Privacy Notice

PUBLIC

PUBLIC

Privacy Notice

 

About Our Privacy Notice                    

Last Updated: March 2024

This Privacy Notice is addressed to data subjects outside of Ovarro’s group of companies with whom we interact, including employees and other representatives of our existing or potential business customers, their third-party suppliers/partners, our advisors and consultants, our suppliers and partners and visitors to our websites (together, “you”). The personal data may be provided directly by you or by the company/organisation you represent. For information on our personal data processing activities for recruitment and employment purposes, please see our Job Applicant Privacy Notice, our Employee Privacy Notice, and our Privacy Notice for Contractors – these are made available to you at the start of the application process and employment.

Our privacy practices may vary among the countries in which we operate to reflect local practices and legal requirements. In most cases this will be the law of the country in which you are located.

We may amend or update this Privacy Notice from time to time to reflect changes in how we process personal data. We also may do so in order to reflect any changes in applicable law. Please read this Privacy Notice carefully and regularly check our website for any changes we might make to this Privacy Notice. This Privacy Notice supplements other notices and privacy policies and is not intended to override them.

According to applicable data protection laws, you may be entitled to know the identity of your Data Controller. The Data Controller is the legal entity which determines why and how your personal data is processed. This will generally be the case when you are located within the European Economic Area (EEA).

Your relevant Data Controller may vary, depending on how you are receiving services from us, for example, if you are engaging Ovarro directly to provide services to you, then your relevant Data Controller is likely to be that particular Ovarro entity which is providing those services to you. This will typically be that Ovarro entity which is based in your current location, and which processes your personal data, and which is named in any relevant correspondence with you. You can also find a list of our affiliated companies and subsidiaries on our website – go to ovarro.com/Contact.

If you normally deal with one of our business partners and have been referred to us to receive specific services at the request of that business partner, or we process your data as part of services we provide to our customers, then that business partner/customer may be your relevant data controller. In such cases, this Privacy Notice may not apply to you so please refer instead to that business partner’s privacy policy. Even if this Privacy Notice does not directly apply to you, Ovarro, as a data processor, will process your personal data in accordance with the data controller’s explicit instructions and will take all steps necessary to preserve the security and the confidentiality of the personal data and prevent alteration, damage, or access by unauthorised persons.

What Data We Process

We may collect, use, store and transfer different kinds of personal data about you that you or the organisation you represent provide to us, which can be grouped together as follows:

  • Identity Data includes first name, last name, username or similar identifier, title; language preferences; job title, images of individuals collected via CCTV (if applicable).
  • Contact Data includes delivery address, email address and telephone
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
  • Employer details where you interact with us in your capacity as an employee of our customer/partner/advisor or consultant, the name, address, telephone number and email address of your employer, to the extent relevant.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback, and survey responses.
  • Usage Data includes information about how you use our websites, products and services, device type, operating system, browser type, browser settings, IP address, language settings, dates and times of connecting to a website (including the full Uniform Resource Locators (URL) clickstream to, through and from our sites (including date and time)), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page and any phone number used to call our customer support number, username, password, security login details, aggregate statistical information and other technical communications information;
  • Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences, records of your interactions with our online advertising and content, records of advertising and content displayed on pages or App screens displayed to you and any interaction you may have had with such content or advertising, including mouse hover, mouse clicks, any forms you complete.
  • Personal Data included in correspondence, transaction documents, or other materials that we process in the course of providing services.
  • Records of any consents you may have given, together with the date and time, means of consent and any related
  • We may also create personal data about you, such as records of your communications and interactions with us. We may record telephone calls, meetings, and other interactions in which you are involved, in accordance with applicable
  • Information we receive from other sources. When we also work with third parties (for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) we may receive information about you from them.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

How We Collect Your Data

We collect data when you access our websites, fill in forms on our websites (including when you register to receive one of our products or company newsletters), when you register for and use our SaaS solutions, when you sign-up to and use our Apps, when you access and login to jointmanager.com, through our CRM database, when we receive/access tender documents, or when you correspond with us by phone, e-mail, paper or otherwise. This may include information provided when you register to use our sites, subscribe to our services, participate in social media functions, or when you report a problem with our sites/products/services.

We may also collect personal data from third parties – e.g. in connection with our marketing activities.

In some cases, when you access our mobile applications or website providing access to specific services, you may be presented with an additional privacy notice information relevant to the use of the specific application. Any such other notices are supplementary to this Privacy Notice and are not intended to replace it.  

Where we need to collect personal data by law or under the terms of a contract we have with your organisation, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with your organisation (for example, to provide you with goods or services). In this case, we may have to cancel a product or service we provide but we will notify you at the time, if this is the case.

