top of page

Privacy Policy and Notice

Updated: 26 September 2024

 

Introduction

At Nimble Global, we prioritize the privacy and security of our users worldwide, particularly in relation to our audit and compliance services. Our dedication extends to offering a secure user experience where personal data protection is paramount, and its usage is clearly defined and limited to necessary purposes.

This Privacy Notice applies globally, with specific provisions for UK residents, and governs data interactions on Nimble's digital platforms, including nimbleglobal.com, nimbleglobalcompliance.com, and individual audit websites created for each audit customer. It particularly underlines our audit and compliance operations.

Nimble's Commitment

  • Data Collection: Our collection of personal data is driven by legitimate business requirements, including the provision of our specialized audit and compliance services. We aim to collect only essential data to effectively serve our users, fulfill our service commitments, and adhere to legal standards.

  • Data Accuracy: Continuous efforts are made to ensure the personal data we hold is accurate, current, and reflective of our needs and obligations.

  • Data Protection: Nimble's team is rigorously trained in data protection principles, supported by robust policies and technological measures to secure personal data against unauthorized access and breaches. We continually monitor and evaluate our security practices to adapt to new threats.

  • Disclosure Limitation: We conscientiously limit the sharing of personal data, adhering strictly to the outlined conditions for any internal or external disclosure.

 

Information We Collect

Our interaction with you through our sites or services may involve collecting data pertinent to our audit and compliance offerings, including your name, contact details, company information, employment information, and usage data of our online services. This collection is integral to enhancing our audit and compliance solutions, aiming to exceed the expectations of our clients and their regulatory mandates.

Legal Basis for Processing (UK GDPR Compliance)

Under the UK GDPR, we process your personal data on the following legal bases:

  1. Consent: Where you have given clear consent for us to process your personal data for a specific purpose.

  2. Contract: The processing is necessary for a contract we have with you or because you have asked us to take specific steps before entering into a contract.

  3. Legal obligation: The processing is necessary for us to comply with the law (not including contractual obligations).

  4. Legitimate interests: The processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.

 

Why We Process Your Data

The data we collect is instrumental in conducting thorough audits and ensuring adherence to compliance standards relevant to our clients' operations and regulatory landscapes. This processing is a cornerstone of our service delivery, designed to uphold integrity and compliance across business practices.

 

How We Share Your Data

  • Within Nimble: Data sharing occurs within our secure network, facilitating comprehensive audit and compliance services.

  • Service Providers: We engage third parties to augment our operational capabilities, bound by stringent privacy agreements.

  • Legal Obligations: Compliance with legal requirements necessitates certain data disclosures, which are conducted lawfully.

  • Protection of Interests: In scenarios where it's crucial to defend the rights, safety, or assets of Nimble, our clientele, or third parties, data sharing is considered and executed with utmost caution.

  • Business Transitions: We ensure data protection remains a priority during significant business changes, such as mergers or acquisitions.

  • With Your Consent: Any data sharing not previously mentioned will only occur with your explicit consent, underscoring our commitment to privacy.

Children's Data

Nimble Global's services are not directed at individuals under the age of 18. We do not knowingly collect or process personal data from children under 18 years of age. If we become aware that we have inadvertently collected personal data from a child under 18, we will take steps to delete the information as soon as possible. If you believe that we might have any data from or about a child under 18, please contact us at dataprotection@nimbleglobal.com.

 

Automated Decision-Making and Profiling

Nimble Global does not engage in automated decision-making or profiling that produces legal effects or similarly significant impacts on you. While we may use some automated processes to improve our services and user experience, these do not make decisions solely by automated means without human intervention. If this changes in the future, we will update this Privacy Notice and inform you about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

 

Cookies & How We Use Them

 

What is a cookie?

A cookie is a small file placed on your computer’s hard drive. It enables our website to identify your computer as you view different pages on our website.

Cookies allow websites and applications to store your preferences in order to present content, options or functions that are specific to you. They also enable us to see information such as how many people use the website and what pages they tend to visit.

 

How we use cookies

We may use cookies to:

  • Analyse our web traffic using an analytics package – this website uses Google Analytics to aggregate usage data to help us improve the website structure, design, content and features.

  • Recognise you when you return to our website – to remember your preferences when returning to our site so you are not shown the email signup pop-up on return visits if you have previously dismissed this message.

Cookies do not provide us with access to your computer or any information about you, other than that which you choose to share with us.

 

Controlling cookies

You can use your web browser’s cookie settings to determine how all websites use cookies. If you do not want our website to store cookies on your computer or device, you should set your web browser to refuse cookies.

However, please note that doing this may affect how our website functions. Some pages and services may become unavailable to you.

Data Security

Our dedication to data security is unwavering, employing industry-leading protocols, including data encryption and secure server environments, to safeguard your personal information against unauthorized intrusion. We continuously monitor and evaluate our security practices to effectively address and adapt to new security threats.

