Last Updated: January 2026
This Privacy Policy is issued by Nexus Network Group Limited (“the Company”, “we”, “us”, or “our”) and sets out, in comprehensive, definitive, and authoritative terms, the manner in which personal data is collected, processed, stored, protected, disclosed, and retained in connection with the Company’s activities.
This Policy applies to all personal data processed by or on behalf of the Company, whether such processing occurs directly or indirectly, electronically or manually, and whether data subjects interact with the Company through digital platforms, communication systems, applications, communities, governance structures, or administrative processes.
This Policy is intended to satisfy the Company’s obligations under the United Kingdom General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all applicable subordinate legislation, regulatory guidance, and authoritative interpretations issued by the Information Commissioner’s Office (ICO).
This Policy constitutes the Company’s definitive public statement on data protection practices and supersedes all prior privacy notices, statements, summaries, or informal representations, whether written or oral.
The Company recognises personal data protection as a matter of fundamental importance and treats data protection as a core governance responsibility.
All personal data processing activities are designed and implemented in accordance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, and confidentiality.
The Company adopts a privacy by design and privacy by default approach. Systems, platforms, processes, and organisational practices are structured so that personal data is processed only where necessary, only for lawful purposes, and only to the minimum extent required.
The Company does not engage in speculative, excessive, bulk, or precautionary data collection and actively seeks to reduce the volume, sensitivity, and retention period of personal data wherever practicable.
Nexus Network Group Limited does not operate cookies on its website.
No cookies of any kind are used, deployed, stored, transmitted, or permitted. This includes first-party cookies, third-party cookies, session cookies, persistent cookies, tracking cookies, analytics cookies, marketing cookies, advertising cookies, or preference cookies.
The Company does not track users, does not profile users, does not conduct behavioural analysis, and does not operate analytics platforms, monitoring tools, heatmaps, session replay technologies, fingerprinting techniques, or similar systems.
The Company does not operate advertising of any kind. No paid adverts, sponsored content, promotional material, interest-based advertising, targeted advertising, personalised advertising, affiliate links, or commercial marketing mechanisms are displayed or permitted.
No personal data is processed for marketing, advertising, profiling, analytics, or commercial exploitation.
This position is absolute and without exception.
The Company processes personal data only in relation to individuals whose interaction with the Company necessitates identification, accountability, safeguarding, moderation, administration, or governance oversight.
This includes, without limitation, individuals who participate in ScotCity ERPC (FiveM), ScotCity Logistics, or associated simulation, gaming, or digital community platforms; individuals who apply for, hold, or undertake voluntary, administrative, moderation, leadership, or governance roles; and individuals who contact the Company for support, dispute resolution, safeguarding, moderation, or operational matters.
Individuals who interact only passively or casually with public-facing platforms are not subject to routine personal data processing beyond transient technical identifiers strictly necessary for functionality, security, or abuse prevention.
Depending on context, the Company may process personal data including usernames, display names, platform identifiers, communication handles, account-related information, contact details voluntarily provided, application or role-related information, moderation or safeguarding records, and technical server-side data such as IP addresses, timestamps, and connection logs.
The Company does not knowingly collect or process special category personal data under Article 9 UK GDPR or criminal conviction data under Article 10, unless such processing becomes strictly necessary for safeguarding or legal compliance and is supported by a valid lawful basis and appropriate safeguards.
Individuals are strongly discouraged from submitting sensitive personal data unless expressly requested and clearly justified.
All personal data is processed under one or more lawful bases set out in Article 6 UK GDPR, including consent where validly given, necessity for organisational functions or role performance, compliance with legal obligations, or the Company’s legitimate interests.
Legitimate interests include moderation, safeguarding, security, dispute resolution, governance, and the protection of platform and community integrity. Such interests are assessed to ensure they do not override the rights and freedoms of data subjects.
The Company does not carry out automated decision-making or profiling that produces legal or similarly significant effects.
The Company does not sell, rent, trade, license, monetise, or commercially exploit personal data under any circumstances.
Personal data is never used for advertising, marketing, profiling, analytics for commercial gain, or third-party commercial purposes.
The Company operates on a non-commercial, non-trading basis and does not derive revenue from the exploitation of personal data.
Personal data is retained only for as long as strictly necessary to fulfil its lawful purpose, including operational administration, enforcement of rules, safeguarding obligations, dispute resolution, or compliance with legal requirements.
Retention periods are determined by necessity, proportionality, and risk. When data is no longer required, it is securely deleted, anonymised, or irreversibly de-identified.
The Company does not operate indefinite or precautionary retention practices.
The Company implements appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage.
Access to personal data is restricted to authorised individuals with a legitimate organisational need and subject to confidentiality obligations and internal governance controls.
The Company’s platforms and services are not intended for children under the age of 13, and personal data relating to children under this age is not knowingly processed.
Where individuals aged 13 to 17 participate, enhanced data minimisation, safeguarding controls, restricted access, and limited retention apply. Personal data relating to minors is never used for marketing, profiling, analytics, or advertising.
Safeguarding disclosures may be shared with appropriate authorities where required by law.
The Company does not disclose personal data to third parties except where required by law, necessary to protect individuals, required for safeguarding purposes, or essential to protect organisational integrity.
All disclosures are limited to what is strictly necessary and proportionate.
Data subjects have rights under UK GDPR, including access, rectification, erasure where legally permissible, restriction or objection to processing, data portability where applicable, and withdrawal of consent where consent is relied upon.
Requests are handled within statutory time limits and subject to lawful exemptions.
Data Controller:
Nexus Network Group Limited
United Kingdom
📧 privacy@nexusnetworkgroup.co.uk
Data subjects may also lodge a complaint with the Information Commissioner’s Office (ICO).
This Policy provides transparency regarding data protection practices. It does not create contractual rights, override statutory obligations, or replace applicable law.
In the event of conflict, applicable law prevails. This Policy shall be interpreted consistently with UK GDPR principles and the Company’s non-commercial, non-trading status.
This Privacy Policy is authoritative as at the date stated above and forms part of the Company’s governance framework. It remains in force unless formally amended and republished.
© Nexus Network Group Limited. All rights reserved.