Privacy Policy

Effective Date: January 17, 2024

1. Introduction and Scope

1.1. Who We Are

This Privacy Policy is issued by Nexxa Limited ("NexxaScreen," "We," "Us," "Our"), a company registered in England and Wales with Company Registration Number: 16412863 and registered office at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom. Our contact email for privacy matters is [email protected].

For the purposes of the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018, Nexxa Limited is generally the "data controller" for the personal data processed in connection with our website nexxascreen.com (the "Website") and our AI Interviewer and AI Interview Coach services (collectively, the "Services"). There may be specific circumstances, detailed in Section 7.3 of our Terms of Service, where We act as a "data processor" on behalf of a Recruiter; this policy primarily addresses our role as a data controller.

1.2. Purpose of this Privacy Policy

This Privacy Policy aims to provide You (whether You are a visitor to Our Website, a Recruiter using Our AI Interviewer, or a Candidate using Our AI Interview Coach or participating in an AI-assisted interview) with clear and comprehensive information about how We collect, use, store, share, and protect Your personal data. It also explains Your data protection rights and how You can exercise them.

1.3. Applicability

This Privacy Policy applies to all personal data processed by NexxaScreen in relation to the Website and Services. It should be read in conjunction with Our Website Terms of Service and Our Platform Terms of Service.

1.4. Compliance with UK Data Protection Law

NexxaScreen is committed to processing personal data in compliance with the UK GDPR, the Data Protection Act 2018, and other applicable data protection laws and regulations in the United Kingdom.

2. Information We Collect

NexxaScreen collects various types of personal data to provide and improve Our Services. The types of data collected are categorized as follows:

2.1. Data Provided Directly by Users (Recruiters & Candidates)

  • Account Registration Data: When You create an account, We collect information such as Your name, email address, password, and (for Recruiters) company name, job title, and contact details.
  • Profile Information: Candidates may provide information such as their educational background, work experience, skills, and career preferences. Recruiters may provide information about their organization and specific job roles, including job descriptions and desired candidate attributes.
  • User Content: This includes CVs/resumes, cover letters, text-based answers to interview questions, video recordings, audio recordings, messages, feedback, and any other information You voluntarily submit or create within the Services.
  • Video and Audio Recordings: A core feature of Our Services involves the recording of video and audio during AI-assisted interviews (for the AI Interviewer service used by Recruiters with Candidates) and practice sessions (for the AI Interview Coach service used by Candidates). We explicitly collect these recordings.
  • Communications: If You contact Us for support, to provide feedback, or for any other inquiry, We will collect the information contained in Your communications.

2.2. Data Collected Automatically

  • Usage Data: We collect information about how You interact with Our Website and Services, such as the features You use, the pages You visit, the links You click, the duration and frequency of Your activities, and performance metrics. This includes log files.
  • Cookies and Similar Technologies: We use cookies and similar tracking technologies to collect information about Your browsing activities on Our Website and interactions with Our Services. This helps Us operate and secure our services, remember Your preferences, and analyze usage. For more details, please see Section 11 (Cookies and Similar Technologies) or Our separate Cookie Policy.
  • Device and Connection Information: We collect information about the device You use to access Our Services, including IP address, operating system, browser type and version, device identifiers, and network information.

2.3. Data Generated by Our AI (AI-Generated Data)

Our AI algorithms process User Content (particularly video/audio recordings and text inputs) to generate new data points. This AI-Generated Data includes, but is not limited to:

  • Analysis of Interviews/Practice Sessions: Transcripts of spoken content, summaries of responses, sentiment analysis, analysis of communication style (e.g., pace, clarity, use of filler words), keyword extraction, and potentially scores or assessments related to predefined competencies or criteria (especially for the AI Interviewer service).
  • Coaching Feedback: Tailored feedback and suggestions provided to Candidates by the AI Interview Coach based on their practice sessions.
  • Inferred Data: The AI may also generate inferred data, which are assumptions or predictions about You based on the analysis of Your User Content. For example, the AI might infer Your level of engagement, confidence, or aspects of Your communication effectiveness. We strive to ensure that such inferences are relevant to the service provided and are handled with appropriate care. The nature of these inferences is directly related to the functions of the AI Interviewer and AI Coach.

