Nexus sees the EU's general data protection regulation (GDPR) as an important step forward in streamlining and unifying data protection requirements across the EU. We also see it as a great opportunity for us to strengthen our clear commitment to data protection principles and practices. It is as well fully in line with our recent ISO 27001 certification in Sweden.  

Therefore, we have gathered some frequently asked questions regarding Nexus GO Cards and GDPR. See also GDPR statements.


Nexus stores the information our customers need for their ID cards and access cards; the cards we encode, design and produce on behalf of the customer. It may be personal data such as name, social security number, and photos. Nexus also stores the user information of the orderer.


Nexus’ customers continually order cards for their businesses, and they want to be able to view their order history. They want to follow which cards that have been produced and when. All Nexus' handling of personal data and card data is strictly confidential and with high data security. We collect only the information that our customers request. 


The customer decides whether personal data is deleted immediately after a card has been produced and delivered or if the data is to be stored for some time. The customer can also remove personal data from their order history in Nexus order portal, provided that the order is produced and invoiced.


A card is always blocked in the systems in which it is used, such as an access control system, a card reader, etc. The blocking is made at the customer’s premises and by the customer (who is the one who manages and owns the rights to their respective systems).


To gain access to the Nexus order portal, you and your company need to be a Nexus GO customer. Then we together define the right people and right permissions to be linked to each client account with a secure authentication method. Nexus uses 2FA (two-factor authentication) for our services and we recommend our customers to apply it.

To become a Nexus GO customer is very easy, see here for more information.


Blocked cards that have not changed status are deleted after 90 days.


Client files on the FTP server are handled by the customer and can be deleted after use and when needed.


Yes we have, you can find it here:
Data processing agreement for Nexus GO Cards

Questions and answers in Swedish

The questions and answers for GDPR and Nexus GO Cards are also available in Swedish.