Our Commitment to Privacy
Confidentiality is not a policy at Nizmara — it is how we operate. Every search mandate we take on involves sensitive information: about individuals, about organisations, about leadership decisions that are not yet public. We treat that information with the same discretion and professionalism that we bring to the work itself.
This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and what rights you have. It applies to candidates we approach or work with, client contacts we support on hiring mandates, referees and sources who provide information during a search, and visitors to our website.
Nizmara İnsan Kaynakları Danışmanlığı Limited Şirketi operates in compliance with the Turkish Personal Data Protection Law (KVKK, Law No. 6698). Where our operations extend to the European Union — including through our Estonia-based entity — we operate in compliance with the EU General Data Protection Regulation (GDPR, Regulation 2016/679).
1. Who We Are and How to Reach Us
Nizmara Consulting & Executive Search is a boutique executive search and recruitment consultancy operating across Turkey, the Middle East, and Europe. We have two legal entities:
Turkey (Primary Entity) Nizmara İnsan Kaynakları Danışmanlığı Limited Şirketi Göztepe Mah. Tanzimat Sk. No:63/2 D:5 Kadıköy / Istanbul, Turkey
Estonia (EU Entity) Nizmara Global OÜ Harju maakond, Kesklinna linnaosa, Viru väljak 2, 3. korrus Tallinn 10111 Estonia
Privacy contact: info@nizmara.com Phone: +90 216 606 61 00
For candidates, clients, or individuals based in the European Union, enquiries related to data protection may also be directed to our Estonia entity in line with GDPR requirements.
2. Who This Policy Applies To
This policy covers four groups of individuals whose personal data we process.
Candidates are senior professionals and executives we approach, engage with, or maintain in our database as part of delivering executive search and recruitment services.
Client contacts are the individuals at organisations that engage Nizmara for search or recruitment mandates — typically CHROs, HR Directors, CEOs, and other senior leaders.
Referees and sources are individuals who provide professional references or background information about candidates during an active search process.
Website visitors are anyone who visits nizmara.com, including those who submit enquiries through our contact or scheduling forms.
3. What Personal Data We Collect
The data we hold about you depends on your relationship with us.
If you are a candidate:
We may collect and hold your full name, contact details (email, phone, location), professional biography and employment history, educational background and qualifications, CV and supporting documents you share with us, interview notes and assessment observations made by our consultants, compensation history and expectations (where relevant to a specific mandate and permitted by applicable law), reference information where you have explicitly approved a reference check, nationality and work eligibility information where relevant to a cross-border mandate, and information available through publicly accessible professional platforms such as LinkedIn.
We collect this information directly from you, from publicly available professional sources, from client organisations in the context of an active mandate, and from referees where applicable.
If you are a client contact:
We hold your name, job title, company, email address, and phone number. We also hold records of communications related to active mandates, hiring briefs and role specifications shared with us, and notes from briefing and progress conversations.
If you are a referee or source:
We hold your name and contact details, your professional connection to the candidate in question, and the reference or feedback you provide. Reference information is treated with strict confidentiality and is not attributed to you when shared unless you explicitly consent to this.
If you are a website visitor:
We collect standard technical data including IP address, browser type, device information, and pages visited. If you submit an enquiry through our contact or scheduling form, we retain the name, email address, phone number, company, and message content you provide.
4. How We Use Your Personal Data
We use personal data only for specific, legitimate purposes. We do not use your information for automated decision-making. We do not sell personal data under any circumstances.
For candidates: To assess your profile against current and future mandates relevant to your background. To approach you about opportunities we genuinely believe are relevant. To present your professional profile to client organisations — always with your knowledge and, where required, your consent. To manage interview scheduling, assessment processes, and offer negotiations on your behalf. To conduct reference checks where you have explicitly approved this. To maintain our talent database for future opportunities in your field. To send relevant market intelligence, thought leadership, or event invitations where you have not opted out of such communications.
For client contacts: To deliver executive search and recruitment services as agreed under a service mandate. To manage communication, progress reporting, and candidate presentation throughout the search process. To maintain business records related to our engagement. To share relevant market insights or sector intelligence where appropriate.
For referees and sources: To gather professional context on a candidate as part of an active search mandate. Reference information is used solely for this purpose and is not retained beyond the conclusion of the relevant search.
For website visitors: To respond to enquiries submitted through our contact or scheduling forms. To analyse website performance and improve the user experience. To comply with applicable legal obligations.
5. Legal Basis for Processing
Our legal basis for processing depends on the nature of the data and the specific activity involved.
