Nexus Support (Nexus) is committed to ensuring that your privacy when providing personal information to us and during any period where the company is required to retain your information. This privacy notice explains Nexus's policies and practices in relation to the collection and use of your personal data along with an explanation of your privacy rights.
1. What is personal data?
Personal data can be any information relating to an identified or identifiable living person. This includes separate pieces of information that alone may not identify a person but when put together could do so. This could include your name, address and contact details.
2. Who is the Data Controller?
Nexus Support is the data controller and is committed to protecting the rights of individuals in line with the data protection Act 1998 and the EU General Data Protection Regulations.
Nexus Support is registered as a data controller with the Information Commissioner's Office.
Registration Number: Z2370571
Contact Details for the Nexus data controller:
Nexus Support Ltd
3. Why do we need your personal data?
Nexus may process your personal information for the following reason:
⦁ To be able to make decisions regarding your suitability for a position with Nexus
⦁ To be able to monitor and evidence diversity and equal opportunities within our recruitment process
⦁ To be able to assess your capability to be able to meet the requirements of the job.
⦁ To be able to undertake a criminal Records check (DBS).
4. What personal information might we collect about you?
For Nexus to achieve the outcomes defined in section 3 we are required to process the following personal information about you:
⦁ Your basic details and contact information e.g. your name, address, date of birth
⦁ Your education and employment history
⦁ Your training history
Some personal information we process about you is regarded as 'special category data' and, due to the sensitive nature of the information, requires additional protection. This includes information that is particularly personal to you such as:
⦁ Health & social care data about you, which might include both your physical and mental health data – We will only collect this if it is necessary for us to know as your prospective employer (i.e. to assess your capability to fulfil the post and meet statutory requirements)
⦁ Your criminal History
⦁ Your Ethnicity (for equality and diversity monitoring)
We might also obtain your personal data through your use of social media such as Facebook, WhatsApp, Twitter or LinkedIn, depending on your settings or the privacy policies of these social media and messaging services. To change your settings on these services, please refer to their privacy notices, which will tell you how to do this.
5. What is the legal basis for Nexus processing your personal data?
The law requires Nexus to have a 'lawful basis' for the collection and use of your personal data.
During the recruitment process, Nexus will only use your personal information when you have given consent to do so.
6. Who we might share your information with
During the recruitment process, Nexus may share your personal information with the following third parties:
⦁ Previous employers to undertake reference checks
⦁ Disclosure and Barring service and service provider (for a criminal records check)
Nexus will disclose personal data only in conformance with this privacy notice and/or when required by law.
7. Where is your data stored?
Nexus stores your personal information in both physical and digital formats. The locations where your personal information is stored includes:
⦁ At the Nexus main office (hard copy files and digital files)
8. How we protect your personal data
The Data Protection Act 1998 and the EU General Data Protection Regulations ensure that we comply with a series of data protection principles. These principles are there to protect you and they make sure that we:
⦁ Process all personal information lawfully, fairly and in a transparent manner
⦁ Collect personal information for a lawful, specified, explicit and legitimate purpose
⦁ Ensure that the personal information processed is adequate, relevant and limited to the purposes for which it was collected
⦁ Ensure the personal information is accurate and up to date
⦁ Keep your personal information for no longer than is necessary for the purpose(s) for which it was collected
Alongside the principles above, Nexus maintains several standards and practices to protect the security of your personal information, these include:
⦁ Clear policies and procedures in relation to data protection
⦁ Ensuring records that are kept are stored securely, both physically and where information is stored digitally (e.g. lockable cabinets, password protection, secure servers)
⦁ Only relevant people are given access to your personal information
⦁ Nexus employees maintain an awareness of policy and best practices in relation to handing personal information and receive appropriate training.
We ensure that various security technologies and protocols are used to help protect the personal data we collect online. Examples of these include:
⦁ SSL encryption when data is being transferred over the internet
⦁ The use of secure servers with established service providers
⦁ Specific and relevant access controls (managing who has access to specific information)
⦁ Password protection on devices, accounts and applications, where appropriate
Nexus will promptly evaluate and respond to incidents that create suspicion of unauthorised handling of your personal data. If Nexus determines that your personal data has been misappropriated or otherwise wrongly acquired by a third party, Nexus will promptly report this to you.
9. What are your rights?
You have the following rights when it comes to your personal data:
1. You have the right to request a copy of all the data we keep about you. Generally, we will not charge for this service;
2. You have the right to ask us to correct any data we have which you believe to be inaccurate. You can also request that we restrict all processing of your data while we consider your rectification request;
3. You have the right to request that we erase any of your personal data which is no longer necessary for the purpose we originally collected it for. We retain our data in line with the Information Governance Alliance's guidelines. Click Here to read the guidance
4. You may also request that we restrict processing if we no longer require your personal data for the purpose we originally collected it for, but you do not wish for it to be erased.
5. You can ask for your data to be erased if we have asked for your consent to process your data. You can withdraw consent at any time – please contact us to do so.
6. If we are processing your data as part of our legitimate interests as an organisation or to complete a task in the public interest, you have the right to object to that processing. We will restrict all processing of this data while we investigate your objection.
You may need to provide adequate information for our staff to be able to identify you, for example, a passport or driver's licence. This is to make sure that data is not shared with the wrong person inappropriately. We will always respond to your request as soon as possible and at the latest within one month.
10. How to make a complaint
If you are unhappy with the way in which your personal data has been processed, you may in the first instance contact the Nexus Data Protection Officer using the contact details in section 2.
If you remain dissatisfied, then you have the right to apply directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at: -
Information Commissioner's Office,
11. Changes to this notice
We may change this Privacy Notice from time to time by posting the updated version of the notice on our website.