Nicman Group – EU-U.S. Data Privacy Framework Privacy Policy

Last Updated: October 27, 2025

1. Introduction

Nicman Group (“we,” “our,” or “us”) respects your privacy and is committed to protecting personal data in accordance with applicable data protection laws. This Privacy Policy describes how we handle personal data received from the European Economic Area (EEA), the United Kingdom (UK), and Switzerland under the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) (collectively, the “Frameworks”).

Nicman Group complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Nicman Group has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Nicman Group has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

2. Scope

This policy applies to personal data other than human resources data (“non-HR data”) received by Nicman Group in reliance on the Frameworks. Nicman Group does not include HR-related data in its DPF self-certification.

Non-HR data covered by this policy includes personal data about:

  • Clients, partners, and service providers;

  • End users of systems that Nicman Group hosts or manages on behalf of clients;

  • Website visitors and individuals who communicate with Nicman Group through email, forms, or other channels.

3. Purposes of Processing

Nicman Group processes personal data for the following limited purposes:

  • To provide managed IT, cloud hosting, and data center services to clients;

  • To maintain, monitor, and secure systems and network infrastructure;

  • To manage client relationships, including billing, support, and contract administration;

  • To communicate with clients and partners regarding services or technical issues;

  • To comply with legal, regulatory, and security obligations.

Nicman Group does not sell or rent personal information to third parties.

4. Types of Personal Data Processed

Depending on client requirements, the categories of data may include:

  • Basic contact information (name, email address, phone number, company name, etc.);

  • Technical data (IP address, system logs, device identifiers, and network data);

  • Account or authentication data used for service access;

  • Client-provided content stored in Nicman Group’s hosting environment.

Nicman Group processes such data solely in accordance with client instructions and applicable law.

5. Onward Transfers and Disclosure

Nicman Group may disclose personal data:

  • To third-party vendors and service providers that support our infrastructure (e.g., network, backup, or monitoring services) under strict contractual and security obligations;

  • To comply with lawful requests by public authorities, including to meet national security or law enforcement requirements.

Nicman Group remains liable under the Onward Transfer Principle for any personal data that it transfers to third parties if those parties process the data in a manner inconsistent with the DPF Principles.

6. Data Security

Nicman Group implements administrative, technical, and physical safeguards designed to protect personal data from unauthorized access, loss, misuse, or disclosure. Measures include encryption, access controls, network monitoring, secure facilities, and incident response processes.

7. Data Integrity and Purpose Limitation

Nicman Group limits the collection and use of personal data to information relevant for the intended purposes of processing. Data is retained only as long as necessary to fulfill contractual, legal, or operational requirements, or as otherwise required by law.

8. Access and Choice

Individuals in the EEA, UK, and Switzerland whose personal data is processed by Nicman Group have the right to access, correct, or delete their personal information, subject to applicable limitations. Requests should be sent to: privacy@nicmangroup.com.

Nicman Group will provide individuals with reasonable choices regarding the collection, use, and disclosure of their personal data, in accordance with the DPF Principles.

9. Independent Recourse Mechanism

Nicman Group commits to cooperate and comply with the advice of the EU Data Protection Authorities (EU DPAs), the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) as applicable.

EU, UK, or Swiss individuals with unresolved privacy or data-use concerns that Nicman Group has not addressed satisfactorily may contact their respective DPA for further assistance.

Nicman Group will also comply with binding arbitration for residual complaints not resolved by other means, as described in Annex I of the DPF Principles.

10. Enforcement and Oversight

Nicman Group’s compliance with the DPF Principles is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

11. Contact Information

If you have any questions or complaints regarding this Privacy Policy or Nicman Group’s data-handling practices, please contact us at:

Nicman Group
Attn: Privacy Office
304 Inverness Way S, TL25
Englewood, CO 80112 USA
Email: privacy@nicmangroup.com

12. Changes to This Policy

Nicman Group may update this Privacy Policy from time to time to reflect operational, legal, or regulatory changes. Updated versions will include a new “Last Updated” date and will become effective upon posting at https://www.nicmangroup.com/gdrp-privacy-policy.

 

Connect with Us on LinkedIn

Follow Us on LinkedIn to find out what is currently going on and link with our Consultants!