Privacy Policy

Who we are

Nucleus Digital Limited (Nucleus) is incorporated as a Limited Liability Company in England and Wales.

This privacy notice is broadly modelled on the Gov.Uk privacy notice, which can be found here:

This document was last updated May 2019.

Nucleus is the joint data controller and joint data processor (in conjunction with the teams and parent organisations we serve, whom we refer to in this document as “Parent organisations”).

Please note that this privacy policy does not override or supercede the privacy policies and procedures of the organisations that use Nucleus.

What is a data controller

‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.


What makes Nucleus a data controller

As a software provider, Nucleus is responsible for engineering the applications used to deliver the service. This includes determining how personal data is stored (the means), and determining what that personal data is used for, in addition to how the customer team or organisation is using it (the purposes).

For example, a customer organisation may store learner information in Nucleus for the purpose of generating reports. This makes the customer organisation a data controller. Nucleus then stores that data and uses it for additional purposes such as web analytics. This makes Nucleus a joint data controller.

What is a data processor

‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.


What makes Nucleus a data processor

Nucleus designs and delivers applications that allows its customer organisations to load and extract personal data (users) from/to the applications. This makes Nucleus a data processor.

What data we collect

The personal data we collect about our users includes:

  • Questions, queries or feedback you leave, including your contact information.
  • your email address and subscription preferences when you sign up to our email alerts
  • how you use our emails – for example whether you open them and which links you click on
  • your Internet Protocol (IP) address, and details of which version of web browser you used
  • information on how you use the site, using cookies and page tagging techniques

We use third party tools including (but not limited to) Google Analytics, MailChimp, Stripe and HotJar. This is so we can find out more about how you use our applications.

Examples of the types of data we collect from those tools include:

  • The pages you visit
  • How long you spend on each page, or on each activity
  • How you got to the applications

We do not collect or store your personal information through those third party tools (for example your name or address) so this information cannot be used to identify who you are.

Why we need your data

  1. For your organisation: We need your data to ensure that your parent organisation or team (our customer) are able to benefit from the applications and services we provide. This includes for example information about how you are interacting with learning resources or how often you visit Nucleus applications.
  2. For us: We need your data in order to make continous improvements and ensure that the applications we build are meeting the needs of its users.

We also collect data in order to:

  • Respond to any feedback or support queries you send us, if you have asked us to.
  • Send email alerts to users who request them.
  • Allow you to access our ancillary services, such as Nucleus Meet for example.
  • Monitor how Nucleus is being used to identify and mitigate malicious threats.

What are the legal basis for processing and controlling personal data

Contractual necessity: We need to store, process and control your personal data in order to fulfill our contract with your parent organisation (our customer)

Legitimate interest: We use personal data to build, improve and deliver digital services and to ensure they are safe and secure. In addition to this, we also use personal data where we think there is a legitimate interest for the data subject (the user). For example, we may use your registered email address to notify you about something that happened within the Nucleus application which requires your attention – you may at any time opt out of those notifications should you choose.

If there are any aspects of the service which you do not agree with, or think that you should be able to opt out of but are unable to, please contact us. You may do this through our support channels, such as visiting, or by using the complaints contact address listed at the bottom of this document.

What we do with your data

The data we collect may only be used internally by Nucleus for the purposes of developing the services we offer, and will only be shared with your parent organisation (our customer) and law enforcement agencies where this is deemed warranted by a court of England and Wales.

We will not:

  • Sell or rent your data to third parties
  • Share your data with third parties for marketing purposes

How long we keep your data

We keep your data for as long as we have an active contract with your parent organisation. Once a contract is terminated, we will endeavour to remove all personal data relating to users under that contract within 30 days.

Parent organisations may at any point erase all personal data relating to a user should that become necessary. For example, if you make a request under your ‘right to erasure’ which is accepted.

Read more about Right to Erasure

Children’s privacy protection

Our services are not designed for, or intentionally targeted at, children 13 years of age or younger. We do not intentionally collect or maintain data about anyone under the age of 13.

Where your data is processed and stored

We design, build and run our systems to make sure that your data is as safe as possible at all stages, both while it’s processed and when it’s stored.

All personal data is stored in the European Economic Area (EEA). Google Analytics data may be transferred outside the EEA, but this cannot be used to personally identify you.

Your rights

You have the right to request:

  • information about how your personal data is processed
  • a copy of that personal data
  • that anything inaccurate in your personal data is corrected immediately

You can also:

  • raise an objection about how your personal data is processed
  • request that your personal data is erased if there is no longer a justification for it
  • ask that the processing of your personal data is restricted in certain circumstances

If you have any of these requests, get in contact by using the complaints address listed at the bottom of this document.

Links to other websites

Nucleus applications and workspaces within Nucleus may contain links to other websites.

This privacy policy only applies to Nucleus, and does not cover other websites, applications or services These services usually have their own terms and conditions and privacy policies.

You can find the privacy policies of third party services below:

Changes to this policy

We may change this privacy policy. In that case, the ‘last updated’ date at the bottom of this page will also change. Any changes to this privacy policy will apply to you and your data immediately.

If these changes affect how your personal data is processed in a significant way, Nucleus will take reasonable steps to let you know, typically via email.

Contact us or make a complaint

If you have any queries or complaints about this privacy notice or any matters relating to your personal data, please contact us by emailing

Please allow sufficient time for us to deal with your query. In certain circumstances we have to work with your parent organisation in dealing with a request, such as right to erasure or subject access requests, in which case it may take us longer than usual to respond to your request. We will endeavour to keep you updated with how your request is progressing.


You can make a complaint to the Information Commissioner, who is an independent regulator.

Telephone: 0303 123 1113

Textphone: 01625 545860

Monday to Friday, 9am to 4:30pm

Find out about call charges

Information Commissioner’s Office

Wycliffe House

Water Lane


Cheshire SK9 5AF