We process candidate data primarily on the basis of legitimate interests — specifically, the legitimate interest of operating an executive search business, which by its nature involves identifying, approaching, and evaluating senior professionals. We balance this against your rights and freedoms, and we do not process your data in ways that are incompatible with reasonable expectations.
Where we collect potentially sensitive information — such as diversity data, recorded interview sessions, or background check results — we seek your explicit consent before doing so.
We process client contact data to fulfil our contractual obligations under a service agreement, and on the basis of legitimate interests in maintaining a business relationship.
We process referee and source data on the basis of legitimate interests, where the processing is limited to what is necessary for the purpose of a specific search mandate.
We comply with legal obligations where applicable law requires us to retain or disclose information.
6. Sharing Your Personal Data
We share personal data only where necessary and only with those who have a legitimate reason to receive it.
With client organisations: As part of an active search mandate, we share relevant candidate profile information with the client. We share only what is necessary for the client to assess the candidate’s suitability. We do not introduce any candidate to a client in detail without first informing the candidate and, where required, obtaining their consent.
Within Nizmara: Personal data may be accessed by consultants and support staff across our Turkey and Estonia operations where this is necessary to deliver the service. All Nizmara personnel are bound by confidentiality obligations.
With technology and platform providers: We use digital tools to support our work, including LinkedIn and recruitment management software. These providers act as data processors and are subject to appropriate data protection obligations. We do not permit them to use your data for their own purposes.
With referees: Where a candidate has approved a reference check, we share limited contextual information with named referees solely for the purpose of obtaining a professional reference.
For legal compliance: Where required by law, regulation, court order, or competent authority, we will disclose personal data as legally obligated. We will notify affected individuals where we are permitted to do so.
7. International Data Transfers
Nizmara operates across Turkey, Estonia, and the wider Middle East and Europe. As part of delivering our services, personal data may be transferred between these jurisdictions. For example, a candidate based in Istanbul may be considered for a mandate in Riyadh or Amsterdam, which requires sharing relevant profile information across borders.
Where personal data is transferred from the European Union or European Economic Area — including from our Estonia entity — we ensure that appropriate safeguards are in place in accordance with GDPR requirements, including Standard Contractual Clauses where applicable.
Where personal data is transferred outside Turkey, we comply with the requirements of KVKK, including implementing appropriate data transfer mechanisms.
8. How Long We Retain Your Data
We do not retain personal data indefinitely. Retention periods are determined by the purpose for which data was collected and applicable legal requirements.
Candidate profiles and associated data are retained for a period of three years from the date of last meaningful contact. If you withdraw consent or request deletion, we will act on this promptly. If we have a legal obligation to retain certain records, we will do so for the minimum period required.
Client contact data is retained for the duration of the business relationship and for up to three years thereafter, for legal, audit, and continuity purposes.
Reference and source information is retained only for the duration of the relevant search mandate, after which it is deleted unless there is a specific legal reason to retain it.
Website enquiry data is retained for up to twelve months from the date of submission.
9. Your Rights
Depending on your location and applicable law, you have the following rights in relation to your personal data:
The right to access the data we hold about you and to receive a copy of it. The right to request correction of any inaccurate or incomplete data. The right to request deletion of your data where there is no legitimate reason for continued processing. The right to object to processing based on legitimate interests. The right to withdraw consent at any time where processing is based on your consent — this does not affect the lawfulness of processing that took place before withdrawal. The right to data portability, where processing is based on consent or contract. The right not to be subject to decisions based solely on automated processing that have a significant effect on you.
If you are based in the European Union, you also have the right to lodge a complaint with your local supervisory authority. For individuals interacting with our Estonia entity, the relevant authority is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).
To exercise any of these rights, contact us at info@nizmara.com. We will respond within 30 days. In complex cases, we may extend this by a further 60 days, and we will notify you if this is the case.
10. Cookies
Our website uses cookies for functionality, analytics, and performance improvement. You may control cookie preferences through your browser settings or through the cookie consent banner displayed on your first visit to nizmara.com.
We do not use cookies to track you across other websites or to build advertising profiles.
11. Data Security
We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or disclosure. Access to personal data within Nizmara is restricted to those who require it to perform their professional role. All Nizmara personnel who handle personal data are bound by confidentiality obligations.
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authorities and, where required, affected individuals, in accordance with applicable law.
12. Updates to This Policy
We may update this policy periodically to reflect changes in our practices, our business structure, or applicable law. The date at the top of this page indicates when the policy was last revised. We encourage you to review this page periodically. Where changes are material, we will take reasonable steps to inform affected individuals.
Nizmara Consulting & Executive Search Last updated: April 2026