2.4. Special Category Data and Biometric Data

  • Special Category Data: Under UK GDPR Article 9, "special category data" includes sensitive information such as race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person's sex life or sexual orientation.

    NexxaScreen does not intentionally request or require Users to provide special category data, unless directly relevant and legally permissible for a specific service feature (in which case, specific consent or another Article 9 condition would be sought).

    However, We acknowledge that User Content (e.g., video recordings, free-text responses) could inadvertently contain or reveal information that might be considered special category data. Furthermore, AI analysis of, for example, voice tone or facial expressions, while not intended to diagnose health conditions, could theoretically lead to inferences that touch upon sensitive areas. We aim to minimize the processing of such data and will only process it where strictly necessary for the Services and in accordance with applicable legal requirements, including identifying an Article 9 condition if such data is processed.

  • Biometric Data: Biometric data is personal data resulting from specific technical processing relating to the physical, physiological, or behavioral characteristics of a natural person, which allow or confirm the unique identification of that natural person (e.g., facial recognition for identity verification, or voiceprints for unique ID).

    Our AI analyzes video (facial movements, expressions) and audio (voice characteristics, speech patterns) as part of its function to assess communication and provide feedback. While this involves processing characteristics that could be considered biometric in a broad sense, NexxaScreen does not currently use this data for the purpose of uniquely identifying individuals in the manner that typically triggers stricter biometric data regulations (e.g., for identity verification against a database).

The processing is primarily for analyzing performance and communication attributes within the context of an interview or coaching session. If Our use of such data evolves to include unique identification, We will update this policy and implement any necessary additional safeguards and consent mechanisms.

Users should be aware that video and audio recordings inherently capture these characteristics.

3. How We Use Your Information (Purposes of Processing)

NexxaScreen processes Your personal data for the following specified, explicit, and legitimate purposes, in accordance with the UK GDPR's "purpose limitation" principle:

3.1. To Provide, Operate, and Maintain the Services

  • To enable You to access and use the AI Interviewer and AI Interview Coach functionalities.
  • To create, manage, and secure Your user account.
  • To process Your inputs (e.g., CVs, interview responses, video/audio recordings) and generate the relevant AI-Generated Content (e.g., interview analysis, coaching feedback).

3.2. To Personalize User Experience

  • To tailor aspects of the Services to You, such as providing personalized coaching feedback or, for Recruiters, enabling customization of interview parameters.

3.3. To Process Payments

  • For Recruiters subscribing to paid Services, to process transactions, manage subscriptions, and issue invoices.

3.4. To Communicate with Users

  • To send You service-related communications, such as account verification, important updates about the Services, technical notices, security alerts, and support messages.
  • To respond to Your inquiries, provide customer support, and resolve issues.

3.5. To Improve and Develop Our Services (Including AI Model Training)

  • We are committed to continuously enhancing Our Services. For this purpose, We may use personal data, including User Content such as video recordings, audio recordings, and text interactions, to train, refine, and improve Our AI models, algorithms, and the overall functionality and accuracy of the Services ("Improvement Purposes").
  • When personal data is used for Improvement Purposes, We implement measures to protect Your privacy. This typically involves de-identifying or anonymizing the data to the extent reasonably practicable, so that it does not directly identify You or any specific individual.
  • The lawful basis for this specific processing activity is detailed in Section 4. We will not use Your personal data for Improvement Purposes in an identifiable form without a clear lawful basis (such as explicit consent, or a robust legitimate interest assessment where appropriate).

3.6. For Analytics and Research

  • To analyze trends in the use of Our Website and Services, gather demographic information, and understand user needs and preferences. This is typically done using aggregated or anonymized data, which does not identify individuals.

3.7. To Ensure Security and Prevent Misuse

  • To monitor the use of Our Services for security purposes, to detect and prevent fraud, unauthorized access, or other illegal or prohibited activities.
  • To protect the rights, property, or safety of NexxaScreen, Our Users, or the public.

