Privacy Notice

Last updated - 27 July 2021

1. Introduction and General Terms

1.1. These terms apply to the services offered by Nowhere Group Limited (“nowhere” / “we” / “us”). Our registered office is at 6 Lichfield Street, Burton-on-Trent, Staffordshire, DE14 3RD, United Kingdom. We are a company registered in England, with company number 04189963.

1.2. This Privacy Notice applies and has effect in respect of all services made available by us, including websites, applications, online trainings (together the “Online Services”) and in-person workshops. Together the Online Services and in-person workshops are collectively known as the (“Services”).

1.3. We are committed to protecting and respecting your privacy. The Privacy Notice explains the basis on which personal information we collect from you will be processed by us or on our behalf. Where we decide the purpose or means for which personal data you supply through these Services is processed, we are the “data controller.” We will comply with all applicable data protection laws, including the Data Protection Act 1998 and the General Data Protection Regulation ((EU) 2016/679).

1.4. In some instances, we may be a joint data controller, with your employer or the business that engages you and which has made our Services available to you (the “Principal”). If you would like to know more about how the Principal makes use of your personal data, please ask to see their privacy notice.

1.5. Please read this Privacy Notice carefully as it contains important information about the following:

1.5.1. What information we may collect about you

1.5.2. How we will use information we collect about you;

1.5.3. Whether we will disclose your details to anyone else;

1.5.4. Your choices and rights regarding the personal information you have provided to us.

1.6. When accessing our Online Services, this Privacy Notice should be read in conjunction with:

1.6.1. The EULA Agreement, which can be found at https://now-here.com/support/eula

1.6.2. The Cookie Policy, which can be found at https://now-here.com/support/cookie-policy

1.7. The Online Services may contain hyperlinks to services owned and operated by third parties. These third party services may have their own privacy notices and we recommend that you review them. They will govern the use of personal information that you submit, or which is collected by cookies and other tracking technologies whilst using these services. We do not accept any responsibility or liability for the privacy practices of such third party services and your use of these is at your own risk.

1.8. We may make changes to this Privacy Notice in future, which will be posted on this page. You should check this page from time to time to ensure you are aware of any changes. Where appropriate we may notify you of changes through the Online Services.

2. Information we may collect about you

2.1. When you use our Services we collect and process the following information which may include your personal data.

2.1.1. Information provided by you when using the Services (“Principal Information”). We will collect any information you submit to us through our Online Services, whilst attending in-person workshops, and all data provided by you in the general use of our Services.

2.1.2. Information collected for the purposes of providing analytics (“Analytics”). We may collect technical information about your use of the Online Services through the use of tracking technologies and analytics.

3. Why we collect information about you

3.1. To provide our Services to you. We will use information about you (including Principal Information and Analytics) for delivering our Services to you under the terms of use agreed between us and the Principal. The processing of information in this way is necessary for us to deliver online trainings and in-person workshops, record your progress and current status within the Online Services, and to ensure the Online Services deliver the features promised and function properly, so that you have the optimal experience.

3.2. When relevant, and when it does not have a negative impact on the data subject, privacy settings will be set to the most private by default.

3.3. To help us improve the Online Services and fix any problems. We may process Analytics so that we can analyse and improve our Online Services. This processing is also necessary for us to pursue our legitimate interests of (i) ensuring that our Online Services function properly so that you and other users have the best experience when using any of our Online Services; (ii) improving the quality of our Online Services, and providing a better experience to our users; (iii) identifying and correcting any bugs in the Online Services.

3.4. For digital marketing analytics. We use your data with third party marketing tools to better understand the impact of our marketing campaings on conversion rates, and to create customer profiles and audiences in order to reach new customers. We process Analystics to gain insights into the effectiveness of our marketing strategy across the various different platforms (e.g., social media vs email marketing) to keep existing customers engaged and to reach new target audiences.

