Privacy policy

This privacy notice explains what we do with your personal data, whether as part of developing a business relationship with you, providing services, responding to an enquiry, processing client data as part of our services, or simply as a result of you visiting our website.

We respect your right to privacy. Our overall aim is to ensure that our collection and use of personal information is appropriate to the provision of services to you and is in accordance with applicable data protection laws.

“You” means anyone whose personal data we may handle through our website, services or business interactions, including website visitors, client contacts, suppliers, business partners, investors and other professional contacts.

“Client contact” means someone we deal with at a client organisation.

“Personal data” means any information that identifies you or could reasonably be used to identify you.

“Processing” means anything we do with personal data, such as collecting, storing, using, sharing, transferring or deleting it.

“Client data” means personal data we handle when providing services to a client.

“Data controller” means the organisation that decides why and how personal data is used.

“Data processor” means an organisation that handles personal data on behalf of another organisation.

In this notice, “UK GDPR” means the UK data protection law that applies to the use of personal data in the UK.

“EU GDPR” means the EU data protection law that applies to the use of personal data in the European Union.

Specifically, this privacy notice provides you with details about the personal information we collect and hold about you, how we use your personal information and your rights regarding your personal information.

This privacy notice applies to the collection, storage, use, transfer and disclosure of personal information collected by NashTech (“we” or “us”):

• via our website at www.nashtechglobal.com; or any other website operated by us (the “Site”); or
• as a result of personal recommendations; or
• from company websites; or
• from your business card; or
• in the course of us providing outsourcing or consultancy services to you (“Services”); or
• when you access and browse our website, submit information through website forms, contact us by phone or email, interact with us at events or through social media, or where we receive business information from publicly available sources or professional networking platforms.

We may collect personal data about you when you are a contact at one of our clients, suppliers or business partners, or when you interact with us through our website, events or other business channels.

We collect this information so that we can respond to enquiries, provide services, manage business relationships and operate our website.

We may collect personal information about you when:

• we contact you with a view to providing Services to you;
• you email us expressing an interest in working with us;
• you provide us with your business card or other information provided to us, given to our employees at sales and marketing events;
• you interact with us through our website, events, social media or other business channels;
• we provide or discuss services with you or your organisation; or
• we complete business, contractual or service documentation relevant to the Services.

We will usually collect the following information from or about you:

• your name;
• your postal address;
• your phone and e-mail details;
• details of your role, title and responsibilities within your organisation;
• business or professional information that you have made publicly available, such as on a company website or professional networking platform.
• feedback or information you share with us about our services;
• details of any queries you raise with us regarding the Services;
• details of business needs, service requirements or plans you share with us.
• emails, attachments and other communications you send to us.

Where “you” are a client contact, we may also collect:

We use the data we gather to perform a number of tasks, including:

• conducting marketing, business development, market research and statistical analysis regarding our products and services. This may include using limited business information, such as your role, organisation, sector or previous interactions with us, to help tailor communications so they are more relevant to you;
• complying with any legal or regulatory requirements and to make the necessary disclosure under the requirements of any applicable law, regulation, direction, court order, guideline, circular or code which are applicable to us for the prevention of crime;
• responding to requests from regulators, tax authorities, courts or other competent authorities, and demonstrating our compliance with applicable laws;
• reporting to clients where this is part of the services we provide.

Client contacts: we use the information collected from clients to ensure that we provide business services to you.

Suppliers: we use the data collected to ensure the business arrangements between us run smoothly.

Our lawful basis for processing your personal data: we usually process personal data because it is necessary for our legitimate interests as a business, to provide or improve our services, respond to enquiries, manage business relationships, comply with legal obligations, or perform a contract.

Where NashTech processes client data as a data processor, we process that data in line with the relevant service agreement, client instructions and applicable law. We do not use client data for our own marketing unless the client has asked us to do so and it is lawful.

Where the law requires us to obtain your consent before using your personal data, we will ask for it.

Where consent is relied upon, you may withdraw or modify your consent at any time by contacting us. Withdrawal of consent will not affect the lawfulness of processing carried out before consent was withdrawn.

All users of the site and our services

We collect, store and use your personal information for the following purposes:

• to make the site available to you; and
• to provide any services that you request.