3.8. To Comply with Legal Obligations

  • To comply with applicable laws, regulations, court orders, or other legal processes, such as responding to lawful requests from public authorities.

3.9. To Enforce Our Terms

  • To enforce Our Terms of Service and other policies, including investigating potential violations.

NexxaScreen will not reprocess personal data for purposes that are incompatible with the original purposes for which it was collected, without first informing You and, where necessary, obtaining Your consent or ensuring another valid lawful basis exists.

4. Lawful Basis for Processing (UK GDPR Art. 6 and Art. 9 if applicable)

Under the UK GDPR, We must have a valid lawful basis for each of Our processing activities involving personal data. The table below outlines the main purposes for which We process Your personal data and the corresponding lawful bases We rely upon. Where processing of special category data occurs (as defined in Article 9 UK GDPR), an additional condition under Article 9 is also required.

Processing Activity Personal Data Categories Involved Lawful Basis (UK GDPR Art. 6) Further Details / Art. 9 Condition (if applicable)
Providing Core Services to Registered Users (Candidates & Recruiters) Account registration data, profile information, User Content, usage data for service operation. Performance of a contract (Our Terms of Service with You).
Processing Video/Audio Recordings & Generating AI Analysis/Feedback (AI Interviewer & AI Coach) Video/audio recordings, text inputs, AI-Generated Content (analysis, feedback). Performance of a contract (fulfilling the core functionality of the agreed Services). If any special category data is inadvertently captured and processed, reliance may be placed on Art. 9(2)(a) explicit consent (if obtained for such specific processing) or Art. 9(2)(e) data manifestly made public by the data subject (less likely), or Art. 9(2)(f) for legal claims. This area requires careful ongoing assessment.
Using De-identified/Anonymized User Content (including video/audio elements) for AI Model Training & Service Improvement De-identified/anonymized segments of video/audio, text interactions, usage patterns. Legitimate Interests (Our interest in improving the accuracy, fairness, and effectiveness of Our AI Services for the benefit of all Users). A Legitimate Interests Assessment (LIA) is conducted. This processing is subject to safeguards, including de-identification/anonymization where feasible. If identifiable data is used, explicit consent (Art. 6(1)(a)) would be sought.
Processing Recruiter Payments Recruiter name, billing address, payment card details (processed by Our payment processor). Performance of a contract (to process subscription Fees).
Sending Essential Service Communications (e.g., account updates, security alerts, support responses) Name, email address, account information. Performance of a contract (as part of delivering the agreed Service) and/or Legitimate Interests (to keep You informed about important service matters and ensure security).
Sending Marketing Communications (about new NexxaScreen services, with opt-out) Name, email address, company (for Recruiters). Consent (Art. 6(1)(a)) for new prospects. For existing B2B Recruiter clients, may rely on Legitimate Interests (soft opt-in under PECR for similar products/services, with clear opt-out).
Website Analytics & Usage Monitoring (using cookies and similar technologies) IP address, browser type, device information, browsing patterns. Consent (Art. 6(1)(a)) for non-essential cookies. Legitimate Interests for strictly necessary cookies (ensuring Website functionality and security). See Section 11 (Cookies).
Ensuring Platform Security, Fraud Prevention, and Misuse Detection Usage logs, IP addresses, account activity. Legitimate Interests (Our interest in protecting Our Platform, Users, and business from harm and misuse).
Complying with Legal Obligations & Responding to Lawful Requests Various data types as required by the specific legal obligation. Legal Obligation (Art. 6(1)(c)).
Enforcing Our Terms of Service Relevant User data related to a potential breach. Legitimate Interests (Our interest in upholding Our contractual agreements and protecting Our rights).

4.1. Legitimate Interests

When We rely on legitimate interests as a lawful basis, We conduct a Legitimate Interests Assessment (LIA) to ensure that Our interests are not overridden by Your interests or fundamental rights and freedoms. This involves a three-part test:

  • Purpose Test: Identifying a legitimate interest pursued by Us or a third party.
  • Necessity Test: Ensuring the processing is necessary to achieve that interest.
  • Balancing Test: Balancing Our legitimate interest against Your interests, rights, and freedoms, considering reasonable expectations and potential impact.

