Data Protection Policy

Nichol & Hill is dedicated to managing personal data with transparency and responsibility. This policy outlines our approach to collecting, using and safeguarding the personal data of our customers, suppliers, contractors, employees, and other stakeholders.

Data Protection Officer

Our Data Protection Officer is pivotal in advising on and ensuring compliance with data protection obligations. You can contact our DPO at 
for any inquiries or requests related to data protection.


  • Personal Data: Information that identifies a living individual. This includes, but is not limited to, names, addresses, email addresses, etc.
  • Processing: Any operation performed on personal data, whether automated or manual, including collection, storage, modification, and deletion.
  • Special Categories of Personal Data: Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, and sexual orientation.

Key Responsibilities

The Board of Directors ensures adherence to data protection laws and regulations.
The DPO is responsible for overseeing data protection strategy, conducting policy reviews, and coordinating staff training.

Data Protection Principles

  • We process personal data lawfully, fairly, and in a transparent manner.
  • Data is collected only for specific, explicit, and legitimate purposes.
  • Processing is limited to data necessary for the purposes specified.
  • We commit to maintaining accurate and current personal data.
  • Personal data is retained only for as long as necessary.
  • We implement robust security measures to protect personal data.

Individual Rights

  • Access: Individuals have the right to access their personal data.
  • Rectification: Individuals can request the correction of inaccurate personal data.
  • Erasure: Individuals have the right to request the deletion of their data under certain conditions.
  • Data Portability: Individuals can request the transfer of their data to another entity.

Data Breach Response

We commit to reporting significant data breaches to the relevant authority within 72 hours.
Affected individuals will be informed of breaches that pose a high risk to their rights and freedoms.

International Data Transfers

Personal data is not transferred outside the European Economic Area (EEA) without adequate safeguards.

Review and Update

This policy is reviewed annually and updated as necessary. Changes are communicated through our website and internal channels.

Contact Information for Data Subject Requests

To exercise any rights under this policy, please contact our DPO via email at

Employee Training and Awareness

We provide regular training and updates to employees on best practices in data protection.


This document is available in accessible formats upon request.