Sometimes we use personal data for purposes that support the website and our services or help us operate them more effectively. In those cases, we rely on our legitimate interests where those interests are not overridden by your rights and freedoms.

This may include contacting you about relevant services, events, insights or business opportunities, entering into and managing contracts or business arrangements, carrying out market research, keeping internal records, improving our services, and delivering services that you, we or our clients have requested.

We use personal data in this way to manage business relationships, improve our services and contact you where we believe the information may be relevant to you. We do not believe this use of personal data will unduly affect your rights or freedoms.

Examples of where we may rely on legitimate interests include detecting and preventing fraud, keeping our website and IT systems secure, improving our processes and services, analysing and improving the information we collect, understanding the effectiveness of our marketing, and contacting you about products or services that may interest you.

Personal data provided to us is processed by NashTech and, where needed, by trusted group companies, suppliers and service providers.

We will ensure that:

• access to your personal data is restricted to staff who are required to process such data as part of their job;
• only necessary information is released to the relevant employees;
• we only share personal data where there is a business need, legal requirement, appropriate consent, or another lawful reason to do so;
• where we use suppliers or service providers to process personal data on our behalf, we require them to protect it and use it only for the services they provide to us.

We may disclose information in the following circumstances:

Service and Site usage information: When we share anonymous information generated by our services with our clients.

Third-party service providers: When we share information with trusted service providers who help us provide, support and improve our website, business operations and services. This may include:

• IT support service providers;
• providers of credit reference, vetting and screening services;
• payment processors and software providers;

These organisations may only use your personal data to provide services to us. They must keep it secure and must not use it for their own purposes.

Group companies: We may share personal data with NashTech group companies where this helps us provide our website, services and business support activities. Group companies must protect personal data and use it only for appropriate business purposes.

Working with other organisations: Sometimes we may decide jointly with another organisation how personal data is used. Where this happens, we will make sure responsibilities are clear and that your rights remain protected.

Compliance with laws and legal proceedings: We may share personal data where needed to comply with the law, respond to lawful requests, protect our rights, investigate suspected fraud or misuse, protect safety, or defend legal claims.

Merger or acquisition: If NashTech is involved in a merger, acquisition, restructuring or sale of assets, personal data may be transferred as part of that process. We will take reasonable steps to protect your personal data and, where appropriate, notify you of any material change.

NashTech works globally, so we may transfer personal data between NashTech group companies, clients, suppliers and service providers in other countries, including countries outside the UK and European Economic Area.

This may include transfers to countries where NashTech has delivery teams or business operations, such as Vietnam, India and Costa Rica, and the use of cloud-based systems that support our business and services.

Where personal data is transferred internationally, we use appropriate safeguards where required by law. These may include recognised legal transfer mechanisms, transfers to countries approved as providing adequate protection, contractual protections, and security measures designed to protect personal data.

We also consider privacy and transfer risks before introducing new or changed processing activities where this is required. Any personal data transferred or processed outside the UK or EEA will continue to be handled in line with this privacy notice and applicable data protection laws.

Our website may allow you to send personal information to us, for example when you contact us about a service, opportunity or enquiry. We may use trusted suppliers to help us receive and manage this information.

Our website may link to other websites or external content that we do not control. These links are provided for convenience and information.

Other websites have their own privacy notices. We recommend that you read them before sharing personal data on those websites.

We and our service providers may use cookies and similar technologies to help our website work, understand how it is used, improve your experience and support relevant communications.

We use cookies, for example, to remember your settings and support website functionality. You can usually control cookies through your browser settings.

Where required by law, we will ask for your consent before setting non-essential cookies. You can manage or withdraw your cookie choices through our cookie banner or preference centre.

Cookies may help us understand which parts of our website are used most often, improve the website, remember your preferences and provide a more personalised experience. During your visit, we may collect information such as the date and time you access pages, the page that referred you to our website, your browser type, the pages you view and your IP address or domain information.

Some website pages may ask you to provide limited personal information, such as login details, an email address or contact information, so that we can respond to your message or provide the service you requested.

You can usually set your browser to accept cookies, reject cookies or notify you when a cookie is sent. If you reject cookies, you may still use our website, but some features may not work as intended.

For detailed information about the cookies we use, including their purpose and how you can manage your preferences, please see our cookie policy. 

