Nicman Group Privacy Policy for GDR

Effective Date: 1/1/2024
Last Updated: 10/17/2025

1. Introduction

Nicman Group (“we,” “our,” or “us”) respects the privacy of individuals and is committed to protecting personal data.
This Privacy Policy describes how we collect, use, and disclose personal data that we receive in the United States from the European Economic Area (EEA), the United Kingdom (UK), and Switzerland, in reliance on the EU–U.S. Data Privacy Framework (EU–U.S. DPF), the UK Extension to the EU–U.S. DPF, and the Swiss–U.S. Data Privacy Framework (Swiss–U.S. DPF).

Nicman Group has self-certified to the U.S. Department of Commerce that it adheres to the EU–U.S. Data Privacy Framework Principles (the “DPF Principles”) with respect to personal data it receives from the EEA.
If there is any conflict between this policy and the DPF Principles, the DPF Principles shall govern.

To learn more about the Data Privacy Framework (DPF) and to view our certification once approved, please visit https://www.dataprivacyframework.gov/.

2. Scope

This Privacy Policy covers both:

Non-Human Resources (Non-HR) Data — Personal data transferred to Nicman Group in the United States from the EEA, UK, and Switzerland in reliance on the DPF that relates to clients, suppliers, partners, or end users of our services.
Human Resources (HR) Data — Personal data about Nicman Group employees, job applicants, or contractors in the EEA, UK, or Switzerland transferred to the United States in the context of the employment relationship.

3. About Our Services

Nicman Group provides data center, cloud hosting, and managed IT infrastructure services.
In performing these services, we primarily act as a data processor, handling data on behalf of our customers (the “data controllers”).
We process such data only under our customers’ instructions and as described in our contractual agreements.

4. Data We Collect and Use

The personal data we receive from the EEA, UK, and Switzerland may include:

Non-HR Data

Business contact details (name, company, work email, address, phone number);
Account and system data (usernames, identifiers, IP addresses, access logs);
Technical and operational data (metadata, system usage, or monitoring information);
Billing and financial data related to clients and vendors.

We use this data to:

Deliver, manage, and support our hosting and infrastructure services;
Provide customer service and account management;
Monitor and ensure security, compliance, and performance;
Conduct billing and business operations;
Comply with legal obligations.

HR Data

For HR data transferred under the DPF, we process:

Employee and applicant identification and contact information;
Employment history, payroll, and benefits data;
Performance, training, and compliance records.

We use HR data for legitimate human resources and business management purposes, including recruitment, employment administration, compensation, and benefits management.

We do not sell or rent personal data to third parties.

5. Onward Transfers

We may disclose personal data to:

Authorized service providers assisting in service delivery (e.g., hosting partners, benefits providers, HR systems vendors);
Business partners or affiliates supporting our operations;
Government authorities where required by law or legal process.

We ensure that all third parties receiving personal data provide at least the same level of privacy protection as required by the DPF Principles.
Nicman Group remains responsible for the processing of personal data it transfers to third parties in accordance with the DPF Onward Transfer Principle.

6. Data Security

We maintain appropriate administrative, technical, and physical safeguards designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized access, disclosure, or misuse.
These measures include access controls, encryption, monitoring, incident response, and employee training.

7. Data Integrity and Purpose Limitation

We collect and process personal data only for purposes relevant to the services we provide or our HR administration activities.
We retain personal data only as long as necessary to fulfill those purposes, unless a longer retention period is required by law or contract.

8. Access, Choice, and Rights

Individuals from the EEA, UK, or Switzerland have the right to:

Access their personal data;
Request correction, amendment, or deletion of inaccurate information;
Limit the use or disclosure of their data.

For Non-HR Data

Individuals should first contact the customer (data controller) that provided their data to Nicman Group. We will support our customers in responding to such requests as required by the DPF Principles.

For HR Data

Nicman Group employees, applicants, or contractors in the EEA, UK, or Switzerland wishing to exercise these rights should contact privacy@nicmangroup.com or their local HR representative.

9. Dispute Resolution and Enforcement

In compliance with the EU–U.S. DPF, the UK Extension, and the Swiss–U.S. DPF, Nicman Group commits to resolve complaints about our collection or use of personal data.

Individuals with inquiries or complaints should first contact us at:
privacy@nicmangroup.com

If we do not resolve a complaint, we have committed to cooperate with the following independent recourse mechanism:

BBB National Programs – Data Privacy Framework Services
https://bbbprograms.org/programs/all-programs/dpf-consumers

In certain circumstances, individuals may invoke binding arbitration before the DPF Panel.

Nicman Group is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

10. Liability

Nicman Group remains liable under the DPF Principles for any processing of personal data by third parties that is inconsistent with the Principles, unless we prove we are not responsible for the event giving rise to the damage.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law.
We will post any updates on our website with a new “Last Updated” date.