For example, Our legitimate interest in improving Our AI models is to provide a more accurate, fair, and useful service to all Users. We believe this is generally aligned with User expectations for an AI-driven service, provided it is done responsibly with appropriate safeguards (like de-identification).

4.2. Consent

Where We rely on consent, We will ensure it is freely given, specific, informed, and unambiguous, indicated by a clear affirmative action. You have the right to withdraw Your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. Instructions for withdrawing consent will be provided where applicable.

4.3. Special Category Data

If We process special category data, We will only do so if a specific condition under Article 9 of the UK GDPR applies, in addition to an Article 6 lawful basis. This most commonly would be explicit consent, or where processing is necessary for reasons of substantial public interest, or for the establishment, exercise, or defense of legal claims. Given the nature of video and audio recordings, We are particularly mindful of the potential for inadvertent collection or inference of special category data and have processes to address this.

5. Automated Decision-Making and Profiling (UK GDPR Art. 22)

Automated decision-making ("ADM") refers to decisions made solely by automated means without any human involvement. Profiling involves the automated processing of personal data to evaluate certain personal aspects relating to an individual, in particular to analyze or predict aspects concerning that person's performance at work, preferences, or behavior.

5.1. NexxaScreen's Use of ADM and Profiling

Our AI Services inherently involve automated processing and profiling to analyze User Content (e.g., interview responses, communication style) and generate AI-Generated Content (e.g., analysis, scores, feedback).

Current Position on Solely Automated Decisions with Legal or Similarly Significant Effects: NexxaScreen's AI Interviewer and AI Interview Coach are designed as assistive tools.

  • For the AI Interviewer, the AI-Generated Content (e.g., analysis, scores) is intended to support Recruiters in their decision-making process. Recruiters are expected to use this information as one input among others and to apply their own human judgment. NexxaScreen does not intend for its AI Interviewer to make solely automated decisions that have a legal or similarly significant effect on Candidates (e.g., automatically rejecting a Candidate for a job without any human review or oversight by the Recruiter). Recruiters using the Service are responsible for ensuring meaningful human involvement in significant employment-related decisions.
  • For the AI Interview Coach, the AI-Generated Content is for the Candidate's personal development and practice. It does not, by itself, produce legal effects or similarly significant effects on the Candidate in relation to external opportunities.

If the functionality of Our Services changes in the future to include solely automated decision-making that produces legal or similarly significant effects on individuals, We will update this Privacy Policy and ensure compliance with Article 22 of the UK GDPR. This would include providing individuals with meaningful information about the logic involved, the significance and envisaged consequences of such processing, and implementing safeguards such as the right to obtain human intervention, express their point of view, and contest the decision.

5.2. Transparency Regarding AI's Role

Even where Article 22 is not strictly triggered, We are committed to transparency about how Our AI systems operate. The AI uses algorithms to analyze patterns in User Content and generate insights. While We strive for accuracy and fairness, AI outputs are based on statistical models and may not always be perfect or capture every nuance. We encourage Users to understand the assistive nature of the AI and to use the outputs critically and responsibly.

6. Data Sharing and Disclosure

NexxaScreen may share Your personal data with third parties in the following circumstances and with appropriate safeguards:

6.1. Service Providers (Data Processors)

We engage third-party companies and individuals to perform services on Our behalf, such as cloud hosting (e.g., Amazon Web Services, Microsoft Azure, Google Cloud Platform), payment processing, data analytics, email delivery, customer support tools, and other infrastructure and operational support. These service providers act as data processors and are contractually obligated (via Data Processing Agreements - DPAs) to process Your personal data only on Our documented instructions, to implement appropriate security measures, and to comply with applicable data protection laws.

