Legal
Privacy Policy
How Nysiris collects, uses, shares and protects personal data through this website — written to comply with Algerian Law No. 18-07 of 10 June 2018, as amended by Law No. 25-11 of 24 July 2025, on the protection of natural persons in the processing of personal data.
1. Scope & our role
This Policy applies to personal data processed when you visit this website or contact us through it. For these activities Nysiris acts as the data controller. When we process personal data on behalf of a client while delivering Services, we act as a processor under the data-processing terms of the relevant engagement; that processing is governed by the client's own notices, not this Policy.
2. Controller, DPO & contact
Controller: Nysiris, an IT services, consulting and software company established in Algeria in 2023 and operating under the IFU regime; our full identification (legal form, RC, NIF, Article d'imposition and registered office) is set out in every Agreement and on our invoices. We have designated a Data Protection Officer (DPO / Délégué à la protection des données), whom you may contact for any privacy matter — including to exercise your rights — at privacy@nysiris.com.
3. Personal data we process
We practise data minimisation and process only: (a) Identity and contact data you submit — name, work email, and optionally company and role; (b) Content of your message or application, including any details and attachments you choose to include; (c) Correspondence and the record of your request; (d) Limited technical and security data strictly necessary to deliver and protect the Site, such as the IP address contained in server-security logs and an anti-abuse timestamp. We do not collect special-category (sensitive) data and ask that you do not send it. The client console (“Sign in”) is in preparation and does not yet create accounts or collect credentials.
4. Cookies & local storage
This Site sets no cookies and uses no advertising or third-party tracking technologies; no consent banner is therefore required. We may use a privacy-preserving, cookieless and anonymous audience measurement that neither identifies you nor follows you across sites. The Site uses your browser's local storage solely for one strictly necessary preference — your chosen colour theme (key “ny-theme”). Your language is reflected in the URL, not stored. Because we set no tracking cookies, there is nothing to honour for “Do Not Track”.
5. Purposes & legal bases
We process your data to: respond to and manage your enquiry or proposal (steps prior to, or performance of, a contract); evaluate job/apprenticeship applications (your consent, and our legitimate interest in recruitment); operate, secure and prevent abuse of the Site (legitimate interest); and comply with legal obligations. Consent may be withdrawn at any time without affecting prior processing. The legal bases applicable to you are those of Algerian Law No. 18-07 of 10 June 2018, as amended by Law No. 25-11 of 24 July 2025, on the protection of natural persons in the processing of personal data. In Algerian law these bases — performance of a contract to which the data subject is party, the data subject's express consent, compliance with a legal obligation, and the controller's legitimate interest — are those set out in Article 7 of Law 18-07.
6. Recipients & processors
Your data is accessible only to authorised Nysiris personnel on a need-to-know basis, and to vetted service providers acting as processors under written agreements — principally our hosting and cloud-infrastructure providers, our communication (email and messaging) providers and, where relevant to a given service, payment, monitoring and security providers. We do not sell personal data, do not share it for others' marketing, and use no advertising networks. Personal data may also be disclosed to the competent public, administrative or judicial authorities where required by law or in response to a lawful request. A current list of processors is available on request, and we give prior notice of any intended material change.
7. International transfers
Our infrastructure is selected to keep processing within an appropriate jurisdiction. Personal data is processed primarily in Algeria. Where we use carefully selected providers located abroad — for example cloud, infrastructure or specialised processing services — we put in place the safeguards required by Algerian law, together with supplementary technical measures (notably encryption). Details for a specific transfer are available on request.
8. Retention
We keep personal data only for as long as necessary for the purpose for which it was collected: enquiry and proposal data for the duration of the exchange and for a limited period thereafter to manage the relationship and meet legal or limitation obligations; unsuccessful application data for a limited period (or longer with your consent for future opportunities); security-log data for a short period for protection and audit. At the end of the applicable period data is deleted or anonymised. You may request earlier erasure (see section 11). You remain responsible for keeping your own copies of any information you send us; this Site is not a system of record for your data. Specific statutory periods apply under Algerian law: contractual and invoicing records may be kept for up to fifteen (15) years for the defence of legal claims (Article 313 of the Algerian Civil Code), and connection and security-log data are kept for one (1) year (Article 11 of Law 09-04 of 5 August 2009 on the prevention of and fight against offences relating to information and communication technologies).
9. Security
We protect personal data with technical and organisational measures proportionate to the risk: encryption in transit (TLS 1.3) and at rest, least-privilege and audited access, secrets management, anti-abuse controls (rate-limiting, bot mitigation) and encrypted, restore-tested backups. We design to recognised frameworks (ISO/IEC 27001, SOC 2). No system is perfectly secure, but we work to detect, contain and learn from incidents.
10. Personal-data breaches
If a personal-data breach occurs, we will assess and document it and, where a notification obligation applies, notify the competent supervisory authority without undue delay (the corresponding duty toward the ANPDP under Algerian law), and inform affected individuals where the breach is likely to result in a high risk to their rights.
11. Your rights
Subject to applicable law, you may request: access to your data and a copy; rectification of inaccurate data; erasure; restriction of, or objection to, processing (including direct marketing, which we do not perform); and portability of data you provided where processing is by consent or contract and carried out by automated means. You may also withdraw consent at any time and raise any concern with our dedicated client-relations service (section 13). To exercise a right, write to admin@nysiris.com; we may ask for information to verify your identity and will respond free of charge and without undue delay — within the time limits set by applicable law. Under Algerian Law 18-07 these rights include the right to information (Article 32), the right of access (Article 34), the right of rectification (Article 35) and the right to object (Article 36); rectification is made free of charge within ten (10) days of a valid request; if a matter remains unresolved, our client-relations service will address it directly, and you retain your right to refer it to the ANPDP.
12. Automated decisions
We do not carry out automated decision-making that produces legal or similarly significant effects, and we do not profile you, within the meaning of applicable data-protection law.
13. Concerns & complaints
If you have a concern or complaint, please contact our dedicated client-relations service directly at relations@nysiris.com — we handle requests promptly and resolve most matters without escalation. You also retain your statutory right to lodge a complaint with a supervisory authority, in particular the Autorité nationale de protection des données à caractère personnel (ANPDP) in Algeria.
14. Children
The Site is intended for professional use and is not directed at children. We do not knowingly collect children's personal data; if you believe a child has provided data, contact us and we will delete it.
15. Changes, language & contact
We may update this Policy to reflect changes in our practices or the law; the version and date appear above and material changes are indicated prominently where appropriate. The English version prevails; translations are for convenience. Controller and privacy contact: admin@nysiris.com.
Applicable jurisdictions: Algeria
Last updated 20 June 2026
Enquiries: admin@nysiris.com