This version is effective from: December 2023
This Privacy Notice (“Privacy Notice”) sets out how Niya processes your personal data in connection with our business, including the provision of our platform at https://niya.ai/ (“Site”) and the services we offer through our Site (together, our “Service”).
We will update this Privacy Notice from time to time to reflect any changes or proposed changes to our use of your personal data, or to comply with changes in applicable law or regulatory requirements. We may notify you by email of any significant changes to this Privacy Notice, but we encourage you to review this Privacy Notice periodically to keep up to date on how we use your personal data. If we update this Privacy Notice, we will update the effective date at the top of the page.
Your access to and use of our Service, including your profile, is subject at all times to our Terms and Conditions.
This Privacy Notice explains our approach to any personal data that we might collect from you or which we have obtained about you from a third party, and the purposes for which we process your personal data. This Privacy Notice also sets out your rights in respect of our processing of your personal data.
Our Service is made available by Niya Network Limited (“Niya”, “we”, “us, “our”). Niya is the data controller responsible for your personal data. Niya is an English company (No: 13056558) with its registered office at 8 Pember Road, London, NW10 5LP.
If you have any questions about this Privacy Notice or want to exercise your rights as a data subject set out in this Privacy Notice, you can contact us using the following methods:
On Site - Contact us using our Enquiry Form.
Email - Send us an email at: firstname.lastname@example.org.
Post - Write to us at: 8 Pember Road, London, NW10 5LP
In providing our Service, we may collect and process different types of personal data about you for different processing purposes. The types of personal data we collect depends on who you are and how you use our Service and includes the following:
Identity Data: First name; last name.
Contact Data: Address; email address; social media handle.
Registration Data: First name; last name; date of birth; gender; country of residence; company; job title; employment status; qualifications; skillset; Resume/CV; any other personal data that you may provide when you register an account with us.
Transaction Data: Details about payments made between you and us; details about your use of the Service.
Profile Data: Account username; password; profile picture; purchase details; interests and preferences; contact preferences; employment history and/or professional experience; references; skillset; social media handle; website and/or portfolio details; the content of any messaging you send using any Enquiry Form and/or chat function on our Service; details of any employment matches via the Service.
Technical Data: IP address; browser type and operating system; geolocation, to ensure we’re showing you the correct notices and information; any other unique numbers assigned to a device.
Marketing and Communications Data: Marketing preferences; service communication preferences.
We collect and receive personal data using different methods:
Personal data you provide to us: You may give us your personal data directly, for example, when you submit an application to register for an account and create a profile on our Service, contact us with enquiries, complete forms or upload information to our Service, send messages using the chat function on our Service, subscribe to receive our marketing communications or provide feedback to us.
Personal data we collect using cookies and other similar technologies: When you access and use our Service, we will collect certain Behavioural Data and Technical Data. We collect this personal data by using cookies and other similar technologies (see the “Insight, analysis and retargeting through Cookies” section below).
We collect and process personal data from the following people:
Service visitors: Client Users, Candidate Users and any other (non-registered) user of Niya who visits or interacts with our Service.
Client User: A user that accesses Niya on behalf of one of our clients that are seeking to find and/or engage Candidate Users via our Service.
Candidate User: A user that accesses our Service in connection with the supply or potential supply and use of services to or from our clients.
People who contact us with enquiries: If you contact us with an enquiry through our Service or otherwise, we will collect and process your personal data in connection with your interaction with us and our Service.
Visitors to our physical locations: If you attend one of our physical offices or other locations, we may process personal data that you volunteer in connection with your visit and any enquiries you make. CCTV footage may also be collected for security purposes.
Event attendees: If you attend one of our events, we will process personal data about you in connection with your attendance at the event. For example, we may ask you to complete a registration or feedback form, or other document relating to the event.
Job and training applicants: If you apply for a job or training programme with us, we will collect and process your personal data in connection with your application.
Our legal basis for processing
We rely on our legitimate interests, as well as those of our clients, as the legal basis for the collection and use of your personal data. Our primary objective is to deliver high-quality services to both our clients and candidates through the effective operation of Niya. This involves ensuring that the platform is used by candidate users who meet the general suitability criteria for our service. Additionally, our aim is to provide seamless access to Niya in an efficient manner.
By leveraging this legal basis, we are committed to maintaining the integrity and purposeful use of personal data to uphold the standards of our services. This approach not only protects the interests of both parties involved but also facilitates the optimal functionality of our platform.
