North Sea Nexus
Contact Us 
 Send CV
NORTH SEA NEXUS

Privacy Policy 

 1. Introduction

North Sea Nexus ("we", "us", "our") is committed to protecting the privacy and security of your personal data. As a specialist recruitment agency for the Oil & Gas, Renewable Energy, and Maritime industries, we handle sensitive information to connect talent with global opportunities.

This policy explains how we collect, use, and protect your data in compliance with the UK GDPR, the Data Protection Act 2018, and Scottish Law. We operate under a Management System aligned with ISO 27001 and ISO 9001 to ensure the highest levels of security and service quality.

2. Information We Collect

We collect data necessary to provide recruitment and "work-finding" services. This includes:

  • Identity Data: Name, date of birth, gender, and nationality.

  • Contact Data: Email address, telephone numbers, and residential address.

  • Professional Data: CV/Resume, employment history, qualifications, certifications (e.g., BOSIET, GWO, STCW), and professional memberships.

  • Compliance Data: Right to work documentation (Passports/Visas), National Insurance number, and results of Disclosure Scotland/DBS checks (where legally required for specific roles).

  • Financial Data: Payroll and bank details (for contractors/temporary workers).

3. Lawful Basis for Processing

Under UK GDPR, we rely on the following legal bases:

  • Contractual Necessity: To take steps at your request to enter into an employment contract or for the performance of a contract.

  • Legal Obligation: To comply with the Conduct of Employment Agencies and Employment Businesses Regulations 2003 and tax laws (HMRC).

  • Legitimate Interests: To assess your suitability for roles within our specialist sectors and to maintain a talent pipeline that benefits both candidates and clients.

  • Consent: For specific activities such as marketing or processing "Special Category" data (e.g., health data for offshore medicals).

4. How We Use Your Data

We use your information to:

  1. Match your profile with vacancies in the energy and maritime sectors.

  2. Submit your CV to clients (only with your express permission).

  3. Verify your certifications and "Right to Work" status.

  4. Carry out "Key Information Document" (KID) requirements for agency workers.

  5. Maintain our internal quality audits under ISO 9001.

5. Data Sharing & International Transfers

Because we work in global industries like Maritime and Offshore Energy, we may share your data with:

  • Clients/Employers: Only after discussing the specific role with you.

  • Third-Party Vetting Services: For background checks or certification verification.

  • International Clients: If a role is outside the UK, we ensure data is transferred using Standard Contractual Clauses (SCCs) or UK International Data Transfer Agreements (IDTAs) to maintain GDPR-level protection.

6. Data Security (ISO 27001 Standards)

We implement robust technical and organisational measures to prevent data breaches, including:

  • Encryption: All data at rest and in transit is encrypted.

  • Access Control: Data is only accessible to authorised recruitment consultants on a "need-to-know" basis.

  • Regular Audits: We conduct annual security risk assessments to maintain our Information Security Management System (ISMS).

7. Data Retention

We do not keep your data longer than necessary.

  • Active Candidates: We retain data for 2 years from your last meaningful contact, unless you request deletion.

  • Placed Candidates: We retain certain records for 6 years to comply with UK tax, clinical (offshore), and employment regulations.

8. Your Rights

Under the UK GDPR, you have the following rights:

  • Access: Request a copy of the data we hold about you.

  • Rectification: Correct any inaccurate or incomplete data.

  • Erasure ("Right to be Forgotten"): Request we delete your data (subject to legal retention requirements).

  • Portability: Request your data be moved to another provider.

  • Withdraw Consent: At any time for marketing or optional processing.

9. Contact & Complaints

If you have questions regarding this policy or wish to exercise your rights, please contact our Data Protection Officer:

North Sea Nexus DPO 

Email: nathan@northseanexus.org - CEO - DPO 

Email: ianjamieson@northseanexus.org - Managing Director