Privacy Policy
Last updated: March 2026
At NAKAMA EUROPE LTD. (hereinafter “we” or “us”), we attach great importance to the protection of your personal data. This privacy policy informs you, in accordance with the General Data Protection Regulation (GDPR), about how we collect, process and protect personal data on our website www.nakamaeurope.com.
Throughout this privacy policy, we refer to our services for individuals and companies as “services”, to the individuals we currently or potentially place as “candidates”, and to those who engage us to find suitable candidates or provide other services as “clients”.
1. Data Controller
The controller within the meaning of the GDPR is:
NAKAMA EUROPE LTD.
Ground Floor, 71 Lower Baggot Street
Dublin D02 P593, Ireland
Email: office(at)nakamaeurope.com
Website: www.nakamaeurope.com
2. Overview of Data Processing
We only process personal data to the extent necessary for the provision of a functional website, our content and services. Processing is based on the following legal grounds:
- Consent (Art. 6(1)(a) GDPR) – e.g. when using analytics tools or cookies.
- Performance of a contract (Art. 6(1)(b) GDPR) – e.g. when providing our services.
- Legitimate interest (Art. 6(1)(f) GDPR) – e.g. for the operation and security of the website and candidate placement.
- Legal obligation (Art. 6(1)(c) GDPR) – e.g. statutory retention obligations.
3. SSL/TLS Encryption
For security reasons and to protect the transmission of personal data, our website uses SSL/TLS encryption. You can recognise an encrypted connection by the address bar of your browser changing from “http://” to “https://” and by the padlock symbol in your browser bar.
4. Hosting
Our website is hosted by:
DomainFactory GmbH
Oscar-Messter-Str. 33, 85737 Ismaning, Germany
DomainFactory processes access data (server log files) on our behalf, which are automatically collected with each page request. Processing is based on Art. 6(1)(f) GDPR (legitimate interest in the secure and efficient provision of the website) and on the basis of a data processing agreement pursuant to Art. 28 GDPR.
5. Server Log Files
Each time our website is accessed, the following data is automatically collected and stored in server log files:
- IP address of the requesting device
- Date and time of access
- Name and URL of the file retrieved
- Volume of data transferred
- Access status (HTTP status code)
- Browser type and version, operating system
- Referrer URL (previously visited page)
This data is used exclusively to ensure the smooth operation of the website and to improve our services. This data is not merged with other data sources. The legal basis is Art. 6(1)(f) GDPR.
Log file data is deleted after a maximum of 30 days, unless further retention is required for evidentiary purposes.
6. Cookies
6.1 General Information on Cookies
Our website uses cookies. Cookies are small text files that are stored on your device and sent back to us when you revisit the website. They serve to make our website more user-friendly and effective.
6.2 Strictly Necessary Cookies
We use strictly necessary cookies that are essential for the operation of the website. These include cookies that store session information and enable the use of basic functions. The legal basis is Art. 6(1)(f) GDPR.
6.3 Cookie Consent Tool (hu-manity.co)
We use the service provided by hu-manity.co to manage your cookie preferences. When you visit our website, a cookie banner is displayed through which you can grant or decline consent to the use of certain cookies. Your selection is stored in a cookie so that you are not asked again on subsequent visits.
Legal basis: Art. 6(1)(c) GDPR (compliance with a legal obligation) and Art. 6(1)(f) GDPR (legitimate interest in a legally compliant website).
6.4 Managing Cookie Settings
You can prevent cookies from being set at any time via your browser settings or delete cookies that have already been stored. Please note that without certain cookies, some functions of our website may be limited. Consent once given can be revoked at any time with future effect.
7. Google Tag Manager
We use Google Tag Manager provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”). Google Tag Manager is a service that allows us to manage website tags (small code elements) via a user interface. The Tag Manager itself does not set cookies and does not collect personal data. The service triggers other tags, which in turn may collect data. Google Tag Manager does not access this data.
Further information: Google Tag Manager Terms of Use
8. Google reCAPTCHA
We use Google reCAPTCHA, a service provided by Google Ireland Limited, to protect our website from abusive automated access (e.g. by bots). reCAPTCHA analyses the behaviour of the website visitor based on various characteristics (e.g. IP address, time spent on page, mouse movements). This analysis starts automatically as soon as you enter a corresponding page.
