited (“the Company”). It establishes the authoritative framework governing the consideration, approval, management, monitoring, and termination of all sponsorships and partnerships entered into by the Company.

This policy is intentionally precautionary, risk-averse, and governance-led. It is written to a standard suitable for scrutiny by regulators, auditors, partners, funders, and other external stakeholders and forms part of the Company’s core governance framework. The policy exists to protect the Company’s independence, legal standing, safeguarding responsibilities, brand integrity, and public trust.

This policy shall be read in conjunction with the Company’s Governance Policy, Risk Management Policy, Safeguarding Policy, Data Protection Policies, Code of Conduct, Equality, Diversity & Inclusion Policy, and Brand and Communications standards.

_{1. Purpose}

The purpose of this policy is to ensure that all sponsorships and partnerships entered into by the Company are lawful, ethical, transparent, and aligned with the Company’s objects, values, and duty of care.

The Company recognises that external relationships may provide strategic or operational benefit, but also acknowledges that such relationships may expose the organisation to legal, financial, safeguarding, reputational, and regulatory risk. This policy therefore establishes clear authority, eligibility requirements, approval thresholds, and controls to ensure that sponsorships and partnerships are entered into only where risks are understood, mitigated, and acceptable.

_{2. Scope}

This policy applies to all directors, members of the Executive Leadership Team, employees, volunteers, contractors, and any individual acting on behalf of the Company in an official or representative capacity.

It applies to all forms of sponsorship and partnership, including but not limited to financial sponsorships, in-kind sponsorships, brand associations, promotional relationships, collaborations, affiliations, joint initiatives, data-sharing arrangements, and any arrangement in which an external party is associated with the Company’s name, brand, or activities.

No individual or department may form, represent, imply, or announce a sponsorship or partnership on behalf of the Company outside the provisions of this policy.

_{3. Principles}

All sponsorships and partnerships must be consistent with the Company’s mission, values, and ethical standards. The Company will only engage with external parties where the relationship supports legitimate organisational objectives and does not compromise safeguarding, equality, data protection, independence, or public trust.

The Company adopts a precautionary and risk-averse approach. Where doubt exists, the presumption shall be against proceeding. The protection of individuals, communities, and the Company’s reputation shall take precedence over operational convenience or financial benefit.

_{4. Authority and Representation}

Authority to enter into sponsorships or partnerships on behalf of the Company is strictly limited.

No director, employee, volunteer, contractor, or representative is authorised to solicit, negotiate, agree, represent, imply, or announce a sponsorship or partnership unless expressly authorised in accordance with this policy and the Company’s Governance and Delegation of Authority framework.

Informal, verbal, implied, conditional, or undocumented sponsorships or partnerships are strictly prohibited and shall be treated as unauthorised representations. Any such representations may result in disciplinary or corrective action.

_{5. Legal Verification and Eligibility Requirements}

As a mandatory condition of consideration, any organisation seeking to enter into a sponsorship or partnership with the Company must provide full, accurate, and verifiable legal and organisational information.

This includes confirmation of the legal entity on whose behalf the individual is acting, the organisation’s registered legal name and any trading names, registered address, company or organisational registration number, and the jurisdiction in which the organisation is incorporated or formally registered.

The organisation must also provide details of its official company website or primary public-facing online presence, a clear description of its operational activities, and its geographical area of operation. Where applicable, the organisation must be capable of verification through an official public register or statutory authority, such as Companies House in the United Kingdom or an equivalent legally recognised registry, charity regulator, or regulatory body within its jurisdiction.

No individual may seek a sponsorship or partnership on behalf of an organisation unless they are duly authorised to do so. The Company reserves the right to require written confirmation of authority, proof of position, or other evidence to establish legal capacity to represent the organisation.

Failure to provide complete, accurate, or verifiable information shall result in the proposal not proceeding. Submission of information does not create any obligation on the part of the Company to approve or continue engagement.

_{6. Due Diligence and Risk Assessment}

All proposed sponsorships and partnerships shall be subject to documented due diligence and risk assessment prior to approval. This assessment shall consider, as a minimum, the external party’s legal status, governance and ownership arrangements, reputation, ethical standards, safeguarding practices, equality and non-discrimination commitments, data protection compliance, financial integrity, and any actual, potential, or perceived conflicts of interest.

Where risks are identified, appropriate mitigation must be demonstrably achievable. Sponsorships or partnerships presenting unacceptable or unmitigable risk shall not be approved. Relevant risks shall be recorded in the Company’s Risk Register where appropriate.

_{7. Approval Thresholds}

Approval authority for sponsorships and partnerships shall be determined by the nature, scale, duration, and risk profile of the proposed arrangement.

Any sponsorship or partnership involving financial consideration, in-kind support, brand association, public representation, promotional activity, shared platforms, data sharing, or reputational exposure requires formal approval by the Executive Leadership Team.

Arrangements assessed as high-risk, strategically significant, long-term, or capable of materially impacting the Company’s safeguarding obligations, reputation, or legal position shall require Board-level approval. No arrangement may proceed until the appropriate approval threshold has been satisfied and formally recorded.

_{8. Agreements and Conditions}

All approved sponsorships and partnerships must be governed by a written agreement. Agreements must clearly define the scope and purpose of the relationship, roles and responsibilities of each party, financial or in-kind contributions (where applicable), permitted use of branding and intellectual property, data protection and confidentiality provisions, review arrangements, and termination rights.

Sponsorships and partnerships must not include conditions, incentives, or expectations that restrict the Company’s governance authority, compromise ethical standards, or exert influence over operational, moderation, safeguarding, or disciplinary decisions.

_{9. Brand Protection and Public Representation}

The Company’s name, logo, branding, and reputation are to be rigorously protected at all times. External parties must not represent themselves as acting on behalf of the Company, as being endorsed by the Company, or as having authority or influence beyond the expressly agreed scope of the relationship.

The Company reserves the absolute right to restrict, suspend, or withdraw permission for the use of its branding and to terminate any sponsorship or partnership immediately where misuse, misrepresentation, non-compliance, or reputational risk is identified.

_{10. Monitoring, Review, and Termination}

All sponsorships and partnerships shall be subject to ongoing monitoring and periodic review to ensure continued compliance with this policy and alignment with the Company’s objectives and values.

The Company reserves the right, at its sole discretion, to amend, suspend, or terminate any sponsorship or partnership where circumstances change, risks increase, obligations are breached, or where continuation is no longer considered to be in the best interests of the Company, its stakeholders, or the communities it serves.

_{11. Breach of Policy}

Failure to comply with this policy may result in disciplinary action, removal from role, termination of agreements, or further action in accordance with the Company’s governance and enforcement arrangements. Serious or deliberate breaches may be escalated to external authorities where appropriate.

_{12. Policy Ownership and Approval}

This policy is owned by the Executive Leadership Team of Nexus Networks Group Limited and is subject to approval by the Board or Executive Leadership Team in accordance with governance arrangements. The policy shall be reviewed at least annually or following any material change in organisational activity, law, or risk profile.