Purposes of Processing and Legal Basis for Processing

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

Uses made of the personal data

Lawful basis for use

Retention Period

To carry out our obligations (and exercise our rights) arising from any contracts/arrangement entered into between you/your organisation and us/our partner and to provide you/your organisation with the information, products and services that you/your organisation request from us/our partner.

We have a legitimate interest in carrying out the processing for the purpose of providing our products and services under a contract we have with you/your organisation and/or our partner.

The personal data will be retained for no longer than is reasonably necessary and, in any event, no longer than the applicable limitation period of the most recent, applicable contract or applicable legislation.

To provide you with information about other goods and services we offer that are similar to those that you/your organisation have already purchased, searched for, or enquired about and we feel may interest you/your organisation.

We have a legitimate interest in carrying out the processing for the purpose of providing our services and sites.

Your personal data will be retained for this purpose until:

(i)      We no longer reasonably require it for these purposes; or

(ii)   (if earlier) you confirm you no longer want to receive such information

 

Uses made of the personal data

Lawful basis for use

Retention Period

To provide you/your organisation or permit other organisations within our group of companies (or their appointed representatives) to provide you with information about goods or services we feel may interest you/your organisation.

We have a legitimate interest in carrying out the processing for the purpose of providing our services and sites.

Your personal data will be retained for this purpose until:

(i)      We no longer reasonably require it for these purposes; or

(ii)   (If earlier) you confirm you no longer want to receive such information

Compliance with legal obligations – as necessary under applicable law

The processing is necessary for compliance with a legal obligation e.g., regulatory, tax, accounting or reporting requirements.

Your personal data will be retained for this purpose until:

(i)      We no longer reasonably require it for these purposes; or

(ii)     We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you/your organisation. 

To receive products and services from suppliers, consultants, other services providers.

To manage our suppliers and services providers, including performing suppliers review,

 

We have a legitimate interest in carrying out the processing for the purpose of receiving products and services.

The processing is necessary for compliance with a legal obligation – e.g. tax, accounting, anti-bribery, anti-money laundering, and other legal obligations placed on us

Your personal data will be retained for this purpose until:

(i)    We no longer reasonably require it for these purposes; or

(ii)   (If earlier) you confirm you no longer want to receive such information

(iii) We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you/your organisation. 

 

How We Use Your Personal Data

We will process the information you provide in a manner compatible with the applicable data protection laws, including the Data Protection Act 2018 (“DPA”) in the UK, the European Union General Data Protection Regulation ((EU) 2016/679) (“GDPR”), the UK GDPR and any applicable implementing laws, any applicable local legislation, regulations and secondary legislation, as amended or updated from time to time, any relevant codes of practice and any successor legislation applicable from time to time. We will endeavour to keep your information accurate and up to date and not keep it for longer than is necessary, however, we are required to retain certain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements, agreed practices and individual business needs.

If you provide us with any information or material relating to another individual, you should make sure that sharing with us and our further use as described to you from time to time, is in line with applicable laws, for example, you should duly inform that individual about the processing of their personal data and obtain their consent, as may be necessary under applicable data protection laws.

Where We Store and Process Your Data

Personal data collected from you may be stored and processed in a country in which we or our agents/partners or contractors maintain facilities and by accessing our sites and using our services, you consent to any such transfer of information outside of your country.

We will take all reasonably necessary security measures to prevent personal information from being accidentally lost, used, or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our sites, you are responsible for keeping this password confidential. We ask you not to share passwords with anyone.

We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so and within the time frame legally required.

Disclosure of your Personal Data

Our business is a global business. To offer and perform our services, we may need to transfer your personal data among several countries with any member of our group, which means our subsidiaries, our ultimate holding company, and its subsidiaries (You can find a list of our affiliated companies and subsidiaries on our website – go to our contact page). We may share your information with selected third parties, including: business partners, suppliers, distributors, agents, and sub-contractors for the performance of any contract we enter into with them or you/your organisation. The personal information that we collect from you may be transferred to, and stored at, a destination outside the EEA, including the United States of America. Those countries may not have the same data protection laws as the country in which you initially provided the data. It may also be processed by staff operating outside the EEA who work for us or for one of our business partners or sub-contractors. We will take all steps reasonably necessary to ensure that your data is processed and treated securely and in accordance with this Privacy Notice and with the applicable data protection law, including the laws applicable in the respective country.

We use third parties which provide services to us in different cases - for example, system administration service providers; providers of legal, insurance, hosting, financial and other services, including consultancy services, marketing activities, analytics and search engine services, customer-relationship management service and enterprise applications. We may need to share your personal data with such third parties, situated within and outside of the EEA, in connection with their services. We do not allow third parties to use your personal information for their own purposes.

