Privacy Policy
​
1. Introduction
At nuem (“we”, “us”, “our”), protecting your privacy is a top priority. This Privacy Policy explains how we collect, use, store, and protect the personal data of candidates, clients, and website visitors (“you” or “your”) in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
The GDPR (Regulation (EU) 2016/679) harmonizes data protection rules across the EU and enhances individual privacy rights. It has been enforceable in the UK since 25 May 2018, and we are committed to upholding its principles.
For the purposes of GDPR, the data controller is nuem ltd., located at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.
Note: When our Hiring Suite Platform is used by clients for their recruitment processes, the client acts as the data controller while nuem processes data on their behalf as a data processor under separate Data Processing Agreements.
​
2. Scope and Use Cases
This Policy applies to personal data processed in two distinct scenarios:
A. Recruitment Services (nuem as Data Controller):
-
We provide recruitment services—including on‑demand, embedded Talent‑as‑a‑Service, and contract staffing solutions.
-
Candidate data is collected and retained by nuem to support current and future employment opportunities.
-
In this role, nuem is solely responsible for the processing, security, and retention of such data.
B. Hiring Suite Platform (nuem as Data Processor):
-
Our Hiring Suite Platform is provided to clients for managing their recruitment processes.
-
In this scenario, nuem processes and stores candidate data (e.g. CVs, contact details, salary expectations, video recordings, transcriptions, AI evaluations, and hiring manager assessments) strictly on behalf of our clients.
-
The client is the data controller and directs data processing and deletion, while nuem complies with GDPR requirements as a data processor.
​​
3. Information We Collect
We collect personal data necessary to support our core business as a recruitment service provider. Depending on your role, this may include:
-
For Candidates:
-
Contact Information: Name, email address, phone number, and mailing address.
-
Professional Data: Curriculum vitae, work history, qualifications, salary/rate details, and links to professional profiles (e.g. LinkedIn, Twitter).
-
Interview Data: Video, audio recordings, transcriptions, and responses provided during video interviews.
-
Technical Data: IP address, browser type, device information, and usage data (including via cookies and similar technologies).
-
-
For Clients, Referees, Suppliers, and Employees:
-
Relevant contact, professional, and compliance information required for service provision and due diligence.
-
Data is collected directly from you and via third‑party sources such as reference agencies, job boards, online CV libraries, social media sites, and publicly available resources.
Cookies & Similar Technologies:
Our website uses cookies and similar technologies to collect technical and usage data (e.g. IP addresses, browser type). For detailed information, please see our Cookie Policy.
​
4. Purpose of Data Processing
We process your personal data for purposes including, but not limited to:
-
Facilitating and managing recruitment processes and candidate evaluations.
-
Enabling our clients to assess your suitability for employment roles.
-
Conducting interviews on behalf of clients when nuem acts as their representative.
-
Improving our services and website functionality.
-
Complying with legal obligations and protecting our legitimate business interests.
Using your data to introduce candidates to potential employers is part of our Legitimate Business Interest. In some instances, processing is also based on contractual necessity, legal obligations, or, where applicable, your consent.
​
5. Legal Bases for Processing
Our processing of your personal data is based on one or more of the following legal grounds:
-
Consent: When you expressly agree to our recruitment processes and to this Privacy Policy.
-
Legitimate Interests: To operate, improve, and deliver our recruitment services and to match candidates with suitable opportunities.
-
Contractual Necessity: When processing is necessary to perform our recruitment services or to fulfill contractual obligations.
-
Legal Obligation: When required to process your data to comply with applicable laws or regulatory requirements.
​​
6. How We Process and Share Your Data
-
Data Management:
Your personal data is processed and stored using robust technical and organizational measures - including encryption, access controls, and regular security assessments - to protect against unauthorized access, loss, or alteration. -
Roles and Responsibilities:
-
In Use Case A (Recruitment Services), nuem is the data controller and is fully responsible for data processing and retention.