6.2. Recruiters (Corporate Clients)

If You are a Candidate participating in an interview using the AI Interviewer service, Your personal data (including Your profile information, CV/resume if submitted through Our platform, video/audio recordings of the interview, and the AI-Generated Content related to Your interview) will be shared with the specific Recruiter (and their authorized personnel) who invited You to that interview process. That Recruiter is an independent data controller for their subsequent use of Your data for their recruitment purposes and is responsible for their own compliance with data protection laws in handling Your data.

6.3. Legal Obligations and Rights Enforcement

We may disclose Your personal data if We believe in good faith that such disclosure is necessary to:

  • Comply with a legal obligation, subpoena, court order, or other lawful request from a governmental or regulatory authority.
  • Protect and defend the rights, property, or safety of NexxaScreen, Our Users, or the public.
  • Detect, prevent, or otherwise address fraud, security, or technical issues.
  • Enforce Our Terms of Service or other agreements.

6.4. Business Transfers

In the event of a merger, acquisition, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of NexxaScreen's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, Your personal data may be among the assets transferred. We will ensure that any such transfer is subject to appropriate confidentiality and data protection undertakings.

6.5. Anonymized or Aggregated Data

We may share data that has been anonymized (meaning individuals cannot be re-identified) or aggregated (meaning it is combined with other data so that it no longer relates to an identifiable individual) for purposes such as research, statistical analysis, industry reporting, or service improvement. Such data is not considered personal data under UK GDPR.

6.6. With Your Consent

We may share Your personal data with other third parties if We have Your explicit consent to do so.

7. International Data Transfers

Your personal data may be transferred to, stored, and processed in countries outside of the United Kingdom (UK) and the European Economic Area (EEA), including countries where Our service providers may be located (e.g., the United States, if We use US-based cloud providers). Data protection laws in these countries may differ from those in the UK.

When We transfer Your personal data outside the UK/EEA to a country not deemed to provide an adequate level of data protection by the UK Government, We will ensure that appropriate safeguards are in place to protect Your personal data in accordance with UK GDPR requirements. These safeguards may include:

  • The UK International Data Transfer Agreement (IDTA).
  • The UK Addendum to the European Commission's Standard Contractual Clauses (SCCs).
  • Binding Corporate Rules (BCRs) for intra-group transfers (though less common for companies of Our size).
  • Relying on an Adequacy Decision issued by the UK Secretary of State, where applicable.

In limited circumstances, We may rely on derogations set forth in Article 49 of the UK GDPR, such as Your explicit consent for a specific transfer, but We do not rely on these for routine, systematic transfers.

We are committed to ensuring that any international transfer of personal data is lawful and that Your rights are protected. You can request further information about the specific safeguards We use for international transfers by contacting Us.

8. Data Security

NexxaScreen takes the security of Your personal data seriously and implements appropriate technical and organizational measures (TOMs) to protect it against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include, but are not limited to:

  • Encryption: Using encryption for data in transit (e.g., TLS/SSL) and at rest where appropriate.
  • Access Controls: Implementing role-based access controls and the principle of least privilege to limit access to personal data to authorized personnel who need it for their job responsibilities.
  • Secure Infrastructure: Utilizing secure cloud hosting environments with robust physical and network security.
  • Software Security: Following secure software development practices and conducting regular vulnerability assessments and penetration testing (as appropriate).
  • Data Minimization: Collecting and retaining only the personal data that is necessary for the purposes for which it is processed.
  • Staff Training and Awareness: Providing regular data protection and security training to Our employees and contractors.
  • Incident Response Plan: Having procedures in place to detect, respond to, and recover from data security incidents.

While We strive to use commercially acceptable means to protect Your personal data, We acknowledge that no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, We cannot guarantee its absolute security. If You have reason to believe that Your interaction with Us is no longer secure (e.g., if You feel that the security of Your account has been compromised), please notify Us immediately.

9. Data Retention

NexxaScreen will retain Your personal data only for as long as necessary to fulfil the purposes for which it was collected, as outlined in Section 3 of this Privacy Policy, including for the purposes of satisfying any legal, accounting, or reporting requirements, or to resolve disputes and enforce Our agreements.

