Caveris is registered as a data processor with the Information Commissioner’s Office in the UK. We take our responsibilities under applicable laws and regulations very seriously. This privacy policy describes why and how we collect and use personal data and provides information about individuals’ rights.  It applies to personal data provided to us, both by individuals themselves, or by others. We may use personal data provided to us for any of the purposes described in this privacy policy or as otherwise stated at the point of collection.

 

“Caveris” (and “we”, “us”, or “our”) refers to Caveris Limited (a limited company registered in England under registration no. 10963088 and with its registration address at Chilcompton, Green Lane, Aspley Guise MK17 8EN) in the UK.

 

Personal data is any information relating to an identified or identifiable living person. When “you” or “your” are used in this policy, we are referring to the relevant individual who is the subject of the personal data.  Caveris processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.  

 

When collecting and using personal data, our policy is to be transparent about why and how we process personal data.  To find out more, please go to the relevant sections of this policy.

​

Our processing activities

​

Caveris is registered as a data processor with the Information Commissioner’s Office in the UK.

 

We take our responsibilities under applicable data protection law, including the EU General Data Protection Regulation (‘GDPR’) and implementing legislation such as the Data Protection Act 2018, very seriously. The purpose of this privacy policy is to inform you of the data relating to you that we collect and use in connection with this website and the uses (including disclosures to third parties) we make of such data.

 

For the purposes of the GDPR, we are a data controller in respect of personal information collected through our website and any social media accounts such as Facebook, any blogs etc. that post a link to this privacy policy; and a data processor for information collected through our Software as a Service (‘SaaS’) platform and/or mobile application.

 

This privacy policy applies to the personal information shared or stored by people who interact with our company website situated at www.caveris.co.uk and it also applies to anybody who interacts with our SaaS platform.

 

By visiting our website(s), and/or signing up to receive communications sent through our SaaS platform, you are accepting the terms of this privacy policy. You are therefore encouraged to read this policy before using or submitting information to Caveris. 

​

Your rights, processing, data collection and use of personal data

 

Your Rights

 

You have the following legal rights, in certain circumstances and subject to certain restrictions, in relation to your personal data:

​

• Right to access the data - You have the right to request a copy of the personal data that we hold about you, together with other information about our processing of that personal data

• Right to rectification – You have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete

• Right to erasure– You have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the “right to be forgotten”

• Right to restriction of processing or to object to processing – You have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes

• Right to data portability – You have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine readable format

​

Processing

 

You also have the right to lodge a complaint with the Data Protection Commission if you are not happy with the way we have used your information or addressed your rights. Details of how to lodge a complaint can be found at on the Data Protection Commissioner website or you can call the Data Protection Commissioner at 0303 123 1113. However, before deciding to proceed with this option, we would appreciate if you contacted our Security Officer, David Tidswell, as we would welcome an opportunity to discuss any issues you may have in relation to your personal data.

 

If you wish to exercise any of the above rights, then please do not hesitate to contact us at [email protected].

 

We will use personal data relating to you for the purposes of:

​

• Dealing with any queries that you have submitted to us via our website or our SaaS platform

• Processing applications and transactions submitted through our website or our SaaS platform

• Improving and developing our website and the services provided on our SaaS platform

• Carrying out research and user surveys

• Sending you promotional and marketing materials, subject to any preferences that you express when we collect your contact details or subsequently. You can opt out of receiving promotional and marketing materials from us at any time, including by contacting [email protected]

• Generating and analysing statistics regarding usage of our website and SaaS platform, including the frequency of use of individual pages (where possible, personal data will be anonymized before being used for this purpose)

• Fraud prevention, investigation and detection

• Establishing, exercising or defending legal claims

• Providing information to our professional advisors

​

The legal bases on which we process your personal data are as more particularly set out below.

 

• Our legitimate interests in conducting our business, being the delivery of emailed newsletters

• Compliance with a legal or regulatory obligation that applies to us

• The performance of a contract with you or in order to take steps at your request prior to entering into a contract

​

Browsing our website

​

As an anonymous visitor to our website we collect no personally identifiable information about you, apart from information which you volunteer (please see more on this in the next section below).

 

We may use temporary third party Google Analytics or HubSpot cookies to collect an anonymous record of your site page views and to recognize return visits (also anonymously) using a unique cookie that Google Analytics or HubSpot stores in your browser.

 

We use the collected page-view information to understand how visitors use the website and to help us improve access to its information and functionality.

​

Submitting website forms

​

We have a number of (entirely optional) data collection forms on the company website. These include the “Contact Us” form. If you submit your details on the Contact Us form, or any other similar form we may implement in the future, we will save your personal details in our Customer Relationship Management (CRM) database.

 

We may also record this activity with temporary third party Google Analytics or Hubspot cookies to provide a best estimate of where you came from before you visited the Caveris website e.g. a Google advertisement, Ad-campaign, a search listing, or an external link to our site.

​

Subscribing to communications

​

We have a number of (entirely optional) subscription forms on our company website. These include, for example, subscribing to our newsletter. When you subscribe to the newsletter we record and save your email address, whether you are a customer or prospective customer, in addition to your format preference. This data is used only to enable us to send you issues of the newsletter in your preferred format.

 

Issues of our newsletter may carry a survey and if you respond your answers are saved with your subscriber record and are used to prevent multiple entries by an individual. We use the stored open, click and survey information in aggregated form to give us an indication of the popularity of the content and to help us make decisions about future content and formatting. We may also use the information to publish more relevant content to individual newsletter readers in future issues.