-
In Use Case B (Hiring Suite Platform), the client is the data controller, and nuem processes data strictly on their instructions as a data processor under separate Data Processing Agreements.​
-
-
Automated Decision‑Making:
We employ AI‑based evaluation tools to assist in candidate screening, evaluating candidate profiles and interview responses. These tools help identify relevant skills and competencies and produce summary insights for our recruitment teams and client hiring managers, however, no decision affecting you is made solely on automated processing. Human oversight is always involved in evaluating candidates. If you wish to receive further information regarding any automated decision‑making processes, how AI was used in your evaluation and/or request human review of any decisions made, please contact us. -
Third‑Party Sharing and International Transfers:
We may share your data with trusted third‑party service providers or partners solely for the purpose of operating our services. In some cases, your data may be transferred to or stored in countries outside the EEA or UK. In such instances, we ensure that appropriate safeguards (e.g. Standard Contractual Clauses or other approved mechanisms) are in place to maintain an adequate level of protection.
Typical third-party service providers may include hosting providers (e.g., AWS, Azure), email communication services (e.g., SendGrid), video interview platforms, and assessment technology providers. -
Data Breach Notification:
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority in accordance with GDPR requirements.
​​
7. Data Security and Retention
-
Data Security:
We implement technical and organizational measures to protect your personal data, including encryption, firewalls, access controls, and regular security assessments. Access to your data is strictly limited to those who require it for their job functions. -
Data Retention:
-
For Recruitment Services (Use Case A):
Candidate data is retained for as long as necessary to support your career opportunities, potentially indefinitely until you withdraw consent or request deletion. -
For the Hiring Suite Platform (Use Case B):
Candidate data is retained for the duration of the recruitment process as determined by our clients and in line with any legal retention requirements. Where we process data on behalf of clients through our Hiring Suite platform, retention periods are defined by the client. If no explicit instructions are provided, personal data will be deleted after six (6) months following the closure of the recruitment process.
-
When data is no longer required for its original purpose or when legally mandated, it will be securely deleted or anonymized. We also follow applicable legal and regulatory retention periods (e.g. for accounting or tax purposes).
​
8. Your Rights
Under the GDPR, you have the right to:
-
Access: Request details of the personal data we hold about you.
-
Correction: Request correction of any inaccurate or incomplete data.
-
Deletion: Request deletion of your data when no longer necessary, subject to legal obligations.
-
Restriction: Request restriction of processing in certain circumstances.
-
Objection: Object to processing based on our legitimate interests or for direct marketing purposes.
-
Data Portability: Request a copy of your data in a structured, commonly used, machine‑readable format.
-
Automated Decision‑Making: Request meaningful information about any automated decision‑making (including profiling) that significantly affects you and request human intervention.
-
Withdrawal of Consent: If processing is based on consent, you may withdraw that consent at any time.
To exercise these rights, please contact our Data Protection Officer at gdpr@nu-em.com. You also have the right to lodge a complaint with a supervisory authority (for example, the Information Commissioner’s Office in the UK at https://ico.org.uk/).
​
9. Cookies and Tracking Technologies
Our website uses cookies and similar technologies to enhance user experience, monitor site usage, and provide targeted services. For detailed information on our use of cookies, please refer to our separate Cookie Policy.
​
10. Sensitive Data and Minors
-
Sensitive Data:
We may occasionally process sensitive personal data (such as health-related information) only when necessary and with your explicit consent or when required by law. Such data is subject to enhanced protection measures. -
Minors:
Our services are not intended for individuals under the age of 16. In the event that personal data from a minor is inadvertently collected, we will promptly delete such data.
​​
11. Updates to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. The most recent version will be posted on our website with an updated effective date. We encourage you to review this Policy regularly.
​
12. Contact Information
For questions or concerns regarding this Privacy Policy or to exercise your rights, please contact our Data Protection Officer at:
-
Email: gdpr@nu-em.com
-
Postal Address: nuem ltd., 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
​
​
​​​​