Privacy Policy

 Last updated: 31 March 2026

  1. Who we are

Nucleo Group (“Nucleo”, “we”, “us”, “our”) is committed to protecting and respecting your privacy.

This Privacy Policy explains how we collect, use, store, share and otherwise process personal data when you:

  • visit our website at https://nucleogroup.com
  • contact us directly
  • engage with us as a client, prospective client, supplier, partner or other business contact
  • receive marketing or business development communications from us
  • interact with our content, forms, campaigns, events or services

For the purposes of applicable data protection law, Nucleo is the controller of the personal data described in this Privacy Policy, except where we process personal data solely on behalf of a client or another controller.

If you have any questions about this Privacy Policy or how we process personal data, you can contact us at:

Email: [email protected]

Website: https://www.nucleogroup.com/contact-us

 

2. Applicable data protection laws

Nucleo operates in Ireland and the United Kingdom. We process personal data in accordance with applicable data protection laws, including:

  • the General Data Protection Regulation (EU) 2016/679 (“EU GDPR”)
  • the UK GDPR
  • the Data Protection Act 2018
  • applicable laws and rules relating to electronic marketing, cookies and similar technologies in the jurisdictions in which we operate

Where this Privacy Policy refers to “GDPR”, this means the EU GDPR and/or the UK GDPR, as applicable.

 

3. The personal data we collect

We may collect and process the following categories of personal data.

3.1 Information you provide directly

This may include:

  • first name and last name
  • job title
  • company name
  • business email address
  • business telephone number
  • postal address
  • information contained in messages, contact forms or enquiries
  • meeting notes, relationship history and correspondence
  • event registration and attendance information

3.2 Information we collect automatically

When you use our website, we may collect:

  • IP address
  • browser type and version
  • operating system
  • device type and identifiers
  • referring pages and URLs
  • pages viewed
  • dates and times of visits
  • time spent on pages
  • website interactions
  • cookie, analytics and tracking pixel data
  • information about engagement with emails, campaigns and digital content where tracking technologies are used

3.3 Information obtained from third parties

For business development, account-based marketing, lead generation and relationship management, we may obtain limited professional contact information from third-party providers, referral partners, publicly available sources (such as company websites or professional networking platforms) and other lawful sources.

This may include:

  • name
  • employer
  • job title or seniority
  • business email address
  • business telephone number
  • location
  • industry or firmographic data
  • professional interests relevant to our services

This may include data sourced, verified or enriched using tools such as ZoomInfo and other B2B data providers.

Where we obtain personal data from third-party providers, we do so based on legitimate interests for B2B marketing and business development, ensuring that such processing is proportionate and limited to professional contact information.

We do not intentionally collect special category personal data as part of our standard website, marketing or business development activity.

 

4. How we use personal data

We may use personal data for the following purposes:

  • to respond to enquiries and requests
  • to manage our relationships with clients, prospects, suppliers and partners
  • to provide information about our services, expertise, insights, events and content
  • to carry out business development, lead generation and account-based marketing activities
  • to identify organisations and business contacts who may have a legitimate interest in our services
  • to verify, update and enrich business contact information
  • to manage campaigns, follow-up activity and communications
  • to manage and maintain records within our CRM and marketing systems, including Salesforce and Marketing Cloud
  • to analyse and improve our website, communications, services and user experience
  • to measure campaign effectiveness, website performance and marketing engagement
  • to maintain suppression lists and communication preferences
  • to protect our business, systems and users
  • to comply with legal, regulatory and contractual obligations
  • to establish, exercise or defend legal claims

 

5. Lawful bases for processing

We process personal data under one or more of the following lawful bases, depending on the circumstances.

5.1 Consent

Where you have given clear consent for us to process your personal data for a specific purpose.

5.2 Contract

Where processing is necessary to take steps at your request before entering into a contract, or to perform a contract with you or your organisation.

5.3 Legal obligation

Where processing is necessary for compliance with a legal or regulatory obligation.

5.4 Legitimate interests

Where processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and freedoms.

Our legitimate interests may include:

  • developing and maintaining business relationships
  • promoting our services
  • carrying out proportionate B2B marketing and business development
  • maintaining accurate business records
  • improving our website, communications and services
  • analysing campaign performance and engagement
  • protecting our business, people and systems
  • preventing duplication and respecting opt-out requests through suppression lists

Where we rely on legitimate interests, we will consider the impact on individuals and their rights.

We only collect and process personal data that is relevant and limited to what is necessary for the purposes described in this Privacy Policy.

 

6. Direct marketing and business development

We may use personal data relating to individuals acting in a professional or business capacity to send business communications about our services, expertise, insights, events and other content that we consider may be relevant to them or their organisation.

This may include:

  • email marketing
  • business development emails
  • account-based marketing
  • audience building and segmentation
  • contact verification and enrichment
  • LinkedIn or similar professional network outreach
  • campaign measurement and follow-up

Where required by law, we will obtain consent before sending marketing communications. In other cases, we may rely on legitimate interests where permitted by applicable law.