To determine the appropriate retention period for personal data, We consider:

  • The amount, nature, and sensitivity of the personal data.
  • The potential risk of harm from unauthorized use or disclosure of Your personal data.
  • The purposes for which We process Your personal data and whether We can achieve those purposes through other means.
  • Applicable legal, regulatory, tax, accounting, or other requirements.

Specific retention periods or the criteria used to determine them are as follows:

  • Video and Audio Recordings (from AI Interviewer & AI Coach):

    • Video/audio recordings from AI Interviewer sessions (Candidate interviews for a Recruiter) will be retained for a period of 90 days after the Recruiter has completed their analysis, after which they will be automatically and securely deleted from Our active systems. Recruiters may have options to initiate earlier deletion for specific candidates or roles through their account settings.
    • Video/audio recordings from AI Interview Coach sessions (Candidate practice) will be retained for 180 days from the date of recording, or until the Candidate deletes their account or specific recordings through their account settings, after which they will be securely deleted.

  • AI-Generated Content (Analysis, Feedback): This data is typically linked to the corresponding video/audio recording. It will generally be retained for a similar period as the source recording, or as long as the User account to which it pertains is active and the data remains relevant for providing the Services.

  • Account Data (Recruiter & Candidate): We will retain Your account information for as long as Your account is active. If Your account becomes inactive for a prolonged period (e.g., 2 years), We may contact You before deactivating or deleting Your account and associated data, unless You request earlier deletion.

  • Data for AI Model Improvement: Where personal data is used for Improvement Purposes (see Section 3.5), if it is de-identified or anonymized, the resulting non-personal data may be retained for longer periods as it no longer identifies individuals. Any identifiable personal data used as a source for this process will be retained only as long as necessary for that initial processing step before de-identification/anonymization.

  • Backup Archives: Personal data may persist in Our backup archives for a limited period beyond its active retention period, in accordance with Our backup and disaster recovery policies. Such data will be isolated from further processing and securely deleted in line with Our backup rotation schedule.

When personal data is no longer required for its original purpose, or upon Your valid request for erasure (see Section 10), We will securely delete or anonymize it.

10. Your Data Protection Rights (UK GDPR)

Under the UK GDPR, You have several rights concerning Your personal data. NexxaScreen is committed to upholding these rights. These include:

  • The Right to be Informed: You have the right to be provided with clear, transparent, and easily understandable information about how We use Your personal data and Your rights. This Privacy Policy is intended to provide this information.

  • The Right of Access (Subject Access Request): You have the right to obtain access to Your personal data (if We are processing it) and certain other information (similar to that provided in this Privacy Policy).

  • The Right to Rectification: You are entitled to have Your personal data corrected if it is inaccurate or incomplete.

  • The Right to Erasure (the 'Right to be Forgotten'): This enables You to request the deletion or removal of Your personal data where there is no compelling reason for Us to keep using it. This is not a general right to erasure; there are exceptions (e.g., where We need to keep the data to comply with a legal obligation).

  • The Right to Restrict Processing: You have rights to 'block' or suppress further use of Your personal data in certain circumstances. When processing is restricted, We can still store Your personal data, but may not use it further.

  • The Right to Data Portability: You have the right to obtain and reuse Your personal data for Your own purposes across different services. This allows You to move, copy, or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability. This right only applies to personal data You have provided to Us, where the processing is based on Your consent or for the performance of a contract, and when processing is carried out by automated means.

  • The Right to Object to Processing: You have the right to object to certain types of processing, including processing based on Our legitimate interests and processing for direct marketing purposes.

  • Rights Related to Automated Decision-Making and Profiling: If We were to make decisions about You based solely on automated processing that produces legal or similarly significant effects, You would have the right to obtain human intervention, express Your point of view, and contest the decision (as detailed in Section 5).

Exercising Your Rights: To exercise any of these rights, please contact Us at [email protected] or via the contact details provided in Section 14. We may need to request specific information from You to help Us confirm Your identity and ensure Your right to access Your personal data (or to exercise any of Your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We will respond to all legitimate requests within one month, although this period may be extended by a further two months if Your request is particularly complex or You have made a number of requests.