4. Data Sharing

4.1. We will share your information with third parties only in the ways that are described in this Privacy Notice.

4.1.1. Principals: We are engaged by Principals to provide services to them. You may have submitted Principal Information to us as part of our delivery of that service. We will share that data with the Principal in accordance with any agreements we have entered with the Principal.

4.1.2. Group members, personnel, suppliers or subcontractors: We keep your information confidential, but may disclose it to any member of our group (which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the Companies Act 2006), our personnel, suppliers or subcontractors insofar as it is reasonably necessary for the purposes set out in this Privacy Notice. However, this is under strict contractural control to ensure that they do not make independent use of the information, and they are audited to ensure high standards of IT security to safeguard your data.

4.1.3. Merger or acquisition: If we are involved in a merger, acquisition, or sale of all or a portion of our assets, we may disclose Analytics to the acquiring or merging entity.

4.1.4. Required by law: In addition, we may disclose your information to the extent that we are required to do so by law (which may include to government bodies and law enforcement agencies); in connection with any legal proceedings or prospective legal proceedings; and in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention).

4.1.5. Enforcement: We may also disclose your personal information to third parties in order to enforce or apply the terms of agreements, to investigate potential breaches, or to protect the rights, property or safety of nowhere, our customers, or others.

5. Your rights in relation to your personal data which we process

5.1. You have the following rights over the way we process personal data relating to you, as set out in the table below. We aim to comply without undue delay, and within one month at the latest.

5.1.1. Ask for a copy of data we are processing about you and have inaccuracies corrected. You have the right to request a copy of the personal information we hold about you and to have any inaccuracies corrected. We will use reasonable efforts to the extent required by law to supply, correct or delete personal information held about you on our files (and with any third parties to whom it has been disclosed to).

5.1.2. Object to us processing data about you. You can ask us to restrict, stop processing, or to delete your personal data if:

• you consented to our processing the personal data, and have withdrawn that consent;

• we no longer need to process that personal data for the reason it was collected;

• we are processing that personal data because it is in the public interest or it is in order to pursue a legitimate interest of nowhere or a third party, you don’t agree with that processing, and there is no overriding legitimate interest for us to continue processing it;

• the personal data was unlawfully processed;

you need the personal data to be deleted in order to comply with legal obligations;

• the personal data is processed in relation to the offer of a service to a child.

5.1.3. Obtain a machine readable copy of your personal data, which you can use with another service provider. If we are processing data in order to perform our obligations to you, or because you consented, if that processing is carried out by automated means, we will help you to move, copy or transfer your personal data to other IT systems. If you request, we will supply you with the relevant personal data in CSV format. Where it is technically feasible, you can ask us to send this information directly to another IT system provider if you prefer.

5.2. To make a request, please let us know by sending an email to support@now-here.com.

6. Data Retention

6.1. We will hold your personal information on our systems for as long as is necessary for the relevant Service, or as otherwise described in this Privacy Notice.

7. Children

7.1. We do not use our Services to knowingly solicit information from or market to children under the age of 13. Our terms of use prohibit users aged under 13 years from accessing our Services. In the event that we learn that we have collected personal information from a child under 13 years of age we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13 years of age, please contact us at support@now-here.com.

8. Security

8.1. We will take all reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. For example, our databases are password protected and limited to essential employees only (such as nowhere management or employees whose main role requires system access).

8.2. Please be aware that, although we endeavour to provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.

9. International Data Transfers

9.1. Our servers are located in Ireland.

9.2. It is possible that your personal information may be transferred outside of the EU by the Principal. We recommend that you refer to the privacy notices and/or terms and conditions of the Principal if you are concerned about your data being transferred outside the EU.

9.3. Where we transfer your information outside of the EU, we have agreements in place with those parties which include standard data protection clauses adopted by a data protection regulator and approved by the European Commission to ensure that appropriate safeguards are in place to protect your personal data. If you would like to find out more about these safeguards, please let us know by writing to support@now-here.com.

10. Contact Information

10.1. All questions, comments or enquiries should be directed to nowhere at support@now-here.com. We will endeavour to respond to any query or questions within 2 business days.