Privacy Notice

Last updated - 2 August 2024

1. Introduction and General Terms

1.1. These terms apply to the services offered by Nowhere Group Limited (‘nowhere’ / ‘we’ / ‘us’). Our registered office is at Lichfield Street, Burton-on-Trent, Staffordshire, DE14 3RD. We are a company registered in England, with company number 04189963

1.2. This Privacy Notice applies and has effect in respect of all services made available by us, including websites, applications, online trainings (together the ‘Online Services’) and in-person workshops. Together the Online Services and in-person workshops are collectively known as the (‘Services’). Our Services are not intended for children and we do not knowingly collect data relating to children.

1.3. We are committed to protecting and respecting your privacy. The Privacy Notice explains the basis on which personal information we collect from you will be processed by us or on our behalf. Where we decide the purpose or means for which personal data you supply through these Services is processed, we are the ‘data controller.’ We will comply with UK data protection laws.

1.4. In some instances, we may be a joint data controller, with your employer or the business that engages you and which has made our Services available to you (the ‘Principal’). If you would like to know more about how the Principal makes use of your personal data, please ask to see their privacy notice.

1.5. Please read this Privacy Notice carefully as it contains important information about the following:

1.5.1. What information we may collect about you

1.5.2. How we will use information we collect about you;

1.5.3. Whether we will disclose your details to anyone else;

1.5.4. Your choices and rights regarding the personal information you have provided to us.

1.6. When accessing our Services, this Privacy Notice should be read in conjunction with:

1.6.1. The EULA Agreement, which can be found at https://now-here.com/support/eula

1.6.2. The Cookie Policy, which can be found at https://now-here.com/support/cookie-policy

1.6.3. Any other agreements you enter into with us.

1.7. The Online Services may contain hyperlinks to services owned and operated by third parties. These third party services may have their own privacy notices and we recommend that you review them. They will govern the use of personal information that you submit, or which is collected by cookies and other tracking technologies whilst using these services. We do not accept any responsibility or liability for the privacy practices of such third party services and your use of these is at your own risk.

1.8. We may make changes to this Privacy Notice in the future, which will be posted on this page. You should check this page from time to time to ensure you are aware of any changes. Where appropriate we may notify you of changes through the Online Services.

2. Information we may collect about you

2.1. When you use our Services we collect and process the following information which may include your personal data.

2.1.1. Information provided by you when using the Services (‘Principal Information’). We will collect any information you submit to us through our Online Services, whilst attending in-person workshops, and all data provided by you in the general use of our Services:

2.1.1.1. Program data: Data is collected in order to communicate and inform participants of our programs details.

2.1.1.2. Reporting Tools Data (nMaps & Empty Mirror): There are two Leadership Reports – nMaps and Empty Mirror. These reporting products work by gathering and presenting leadership feedback from leaders and respondents. To setup and manage the creation of the Leadership reports, nowhere needs the participants’ first name, last name and email address. This information is used to send an invitation email to the participants. Invitation emails include a link to sign into the system and add the names and email addresses of those that they wish to receive feedback from. Then leadership questionnaires are answered by all respondents. The data gathered from the feedback for both reports is aggregated and generates a pdf report which is issued to the leader.

2.1.1.3. Micro-Skills Library & Masterclasses Data: The Micro-Skills application is a read-only library of leadership skills. The masterclasses platform is a set of videos that can be watched in sequence. As such, name and email is used only to provide access, and progress is tracked.

2.1.1.4. Meeting Designer Data: The Meeting Designer is a training tool which the participants will use to help them learn how to design meetings. Data collected includes name, email of participants, meeting title, date and time. Data is also collected on the meeting agenda and activities within.

2.1.1.5. Functional Data: Data is collected in order to provide functionality to the user. For example: When watching a video lesson, we track progress and ensure if the user comes back after a break they carry on from where they were before.

2.1.1.6. Analytical Data: Data is collected about how users are using our application, for example which pages are visited, how people are moving from one link to another and if they get error messages from certain pages. This data does not identify individuals, it collects information about how our applications are performing and how we can improve them.

2.1.1.7. Information collected for the purposes of providing analytics (‘Analytics’). We may collect technical information about your use of the Online Services through the use of tracking technologies and analytics.

3. Why we collect information about you

3.1. To provide our Services to you. We will use information about you (including Principal Information and Analytics) for delivering our Services to you and where appropriate under the terms of use agreed between us and the Principal. The processing of information in this way is necessary for us to deliver online trainings and in-person workshops, record your progress and current status within the Online Services, and to ensure the Online Services deliver the features promised and function properly, so that you have the optimal experience.

3.2. When relevant, and when it does not have a negative impact on the data subject, privacy settings will be set to the most private by default.

3.3. To help us improve the Online Services and fix any problems. We may process Analytics so that we can analyse and improve our Online Services. This processing is also necessary for us to pursue our legitimate interests of (i) ensuring that our Online Services function properly so that you and other users have the best experience when using any of our Online Services; (ii) improving the quality of our Online Services, and providing a better experience to our users; (iii) identifying and correcting any bugs in the Online Services.