Where we are required by law to collect your personal data, or we need to collect your personal data under the terms of a contract we have with you, and you fail to provide that personal data when we request it, we may not be able to perform the contract we have or are trying to enter into with you. This may apply where you do not provide the personal data we need in order to provide the Services you have requested from us or to process an application to register an account. In these circumstances, we may have to cancel your application or the provision of the relevant Services to you, in which case we will notify you.
Where our use of your personal data requires consent, you can provide such consent at the time we collect your personal data following the instructions provided.
This Privacy Notice only applies to personal data processed by us through your use of our Service and/or in connection with our business operations. However, from time to time, our Service may contain links to third-party websites and services. We have no control over these websites and services and this Privacy Notice does not apply to your interaction with the relevant third parties.
When you use a link to go from our Service to another website (even if you don’t leave our Service) or you request a service from a third party, your browsing and interactions on any other websites, or your dealings with any other third-party service provider, is subject to that website’s or third-party service provider’s own rules and policies. For example, our Service invites you to connect with us on social media platforms such as Facebook and Instagram. When you click on the links we provide to such third-party platforms, you will be transferred from our Service to the relevant third-party platform and the privacy notice (and other terms and conditions) of that platform will apply to you.
We do not monitor, control or endorse the privacy practices of any third parties. We encourage you to become familiar with the privacy practices of every website you visit or third-party service provider that you use in connection with your interaction with us and to contact them if you have any questions about their respective privacy notices and practices.
We only share personal data with others when we are legally permitted to do so. When we share personal data with others, we put contractual arrangements and security mechanisms in place to protect the personal data shared and to comply with our data protection, confidentiality and security standards and obligations. For more information see below.
When processing your personal data, we may need to share it with third parties, as set out in the table below. This list is non-exhaustive and there may be circumstances where we need to share personal data with other third parties.
Clients: Where you are a Candidate User, we may share your personal data with our clients.
Payment providers and banks: We share personal data with third parties who assist us with the processing of payments and refunds.
Event partners and suppliers: When we run events, we will share your personal data with third-party service providers that are assisting us with the operation and administration of that event. If we are running an event in partnership with other organisations, we will share your personal data with such organisations for use in relation to the event.
Auditors, lawyers, accountants and other professional advisers: We share personal data with professional services firms who advise and assist us in relation to the lawful and effective management of our organisation and in relation to any disputes we may become involved in.
Law enforcement or other government and regulatory agencies and bodies: We share personal data with law enforcement or other government and regulatory agencies or other third parties as required by, and in accordance with, applicable law or regulation.
Other third parties: Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, or to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.
Where necessary in order to provide our Service, we will transfer personal data to countries outside the UK and the EEA.
Non-EEA countries do not have the same data protection laws as the UK and the EEA. In particular, non-EEA countries may not provide the same degree of protection for your personal data, may not give you the same rights in relation to your personal data and may not have a data protection supervisory authority to help you if you have any concerns about the processing of your personal data. However, when transferring your personal data outside the UK or the EEA, we will comply with our legal and regulatory obligations in relation to your personal data, including having a lawful basis for transferring personal data and putting appropriate safeguards in place to ensure an adequate level of protection for the personal data. We will take reasonable steps to ensure the security of your personal data in accordance with applicable data protection laws. For more information see below.
When transferring your personal data outside the UK or the EEA, we will, where required by applicable law, implement at least one of the safeguards set out below. Please contact us if you would like further information on the specific mechanisms used by us when transferring your personal data outside the UK or the EEA.
Adequacy decisions: We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK government and/or European Commission.
Standard Contractual Clauses: Where we use certain service providers, we may use specific contracts approved by the ICO and/or the European Commission which give personal data the same protection it has in Europe.
In respect of personal data that we process in connection with the supply of our Service, we may retain your personal data for up to six years from the date of supply of the Service and in compliance with our data protection obligations. We may then destroy such files without further notice or liability.
Where we process personal data in connection with your registration as a Candidate or Client User, we may retain your personal data for as long as you are registered as a Candidate or Client User and for the purposes described in this Privacy Notice (in particular the purposes described in the Use of Our Service by Candidate and Client Users section as long as reasonably necessary to comply with any contract we may have with you or so that we can introduce you to opportunities in the future that we think might be of interest to you (and in compliance with our data protection obligations). We may then destroy such files without further notice or liability.