 

You may cease receiving our newsletters at any time by using the “unsubscribe” link included in every issue sent. Your email address may be retained to ensure you no longer receive communications, unless you choose to actively re-subscribe.

​

Commenting on our blog

​

When you comment on our blog cookies are sometimes used, which means that, for example, you won’t need to retype all your information when you want to leave another comment.

​

Registering for, and using, our SaaS platform/Mobile Application

​

Caveris provides customers with a platform that enables customers to manage their information security management program. This platform is not part of our company website. Caveris serves as a data processor for the customers who use our platform. As such, except where we are a customer user of our own platform, Caveris does not control or own the information submitted to this platform. The information that is submitted to this platform is instead subject to our customer’s own privacy policies. You are entirely responsible for ensuring that you have all appropriate permissions from your own customers in order to collect and process their personal data and, as appropriate to the services being used, engage in marketing activities with them and accordingly, we have absolutely no liability or responsibility (or indeed, no direct contractual link) whatsoever arising from our processing of that data on your behalf.

 

You are not under a statutory or contractual obligation to provide us with any personal data. However, where you sign up a trial account (or contact us, or sign up for our newsletter) we will ask you to provide certain information, such as your name and email address. If you do not provide this information, we may not be in a position to process your request.

 

When you begin to use such a trial account, you may upload data to the Caveris application via forms and create your organisation’s user accounts. All this data remains entirely yours and is only stored and processed by Caveris for the purposes of delivering the SaaS information security management solution.

 

If you later wish to become a paying client of Caveris, we will request sufficient additional contact and other information such as billing details from you to allow us provide a contract-based service to you. This information will be used solely to enable the provision of our SaaS information security management solution to you.

 

When you use the Caveris SaaS information security management solution, we record a log of all significant actions taken by you while logged in, together with related information such as browser and OS type, and IP address. We use this information to estimate system load, and to plan for system and product enhancements. The information can also be used to allow us investigate incidents such as those involving compromised login credentials.

 

Caveris, as the data processor, maintains only the personal information which its customers have asked Caveris to process. As noted above, it is your responsibility to ensure that the customer data you collect can be legally collected. You are responsible for providing your employees, users and other data subjects the appropriate level of notification that personal information is being collected and stored and for receiving the appropriate permissions from them as required under all applicable legislation.

 

Caveris SaaS information security management solution is hosted in data centres within the European Economic Area (EEA). Caveris does not transfer personal information to third parties. In the event this did occur, Caveris would ensure that any such party had agreed to abide by the principles of Caveris privacy policy and would be able to provide assurances that adequate protection of personal information would be provided in line with all applicable GDPR measures.

​

Data storage, sharing, rectification

​

Personal information, such as collected on our company website, is securely stored in our servers and the servers of selected third-parties (like WebHosting UK). We will never share personal information with other third parties, except where we are required to do so by law or for fraud prevention, investigation and detection, or, for establishing, exercising or defending legal claims.

 

We will not hold your personal data for longer than is necessary. We shall retain your personal data for as long as we need it for the purposes described in this privacy policy, or to comply with our obligations under applicable law, or, to provide you with our services, and, if relevant, to deal with any claim or dispute that might arise between you and us.

 

We and our providers employ industry-accepted levels of security on all data storage and transmission. This includes the use of HTTPS/TLS (Transport Layer Security encryption) when interacting with secure areas of our website, and SMTP/TLS (email encryption) when interacting via email. Personal information stored on any portable media (for example portable backup media or laptops) is subject to encryption (Full Disk Encryption).

 

Your contact, billing and other details will never be shared or stored with third parties, except where we are legally obliged to do so, or where we make use of an external service to operate some aspect of our business, such as credit card processing, or CRM. In such instances, the storage of your data on third party systems will be solely for the purpose of operating our business to provide you with the contracted service, and never for the direct benefit of the third party, who will never have any other right of use to your data.

 

Where we make use of an external service in this way, we will require the same commitment to the protection of your data as we ourselves implement.

You have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information to make it complete.

 

In addition, and as also previously noted, you have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes.

 

Data access and data portability

​

You may request a copy of any personal information we may hold about you. You can do this by using the contact details at the end of this policy. You may request that any incorrect data be amended, or alter your communications preferences at any time. Your requests for this type of access or amendment will be subject to the relevant data protection legislation.

 

In addition, and as also previously noted, on the question of your right to data portability, you have the absolute right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine-readable format.

 

Data control and right to be forgotten

​

Your contact data is an asset of our business. If Caveris were to be acquired, or in the unlikely event of Caveris going out of business, control of your data could transfer to a third party. Your data would remain subject to the terms as set out in our privacy policy at the time of the transaction, until such time as you were notified of any change by the new controller or processor. Your rights to access and/or to have your data corrected would be unaffected.

 

As noted previously, you have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the “right to be forgotten”.

 

Data privacy policy changes

​

We reserve the right to make changes to this privacy policy and any such changes will be posted on our website 30 days prior to such changes becoming effective. Where we propose to make changes to how we collect, use or disclose personal information that could reduce the privacy of its owner in any way, we will notify all persons potentially affected (typically via email), with an opportunity to opt out of such use. We encourage you to periodically review this privacy policy for the latest information on our privacy practices.

 

Compliance

​

Compliance with this policy will be monitored and reviewed by the Governance Team of Caveris Limited.