Applicant Data Handling Policy
This Applicant Data Handling Policy (“Policy”) explains how Data Nucleus Ltd (“we,” “us,” “our”) collects, uses, stores, and protects personal data you provide when registering your interest or applying for positions, in compliance with the GDPR in line with UK and EU Legislation.
1. Data Controller
Data Nucleus Ltd
Contact: data-controller@datanucleus.co.uk
2. Personal Data We Collect
We may collect the following categories of personal data directly from you:
Identity & Contact Data: name, address, email, phone number
Professional Data: LinkedIn Profile, GitHub Profile, Resume, Qualifications and Experience
Additional Data: Submitted by you in the registration form or via email
3. Purposes of Processing
We process your data for the following legitimate recruitment purposes:
To assess your suitability and qualifications for current and future roles
To communicate with you regarding vacancies, interview invitations, assessments, and application status
To manage our talent pool and keep you informed about relevant opportunities
To hire candidates in line with our business and client needs
4. Legal Basis for Processing
Our processing of your personal data is based on the following legal grounds:
Contractual Necessity: to take steps at your request before entering a recruitment contract
Legitimate Interests: to manage recruitment efficiently, build a talent pipeline, and meet business and client requirements
Consent: where we ask for optional diversity or monitoring data
5. Data Sharing
We will not share your personal data with external third parties for recruitment purposes. Internal sharing only occurs on a need-to-know basis among our HR team and hiring managers. Where external service providers (e.g., assessment platforms) are engaged, they act as data processors under EU-approved Standard Contractual Clauses.
6. International Transfers
If any data transfer outside the UK or EU is necessary, we ensure adequate safeguards are in place, such as UK/EU-approved Standard Contractual Clauses or transfer to countries with an adequacy decision.
7. Data Retention
Active Applications: retained for the duration of the recruitment process
Talent Pool Records: if you register your interest but do not apply, we will retain your data for up to 12 months
Withdrawal of Consent: you can request deletion of your data at any time (see Section 9)
8. Your Rights
Under the UK and EU GDPR, you have the right to:
Access your personal data and receive a copy
Rectify inaccurate or incomplete data
Erase your data (“right to be forgotten”)
Restrict or object to processing
Data portability (receive data in a structured, machine-readable format)
Withdraw consent at any time (without affecting processing lawfulness prior to withdrawal)
To exercise any right, contact data-controller@datanucleus.co.uk
9. Security Measures
We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or disclosure, including:
Encryption of data in transit and at rest
Access controls with role-based permissions
Regular security audits and staff training
10. Updates to This Policy
We may update this Policy to reflect legal or operational changes. The latest version will always be posted at https://datanucleus.dev/applicant-data-handling-policy
Data Nucleus Ltd is committed to handling your recruitment data responsibly, to hiring in line with business and client needs, and to full compliance with UK and EU GDPR requirements. If you have any questions or concerns, please reach out to our Data Protection Officer at data-controller@datanucleus.co.uk