Version: 12 May 2025
Introduction
At Nomios, we are committed to process your personal data securely, transparently and with integrity. This Privacy Statement explains what personal data we collect, how we use it, and your rights concerning your personal data. We encourage you to review this statement periodically, as it may be updated to reflect changes in our practices or legal requirements.
For further details, this statement should be read in conjunction with our Cookie Policy.
Who are we?
Nomios UK&I is responsible for processing your personal data and considered the controller.
Nomios UK&I is part of the group of Nomios affiliates incorporated in different European countries (the Nomios Group Companies). All group companies work together like there is no separation in entity. The Nomios Group Companies might therefore share information and personal data during their normal business activities. We have taken all measures to ensure that whichever group company processes your personal data, the processing is in line with the European and UK data protection and privacy legislation.
Data Protection Officer (DPO)
At Nomios, we have appointed a Data Protection Officer (DPO) to ensure compliance with data protection regulations, including the UK GDPR and the Data Protection Act 2018. The DPO oversees our data protection strategy, trains staff, conducts audits, ensures that your rights are respected, and that all data processing is conducted securely and in compliance with data protection legislation. The DPO serves as the point of contact for any privacy-related questions or concerns.
If you have any questions about this Privacy Statement or wish to exercise your rights, you can contact our Data Protection Officer (DPO), Jordan Acock, at [email protected].
What personal data do we process?
During the performance of our services, or your use of our website, we collect and process the following categories of personal data of you:
- Personal details: Name, address, email, phone number.
- Company details: Function, company name, address.
- Communication details: personal data you provide through communication with us.
- Account Details: Username, password.
- Technical details: IP address, browser type, operating system, and other technical identifiers.
- Usage details: Information about your interactions with our websites, products, or services (e.g., pages visited, links clicked).
Why do we process your personal data?
The personal data we collect, and process is only used for the specific purpose for which it was provided. We process your personal data for the following purposes:
- Communication: to respond to a request for information or a question when you contact us through the contact form or per email.
- Marketing: sending you content such as the newsletter, event information, or promotion of goods or services.
- Events: inviting and registering you for an event or training.
- Business operations: communication regarding the services we deliver to the company you work for.
- Providing and improving our services: providing, analysing and enhancing our products and services, to provide a more personalized experience.
- Legal compliance: To fulfil legal and regulatory obligations, such as tax or regulatory obligations.
- Recruitment: please check our specific Applicant Privacy Statement.
Each processing activity is conducted with respect for your privacy, ensuring that your data is only used for its intended purposes.
On what legal grounds do we process your personal data?
Besides a specific purpose, processing of personal data requires a legal ground. We process your data based on the following legal grounds:
- Consent: When you explicitly provide your consent to process your personal data for a specific purpose. You can always withdraw your consent.
- Performance of a contract: When necessary to fulfil our obligations following from a contract between you and Nomios.
- Legal obligations: When necessary to comply with our legal obligations.
- Legitimate interest: When it is in our legitimate interest, provided this does not override your privacy rights. Such as to maintain communication during the performance of our services, to improve services or answer your questions.
How long do we keep your personal data?
We retain your personal data only for as long as necessary for the purpose for which it is processed. Once the retention period expires, we anonymize or securely delete your personal data.
With whom do we share your personal data?
We share your data securely with:
- Nomios Group entities: For internal operational purposes.
- Processors: Third-party service providers such as IT, support, and mailing services. These service providers are carefully selected and are contractually obligated through a data processing agreement to comply with our instructions, only process your personal data for the agreed-upon purposes, and protect your personal data, in accordance with the UK GDPR standards.
International transfers
Our aim is to process your personal data within the UK or the European Economic Area (EEA). In some cases, your personal data may be transferred outside the UK or EEA. When this occurs, and the country to which your personal data is transferred is not found adequate by the UK Government, we implement appropriate safeguards, such as an International Data Transfer Agreement (IDTA), to ensure your data is adequately protected, in compliance with the UK GDPR requirements.
How do we keep your personal data secure?
At Nomios, we apply a combination of technical and organizational measures to protect your personal data against loss, theft or other unlawful use. The technical measures include implementing access controls, encryption and firewalls. Furthermore, we take organisational measures such as training our employees to handle your personal data responsibly, continuously monitor our systems to prevent unauthorized access, and audit our compliance with the UK GDPR.
In case of a data breach, we will notify you promptly if it is likely to result in a high risk to your rights or freedoms, as required by law.
What rights do you have regarding your personal data?
Under the UK GDPR, you have the following rights:
- Right of access: you may request information about the processing and a copy of the personal data we process of you.
- Right to rectification: you may request us to correct inaccurate or complete incomplete personal data of you.
- Right to erasure: you may request the erasure of your personal data in certain cases, such as when the personal data are no longer necessary for the purpose or when you have objected to the processing.
- Right to restriction of processing: you may request us to restrict the processing of your personal data in certain cases, such as when you contest the accuracy of the personal data or have objected to the processing.
- Right to data portability: you may request your data in a machine-readable format for transfer to another provider in the case the processing is based on consent or the performance of a contract, and the processing is carried out by automated means.
- Right to object: you may object to the processing of your personal data based on legitimate interests such as direct marketing. We shall no longer process the personal data unless there is a compelling legitimate ground to do so, which overrides your interest, rights and freedoms, or for the establishment, exercise or defence of legal claims.
- Right to withdraw consent: The right to withdraw the consent you have given at any time. When you have withdrawn your consent, we will not process your personal data any further. This does not affect the lawfulness of the prior processing during which your consent was not yet withdrawn.
To exercise these rights, please contact us using the contact details below. To ensure the security of your personal data, we may require proof of your identity. We will respond with the decision regarding your request within one month; however, this response may state that the response period is extended by a further two months if necessary, depending on the complexity of your request or the number of requests received.
Third-party websites
Our websites contain links to third-party websites, such as social media platforms, whose terms of use do not fall within the scope of this Privacy Statement. Please read their Privacy Statement carefully.
Contact us
For any questions about this Privacy Statement or to exercise your rights, please contact us at:
Nomios UK&I Limited
2 Elmwood Chineham Park
Basingstoke RG24 8WG
United Kingdom
Tel.: +44 1256 805225
Email: [email protected]
If your query is not adequately addressed, you may contact your local data protection authority, ICO, to lodge a complaint.