top of page

Privacy Policy

Last Updated: 05 December 2025

Introduction

At Nimble Global Ltd (“Nimble Global,” “we,” “our,” or “us”), we prioritize the privacy and security of our users worldwide, particularly in relation to our audit and compliance services. We are the data controller responsible for the personal data collected through our websites and related digital platforms.


This Privacy Notice applies globally, with specific provisions for the United Kingdom, the European Union, the European Economic Area, Switzerland, and California, and governs data interactions on:

  • nimbleglobal.com

  • Individual client-specific audit and compliance portals

 

Our objective is to provide a secure user experience where personal data protection is paramount and its use is limited to necessary, clearly defined purposes.

Nimble’s Commitment

  • Data Collection: We collect only the personal data required to deliver our specialized audit and compliance services, meet contractual and legal obligations, and operate our business responsibly.

  • Data Accuracy: We maintain procedures to ensure that all personal data is accurate, current, and relevant to our purposes.

  • Data Protection: Our team is trained in global data-protection principles and supported by robust technical and organizational safeguards to prevent unauthorized access, alteration, or loss.

  • Disclosure Limitation: We share personal data only as outlined in this Notice or where legally required, contractually necessary, or expressly consented to.

 

Information We Collect

We may collect personal data such as your name, contact details, company, role, and usage data when you interact with our sites or services. This information helps us provide, improve, and personalize our audit and compliance offerings.

 

Legal Basis for Processing (UK GDPR / EU GDPR)

We process your personal data on one or more of the following legal bases:

  • Consent: When you have provided explicit consent for a specific purpose.

  • Contract: When processing is necessary to perform a contract with you or to take steps before entering a contract.

  • Legal Obligation: When processing is necessary to comply with law.

  • Legitimate Interests: When processing is necessary for our legitimate interests or those of a third party, provided these do not override your rights and freedoms.

 

Why We Process Your Data

Your data enables us to perform thorough audits, monitor compliance performance, and ensure adherence to applicable laws and client standards.

How We Share Your Data

  • Within Nimble: Shared securely to enable integrated audit and compliance services.

  • Service Providers: Third-party vendors under contract and strict confidentiality.

  • Legal Requirements: Where required by law, court order, or regulator.

  • Protection of Interests: When necessary to protect the rights, property, or safety of Nimble Global, our clients, or others.

  • Business Transitions: In case of mergers, acquisitions, or restructuring, provided equivalent protections remain in place.

  • With Your Consent: For any sharing not covered above.

 

Children’s Data

Our services are not directed to individuals under 18. We do not knowingly collect data from minors. If we learn we have done so, we will promptly delete it. Please contact dataprotection@nimbleglobal.com if you believe we hold such data.

 

Automated Decision-Making and Profiling

We do not engage in automated decision-making that produces legal or similarly significant effects. If this changes, we will notify users and explain the logic and consequences involved.

 

Cookies and Similar Technologies

A cookie is a small file placed on your device to improve website functionality and user experience.

How we use cookies

  • Analyze site traffic and usage trends (via Google Analytics).

  • Recognize returning visitors and remember preferences.

  • Prevent repeat display of pop-ups or banners once dismissed.

Cookie categories

  • Essential cookies – Required for site functionality and security.

  • Analytics cookies – Help us understand usage and improve design.

  • Preference cookies – Store user choices such as language or display settings.

 

You can manage or disable cookies through your browser settings or our on-site Cookie Consent Manager. Blocking cookies may affect certain website functions.

 

Data Security

We employ encryption, secure servers, and continuous monitoring to protect your data.
Our practices align with the principle of security by design and include:

  • Regular vulnerability assessments

  • Access controls and authentication protocols

  • Incident response and breach-notification procedures consistent with ICO guidance

 

Data Protection Impact Assessments (DPIAs)

We conduct DPIAs for high-risk processing (e.g., new technologies, large-scale monitoring, or sensitive-data projects) to identify, assess, and mitigate privacy risks proactively.

 

Privacy by Design and Default

We integrate privacy into the conception and operation of all systems and services by:

  • Embedding data-protection controls at the design stage

  • Limiting collection to data essential for stated purposes

  • Ensuring transparency and user control wherever feasible

 

International Data Transfers

Our global operations may require transferring personal data outside the UK or EEA. We ensure equivalent protection by using:

  • UK-approved Standard Contractual Clauses (SCCs) or the UK Addendum to EU SCCs;

  • Adequacy decisions from the UK Government or European Commission; or

  • Other appropriate safeguards where legally recognized.

Where data is transferred to the United States, we rely on valid transfer mechanisms such as the UK-US Data Bridge or EU-US Data Privacy Framework (if certified).

 

Data Retention

We retain personal data only as long as necessary for the purposes collected and as required by legal, regulatory, tax, or contractual obligations. Retention periods are reviewed periodically and minimized wherever possible.

 

Your Rights Under UK / EU GDPR

You have the following rights:

  • To be informed

  • To access your data

  • To correct inaccuracies

  • To request deletion (“right to be forgotten”)

  • To restrict processing

  • To data portability

  • To object to processing

  • To rights related to automated decision-making

To exercise any right, email dataprotection@nimbleglobal.com. We may verify your identity before responding and aim to reply within one month.

 

Your Rights Under CCPA / CPRA (California Residents)

  • Right to Know: Request details of data collected, sources, and sharing.

  • Right to Delete: Ask us to delete personal data (subject to legal exceptions).

  • Right to Opt-Out: We do not sell personal data, but you may opt out of data-sharing for targeted advertising if ever applicable.

  • Right to Non-Discrimination: We will not deny goods, services, or pricing based on your privacy choices.

  • Right to Appeal: If we deny your request, you may appeal by contacting dataprotection@nimbleglobal.com.

Authorized agents may act on behalf of California residents when verified through appropriate documentation.

 

Third-Party Links

Our websites may include links to external sites. Nimble Global is not responsible for their content or privacy practices. We encourage reviewing their policies before providing any information.

 

Updates to This Notice

We may update this Notice periodically. When material changes occur, we will:

  • Display a prominent banner on our website,

  • Email affected users (if applicable), or

  • Request acknowledgment before continued use of our services.

The “Last Updated” date above reflects the latest version.

 

Contact Us

For questions, concerns, or to exercise your rights:
Email: dataprotection@nimbleglobal.com
Post: Data Protection Officer, Nimble Global Ltd, 74-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom

EU Representation:
Nimble Global Ltd complies with the requirements of the UK GDPR and will appoint an EU representative under Article 27 of the EU GDPR where applicable.

 

Complaints

If you are unsatisfied with our response, you may lodge a complaint with:
Information Commissioner’s Office (ICO)
https://ico.org.uk/make-a-complaint/

 

You may also contact your local supervisory authority if you are based in the EU / EEA / Switzerland.

 

Additional Information

Our Global Data Protection Policy and GDPR Data Protection Policy are available upon request.
Please contact dataprotection@nimbleglobal.com to obtain copies.

bottom of page