3.4. For digital marketing analytics. We use your data with third party marketing tools to better understand the impact of our marketing campaings on conversion rates, and to create customer profiles and audiences in order to reach new customers. We process Analystics to gain insights into the effectiveness of our marketing strategy across the various different platforms (e.g., social media vs email marketing) to keep existing customers engaged and to reach new target audiences.

4. Data Sharing

4.1. We will share your information with third parties only in the ways that are described in this Privacy Notice.

4.1.1. Principals: We are engaged by clients, businesses and organisations (‘Principals’) to provide services to them. You may have submitted Principal Information to us as part of our delivery of that service. We will share that data with the Principal in accordance with any agreements we have entered with the Principal.

4.1.2. Group members, personnel, suppliers or subcontractors: We keep your information confidential, but may disclose it to any member of our group (which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the Companies Act 2006), our personnel, suppliers or subcontractors insofar as it is reasonably necessary for the purposes set out in this Privacy Notice. However, this is under strict contractural control to ensure that they do not make independent use of the information, and they are audited to ensure high standards of IT security to safeguard your data.

4.1.3. Merger or acquisition: If we are involved in a merger, acquisition, or sale of all or a portion of our assets, we may disclose Analytics to the acquiring or merging entity.

4.1.4. Required by law: In addition, we may disclose your information to the extent that we are required to do so by law (which may include to government bodies and law enforcement agencies); in connection with any legal proceedings or prospective legal proceedings; and in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention).

4.1.5. Enforcement: We may also disclose your personal information to third parties in order to enforce or apply the terms of agreements, to investigate potential breaches, or to protect the rights, property or safety of nowhere, our customers, or others.

5. Your rights in relation to your personal data which we process

5.1. You have the following rights over the way we process personal data relating to you, as set out in the table below. We aim to comply without undue delay, and within one month at the latest.

5.1.1. Requests to delete personal data. To make a request, please let us know by sending an email to support@now-here.com.

5.1.2. Ask for a copy of data we are processing about you and have inaccuracies corrected. You have the right to request a copy of the personal information we hold about you and to have any inaccuracies corrected. We will use reasonable efforts to the extent required by law to supply, correct or delete personal information held about you on our files (and with any third parties to whom it has been disclosed to).

5.1.3. Object to us processing data about you. You can ask us to restrict, stop processing, or to delete your personal data if:

• you consented to our processing the personal data, and have withdrawn that consent;

• we no longer need to process that personal data for the reason it was collected;

• we are processing that personal data because it is in the public interest or it is in order to pursue a legitimate interest of nowhere or a third party, you don’t agree with that processing, and there is no overriding legitimate interest for us to continue processing it;

• the personal data was unlawfully processed;

• you need the personal data to be deleted in order to comply with legal obligations;

• the personal data is processed in relation to the offer of a service to a child.

5.1.4. Obtain a machine readable copy of your personal data, which you can use with another service provider. If we are processing data in order to perform our obligations to you, or because you consented, if that processing is carried out by automated means, we will help you to move, copy or transfer your personal data to other IT systems. If you request, we will supply you with the relevant personal data in CSV format. Where it is technically feasible, you can ask us to send this information directly to another IT system provider if you prefer.

6. Data Retention

6.1. We will hold your personal information on our systems for as long as is necessary for the relevant Service, or as otherwise described in this Privacy Notice.

7. Children

7.1. We do not use our Services to knowingly solicit information from or market to children under the age of 13. Our terms of use prohibit users aged under 13 years from accessing our Services. In the event that we learn that we have collected personal information from a child under 13 years of age we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13 years of age, please contact us at support@now-here.com.

8. Security

8.1. We will take all reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. For example, our databases are password protected and limited to essential employees only (such as nowhere management or employees whose main role requires system access).

8.2. Please be aware that, although we endeavour to provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.

9. International Data Transfers

9.1. Our servers are located in the Sweden region of AWS.

9.2. It is possible that your personal information may be transferred outside of the EU by the Principal. We recommend that you refer to the privacy notices and/or terms and conditions of the Principal if you are concerned about your data being transferred outside the EU.

9.3. We may transfer your personal data to countries outside of the United Kingdom ("UK") and the European Economic Area ("EEA"), for example, to fulfilment centres or other third party service providers located in such countries. In some cases, this might result in your personal data being transferred to a country which is not recognised as having an adequate level of protection for personal data by the UK government and/or the European Commission. These international transfers of your personal data will be made pursuant to appropriate safeguards, such as standard data protection clauses adopted by the UK government or the European Commission. If you wish to enquire further about the safeguards used, please contact us using support@now-here.com.

9.4. When an enterprise client has a separate agreement with us, the handling of your data is governed strictly by the terms outlined in that agreement. This may include provisions that differ from those in our standard Privacy Notice. In such cases, the specific terms of the enterprise agreement will take precedence over this Privacy Notice and you are referred to the Enterprise Client Privacy requirements.

10. Contact Information

10.1. All questions, comments or enquiries should be directed to nowhere at support@now-here.com. We will endeavour to respond to any query or questions within 2 business days.