Legal basis: Our legitimate interest pursuant to Art. 6(1)(f) GDPR in protecting our website from abuse and spam.
Further information: Google Privacy Policy
9. Social Media Presence
9.1 LinkedIn
Our website contains links to the social network LinkedIn operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. When you click on a LinkedIn button, a direct connection is established between your browser and the LinkedIn server. LinkedIn thereby receives the information that you have visited our website with your IP address. If you are logged into your LinkedIn account, LinkedIn can associate your visit with your user account.
Further information: LinkedIn Privacy Policy
9.2 X (formerly Twitter)
Our website contains links to X (formerly Twitter) operated by X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. When you click on an X button, a direct connection is established between your browser and X’s servers. X receives your IP address and the URL of the respective page.
Further information: X Privacy Policy
10. Email Contact and Contact Form
You have the option of contacting us by email or via the contact form on our website. In this case, the personal data you provide (e.g. name, email address, content of the enquiry) will be stored and processed by us to handle your request.
Legal basis: Art. 6(1)(a) GDPR (consent) or Art. 6(1)(b) GDPR (pre-contractual measures).
The data will be deleted as soon as it is no longer required for the purpose for which it was collected and no statutory retention obligations apply. If you contact us as a candidate, please also refer to our information in Section 12.
11. Google Workspace
We use Google Workspace for Business, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a central platform for our business communication and internal organisation. This includes in particular sending and receiving business emails (Gmail), managing calendars, documents and internal workflows.
In the context of email communication, the following data is processed: name and email address of sender and recipient, content of the message, date and time, and any attached files. This data is processed on Google servers within the EU/EEA (subject to Google Workspace configuration settings).
Legal basis: Art. 6(1)(b) GDPR (performance of a contract or pre-contractual measures), Art. 6(1)(f) GDPR (legitimate interest in efficient business communication and internal organisation) and Art. 28 GDPR (data processing). A data processing agreement (DPA) has been concluded with Google in compliance with GDPR requirements.
Further information: Google Privacy Policy | Google Workspace DPA
12. Data Processing When Using Our Services as a Candidate
If you wish to use our services as a candidate, we need to process certain information about you. As a general rule, we only collect data that is necessary for the provision of our services.
NAKAMA EUROPE LTD. provides you with the opportunity to submit your CV, references or other presentations (e.g. design portfolio) electronically or upload them via our website. As a candidate, you warrant to NAKAMA EUROPE LTD. that all information provided is truthful and complete.
12.1 Categories of Personal Data
Personal data we process about you as a candidate includes:
- Name, address, date of birth, marital status, email and/or other contact details
- Professional career history (including information about placements through us), personal qualifications and skills
- Information on specific professional expertise and previous employers
- Salary expectations
- Nationality, visas, work permits or other identity-related information
- Contact details of references
- Personal information about your hobbies, interests and leisure activities
12.2 Sources of Data
We obtain this data from the following sources, among others:
- Directly from you (e.g. by submitting your CV, personal contact or creating a user profile)
- Professional social networks (e.g. XING, LinkedIn, Behance)
- Online job boards
- References
- Your own professional website (if applicable)
- Clients or other candidates
If we have obtained your data from third parties, we will inform you of the source upon first contact.
12.3 Use of Your Personal Data
We assess and evaluate your suitability for potential positions and may present you to the respective clients. For this purpose, your personal data is transmitted electronically to the client.
Legal basis: Art. 6(1)(a) GDPR (consent) and Art. 6(1)(f) GDPR (legitimate interest in the placement process).
12.4 Consent and Withdrawal
The processing of the personal data you have voluntarily provided is carried out within the scope of the consent you have given. By submitting data and content to NAKAMA EUROPE LTD. as a candidate, you expressly warrant that we are authorised to use this data for the purpose of presenting it to our clients and that such use does not infringe any third-party rights.
You may withdraw your consent at any time, discontinue using our services and request the deletion of your data. The lawfulness of processing carried out prior to withdrawal remains unaffected.
For the purpose of candidate placement, your personal data may also originate from third-party sources (e.g. LinkedIn). We will delete this data as soon as we no longer have a legitimate interest in its use or you have informed us that you do not wish to use our services. We may retain your personal data in a reduced form to avoid unwanted repeated contact.