 

Our Commitment to Data Protection:

Data Protection Impact Assessments (DPIAs)

At Nimble Global, we are committed to identifying and minimizing data protection risks. We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in a high risk to the rights and freedoms of individuals. These assessments help us to:

  • Identify and minimize data protection risks of a project

  • Comply with our data protection obligations and meet individuals' expectations of privacy

  • Assess and demonstrate our compliance with UK GDPR requirements

We carry out DPIAs when:

  • Using new technologies

  • Processing on a large scale of special categories of data or personal data relating to criminal convictions and offences

  • Systematically monitoring publicly accessible areas on a large scale

 

Privacy by Design and Default

We embed data protection into our processing activities and business practices from the design stage all the way through the lifecycle. This 'Privacy by Design' approach means that we:

  1. Consider data protection issues as part of the design and implementation of systems, services, products and business practices

  2. Make data protection an essential component of the core functionality of our processing systems and services

  3. Only process the personal data that we need for our purposes(s) of processing, and that we only use the data for those purposes

  4. Ensure that personal data is automatically protected in any IT system, service, product, and/or business practice, so that individuals should not have to take any specific action to protect their privacy

  5. Provide the identity and contact information of those responsible for data protection to data subjects and the public

  6. Adopt a 'plain language' policy for any public documents so that individuals easily understand what we are doing with their personal data

  7. Provide individuals with tools so they can determine how we are using their personal data, and whether we are properly enforcing our policies

 

By implementing privacy by design, we aim to anticipate and prevent privacy-invasive events before they happen. This approach ensures that we are not merely meeting compliance standards, but are also respecting user privacy and fostering trust in our services.

International Data Transfers

Nimble Global's operations span borders, necessitating international data transfer. We are committed to ensuring such transfers comply with UK and global data protection standards, safeguarding your information irrespective of geographical boundaries. For transfers outside the UK, we use appropriate safeguards such as Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO) or rely on adequacy decisions made by the UK government.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Your Rights Under UK GDPR

Under the UK GDPR, you have the following rights:

  1. The right to be informed

  2. The right of access

  3. The right to rectification

  4. The right to erasure

  5. The right to restrict processing

  6. The right to data portability

  7. The right to object

  8. Rights in relation to automated decision making and profiling

 

To exercise any of these rights, please contact us at dataprotection@nimbleglobal.com. We may request specific information to help us confirm your identity and process your request. We will respond to all legitimate requests within one month.

Third-Party Links and Privacy Notice Updates

Our websites and services may contain links to third-party websites, products, or services. Nimble Global is not responsible for the privacy practices or content of these third parties. We encourage you to review the privacy policies of any third-party sites or services before providing any personal information or using their services.

 

Updates to This Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we do, we will update the "Last Updated" date at the top of this Privacy Notice.

For material changes that significantly affect your rights or how we use your personal data, we will provide a more prominent notice:

  1. We may display a prominent notice on our website before the changes take effect.

  2. We may send you a direct notification via email or through our services.

  3. We may require you to acknowledge the updated Privacy Notice before continuing to use our services.

We encourage you to review this Privacy Notice periodically to stay informed about our data practices and your privacy rights.

Contacting Us

If you have questions or concerns about our privacy practices, please contact us at dataprotection@nimbleglobal.com. Alternatively, you can reach us by mail at:

Nimble Global Ltd, 74-75 Shelton Street, Covent Garden, London, WC2H 9JQ.

 

We provide various means for users to contact us, including those requiring accessibility accommodations.

 

Complaints

If you are unsatisfied with our response to any data privacy concern, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO). For more information, visit: https://ico.org.uk/make-a-complaint/

 

Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO using the details set out above.

 

Appendix A:

For Residents of the European Union, European Economic Area, and Switzerland

Nimble Global is committed to protecting the privacy and securing the personal data of our clients and users within the European Union, United Kingdom, European Economic Area, and Switzerland. In compliance with the General Data Protection Regulation (GDPR), and applicable data protection laws, we outline the following rights afforded to individuals:

  • Right of Access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and information regarding its processing.

  • Right to Rectification: You can request the correction of inaccurate personal data concerning you and have incomplete personal data completed.

  • Right to Erasure (Right to be Forgotten): Under certain circumstances, you may request the deletion of personal data concerning you.

  • Right to Restriction of Processing: You have the right to request the restriction of processing your personal data under certain conditions.

  • Right to Data Portability: You can receive the personal data concerning you that you provided us in a structured, commonly used, and machine-readable format and have the right to transmit that data to another controller without hindrance from us.

  • Right to Object: You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you at any time.

 

To exercise any of these rights, please contact us at dataprotection@nimbleglobal.com. We may request specific information to help us confirm your identity and process your request. Access to personal data is free, but a reasonable fee may be applied if your request is unfounded, repetitive, or excessive.

For unresolved issues, you have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or place of the alleged infringement.

Appendix B:

For California Residents

In alignment with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), Nimble Global recognizes and respects the privacy rights of California residents by providing the following rights:

  • Right to Know: You have the right to request information about the collection, use, and sharing of your personal data over the past 12 months, including the categories of personal data collected, sources of collection, business purpose for collection, and categories of third parties with whom the data is shared.

  • Right to Delete: You can request the deletion of personal data we have collected from you, subject to certain exceptions.

  • Right to Opt-Out: You have the right to opt out of the sale of your personal data. Nimble Global does not sell personal data.

  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

 

To exercise these rights, California residents may contact us at dataprotection@nimbleglobal.com. We will verify your request using the information associated with your account, including your email address. Further identification may be required for security.

California residents can also designate an authorized agent to exercise these rights on their behalf. If you have any questions or concerns about our privacy practices or the CCPA, please email us at the provided address.

Additional Information

Our Global Data Protection Policy and GDPR Data Protection Policy are available upon request. To request these documents or for further information, please contact us at dataprotection@nimbleglobal.com.

Document End.

bottom of page