Where we process any other personal data, we will retain relevant personal data for up to three years from the date of our last interaction with you (and in compliance with our data protect obligations). We may then destroy such files without further notice or liability.
If any personal data is only useful for a short period (e.g. for a specific activity, promotion or marketing campaign), we will not retain it for longer than the period for which it is used by us.
If you have opted out of receiving marketing communications from us, we will need to retain certain personal data on a suppression list indefinitely so that we know not to send you further marketing communications in the future. However, we will not use this personal data to send you further marketing unless you subsequently opt back in to receive such marketing.
We are committed to keeping the personal data you provide to us secure and we have implemented information security policies, rules and technical measures to protect the personal data under our control from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss. In addition, all our employees and data processors (i.e. those who process your personal data on our behalf) are obliged to respect the confidentiality of the personal data of all users of our Service.
Our Service is not intended for use by, or targeted at, minors (individuals under the age of 18) and we do not knowingly collect personal data of minors.
If you are under the age of 18, you must not use our Service and you must not provide us with any personal information. If we discover that we are holding the personal data of a minor, we will delete that information as soon as possible. Please contact us if you have reason to believe that a minor may have submitted personal data to us (see the “How to Contact Us” section above).
You have certain rights in relation to the personal data we hold about you. These rights include the right: (i) to obtain copies of your personal data; (ii) to have your personal data corrected or deleted; (iii) to limit the way in which your personal data is used; (iv) to object to our use of your personal data; (v) to transfer your personal data; (vi) not to be subject to decisions based on automated processing (including profiling); and (vii) to complain to a supervisory authority. If you would like to exercise any of these rights, please contact us using the details set out in the “How to Contact Us ” section above. For more information, see below.
Your right of access: If you ask us, we will confirm whether we are processing your personal data and, if so, provide you with a copy of that personal data (along with certain other details). If you require additional copies, we may charge a reasonable fee for producing those additional copies.
Your right to rectification: If the personal data we hold about you is inaccurate or incomplete, you are entitled to have it rectified. If we have shared your personal data with others, we’ll let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you who we’ve shared your personal data with so that you can contact them.
Your right to erasure: You can ask us to delete or remove your personal data in some circumstances, such as where we no longer need it or where you withdraw your consent (where applicable). If we have shared your personal data with others, we will let them know about the erasure where possible. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your personal data with so that you can contact them directly.
Your right to restrict processing: You can ask us to “block” or suppress the processing of your personal data in certain circumstances such as where you contest the accuracy of that personal data or you object to us processing it for a particular purpose. This may not mean that we will stop storing your personal data but, where we do keep it, we will tell you if we remove any restriction that we have placed on your personal data to stop us processing it further. If we’ve shared your personal data with others, we’ll let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you who we’ve shared your personal data with so that you can contact them directly.
Your right to data portability: You have the right, in certain circumstances, to obtain personal data you have provided to us (in a structured, commonly used and machine-readable format) and to reuse it elsewhere or to ask us to transfer it to your chosen third party.
Your right to object: You can ask us to stop processing your personal data, and we will do so, if we are: (i) relying on our own or someone else’s legitimate interest to process your personal data, except if we can demonstrate compelling legal grounds for the processing; or (ii) processing your personal data for direct marketing purposes.
Your rights in relation to automated decision-making and profiling: You have the right not to be subject to a decision when it is based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for the entering into, or the performance of, a contract between you and us.
Your right to withdraw consent: If we rely on your consent (or explicit consent) as our legal basis for processing your personal data, you have the right to withdraw that consent at any time. You can exercise your right of withdrawal by contacting us using our contact details in the “How to Contact Us ” section above or by using any other opt-out mechanism we may provide, such as an unsubscribe link in an email.
Your right to lodge a complaint with the supervisory authority: If you have a concern about any aspect of our privacy practices, including the way we have handled your personal data, please contact us using the contact details provided in the “How to Contact Us” section above. You can also report any issues or concerns to a national supervisory authority in the Member State of your residence or the place of the alleged infringement.
As we are incorporated in the United Kingdom, our regulatory authority is the Information Commissioner’s Office (“ICO”). Contact details for the ICO can be found on its website at https://ico.org.uk.
To make a Data Subject Access Request (DSAR) contact us.