12.5 Candidate Database (Hellotalent)
We store our candidates’ data in our database “Hellotalent” provided by Cegid (formerly Talentsoft), Cegid SAS, 52 Quai Paul Sédallian, 69279 Lyon Cedex 09, France (server location: France). You will receive online access to your profile from us. Through this access, you can independently request the deletion of your stored data. For updates to your profile, please contact us by email at office(at)nakamaeurope.com.
Legal basis: Art. 6(1)(a) GDPR (consent) and Art. 6(1)(f) GDPR (legitimate interest in the efficient management of candidate profiles).
12.6 AI-Assisted Interview and Data Processing
As part of our services, we use AI-powered tools to efficiently process and evaluate interviews and conversations with candidates. The final assessment and selection decision is always made by our consultants – no solely automated decision-making takes place.
a) Transcription (Google Cloud Speech-to-Text)
For the transcription of interviews, we use Google Cloud Speech-to-Text provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Audio data is transmitted to Google servers for conversion into text. Processing takes place within the EU/EEA. Google does not use the transmitted data for its own purposes or to improve its models.
b) Interview Analysis (Hedy AI)
For the structured analysis and documentation of interviews, we use the Hedy AI platform (provider: Hedy Technologies Ltd.). Transcription takes place locally on the device (on-device). Only text excerpts are transmitted to servers for AI-assisted analysis. The server location is within the EU. Audio data is not permanently stored. Hedy AI does not use your data for training AI models.
Further information: Hedy AI Privacy Policy | Trust Centre: trust.hedy.ai
c) AI Language Model (Langdock)
To support the analysis and preparation of candidate information, we use the enterprise AI platform Langdock provided by Langdock GmbH, Berlin, Germany. Langdock provides access to various AI language models, with all data processing taking place exclusively in EU data centres (100% EU data sovereignty). Langdock is ISO 27001 certified and SOC 2 Type II audited. User data is not used for training AI models.
Further information: langdock.com
Legal basis for 12.6 a)–c): Art. 6(1)(a) GDPR (consent) and Art. 6(1)(f) GDPR (legitimate interest in efficient and quality-assured candidate placement). Where data processing is carried out on our behalf, data processing agreements pursuant to Art. 28 GDPR have been concluded.
13. Data Processing When Using Our Services as a Client
In order to provide or prepare the contractual services for you as a client, we process personal data of persons employed in your company, such as contact information, name and position, as well as preferences for filling positions and opinions on the candidates we propose.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(f) GDPR (legitimate interest in the contractual performance of our services).
We also store personal data of your internal contacts after the end of the contract or if no contract has been concluded, for the purpose of re-establishing contact, unless you expressly inform us that you do not wish to use our services in the future.
14. Special Categories of Personal Data
Data within the meaning of Art. 9(1) GDPR (e.g. health data, religious beliefs, political opinions) is not required for our services. Please do not send us such data unsolicited. Should such data become relevant in individual cases, we will obtain your explicit consent pursuant to Art. 9(2)(a) GDPR.
15. Use of AI Systems (EU AI Act)
We use AI systems as part of our services that fall under Regulation (EU) 2024/1689 (EU AI Act – Artificial Intelligence Act). The EU AI Act classifies AI systems in the field of employment, workforce management and access to self-employment – in particular for analysing and filtering applications and evaluating candidates – as high-risk AI systems (Annex III, No. 4).
We hereby transparently inform you about the use of these systems:
- Purpose of use: Support in the transcription, analysis and preparation of interview conversations and in the structured evaluation of candidate profiles.
- Systems used: Google Cloud Speech-to-Text (transcription), Hedy AI (interview analysis), Langdock (AI language model platform) – see Section 12.6 for details.
- Human oversight: All AI-assisted evaluations serve exclusively as support for our consultants. The final assessment and selection decision is always made by qualified staff. No solely automated decision-making takes place.
- Transparency: Candidates are informed before or at the start of an interview that AI-powered tools are used for transcription and/or analysis.
- Data protection: All AI service providers used process data exclusively within the EU/EEA. User data is not used for training AI models.
