Skip to content
NextForce
Legal · Privacy

Privacy policy

This policy explains what personal data NextForce collects, how we use it, how long we keep it, and what rights you have over it. It applies to candidates, employers, and website visitors.

Effective April 2026

1. Who we are

NextForce is a specialist staffing firm headquartered at Seawoods Grand Central, Palm Beach, Navi Mumbai, India, with active delivery across the United Kingdom, European Union, United States, Canada, United Arab Emirates, Saudi Arabia, Kuwait, India, and South-East Asia.

For privacy questions, contact us at privacy@nextforce.works. We respond within five business days.

2. Who this policy covers

  • Candidates and jobseekers — people applying for roles or submitting profiles through NextForce.
  • Employers and clients — companies and contacts using NextForce to hire.
  • Website visitors — anyone viewing nextforce.works.

3. What data we collect

3.1 Candidates

When you apply for a role or submit your profile, we collect:

  • Identity data: full name, email, phone number, address, and right-to-work status where relevant.
  • Professional data: CV, work history, education, qualifications, certifications, LinkedIn profile, and publicly available professional information.
  • Engagement data: interview notes, reference sightings, calibration notes, compensation expectations, role preferences, availability, and feedback you provide.
  • Communication data: email, phone, and message correspondence with us.
  • Application data: roles you have applied for, when, and your responses to employer questions.

Optional: LinkedIn profile, portfolio links, references — if you choose to share them.

3.2 Employers

When you use NextForce to hire, we collect:

  • Company information: name, industry, size, location.
  • Contact information: your name, email, phone, and business address.
  • Brief and search data: job details, requirements, feedback on candidates, and any operational context shared during an engagement.
  • Recruitment activity: roles posted, candidates reviewed, and communications with candidates.

3.3 Website visitors

  • Anonymous aggregate analytics via Cloudflare Web Analytics (cookieless, no user fingerprinting).
  • With your explicit consent: Google Analytics 4 (Consent Mode v2, IP-anonymised) for page-level usage measurement, and Apollo.io for firmographic visitor identification (company-level only, not personal). Both are off by default and only load after you opt in via the cookie banner — see our Cookie Policy for detail.
  • Any information you voluntarily submit through the contact form.

4. Why we collect this data (lawful basis)

4.1 Candidates

  • Contract: to process your applications and match you with roles.
  • Legitimate interests: to maintain a working candidate network for future roles where you have opted in.
  • Consent: to contact you about specific opportunities. You can withdraw consent at any time.
  • Legal obligation: employment law, tax compliance, anti-fraud requirements.

4.2 Employers

  • Contract: to deliver the recruitment services you have engaged us to provide.
  • Legitimate interests: fraud prevention and security of our platform and services.

5. How long we keep your data

5.1 Candidates

  • Active profiles: retained while you are actively using NextForce.
  • After your last active engagement: two (2) years, after which we either re-confirm your interest or delete your record.
  • On deletion request: within thirty (30) days, except where legal retention applies.
  • Application data: one (1) year after an application closes.

5.2 Employers

  • Engagement records: one (1) year after the engagement closes.
  • Financial and contractual records: seven (7) years to meet tax and legal obligations.
  • Your account: deleted within six (6) months of account closure on request.

6. Your rights

6.1 UK and EU (GDPR)

You have the right to:

  • Access the personal data we hold about you. Email privacy@nextforce.works with "Request: Data Access". We respond within thirty (30) days.
  • Correction of inaccurate or incomplete data.
  • Deletion ("right to be forgotten") within thirty (30) days, subject to legal retention requirements.
  • Objection or restriction of certain processing.
  • Portability — a copy of your data in a portable format.
  • Withdraw consent where processing is consent-based.
  • Lodge a complaint with your country's data authority. In the UK: ico.org.uk. In the EU: your country's local supervisor (e.g., CNIL in France).

6.2 California (CCPA / CPRA)

You have the right to:

  • Know what personal information we collect, use, and share.
  • Delete your personal information.
  • Correct inaccurate information.
  • Non-discrimination — we will not discriminate against you for exercising any of these rights.

For California privacy requests, email privacy@nextforce.works with "Request: California Privacy Rights". We respond within forty-five (45) days.

6.3 India (DPDP Act 2023)

Under India's Digital Personal Data Protection Act 2023, we rely on consent and legitimate uses as defined in Section 7 of the Act. Candidates in India may withdraw consent at any time by contacting privacy@nextforce.works. You may approach the Data Protection Board once it is operational.

7. Data sharing

We share personal data only in the following situations:

  • Client organisations: with candidate consent, we share candidate details with specific clients in relation to specific live searches.
  • Service providers (sub-processors): a small number of trusted providers, bound by data processing agreements and prohibited from using personal data for their own purposes: Cloudflare (hosting + privacy-preserving analytics), Recruit CRM (candidate records and applicant tracking), Web3Forms (contact-form delivery), Google LLC (Google Analytics 4 — only when you accept analytics cookies), and Apollo.io (firmographic visitor identification — only when you accept marketing cookies).
  • Legal and regulatory: where required by law or by a lawful request from a competent authority.

We do not sell personal data to any third party, under any circumstances.

8. International transfers

Because NextForce operates across multiple regions, personal data may transfer between them during a search. Where data is transferred out of the UK or EEA, we rely on the UK International Data Transfer Agreement, the UK Addendum to EU Standard Contractual Clauses, or another valid transfer mechanism. Where data is transferred to or from India, we comply with the DPDP Act 2023 and related regulations.

9. Security

We protect your data with industry-standard measures including HTTPS encryption in transit, encrypted storage, access controls limited to staff with a legitimate business need, and regular security monitoring. No system is perfectly secure, but we treat all candidate and client data as sensitive by default.

10. Cookies & visitor identification

We use essential cookies required for the site to function (session management, security) and, when you opt in, analytics cookies (Cloudflare Web Analytics — cookieless and privacy-preserving by default; Google Analytics 4 with Consent Mode v2 — IP-anonymised) and marketing cookies.

When you accept marketing cookies, this site uses Apollo.io to identify the company associated with your visit (firmographic identification — company name, industry, size). No personal identification of individual visitors is performed by us. You can withdraw consent at any time by changing your cookie preferences, and the tracker will stop loading on subsequent visits.

When you first visit nextforce.works, you can accept or decline non-essential cookies. The site works fully without them.

11. Changes to this policy

We may update this policy from time to time. Material changes will be communicated on this page and, where appropriate, directly to affected individuals. The effective date above reflects the most recent version.

12. Contact

For any question about this policy, your data, or to exercise any right described above:

  • Email: privacy@nextforce.works
  • Response time: five business days for general enquiries; statutory timelines apply for formal rights requests.
  • Subject line format: "Request: [Access / Deletion / Correction / Portability / Other]"