Nuvance Digital

Privacy Policy

How we collect, use, and protect your personal data

Last Updated: October 2025

1. Introduction

Nuvance Digital ("Nuvance Digital," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and safeguard your personal data when you interact with us, including via our website.

Nuvance Digital is a UK-based digital transformation consultancy specializing in intelligent automation, AI strategy and governance, and operational intelligence solutions for healthcare and complex operational environments. We are registered with the UK Information Commissioner's Office (ICO) under the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR).

2. Information We Collect

We may collect and process the following types of personal data:

2.1 Information You Provide Directly

  • Contact Details: Name, email address, phone number, job title, and company name when you contact us, request services, or subscribe to our insights
  • Professional Information: Business information, project requirements, and organizational details when engaging with our services
  • Communication Data: Information contained in correspondence, feedback, consultation notes, and meeting records
  • Service Delivery Data: Information necessary to deliver our advisory, strategy, and consulting services

2.2 Information Collected Automatically

  • Technical Data: IP address, browser type, device information, operating system, and referring URLs
  • Usage Data: Pages visited, time spent on pages, click patterns, and navigation paths through our website
  • Cookies and Tracking: Data collected through cookies and similar technologies (see Cookie Policy section)

3. How We Use Your Data

We use your personal data for the following purposes:

  • Service Delivery: To provide consulting, advisory, and strategic services as requested
  • Communication: To respond to inquiries, provide information, and maintain client relationships
  • Business Development: To send relevant insights, updates, and information about our services (with your consent)
  • Contract Management: To manage contracts, invoicing, and project delivery
  • Website Improvement: To analyze usage patterns and improve our website functionality and user experience
  • Legal Compliance: To comply with legal obligations and protect our legal rights
  • Security: To maintain the security and integrity of our systems and services

4. Legal Basis for Processing

We process personal data based on one or more of the following legal grounds under UK GDPR:

  • Consent: Where you have given clear consent for specific processing activities
  • Contract: Where processing is necessary to fulfill a contract with you or take steps at your request
  • Legal Obligation: Where we must process data to comply with legal requirements
  • Legitimate Interests: Where processing is necessary for our legitimate business interests, balanced against your rights and interests

5. Data Sharing and Disclosure

We do not sell or rent personal data. However, we may share data with:

  • Service Providers: Trusted third-party providers who support our operations (e.g., cloud hosting, email services, analytics platforms)
  • Professional Advisors: Lawyers, accountants, and consultants when necessary for business operations
  • Technology Partners: Partners who assist in delivering our services, subject to appropriate data processing agreements
  • Legal Authorities: When required by law, regulation, or legal process
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, subject to confidentiality obligations

All third parties are required to maintain appropriate security measures and process data only as instructed.

6. International Data Transfers

If we transfer personal data outside the UK or European Economic Area (EEA), we ensure it is protected under appropriate safeguards, including:

  • UK Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the UK Government
  • Other legally approved transfer mechanisms

7. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy or as required by law. Retention periods vary depending on:

  • The nature of our relationship with you
  • Legal and regulatory requirements
  • The purposes for which data was collected
  • Whether you have objected to processing or withdrawn consent

Typically, we retain:

  • Client data: For the duration of the engagement plus 6-7 years for legal and tax purposes
  • Inquiry data: For up to 2 years if no engagement proceeds
  • Marketing data: Until you withdraw consent or unsubscribe

8. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data in certain circumstances
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
  • Right to Lodge a Complaint: Contact the ICO if you have concerns about our data practices

To exercise any of these rights, please contact us using the details in Section 11.

9. Security Measures

We implement robust technical and organizational security measures to protect personal data, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and penetration testing
  • Employee training on data protection and security
  • Secure backup and disaster recovery procedures
  • Incident response and breach notification protocols

While we take all reasonable steps to protect your data, no method of transmission over the internet is completely secure. We cannot guarantee absolute security.

10. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance functionality and analyze usage. Cookies are small text files stored on your device that help us:

  • Remember your preferences and settings
  • Understand how visitors use our website
  • Improve website performance and user experience
  • Deliver relevant content and communications

Types of Cookies We Use

  • Essential Cookies: Necessary for website functionality
  • Analytics Cookies: Help us understand website usage patterns
  • Functional Cookies: Remember your preferences and settings
  • Marketing Cookies: Track visits across websites to deliver relevant advertising (with consent)

You can control and manage cookies through your browser settings. Disabling cookies may affect website functionality. Most browsers allow you to:

  • View and delete cookies
  • Block all or specific cookies
  • Receive notifications when cookies are set

11. Contact Information and Complaints

Data Controller

Nuvance Digital

Email: [email protected]

Website: www.nuvancedigital.co.uk

If you have questions, concerns, or wish to exercise your data protection rights, please contact us using the information above.

Making a Complaint

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Information Commissioner's Office (ICO)

Website: www.ico.org.uk

Helpline: 0303 123 1113

Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

12. Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or business operations. When we make significant changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you via email if you are an active client or subscriber
  • Post prominent notice on our website for material changes

We encourage you to review this Privacy Policy regularly to stay informed about how we protect your data.

13. Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately, and we will take steps to delete such information.

14. Third-Party Links

Our website may contain links to third-party websites, services, or resources. This Privacy Policy applies only to Nuvance Digital. We are not responsible for the privacy practices of third-party sites and encourage you to review their privacy policies.