“Caveris” (and “we”, “us”, or “our”) refers to Caveris Limited (a limited company registered in England under registration no. 10963088 and with its registration address at Chilcompton, Green Lane, Aspley Guise MK17 8EN) in the UK.
Personal data is any information relating to an identified or identifiable living person. When “you” or “your” are used in this policy, we are referring to the relevant individual who is the subject of the personal data. Caveris processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.
When collecting and using personal data, our policy is to be transparent about why and how we process personal data. To find out more, please go to the relevant sections of this policy.
Our processing activities
Caveris is registered as a data processor with the Information Commissioner’s Office in the UK.
Your rights, processing, data collection and use of personal data
You have the following legal rights, in certain circumstances and subject to certain restrictions, in relation to your personal data:
Right to access the data - You have the right to request a copy of the personal data that we hold about you, together with other information about our processing of that personal data
Right to rectification – You have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete
Right to erasure– You have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the “right to be forgotten”
Right to restriction of processing or to object to processing – You have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes
Right to data portability – You have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine readable format
You also have the right to lodge a complaint with the Data Protection Commission if you are not happy with the way we have used your information or addressed your rights. Details of how to lodge a complaint can be found at on the Data Protection Commissioner website or you can call the Data Protection Commissioner at 0303 123 1113. However, before deciding to proceed with this option, we would appreciate if you contacted our Security Officer, David Tidswell, as we would welcome an opportunity to discuss any issues you may have in relation to your personal data.
If you wish to exercise any of the above rights, then please do not hesitate to contact us at [email protected]
We will use personal data relating to you for the purposes of:
Dealing with any queries that you have submitted to us via our website or our SaaS platform
Processing applications and transactions submitted through our website or our SaaS platform
Improving and developing our website and the services provided on our SaaS platform
Carrying out research and user surveys
Sending you promotional and marketing materials, subject to any preferences that you express when we collect your contact details or subsequently. You can opt out of receiving promotional and marketing materials from us at any time, including by contacting
Generating and analysing statistics regarding usage of our website and SaaS platform, including the frequency of use of individual pages (where possible, personal data will be anonymized before being used for this purpose)
Fraud prevention, investigation and detection
Establishing, exercising or defending legal claims
Providing information to our professional advisors
The legal bases on which we process your personal data are as more particularly set out below.
Our legitimate interests in conducting our business, being the delivery of emailed newsletters
Compliance with a legal or regulatory obligation that applies to us
The performance of a contract with you or in order to take steps at your request prior to entering into a contract
Browsing our website
As an anonymous visitor to our website we collect no personally identifiable information about you, apart from information which you volunteer (please see more on this in the next section below).
We may use temporary third party Google Analytics or HubSpot cookies to collect an anonymous record of your site page views and to recognize return visits (also anonymously) using a unique cookie that Google Analytics or HubSpot stores in your browser.
We use the collected page-view information to understand how visitors use the website and to help us improve access to its information and functionality.
Submitting website forms
We have a number of (entirely optional) data collection forms on the company website. These include the “Contact Us” form. If you submit your details on the Contact Us form, or any other similar form we may implement in the future, we will save your personal details in our Customer Relationship Management (CRM) database.
We may also record this activity with temporary third party Google Analytics or Hubspot cookies to provide a best estimate of where you came from before you visited the Caveris website e.g. a Google advertisement, Ad-campaign, a search listing, or an external link to our site.
Subscribing to communications
We have a number of (entirely optional) subscription forms on our company website. These include, for example, subscribing to our newsletter. When you subscribe to the newsletter we record and save your email address, whether you are a customer or prospective customer, in addition to your format preference. This data is used only to enable us to send you issues of the newsletter in your preferred format.
Issues of our newsletter may carry a survey and if you respond your answers are saved with your subscriber record and are used to prevent multiple entries by an individual. We use the stored open, click and survey information in aggregated form to give us an indication of the popularity of the content and to help us make decisions about future content and formatting. We may also use the information to publish more relevant content to individual newsletter readers in future issues.