We may also disclose your personal information to third parties in the following circumstances:

  • In the event that we sell any business or assets, in which case we may disclose your personal data to the prospective buyer of such business or assets.
  • If Ovarro or substantially all its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of Ovarro, our customers, or This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
  • When we are required to transfer your personal data the accreditation body EUSR for record keeping and certification.

We require all third parties to respect the security of your personal data and to treat it in accordance with the respective applicable law.

The Internet is an open system and therefore the transmission of information via the Internet is not completely secure. Although we will implement all reasonable measures to protect your personal data, we cannot guarantee the security of your data transmitted to us using the Internet – any such transmission is at your own risk, and you are responsible for ensuring that any personal data that you send to us is sent securely.

Retention Period of Your Personal Data

We take every reasonable step to ensure that your personal data is only processed for the minimum period necessary for the purposes set out in this Privacy Notice, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means. We also consider the applicable legal, regulatory, tax, accounting, or other relevant requirements.

Marketing

At any time, you have the right to unsubscribe or withdraw your consent to our processing of your personal data for marketing purposes. To withdraw this consent please email: marketing@ovarro.com.

We may process your personal data to enable us to contact you via email, telephone, direct mail, or other communication formats to provide you with information regarding services that may be of interest to you. If we provide services to you, we may send information to you regarding our services and other information that may be of interest to you, using the contact details that you have provided to us in compliance with applicable law.

You may unsubscribe from our marketing email list at any time by simply clicking on the unsubscribe link included in every marketing email we send. After you unsubscribe, you will be removed from the marketing list. We may continue to contact you to the extent necessary for the purposes of any services you have requested or to inform you of important information relating to a product or service we provide you with, such as an important firmware update or product recall.

Cookies, Social Media And Marketing Technologies

When you visit our websites, we may collect information from you automatically through cookies or similar technology.

Cookies are small text files placed on your computer or other Internet-connected device to uniquely identify your device or browser or to store information or settings in your browser.  For further details on the types of cookies and other similar technologies we use on our website, please see our Cookies Notice, available on ovarro.com.

Our Privacy Notice applies only to our websites. Our websites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

Your Data Protection Rights

Under certain circumstances you may have the rights outlined below under data protection laws in relation to your personal data. The rights below are likely to apply to you if you are based in the European Union:

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

If we hold personal data about you, you can request the following information:

  • The categories of personal data collected, stored, and processed
  • The purpose of the processing as well as the legal basis for processing
  • If the processing is based on our legitimate interests or a third party, information about those interests
  • Recipient(s) or categories of recipients that the data is/will be disclosed to
  • If we intend to transfer the personal data to a third country or international organisation, information about how we ensure this is done securely. For data transferred from the EU, the EU has approved sending personal data to some countries because they meet a minimum standard of data protection; in other cases, we will ensure there are specific measures in place to secure your information.
  • Details of your rights to correct, erase, restrict or object to such processing
  • Information about your right to withdraw consent at any time
  • How to lodge a complaint with the supervisory authority
  • Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data
  • The source of personal data if it was not collected directly from you
  • Any details and information of automated decision making (if applicable), such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing, where applicable

Please, send us an e-mail at gdpr@ovarro.com and request our subject access request form which you can fill in and e-mail back to us.

Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

  • If you want us to establish the data’s accuracy
  • Where our use of the data is unlawful, but you do not want us to erase it
  • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims
  • You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it

Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

File a complaint - you have the right to make a complaint at any time to us or the data protection authority in your country. The UK supervisory authority for data protection issues is the Information Commissioner’s Office (ICO), (www.ico.org.uk).

Changes to This Privacy Notice

We keep our Privacy Notice under regular review and any changes will be added to this Privacy Notice and updated on our website.

How to Contact Us

If you have any questions about our Privacy Notice, the data we hold about you, or you would like to exercise any of your data protection rights, please do not hesitate to contact us.

Email: gdpr@ovarro.com

Call us on: +44 (0) 1246 437580

Or write to us at: Data Protection Working Committee (DPWC), Rotherside Road, Eckington, Sheffield, UK, S21 4HL

How to contact the Appropriate Authority

Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may contact the respective data protection authority. We would, however, appreciate the chance to deal with your concerns before you approach any such authority and would ask you to contact us in the first instance by using the contact information above.

If you are located in the UK, you may contact the UK’s Data Protection Authority

Information Commissioner's Office Wycliffe House

Water Lane Wilmslow Cheshire SK9 5AF

Telephone: 0303 123 1113

Fax: 01625 524510

For information on local data protection authorities within the EU, please visit the European Commission's website.