Privacy Policy

Last update: 24th May 2018


This website, (website) is owned and operated by Nurole Ltd, a company incorporated in England, registered company number 08917794, whose address is 9 Pembridge Road, London, W11 3JY (Nurole).

For the purposes of data protection law, including the UK Data Protection Act 1998 (DPA) and (from 25th May 2018) the EU General Data Protection Regulation (EU) 2016/679 (GDPR), Nurole is a data controller and is registered with the Information Commissioner’s Office with notification number ZA138894.

This privacy policy applies to the personal information we collect from our website, or as part of our services, and how we may use it.

The terms “Nurole”, “we”, “us”, or similar words when used in this Privacy Policy (Privacy Policy) mean Nurole Ltd which includes any subsidiaries, divisions, branches, affiliates or companies under common ownership or control of Nurole.

The terms “you”, “your” and “yours” when used in this Privacy Policy refers to any user of this website, meaning:

  • individuals wishing to apply for roles on the website (Individual(s));
  • organisations seeking suitable individuals for roles (Organisation(s)); and/or
  • any other visitor to our website

as the context allows.

What information do we collect about you?

We may collect general information (using cookies) about the use of our website, such as the areas you visit most frequently and which services you access or use. We may also collect information you give us about you by filling in forms on our site (our site) or by corresponding with us by phone, e-mail or otherwise as well as information that is in the public domain.

This information helps us improve the website and get in touch with you for legitimate interests under GDPR. We may share this general information internally and with our business partners so that they too may understand how our website is used. Please see our cookie policy below for more information about the categories of cookie we use.

General users of our website

If you are not registered with us, the information we collect about you is limited. Please refer to the preceding paragraph, which details the general information that we collect.

Registered Users

If you are an Organisation and you register roles with us we may collect certain information from you to create, maintain and service your registration.

If you are an Individual we and the Organisation running the role on Nurole’s platform may collect information, including but not limited to the following: your sign in details (e-mail, password) and related information (Linkedin profile, photo, CVs uploaded), ancillary service interests, contact details (title, first name, surname, birth year, nationality, gender, your current main role, whether you have ever sat on a commercial board, your country, postcode, contact number and alternate contact number), the types of roles you are interested in, your expertise including roles you have held, organisations you have worked for, sectors you have experience in, geographic expertise, languages, your application and your recommendation history, your CV, references, third party assessments, financial and credit card information, employment references, commentary on fit to role, any further information needed to assess your eligibility through the different stages of a recruitment process and any other information you may volunteer to us in order that we may provide you our services. This also allows us and the Organisation running the process to carry out random validation checks and to create records on the roles that you seek. We seek to apply objective assessment criteria to determine your suitability for particular roles.

Organisations receiving personal data from Nurole will also be Data Controllers under GDPR and have their own obligations to protect personal data, including personal data on Individuals, as written in this Privacy Policy and as laid out in the terms and conditions for Organisations. While Nurole takes steps to ensure Organisations understand and accept their responsibilities under GDPR, Nurole is not responsible for Organisations’ processing of such personal data.

Where do we collect personal data about you from?

The following are the different sources we may collect personal data about you from:

  • Directly from you. This is information you provide while searching for a new opportunity and/or during the different recruitment stages.
  • Through third parties, by reference or word of mouth. For example, you may be recommended by a friend, a former employer, a former colleague or even a present employer
  • Through publicly available sources.

How we store your information

The information you provide to us or that we hold about you is stored, where possible, in a secure EU-based private cloud server, electronically in our databases. We may also transfer your personal data to clients and partners in countries outside the EEA. These countries’ privacy laws may be different from those in your home country. Where we transfer data to a country which has not been deemed to provide adequate data protection standards we always have security measures and approved model clauses in place to protect your personal data.

We will only process your information in the ways we describe in this Privacy Policy. If you think the information we hold about you is incorrect, you can contact us to correct it.

How long do we keep your personal data for?

We keep your information in accordance with our data retention policy.

We will only retain your information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. The criteria that we use to determine retention periods will be determined by the nature of the data and the purposes for which it is kept, the sensitivity of the data and the potential risk of harm from unauthorised use or disclosure.

When asked to remove a record from our platform, Nurole may retain minimal information to ensure we do not contact you or collect such information again or to keep a record of any information disclosed to our clients to fulfill our legal obligations.

What legal basis do we have for using your data?

In accordance with GDPR, the main grounds that we rely upon in order to process your information are as follows:

  • Necessary for entering into or performing a contract. In order to perform obligations which arise under any contract we have entered into with you, it will be necessary for us to process your information.
  • Necessary for compliance with a legal obligation. We are subject to certain legal requirements which may require us to process your information. We may also be obliged by law to disclose your information to a regulatory body or law enforcement agency.
  • Necessary for the purposes of legitimate interests. Either we or a third party will need to process your information for the purposes of our (or a third party’s) legitimate interests, provided that we have established that those interests are not overridden by your rights and freedoms (including your right to have your information protected). Our legitimate interests include responding to requests and enquiries from you or a third party, optimising our website and user experience, informing you about our services and ensuring that our operations are conducted in an appropriate and efficient manner.
  • Consent. In some circumstances, we may ask for your consent to process your information in a particular way.

