Legal
Privacy Policy
Nimloth handles employer and candidate data for structured recruitment workflows, customer account operation, support, security, billing, and service administration.
1. Controller and Processor roles
The customer organization is the controller for candidate personal data processed in connection with its recruitment activities. Nimloth generally acts as processor on behalf of the customer organization and processes personal data under documented instructions.
Nimloth may act as an independent controller for account administration, billing, security, abuse prevention, operational support, and business records.
2. Data we process
Nimloth may process contact information, candidate submissions, evaluation artifacts, and operational metadata required to administer recruitment workflows and support structured evaluation.
Nimloth does not require special categories of personal data by default. Customers remain responsible for configuring and using the platform in a lawful manner.
3. Purpose
Personal data is processed for recruitment administration, candidate workflow handling, and evaluation support within the customer organization's hiring process.
4. Legal basis
The customer organization is responsible for identifying and documenting the applicable legal basis for its recruitment processing. Nimloth processes data as processor under customer instruction, where applicable.
5. Retention
Retention is defined by customer configuration, contractual terms, operational needs, and applicable law. Deletion or correction requests are handled where applicable, subject to technical, legal, and audit-retention constraints.
6. Subprocessors
Nimloth uses operational subprocessors to provide hosting, database runtime, AI features, billing, and transactional email where configured. Subprocessor information is available on the Subprocessors page and in contractual documentation where applicable.
7. Data subject rights
Data subjects may have rights under applicable data protection law, including access, rectification, erasure, restriction, objection, and complaint rights. Customers (as controllers) are responsible for handling data subject requests unless otherwise agreed.
8. Data Controller
Nimloth ApS
MÃ¥gevej 5
9000 Aalborg
Denmark
Email: Emilellitsgaard@live.dk
CVR: Pending registration
Legal review note
This page describes Nimloth's current V1 baseline and intended operating model. Final contractual terms, data processing terms, and customer-specific commitments are governed by the applicable written agreement and remain subject to legal review.