Privacy Policy

Nicoll Curtin Group Limited ("we", "us" or "our") is committed to protecting your personal data and respecting your privacy. In this notice, references to our Group include our subsidiaries, ultimate holding company, associated companies and their subsidiaries, as defined in section 1159 of the Companies Act 2006. This notice explains what personal data we collect, how we use it, who we share it with, how long we keep it, and your rights under the General Data Protection Regulation ( GDPR) and other relevant Data Protection regulations. For the purposes of data protection law, Nicoll Curtin Group Limited is the data controller. Questions about this notice or the way we handle personal data can be sent to compliance@nicollcurtin.com.

Who this notice applies to

This notice applies to:

Candidates (prospective and placed)
Client contacts (prospective and existing)
Supplier and partner contacts
Contractors, and temporary workers
Website users and event attendees
Referees and individuals provided via third parties
Individuals sourced from public platforms such as LinkedIn

Who we are

We are a recruitment agency and recruitment business, as defined in the Employment Agencies and Employment Businesses Regulations 2003. We process personal data in order to provide recruitment and workforce solutions to clients and candidates.

How we collect your personal data

We collect personal data directly from you, from publicly available sources, and from third parties connected to our recruitment and business activities. These sources may include job boards, professional networking sites, referrals, corporate websites, business partners, clients, suppliers and other group companies.

What personal data we collect

The personal data we collect depends on your relationship with us, but may include your name, contact details, employment history, qualifications, CV, right to work information, references, compliance documentation, financial information where relevant, and publicly available professional profile information.

How we use your personal data

We use personal data to provide recruitment and workforce solutions, introduce candidates to opportunities, manage relationships with clients, candidates, suppliers and partners, carry out compliance and background checks where appropriate, communicate with you, operate our website, run events, improve our services, and manage our business securely and effectively.

Use of AI tools

We may use approved AI tools to support internal business processes such as drafting, summarising and improving efficiency. Where these tools are used, they are used within controlled environments and in line with our internal policies and security requirements.

We do not permit confidential personal data to be entered into unapproved tools. Where AI is used in connection with personal data, we apply appropriate safeguards and governance measures.

Who we share personal data with

We may share personal data with clients, candidates, suppliers, professional advisers, service providers, compliance partners, group companies and other third parties where this is necessary for our services, business operations, legal obligations or legitimate interests.

Data security

We take the protection of your personal data seriously. We maintain appropriate technical and organisational measures to help prevent unauthorised access, loss, misuse, alteration or disclosure, and we provide data protection and information security training to relevant employees. We also maintain procedures for identifying and managing suspected personal data breaches and will notify individuals and regulators where required by law.

Children's data

Our services are not directed to children and we do not knowingly collect personal data about children. If you believe we have collected a child’s personal data in error, please contact us so we can take appropriate action.

Lawful bases for processing

We process personal data under one or more of the lawful bases available under the UK GDPR, depending on the purpose of the processing.

Legitimate interests, where processing is necessary for our recruitment services, business operations, service improvement, security, and relationship management, provided those interests are not overridden by your rights and freedoms.
Contract, where processing is necessary to take steps at your request before entering into a contract or to perform a contract with you.
Legal obligation, where we need to process personal data to comply with applicable laws and regulatory requirements.
Consent, where required by law or where we choose to rely on it for a specific activity. You can withdraw your consent at any time.

Our legitimate interests include running a recruitment business, introducing candidates to clients, maintaining accurate records, managing client and candidate relationships, improving our services, ensuring network and information security, preventing fraud, and supporting the growth and administration of our business.

Where we rely on consent, we will ask for it clearly and keep a record of your choice. You can withdraw your consent at any time, although this will not affect the lawfulness of any processing carried out before you withdrew it.

We may use your personal data to manage our website, communicate service updates, improve site performance and security, analyse usage, and, where permitted, send you information about services, roles or events that may be relevant to you.

International transfers

In the course of providing our services, we may transfer personal data to other companies within our Group and to selected third parties.

Group companies and trusted service providers who support our recruitment and business operations.
Clients and candidates where sharing is necessary to deliver recruitment services.
Suppliers, compliance partners, professional advisers, financial providers and subcontractors where relevant.

Where we store and process personal data

We ensure that appropriate safeguards are in place as required by applicable data protection law. These may include the use of adequacy regulations, standard contractual clauses or other approved transfer mechanisms.

We store personal data within secure systems and apply access controls and security measures designed to protect it. Where passwords are used to access our systems or services, you are responsible for keeping them confidential. Although no method of transmission over the internet is completely secure, we use appropriate safeguards to protect personal data and review our security arrangements on an ongoing basis.

Retention of personal data

We keep personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, regulatory, tax, accounting and reporting requirements. We may keep certain information for longer where necessary to establish, exercise or defend legal claims.

Your rights

Under the UK GDPR, you may have the right to:

Be informed about how your personal data is used.
Request access to the personal data we hold about you.
Request correction of inaccurate or incomplete personal data.
Request erasure of your personal data in certain circumstances.
Request restriction of processing in certain circumstances.
Object to processing where we rely on legitimate interests, including direct marketing.
Request the transfer of your personal data to another organisation in certain circumstances.
Make a complaint to the Information Commissioner’s Office.

To exercise any of your rights, update your preferences, or ask for access to the personal data we hold about you, please contact us using the details below. You have the right to object to the use of your personal data for direct marketing at any time.

Changes to this notice

We may update this notice from time to time. Any material changes will be published on this page and, where appropriate, notified to you directly.

Contact us

If you have any questions, comments or requests about this notice or our use of personal data, please contact us at compliance@nicollcurtin.com.