United States UnitedHealthcare Transparency Coverage: To access the machine-readable files created and published by UnitedHealthcare, please click here.

We use appropriate security measures to help protect personal data from loss, misuse, unauthorised access, disclosure or alteration. If you suspect any misuse, loss or unauthorised access to your personal data, please contact us at dpo@nashtechglobal.com.

We decide how long to keep personal data based on the type of information, the reason we collected it, legal requirements, and whether we need it to manage our relationship with you.

For most people where we have limited contact, such as website visitors or people who make a general enquiry, we usually keep personal data for up to two years from the date of last contact.

Where we have an ongoing client, supplier or business relationship, we may keep relevant personal data for longer where needed to provide services, manage the relationship, keep business records, comply with legal or regulatory requirements, resolve disputes or enforce agreements.

When personal data is no longer needed, we delete it or anonymise it, unless we are required or permitted by law to keep it for longer.

We have legal and business obligations to retain certain business records and communications, including emails, across the jurisdictions in which we operate. Retention periods are applied in accordance with applicable legal, regulatory and business requirements.

For more information on our data retention approach, please contact dpo@nashtechglobal.com.

You have rights over your personal data. These rights may depend on where you are located and the reason we use your information.

Depending on the circumstances, you may ask us to:

• confirm whether we hold personal data about you and provide a copy of it;
• correct personal data that is inaccurate or incomplete;
• delete personal data where we no longer need it or where the law requires deletion;
• restrict how we use your personal data in certain circumstances;
• object to certain uses of your personal data, including direct marketing;
• ask for your personal data to be transferred to you or another organisation, where this right applies; or
• withdraw consent at any time where we rely on consent.

We will respond to your request within the time required by applicable law. In some cases, we may not be able to fully meet your request, for example if we need to keep certain information to comply with the law, resolve disputes, prevent fraud or protect our legal rights.

We may ask you for information to confirm your identity before responding. If we cannot fully meet your request, we will explain why.

If you ask us to delete your personal data or stop sending marketing communications, we may keep limited information, such as your email address, on a suppression or “do not contact” list so we can respect your request.

To exercise your rights, ask a privacy question or raise a concern, please contact us at dpo@nashtechglobal.com.

We take privacy concerns seriously. If you are unhappy with how we handle your personal data, please contact our Data Protection Officer at dpo@nashtechglobal.com. You may also have the right to complain to your local data protection supervisory authority, including the Information Commissioner’s Office in the UK or a relevant supervisory authority in the EU.

We have designated NashTech GmbH in Germany as our representative for data protection matters in the EU.

To contact this entity about your rights or any concerns you have about processing carried out in the EU, please email eu-dpo@nashtechglobal.com. For general privacy questions, please email dpo@nashtechglobal.com.

Periodically we may send you information that we think you will find interesting or to ask for your expertise in completing a survey. We may also send you information to:

• market our full range of services
• send you details of networking and client events and information about the industry sectors we think may be of interest to you.

We rely on legitimate interests for some business-to-business marketing where this is allowed by law. Where consent is required, we will ask for it before sending marketing communications.

We may use limited business information, such as your role, organisation, sector, preferences or previous interactions with us, to help make our communications more relevant. We do not use this information to make decisions that have a legal or similarly significant effect on you.

You can opt out of marketing at any time by clicking the unsubscribe link in our marketing emails or by contacting dpo@nashtechglobal.com. We will honour your marketing preferences. If you opt out of marketing, we may still send you important service, contractual, legal or administrative communications.

Automated Decision Making:

NashTech does not currently make decisions about you using solely automated decision-making that has a legal or similarly significant effect. If this changes, we will update this notice and explain your rights.

If we introduce automated decision-making or profiling in the future, we will do so only where allowed by law and will provide appropriate information about how it works and what rights you have.

Anonymous data:

We collect anonymised details about visitors to our website for the purposes of aggregate statistics or reporting purposes. However, no single individual will be identifiable from the anonymised details we collect for these purposes.

Third party sites:

Our website may contain links to websites operated by third parties. This privacy notice applies only to personal data that we collect through our website or services. We are not responsible for how third-party websites use personal data, so we recommend that you read their privacy notices.

This privacy notice was updated in June 2026.

We will publish changes to this privacy notice from time to time. If significant changes are made to our processing activities, we will take reasonable measures to notify data subjects accordingly.

