Privacy Policy

As operators of this Website, Nimbus Digital & Technology Innovations Ltd (Company No.03337471), (“We/we“, “Us/us“, “Our/our“) are committed to protecting and respecting your privacy.

This Privacy Policy (“Policy”) sets out the basis for processing any personal data collected through your use of this Website.

For the purposes of the Data Protection Act 2018 and the UK General Data Protection Regulation (Retained Regulation (EU 2016/679), the data controller is Nimbus Digital & Technology Innovations Ltd of 58 Cygnets Court, Timothy Bridges Road, Stratford Upon Avon, CV37 9NW. As a data controller, we accept responsibility for our processing of your personal information.

1. Data Protection Principles

We will comply with data protection laws and principles, which means that your personal data will be:

  • Used lawfully, fairly, and in a transparent way.
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  • Relevant to the purposes we have told you about and limited only to those purposes.
  • Accurate and kept up-to-date.
  • Kept only as long as necessary for the purposes we have told you about.
  • Processed securely.

2. Legal Basis For Processing Your Personal Data

When you use our Website or contact us, we have a legitimate interest in collecting, storing, and processing your personal data. This legitimate interest relates to us providing you with secure, privacy-focused services.

3. The Data We Collect About You

Personal data means any information from which you can be identified. It does not include data from which an individual’s identity has been removed (anonymous data). When using the Website or interacting with us, we may collect, use, store, transfer, and process different kinds of personal data relating to you.

Examples of Personal data we may collect and process are:

  • Identity data, including first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
  • Contact data, including address, email address, and telephone number.
  • Website technical data, including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our Websites.
  • Website usage data, including details of your visits to our Websites, including, but not limited to, traffic data, location data, weblogs, and other communication data, and the resources that you access as detailed in our cookies policy.

We do not intentionally collect any sensitive or special categories of personal data (as defined in the applicable data protection legislation) about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). If you provide us with sensitive personal data while using our Website or when you contact us (e.g., a speculative job application), we will request your explicit consent to process this data.

4. How Is Your Personal Data Collected?

We collect data from you to deliver services to you. You may give us your personal data by filling out forms on our Website, e.g., Contact Us, or by corresponding with us by post, phone, email, or otherwise. This includes personal data you provide (whether directly or indirectly via third parties such as those listed below):

We use various methods to collect this data from you, including but not limited to:

Directly by:

  • Requesting information about our services.
  • Providing information during an interview or phone call with us.
  • Reporting a problem with our Website.
  • Giving us feedback or contacting us.
  • Interacting with an email sent to you by us.
  • Requesting sales or marketing to be sent to you.
  • Submitting your curriculum vitae (CV) and cover letter.
  • Submitting an application form.
  • Entering a competition, promotion, or completing a survey.

Via Third parties or publicly available sources

We will receive personal data about you from various third parties and public sources, including (but not limited to) the following:

  • Job boards and online CV libraries with which we have a contract (e.g., Jobsite, Jobserve, Totaljobs).
  • National Security Clearance service providers (e.g., ADS Group).
  • LinkedIn and other professional networking sites.
  • Previous employers providing references.
  • Companies House.

Via Automated technologies or interactions

As you interact with our Website, we automatically collect technical data about your equipment, browsing actions, and patterns. We will collect this personal data using cookies, server logs, and similar technologies.  We typically use Google Analytics or similar technologies for this. Further details can be found in the Nimbus Cookies Policy, Cookies – nimbus (nimbusdti.co.uk).

5. Third-Party Links

The Website or our automated emails may include links to third-party Websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party Websites and are not responsible for their privacy statements. When you leave our Websites or click third-party links in an automated email, we encourage you to read the privacy policy of every Website you visit.

6. How We Use Your Personal Information

We only use your personal data to provide a service to you where the law allows us to do so. We may use your personal information to deliver our services to you that:

  • Provide you with information, products, or services that you request from us.
  • Allow you to participate in interactive features of our services when you choose to do so.
  • Are necessary for our legitimate interests (or those of a third party), and your interests and fundamental rights do not override those interests.
  • Comply with our legal or regulatory requirements.
  • Deliver the contract we are about to enter into or have entered into with you.
  • Maintain records related to our recruitment processes.
  • Notify you about changes to our services.
  • Provide your details (including your CV and other information provided to us) to employers (who are our clients) where you have submitted such information in response to job vacancies displayed on the Websites, job boards, LinkedIn, and similar.

7. Disclosures Of Your Personal Information

We will not transfer your personal data outside the United Kingdom without ensuring that the appropriate safeguards (as set out in the UKGDPR legislation) are in place.

We will never share your personal data with third parties for marketing purposes. We will not sell your data to any third parties.

We may disclose your personal information to third parties:

  • Where you have submitted such information in response to job vacancies displayed on our Website to the Employers to which the vacancy relates once you have permitted us.
  • If we are obliged to disclose or share your personal data to comply with any legal obligation or to enforce or apply our Website Terms and Conditions and other agreements.
  • To protect the rights, property, or safety of us, the Website, our users, and any third party we interact with.
  • Who provides the necessary cloud-based systems (e.g. Microsoft 365) that we use to deliver our services to you.

We require all third parties to respect the security of your personal data and treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process it for specified purposes and in accordance with our instructions as data controllers.

8. Retention Of Your Personal Data

We will only retain personal information for as long as necessary to fulfil the purposes for which we collected it, including satisfying any legal, accounting, or reporting requirements and managing our business.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal requirements.

9. IP Addresses And Cookies

Please see our Cookies Policy.

10. Data Security

We are an NCSC Cyber Essentials Plus certified organisation, which means we have been independently tested and certified to ensure we have secured our organisation from cyber attacks.

We have implemented proportionate security measures to prevent your personal data from being accidentally lost, used, accessed in an unauthorised way, altered, or disclosed. Additionally, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know.

We have implemented procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

11. Your Rights

Under UKGDPR and Data Protection Law, you have rights in relation to the processing of your data. If you wish to exercise any of the rights set out below, please contact us using the details in this Privacy Policy.

  • Right to be informed about how and why your personal data is being used and processed.
  • Right to request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it).
  • Right to request rectification of your personal data. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Right to request erasure of your personal data (right to be forgotten). This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you, if applicable, at the time of your request.
  • Right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party), and there is something about your particular situation that makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling, legitimate grounds to process your information which override your rights and freedoms.
  • Right of data portability/to request transfer of your personal data. We will provide you, or a third party you have chosen, with your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party), and there is something about your particular situation that makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling, legitimate grounds to process your information, which overrides your rights and freedoms.

12. Changes To Our Privacy Policy

We keep this Policy under regular review and reserve the right to modify it at any time. Any changes we make in the future will be posted on this page. Please check back frequently for any updates or changes to our privacy notice.

The personal data we hold about you must be accurate and current. Please keep us informed if your personal data changes during your relationship with us.

13. Contact

If you have any queries about this Policy, please contact enquiries@nimbusdti.co.uk.

You have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to address your concerns before you approach the ICO, so please get in touch with us in the first instance.

14. Version

This Policy was last updated: 28th February 2025.

Considering the cloud?

Get in touch!

Our Latest News & Insights

Nimbus Achieves Information Security Management Certification with BSI

 Read

New Sponsorship of the U17 Rangers team at Lillington Juniors FC Ltd Football Club

 Read

COVID-19 Data Programme GDPR and Cyber Security services

 Read
Cyber Essentials Plus
Crown Commercial Service Supplier