Privacy and Cookie Notice

Updated on: October 28, 2025

This privacy notice describes our processing of personal data where we are the Controller; when we are responsible for making decisions about how and why information about you is being processed.  

We also take instructions from our clients when we are processing your information on their behalf, and in those situations we act as their Processor and they are the Controller.  If you are using our messaging system to engage with one of our clients then they will be the Controller and you should contact them directly to find out more about how and why they are processing your information.

This notice covers some general points about our processing activities, including the rights available to you under UK GDPR.  There are then links to supplementary notices which describe the specific processing of your information if you are a job applicant, a contact at one of our suppliers or corporate clients, one fo our investors, an end-user customer using our app,  or simply a visitor to our website.

Who are we?

We are Nivo Solutions Limited (Nivo), a company registered in England, registration number: 10744928, registered office address 44 Chapel Lane, Wilmslow, Cheshire, England, SK9 5HZ.

We are registered as a Data Controller with the Information Commissioner’s Office (ICO – the UK’s regulator for data protection), registration number ZA325306.

We have appointed a Data Protection Officer, GDPR Assist UK Ltd, who can be contacted directly by emailing DPO@nivohub.com 

Why are we processing your information?

Our reasons for processing information about you vary depending on who you are and the nature of our relationship with you. We must have a valid lawful basis for processing your information, and the above links include details of which basis applies in each situation.  The most common lawful bases we use are:

  • Performance of a contract: where we need to perform the contract we have with you personally, or are taking the steps necessary to enter into a potential contract,
  • Legitimate interests: where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Legitimate interests means the interest of our business in conducting and managing our business to enable us to give you the best service and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). 
  • Legal obligation: where we need to comply with a legal obligation we have to ensure compliance with UK legislation,
  • Consent: where we ask your permission to process your information, and where you are free to change your mind and withdraw your consent at any time.

The individual notices also include details of any Special Category or criminal offence data we process and our reasons for doing so.  Special Category Data include information about your race or ethnicity, religious, political or philosophical beliefs, health, genetic and biometric identity information, or information about your sexuality.  

Where we need to collect personal data because of a legal obligation we have, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a service you have with us, but we will notify you if this is the case at the time. 

 Your Rights

You have a number of rights relating to the processing of your data, if you would like to use them or have any questions then please contact us.

We won’t charge you for doing any of the following, however we may make a charge in the case of frequent repeat or unfounded requests.

  • Awareness:  You have the right to be fully informed about why and how we process your information.  This privacy notice is intended to meet that requirement, but please do contact us if you have any questions.  If we obtain your personal data from a third party (e.g. a social media platform or recruitment platform) then we will tell you where we have obtained your information from,
  • Access:  You have the right to a copy of the data we hold about you,
  • Rectification:  If you think some of the data we hold is wrong then you have the right to ask us to correct it,
  • Erasure:  You have the right to ask us to delete the data we hold about you.  Where we are holding the data to fulfil a contract with you or your organisation, to support our legitimate interests or to meet our legal obligations,  then we will need to retain the data in accordance with the data retention requirements shown in the individual applicable notice,
  • Restriction:  You have the right to ask us to restrict the processing of personal data whilst we check its accuracy, if you think the processing is unlawful, if you believe we no longer need to process the data but you need us to store it due to pending legal claims, or when you object to our processing based upon our legitimate interests and we are assessing the validity of that,
  • Object:  Where we are processing your personal data based upon our legitimate interests you have the right to object to that.  If your objection is valid (for instance in the case of any direct marketing activity) then we will stop processing your personal data for that purpose.  If we do not agree with your objection then we will tell you our reasons for not doing so,
  • Data portability:  You can request a copy of your data in a digital format which you can then supply to another provider when we are processing your personal data under the lawful basis of performing a contract with you or because we have your consent,
  • Automated decisions and profiling:  You have the right, in certain circumstances, not to be subject to decisions based on automated processing (including profiling) if it has a significant or legal impact on you.  This doesn’t apply if the processing is necessary to fulfil a contract with you, or if you have given us your consent to do so.  You are always entitled to a clear explanation of how any automated decisions are made, and to ask us to manually review them.
Sharing your Information

We may share your personal data with:

  1. Service providers acting as our processors who provide IT and system administration services,
  2. Where you are an end-user of the app, with our customers with whom you interact, and with your consent,
  3. Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services,
  4. HM Revenue & Customs, regulators and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances,
  5. Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Some of our service providers are not based in the UK, and we must ensure that we have an appropriate lawful mechanism in place to protect your rights under UK GDPR.  The following link lists the main service providers we use, where they are based and the lawful mechanism used to protect your rights:

Our sub-processors

How do we keep your data secure?

We take sensible steps to keep your data secure and ensure we can uphold your rights and meet our obligations under UK GDPR:

  • All data sent between your browser and our website are encrypted in transit,
  • Access to personal data is role based:  only those members of staff with a legitimate need will have access,
  • Systems are password protected and multi-factor authentication is enabled where available,
  • We ensure that appropriate contracts are in place with our suppliers who process your personal data to protect your rights, to ensure that they take appropriate security measures to safeguard your data, and that any international transfers are done correctly under UK GDPR,
  • Our employees are all subject to an obligation of confidentiality, and receive training on data protection matters,
  • We utilise appropriate technical and organisational measures to optimise the security of your personal data,
  • We maintain ISO 27001 certification
Making a complaint

You have the right to complain about data protection matters, we will:

  • Acknowledge the complaint within 30 days beginning the day after the complaint is received,
  • Make enquires into the subject matter of the complaint,
  • Inform you about the progress of the complaint,
  • Respond within a reasonable amount of time.

Please contact us at the above address. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) on their helpline 0303 123 1113 or online at www.ico.org.uk,  although they will normally ask you to contact us first.