No Fee Usually Required: You will not usually have to pay a fee to access Your personal data or to exercise any of the other rights. However, We may charge a reasonable fee if Your request is clearly unfounded, repetitive, or excessive. Alternatively, We may refuse to comply with Your request in these circumstances.

Right to Lodge a Complaint: If You are not satisfied with Our response to Your request or believe We are not processing Your personal data in accordance with data protection law, You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. The ICO's contact details are:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire, SK9 5AF
Helpline number: 0303 123 1113
Website: https://www.ico.org.uk

11. Cookies and Similar Technologies

Our Website and Services use cookies and similar technologies (e.g., web beacons, pixels) to distinguish You from other users, to provide a good experience when You browse Our Website or use Our Services, and also to allow Us to improve Our site and Services.

What are Cookies? Cookies are small text files that are placed on Your computer or mobile device by websites that You visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

Types of Cookies We Use:

  • Strictly Necessary Cookies: These are essential for the operation of Our Website and Services, such as enabling You to log into secure areas. Our lawful basis for these is legitimate interest.
  • Analytical/Performance Cookies: These allow Us to recognize and count the number of visitors and to see how visitors move around Our Website and use Our Services. This helps Us to improve the way Our Website and Services work.
  • Functionality Cookies: These are used to recognize You when You return to Our Website or Services and allow Us to personalize Our content for You and remember Your preferences.
  • Targeting/Advertising Cookies (if applicable): These cookies record Your visit to Our Website, the pages You have visited, and the links You have followed. We might use this information to make Our Website and any advertising displayed on it more relevant to Your interests. We may also share this information with third parties for this purpose.

Lawful Basis for Cookies: For strictly necessary cookies, We rely on Our legitimate interests. For all other non-essential cookies (analytical, functionality, targeting), We rely on Your consent, which We will seek via a cookie consent banner or tool when You first visit Our Website or use Our Services.

Managing Your Cookie Preferences: You can manage Your cookie preferences at any time through Our cookie consent management tool (if implemented) or by adjusting Your browser settings. Most web browsers allow some control of most cookies through the browser settings. Please note that if You block all cookies (including strictly necessary cookies), You may not be able to access all or parts of Our Website or Services.

Detailed Cookie Policy: For more detailed information on the specific cookies We use, their purposes, and how You can manage them, please refer to Our separate Cookie Policy available at [https://nexxascreen.com/cookie-policy].

12. Children's Privacy

Our Services are not directed to individuals under the age of 18 ("Children"), and We do not knowingly collect personal data from Children. The recruitment and professional coaching context of Our Services is intended for adults. If We become aware that We have inadvertently collected personal data from a Child without verification of parental consent (where required by law, though Our aim is to avoid such collection altogether), We will take steps to delete that information from Our servers as soon as possible. If You are a parent or guardian and You are aware that Your Child has provided Us with personal data, please contact Us.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in Our practices, technology, legal requirements, or other factors. If We make material changes, We will notify You by email (sent to the email address specified in Your account), by posting a notice on Our Website or Services prior to the change becoming effective, or as otherwise required by applicable law. We will also update the "Effective Date" at the top of this Privacy Policy. We encourage You to review this Privacy Policy periodically for any changes. Your continued use of the Services after any changes to this Privacy Policy take effect will constitute Your acceptance of such changes (subject to any requirements for re-consent for material changes to processing).

14. Contact Us / Data Protection Officer (DPO)

If You have any questions, comments, or concerns about this Privacy Policy, Our data protection practices, or if You wish to exercise Your data protection rights, please contact Us at:

Nexxa Limited
Attn: Data Protection Enquiries
71-75 Shelton Street,
Covent Garden,
London, WC2H 9JQ
United Kingdom
Email: [email protected]

Data Protection Officer (DPO):
We have appointed a Data Protection Officer who is responsible for overseeing questions in relation to this Privacy Policy. Our DPO can be contacted at [email protected] or via the company address above with "FAO: Data Protection Officer" in the subject line.