You have the right to object at any time to the processing of your personal data for direct marketing purposes. If you object, we will stop processing your personal data for those purposes.

You can object or unsubscribe at any time by:

  • using the unsubscribe link in our emails
  • replying to a marketing communication
  • contacting us directly at [email protected]

 

7. Cookie, analytics and tracking technologies

We use cookies and similar technologies on our website to support functionality, security, analytics, performance measurement and marketing.

These technologies may include:

  • cookies
  • pixels
  • tags
  • scripts
  • analytics tools
  • similar storage or tracking technologies

We may use these technologies to:

  • ensure the website functions properly
  • understand how visitors use our website
  • analyse traffic and engagement
  • measure the effectiveness of campaigns
  • support remarketing or audience-building activities where permitted by law
  • improve content, user experience and website performance

Some cookies and tracking technologies are strictly necessary for the operation of the website. Others, including analytics and marketing technologies, may only be used where required consent has been obtained.

You can manage your preferences through our cookie banner or your browser settings. Refusing certain cookies may affect website functionality.

 

8. How long we keep personal data

We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, regulatory, tax, accounting, reporting and legitimate business requirements.

Retention periods may vary depending on the nature of the relationship and the purpose of processing. For example, we may retain:

  • enquiry and correspondence records for as long as necessary to manage the relationship
  • client and supplier records for the duration of the relationship and an appropriate period afterwards
  • business development and marketing records for a reasonable period, unless you opt out or object
  • suppression lists for as long as necessary to ensure we respect opt-out requests
  • website analytics and campaign performance data in line with our systems, settings and legal obligations
  • records required for compliance, disputes or legal claims for as long as reasonably necessary

When personal data is no longer needed, we will delete it, anonymise it or securely dispose of it.

 

9. Sharing personal data

We may share personal data with trusted third parties where necessary for the purposes described in this Privacy Policy, including:

  • IT, hosting and website providers
  • CRM and marketing platform providers, including Salesforce and Marketing Cloud
  • analytics and communication service providers
  • professional advisers
  • regulators, courts, law enforcement or public authorities where required
  • third-party providers supporting our sales, marketing and business development activities
  • external data providers and enrichment platforms, including ZoomInfo, where relevant to our business development activity

We may also work with external agencies or specialist partners, including Endorsed AI Ltd, in connection with B2B lead generation, outreach and related marketing activity.

Depending on the circumstances and the role being performed, such third parties may act as processors, independent controllers, or service providers in their own right. Where third parties process personal data on our behalf, we require them to do so only on our instructions, to keep the data secure, and to comply with applicable data protection laws.

We do not sell personal data.

You may contact us if you would like more information about the categories of external service providers, data platforms or partners involved in our processing activities.

 

10. International transfers

Personal data may be processed in Ireland, the United Kingdom and other countries in which we, our service providers or our partners operate.

Where personal data is transferred outside the European Economic Area or outside the United Kingdom, we will take appropriate steps to ensure that the transfer is lawful and that appropriate safeguards are in place.

These safeguards may include:

  • transfer to a country recognised as providing an adequate level of protection
  • use of approved standard contractual clauses
  • other lawful transfer mechanisms recognised under applicable data protection law

 

11. Data Security

We take appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access and other unlawful or unauthorised processing.

These measures may include:

  • access controls
  • password protection and multi-factor authentication
  • encryption
  • system monitoring
  • role-based access
  • vendor due diligence
  • staff awareness and training
  • secure storage and disposal practices

Although we take reasonable steps to protect personal data, no method of transmission over the internet or electronic storage is completely secure.

12. Your data protection rights

Depending on the circumstances and the law that applies, you may have the following rights:

  • the right to be informed about how your personal data is used
  • the right of access to your personal data
  • the right to rectification of inaccurate or incomplete personal data
  • the right to erasure
  • the right to restrict processing
  • the right to data portability
  • the right to object to processing
  • the right to object at any time to direct marketing
  • rights in relation to automated decision-making, where applicable
  • the right to withdraw consent, where processing is based on consent

If you wish to exercise any of these rights, please contact us using the details in this Privacy Policy.

We may need to verify your identity before responding to your request.

 

13. Complaints and supervisory authorities

If you have concerns about how we process your personal data, we would like the opportunity to address them first. Please contact us at [email protected].

You also have the right to lodge a complaint with the relevant supervisory authority, including:

Ireland

Data Protection Commission

United Kingdom

Information Commissioner’s Office

 

14. Third-party websites

Our website may contain links to third-party websites or services. If you follow a link to any third-party site, please note that those sites have their own privacy practices and policies. We do not control and are not responsible for those third-party websites or services.

 

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our legal obligations, services, systems or processing practices.

When we make material changes, we will update the “Last updated” date at the top of this Privacy Policy and, where appropriate, take additional steps to notify individuals.

 

16. Contact us

If you have any questions about this Privacy Policy or our data protection practices, you can contact us at:

Email: [email protected]

Website: https://www.nucleogroup.com/contact-us