Applicant Data Handling Policy

This Applicant Data Handling Policy (“Policy”) explains how Data Nucleus Ltd (“we,” “us,” “our”) collects, uses, stores, and protects personal data you provide when registering your interest or applying for positions, in compliance with the GDPR in line with UK and EU Legislation.

1. Data Controller

Data Nucleus Ltd
Contact: data-controller@datanucleus.co.uk

2. Personal Data We Collect

We may collect the following categories of personal data directly from you:

  • Identity & Contact Data: name, address, email, phone number

  • Professional Data: LinkedIn Profile, GitHub Profile, Resume, Qualifications and Experience

  • Additional Data: Submitted by you in the registration form or via email

3. Purposes of Processing

We process your data for the following legitimate recruitment purposes:

  • To assess your suitability and qualifications for current and future roles

  • To communicate with you regarding vacancies, interview invitations, assessments, and application status

  • To manage our talent pool and keep you informed about relevant opportunities

  • To hire candidates in line with our business and client needs

4. Legal Basis for Processing

Our processing of your personal data is based on the following legal grounds:

  • Contractual Necessity: to take steps at your request before entering a recruitment contract

  • Legitimate Interests: to manage recruitment efficiently, build a talent pipeline, and meet business and client requirements

  • Consent: where we ask for optional diversity or monitoring data

5. Data Sharing

We will not share your personal data with external third parties for recruitment purposes. Internal sharing only occurs on a need-to-know basis among our HR team and hiring managers. Where external service providers (e.g., assessment platforms) are engaged, they act as data processors under EU-approved Standard Contractual Clauses.

6. International Transfers

If any data transfer outside the UK or EU is necessary, we ensure adequate safeguards are in place, such as UK/EU-approved Standard Contractual Clauses or transfer to countries with an adequacy decision.

7. Data Retention

  • Active Applications: retained for the duration of the recruitment process

  • Talent Pool Records: if you register your interest but do not apply, we will retain your data for up to 12 months

  • Withdrawal of Consent: you can request deletion of your data at any time (see Section 9)

8. Your Rights

Under the UK and EU GDPR, you have the right to:

  • Access your personal data and receive a copy

  • Rectify inaccurate or incomplete data

  • Erase your data (“right to be forgotten”)

  • Restrict or object to processing

  • Data portability (receive data in a structured, machine-readable format)

  • Withdraw consent at any time (without affecting processing lawfulness prior to withdrawal)

To exercise any right, contact data-controller@datanucleus.co.uk

9. Security Measures

We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or disclosure, including:

  • Encryption of data in transit and at rest

  • Access controls with role-based permissions

  • Regular security audits and staff training

10. Updates to This Policy

We may update this Policy to reflect legal or operational changes. The latest version will always be posted at https://datanucleus.dev/applicant-data-handling-policy

Data Nucleus Ltd is committed to handling your recruitment data responsibly, to hiring in line with business and client needs, and to full compliance with UK and EU GDPR requirements. If you have any questions or concerns, please reach out to our Data Protection Officer at data-controller@datanucleus.co.uk