Appendix 1

We may collect personal data when:

• you access and browse the Site (including when you submit personal information to us through data entry fields on the Site); or
• you respond to an advert posted by us whether via a job board, LinkedIn or other social networking site; or
• we download details uploaded by you onto a job board, LinkedIn or other social networking site in connection with our internal market research; or
• you contact us by phone, email or otherwise; or
• we provide Services to you; or
• we contact you with a view to providing services to you; or

We may collect the following information from or about you:

• your name;
• your postal address;
• your phone and e-mail details; · a copy of your passport details including your passport photograph;
• any information which has been published or made available on a social media profile or job board (whether by you or a third party), or in any news media;
• any email communications, including attachments, which you send to us.

You can update your personal data at any time by forwarding a copy to dpo@nashtechglobal.com

Appendix 2

We collect, store and use information that we obtain in relation to you for our legitimate interests:

• so that we can contact you (via email, SMS or phone) about opportunities and assignments that we believe you may be interested in;
• to enter into contracts which are necessary for your service to be supplied;
• to carry out market research for our internal use;
• for internal record-keeping purposes;
• to carry out services that we, you or our client have requested.

This storage and use of your personal information allows you to be contacted about roles which may be of interest to you, now or in the future, and we do not believe that this storage and use will unduly prejudice your rights or freedoms.

We will store and use your personal information in order to comply with relevant legal obligations to which NashTech is subject.

Appendix 3

The relevant circumstances are:

• detecting and preventing fraud;
• keeping our Site, apps, products and IT systems secure;
• ensuring that our own processes, procedures and systems are as efficient as possible;
• analysing and enhancing the information that we collect;
• determining the effectiveness of our promotional campaigns and advertising; and
• contacting you with products and services which we think may interest you.

In some, relatively limited, circumstances we need to handle your personal information in a certain way to be able to comply with our legal obligations. For example if we:

• are requested to disclose your personal information to regulatory bodies;
• need to demonstrate our compliance with applicable law;
• are subject to any enquiry from the Employment Agencies Standards Inspectorate or HMRC.

Appendix 4

A cookie (small text files that store information on your local drive) may be used in the processing of your personal data. A copy of this text file is sent to your computer and/or device whenever it communicates with our server. Cookies help us to understand which sections of our websites are frequently visited. With this information, we can adapt our website to suit your demands and provide you with a more customised and personalised user experience. We may collect the following information during your visit to our website and/or the fully qualified domain name from which you accessed our site, or alternatively, your IP address:

• the date and time you access each page of our website
• the URL of any web page from which you accessed our site (the referrer)
• the web browser that you are using and the pages you accessed.

Some webpages may require you to provide a limited amount of personal information in order to enjoy certain services on a website (system login credentials, email addresses and contact information). This personal information will only be used for its intended purpose, i.e. to respond to your message or deliver the requested services.

You may configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is sent.

Appendix 5

You have the right to request that we:

• provide access to any personal information we hold about you;
• update any of your personal information which is out of date or incorrect;
• delete any personal information which we are holding about you;
• restrict the way that we process your personal information;
• prevent the processing of your personal information for direct-marketing purposes;
• provide your personal information to a third-party provider of services;
• provide you with a copy of any personal information which we hold about you; or
• consider any valid objections which you have to our use of your personal information:

and/or

• Do not conduct profiling on your personal data, if you have consented to undergoing testing with our third-party providers, by refusing or withdrawing your consent at any time.

We will consider all such requests and provide our response within a reasonable period (and in any event within any time period required by applicable law). Please note, however, that certain personal information may be exempt from such requests in certain circumstances.

If an exception applies, we will tell you this when responding to your request. We may request you provide us with information necessary to confirm your identity before responding to any request you make.

If you have made a request for erasure of your personal data records, we will usually retain a copy of your given email address on a ‘do not contact’ list to comply with our obligations under data protection legislation including the EU GDPR and UK Data Protection Act 2018, as well as the UK GDPR and other international data protection legislation that may apply. For more information, please contact the Group Data Protection Officer at dpo@nashtechglobal.com.

You may request to unsubscribe from marketing material at any time. If you wish to contact us with respect to the above matters, please email us at dpo@nashtechglobal.com.