You may cease receiving our newsletters at any time by using the “unsubscribe” link included in every issue sent. Your email address may be retained to ensure you no longer receive communications, unless you choose to actively re-subscribe.
Commenting on our blog
When you comment on our blog cookies are sometimes used, which means that, for example, you won’t need to retype all your information when you want to leave another comment.
Registering for, and using, our SaaS platform/Mobile Application
Caveris provides customers with a platform that enables customers to manage their information security management program. This platform is not part of our company website. Caveris serves as a data processor for the customers who use our platform. As such, except where we are a customer user of our own platform, Caveris does not control or own the information submitted to this platform. The information that is submitted to this platform is instead subject to our customer’s own privacy policies. You are entirely responsible for ensuring that you have all appropriate permissions from your own customers in order to collect and process their personal data and, as appropriate to the services being used, engage in marketing activities with them and accordingly, we have absolutely no liability or responsibility (or indeed, no direct contractual link) whatsoever arising from our processing of that data on your behalf.
You are not under a statutory or contractual obligation to provide us with any personal data. However, where you sign up a trial account (or contact us, or sign up for our newsletter) we will ask you to provide certain information, such as your name and email address. If you do not provide this information, we may not be in a position to process your request.
When you begin to use such a trial account, you may upload data to the Caveris application via forms and create your organisation’s user accounts. All this data remains entirely yours and is only stored and processed by Caveris for the purposes of delivering the SaaS information security management solution.
If you later wish to become a paying client of Caveris, we will request sufficient additional contact and other information such as billing details from you to allow us provide a contract-based service to you. This information will be used solely to enable the provision of our SaaS information security management solution to you.
When you use the Caveris SaaS information security management solution, we record a log of all significant actions taken by you while logged in, together with related information such as browser and OS type, and IP address. We use this information to estimate system load, and to plan for system and product enhancements. The information can also be used to allow us investigate incidents such as those involving compromised login credentials.
Caveris, as the data processor, maintains only the personal information which its customers have asked Caveris to process. As noted above, it is your responsibility to ensure that the customer data you collect can be legally collected. You are responsible for providing your employees, users and other data subjects the appropriate level of notification that personal information is being collected and stored and for receiving the appropriate permissions from them as required under all applicable legislation.
Data storage, sharing, rectification
Personal information, such as collected on our company website, is securely stored in our servers and the servers of selected third-parties (like WebHosting UK). We will never share personal information with other third parties, except where we are required to do so by law or for fraud prevention, investigation and detection, or, for establishing, exercising or defending legal claims.
We and our providers employ industry-accepted levels of security on all data storage and transmission. This includes the use of HTTPS/TLS (Transport Layer Security encryption) when interacting with secure areas of our website, and SMTP/TLS (email encryption) when interacting via email. Personal information stored on any portable media (for example portable backup media or laptops) is subject to encryption (Full Disk Encryption).
Your contact, billing and other details will never be shared or stored with third parties, except where we are legally obliged to do so, or where we make use of an external service to operate some aspect of our business, such as credit card processing, or CRM. In such instances, the storage of your data on third party systems will be solely for the purpose of operating our business to provide you with the contracted service, and never for the direct benefit of the third party, who will never have any other right of use to your data.
Where we make use of an external service in this way, we will require the same commitment to the protection of your data as we ourselves implement.
You have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information to make it complete.
In addition, and as also previously noted, you have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes.
Data access and data portability
You may request a copy of any personal information we may hold about you. You can do this by using the contact details at the end of this policy. You may request that any incorrect data be amended, or alter your communications preferences at any time. Your requests for this type of access or amendment will be subject to the relevant data protection legislation.
In addition, and as also previously noted, on the question of your right to data portability, you have the absolute right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine-readable format.
Data control and right to be forgotten
As noted previously, you have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the “right to be forgotten”.
Compliance with this policy will be monitored and reviewed by the Governance Team of Caveris Limited.