- Your right to an explanation: You have the right to request an explanation of the role of the AI system in the decision-making process and the main elements of the decision taken (Art. 86 EU AI Act).
Risk classification: The AI systems we use serve as supporting tools in the context of our executive search and recruitment services. As they are deployed in the context of candidate evaluation, they are subject to the requirements for high-risk AI systems under the EU AI Act. We ensure that the requirements for transparency, human oversight and documentation are met.
16. Disclosure of Data to Third Parties
We use your personal data exclusively for our own services as described above. Exceptions are made for our service partners who are required for the technical provision of our services. The scope of data transfer is limited to the legally permissible minimum and data protection requirements are observed.
The following service partners are involved in our operations:
- DomainFactory GmbH (hosting) – Oscar-Messter-Str. 33, 85737 Ismaning, Germany
- Cegid SAS (Hellotalent database, formerly Talentsoft) – 52 Quai Paul Sédallian, 69279 Lyon Cedex 09, France (server location: France)
- Google Ireland Limited (Google Workspace incl. email, Google Cloud Speech-to-Text, Google Tag Manager, Google reCAPTCHA) – Gordon House, Barrow Street, Dublin 4, Ireland
- Hedy Technologies Ltd. (interview analysis, Hedy AI) – server location: EU
- Langdock GmbH (AI language model platform) – Berlin, Germany (server location: EU)
17. Data Transfers to Third Countries
When using services such as Google reCAPTCHA and X, personal data may be transferred to servers in the USA. The USA has an adequacy decision from the European Commission under the EU-U.S. Data Privacy Framework (DPF). Insofar as service providers are certified under the DPF, an adequate level of data protection is ensured.
In addition, we have concluded EU Standard Contractual Clauses (Art. 46(2)(c) GDPR) with our service providers, where required, to ensure an adequate level of data protection.
18. Retention Period and Deletion
We only store your personal data for as long as is necessary for the respective processing purposes or as required by statutory retention periods. In detail:
| Data Category | Retention Period |
|---|---|
| Server log files | Max. 30 days |
| Email enquiries | Until the enquiry is resolved + statutory retention periods |
| Candidate data | Until withdrawal, max. 3 years after last contact |
| Client data (corporate clients) | For the duration of the contract + statutory retention periods (up to 10 years) |
You may request the deletion of your data at any time (informal email to office(at)nakamaeurope.com). We will delete your data without delay, provided no statutory retention obligations apply.
19. Your Rights as a Data Subject
Under the GDPR, you have the following rights:
| Right | Description | Legal Basis |
|---|---|---|
| Access | You may request information about the personal data we process about you. | Art. 15 GDPR |
| Rectification | You may request the correction of inaccurate data or the completion of incomplete data. | Art. 16 GDPR |
| Erasure | You may request the deletion of your data, provided no statutory retention obligations apply. | Art. 17 GDPR |
| Restriction | You may request the restriction of processing of your data. | Art. 18 GDPR |
| Data portability | You may receive your data in a structured, commonly used and machine-readable format. | Art. 20 GDPR |
| Objection | You may object at any time to the processing of your data based on Art. 6(1)(f) GDPR. | Art. 21 GDPR |
| Withdrawal of consent | You may withdraw any consent given at any time with future effect, without affecting the lawfulness of processing carried out prior to withdrawal. | Art. 7(3) GDPR |
To exercise your rights, please contact: office(at)nakamaeurope.com
20. Automated Decision-Making / Profiling
Although we use AI-powered tools to support our services (see Sections 12.6 and 15), no solely automated decision-making (including profiling) within the meaning of Art. 22 GDPR takes place that produces legal effects concerning you or similarly significantly affects you. All material decisions in the placement process are made by our qualified consultants. The AI systems serve exclusively as supporting tools.
21. Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your data violates the GDPR (Art. 77 GDPR).
The supervisory authority responsible for us is:
Data Protection Commission (DPC)
21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Phone: +353 (0)761 104 800
Website: www.dataprotection.ie
Alternatively, you may also contact the supervisory authority of your place of residence or employment.
22. Changes to This Privacy Policy
We reserve the right to update this privacy policy to reflect changes in the legal situation or modifications to our services or data processing activities. The current version is always available on this page.
Last updated: March 2026