How we use your personal information

If you are an Individual, except as otherwise contained in the “Disclosing Information” section of this Privacy Policy we will not send any information about you to any Organisations or third parties.

You can browse our website without providing us with personal information about yourself, such as name, email, educational information. A visitor to the site cannot browse roles from Organisations unless we have invited you to register and you have registered providing us with personal information.

If you accept our invitation to register on our website, you consent to us processing your personal information (or personal data, as defined in the Data Protection Act 1998 and the General Data Protection Regulation 2016/679) and agree that we may use your personal information to contact you via e-mail, telephone, direct mail or other means of communication you supply to us to provide you with information or services that you have requested. We may of course supply information you supply to us to Organisations to whom you have applied for a role and have given consent for us to do so.

We will use your personal information to fulfil your requests for information and to provide you with the services you have requested.

We will not pass your Individual information to any Organisation other than in accordance with your application for a role in accordance with our Terms and Conditions.

We will only process information that is relevant, not excessive and adequate for those purposes we have described.

Where we send you information, we may send it to you by e-mail, SMS, or post, for any of the following purposes:

  • to inform you of new services we will be providing;
  • to send you requested information of roles that meet your criteria;
  • for research or marketing purposes; or
  • to administer our website to help us improve our services.

We reserve the right to delete any sensitive personal information which you may provide to us.

Disclosing information

We will not disclose the personal information that you provide or details of your individual visits to our website to any unrelated third parties except as provided for in this Privacy Policy and under the following limited circumstances:

  • as necessary to provide the services that you have requested with your consent;
  • when we believe the law requires it;
  • in order to provide you with the information or services which you have requested, your personal information may be transferred or shared with third parties who act for the Organisation for further processing in accordance with the purposes for which the information was originally collected or for purposes to which you have subsequently consented. For example, a third party may have access to your personal information in order to support our information technology, to handle mailings on our behalf, or to provide services that you or an Organisation has requested (such as a third party agent of a Organisation requesting references, qualifications, credit and security checking services, criminal reference checking services, psychometric evaluations or skills tests);
  • we may pass personal information to third parties who perform functions on our behalf and who also provide services to us (such as professional advisors, IT consultants carrying out testing and development work on our business technology systems, research and mailing houses and function co-ordinators).
  • we may share, transfer or disclose the personal information in our databases and server logs in the event of our flotation on a stock exchange, sale, merger, reorganisation, dissolution, disposal of all or part of our assets or similar event. We will inform you of any such transfer or disclosure as required by law.

Where appropriate, before disclosing personal information to a third party, we will enter into an appropriate contract to require the third party to take adequate precautions to protect that information and to comply with applicable law.

Your Rights

By law, you have a number of rights when it comes to your personal data. Further information and advice about your rights can be obtained from the data protection regulator in your country.

Rights What does this mean?
Right to be informed You have the right to clear, transparent and easily understandable information about how we use your information and your rights. This is why we are providing you with the information in this Policy.
Right of access If we are processing your information you have the right to obtain access to your information, and certain other information. This is so you’re aware and can check that we’re using your information in accordance with data protection law.
Right to rectification and data quality You are entitled to have your information corrected if it’s inaccurate or incomplete.
Right to erasure including retention and disposal This enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure as there are exceptions.
Right to restrict processing You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further.
Right to data portability You have rights to obtain and reuse your personal data for your own purposes across different services.
Right to object You have the right to object to certain types of processing, including processing for direct marketing (e.g. if you no longer want to be contacted in regard to potential opportunities).
Rights related to automated decision making including profiling Where we use automated decision making, we will take care in each case to conduct a fair assessment.
Rights to withdraw consent If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent from us to use your personal data for marketing purposes.

We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:

  • baseless or excessive/repeated requests, or
  • further copies of the same information.

Alternatively, we may be entitled to refuse to act on the request.

Please consider your request responsibly and carefully before submitting it. We will respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues ( We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Accessing your information

You can access the personal information we hold about you that you have provided by logging in to the relevant section of the website using your password.

If you wish to, you may ask Nurole for a copy of other information we hold about you by emailing

If you think the information we hold on you may be inaccurate, you can ask us to update it. However, if you have registered with us, you should be able to update and correct your details at any time.

Transfer and Security is based in the UK. All data we collect will be stored in the European Economic Area (EEA) or where we store or transfer data outside the EEA we always have security measures and approved model clauses in place to protect your personal data.

Nurole is committed to protecting the security of your personal information. We use a variety of measures (including, but not limited to regular employee education, data protection and information security policies, firewalls, self service password recovery, two factor authentication, access rights management and encryption to protect data in transit and at rest. Data in transit to Nurole’s website is protected using HTTPS which is required for all users. Nurole encrypts content stored at rest, without any action required from users, using AES-256 encryption.) to ensure that your personal information is protected from:

  • unauthorised access;
  • improper use or disclosure;
  • unauthorised modification or alteration; and
  • unlawful destruction or accidental loss.

However, the internet is an open system and Nurole cannot guarantee that the personal information you submit will not be intercepted by others.

All our employees and agents who have access to, or are involved in the processing of, personal information respect the confidentiality of personal information and have received training on data protection as required by the General Data Protection Regulation 2016/679.

Our website may include links to external websites operated by other organisations. They may collect personal information from visitors to their site. Nurole cannot guarantee the content or privacy practices of any external websites and does not accept responsibility for those websites.

Changes to this Privacy Policy

If we decide to change our Privacy Policy, we will post those changes on our website so that you will always know what information we gather, how we might use that information and whether we will disclose it to anyone.


By accessing the website and/or submitting your personal information, you consent to the use of your information as set out in this Privacy Policy.


What is a cookie?

A cookie is a text file that is made up of letters and numbers, downloaded to a device when a user accesses certain parts of a website. Cookies are set on a device and then sent back to the website when the user visits the website again. Cookies recognise a user’s device and can be used to remember settings, like language and text size, or be used to show certain adverts to the user based on their previous viewing history (or what cookies they have collected).

Session and persistent cookies – cookies can have differing life spans, some expire at the end of a session (when a user leaves a website) and others can have life spans of a much longer period, which may be used to remember a user when they return to that website again or for other purposes, like tracking a user over a period of time. Session cookies will generally end at the end of a browsing session. They can be used to remember what is in a shopping basket or remember who someone is when accessing online banking. The ICO considers these cookies less intrusive because they expire when the session finishes. Persistent cookies stay on a user’s device between browsing sessions, across websites etc to remember the actions of a user over a greater period of time. Depending on the use of these cookies, they are often seen by regulators as more privacy intrusive.

First party cookies – In this case the cookies are set by the website that the user is visiting.

Third party cookies – These are set by a domain other than the website that the user is visiting. Often these will belong to an organisation that is paying the host website for access to users who match certain criteria, such is the case with ad serving. Sometimes third parties will set cookies on behalf of the website operator.

What cookies do we use on this website?

We use several categories of cookie on this website, for differing reasons. A brief explanation of each category can be found below.

  1. Strictly necessary cookies: These are vital to make the website work properly. This category of cookie may include online shopping baskets or provide essential operations that make the site work. We do not need your consent to use these cookies.
  2. Performance cookies: These cookies generally help the website operator fix bugs or glitches on the website. They may also provide analytics on which web pages are popular, allowing the website operator to improve the quality of the user’s experience.
  3. Functionality cookies. These may include settings like “remember me” buttons, language settings, text size and anything that remembers the particular settings chosen by the user. These cookies can be persistent or session cookies, which generally have a longer life span than other cookies.

How can you control cookies?

You can always change your browser settings to prevent this website setting cookies. Most browsers provide fairly simple settings options to do this. However, if you aren’t sure, why not get in touch with your browser manufacturer. Alternatively, you do not have to use this site if you feel that you do not agree with our use of cookies.

Consent for cookies

By using this website, navigating around it and using our services, you agree to the use of cookies.

Given the nature of the cookies we use on our site and our intended audience of privacy professionals, we feel that an implied consent mechanism is appropriate and the least intrusive to our users’ experience of our website.

Please note that if you choose to reject cookies, certain parts of this site may not be available to you or may not function properly.

For more information about cookies and how you can control them, please visit

Getting in Touch

General enquiry

We have endeavoured to make our terms and conditions and privacy policy as straightforward as possible. However legal terms can be complicated. If you want to get in touch regarding our services or have a general question, you can email us at

Registration services

If you have any problems with your use of our our website, please send an email to and we will try to resolve this for you as soon as we are able.

Direct marketing

If you would like to change your notification preferences you can do so whilst logged in at If you would like to opt-out from direct marketing and there is an unsubscribe link in the email, please follow that link to be automatically unsubscribed. Alternatively you may email us at putting “UNSUBSCRIBE” in the subject heading. When emailing us, you must use the email address you wish to unsubscribe from our mailing list.

Sometimes we will need to unsubscribe you manually, where this is the case we will honour your request as soon as possible (usually within 48 hours).

If you choose to unsubscribe from our mailing lists, we will require sufficient identity details to ensure that we do not contact you again.