Privacy Policy

About Our Privacy Policy


This Privacy Policy (the “Policy”) provides information in respect of the way in which Ovarro Limited and its affiliated companies and subsidiaries (together, “Ovarro”, “we”, “our” or “us”), collect and process personal data.

This Policy is addressed to data subjects outside of Ovarro’s group of companies with whom we interact, including contact person/employees of our business clients and third-party suppliers/partners of our customers, our suppliers and partners, visitors to our websites (together, “you”).  For information on our personal data processing activities for recruitment purposes, please see our Job Applicant Privacy Notice.

Our privacy practices may vary among the countries in which we operate to reflect local practices and legal requirements. In most cases this will be the law of the country in which you are located.

We may amend or update this Policy from time to time to reflect changes in how we process personal data. We also may do so in order to reflect any changes in applicable law. Please, read this Policy carefully and regularly check our website for any changes we might make to this Policy. This Privacy Policy supplements other notices and privacy policies and is not intended to override them.

According to applicable data protection laws, you may be entitled to know the identity of your data controller. The data controller is the legal entity which determines why and how your personal data is processed.  This will generally be the case when you are located within the European Economic Area (EEA).

Your relevant data controller may vary, depending on how you are receiving services from us, for example, if you are engaging Ovarro directly to provide services for you, then your relevant data controller is likely to be that particular Ovarro entity which is providing those services to you. This will typically be that Ovarro entity which is based in your current location and which processes your personal data, and which is named in any relevant correspondence with you.

In some cases, we process personal data as joint controllers, which means that two or more controllers jointly determine the purposes and means of processing in accordance with Article 26 of the General Data Protection Regulation (“GDPR”). This may apply to our processing of personal information of representatives/employees of our business customers and to end users of our partners. We process personal data as joint controllers in order to provide services to our customers and for direct marketing purposes which may involve contacting you from time to time via email. Data collected by the joint controllers may be stored on a centralised database or within each controllers’ systems depending on the services we provide to you.

In certain circumstances, under data protection laws, you may have the rights outlined below in relation to your personal data processed by joint controllers; these rights are likely to apply to you if you are based in Europe. You have a right to request access to, or rectification of, the personal data which we hold about you. You also have the right to request restricted processing of your personal data, you may object to our processing of your personal data or request that it is erased completely and you have a right to request that we transmit your personal data to another data controller. You have a right to submit any such request to each one or to all joint controllers. The joint controller that you submit your request to shall be responsible for responding to you and ensuring protection of your rights. Contact details for any enquiries or other correspondence relating to this Policy are provided below.

If you normally deal with one of our business partners and have been referred to us to receive specific services at the request of that business partner, or we process your data as part of services we provide to our customers, then that business partner/customer may be your relevant data controller. In such cases, this Policy may not apply to you so please refer instead to that business partner’s privacy policy. Even if this Policy does not directly apply to you, Ovarro, as a data processor, will process your personal data in accordance with the data controller’s explicit instructions and will take all steps necessary to preserve the security and the confidentiality of the personal data and prevent alteration, damage or access by unauthorised persons.

How We Process Your Personal Data

It is important to us that we are transparent in the ways that we use your personal information.

Our processing activities are governed by this Policy and it sets out comprehensively how we use the personal information that we collect about you.

What Data We Process

We may collect, use, store and transfer different kinds of personal data about you which can be grouped together as follows:

  • Identity Data includes first name, last name, username or similar identifier, title; language preferences; job title, images of individuals collected via CCTV (if applicable);
  • Contact Data includes delivery address, email address and telephone number;
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us;

  • Employer details where you interact with us in your capacity as an employee of our customer/partner, the name, address, telephone number and email address of your employer, to the extent relevant;
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website;
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses;
  • Usage Data includes information about how you use our websites, products and services, device type, operating system, browser type, browser settings, IP address, language settings, dates and times of connecting to a website (including the full Uniform Resource Locators (URL) clickstream to, through and from our sites (including date and time)), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page and any phone number used to call our customer support number, username, password, security login details, aggregate statistical information and other technical communications information;
  • Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences, records of your interactions with our online advertising and content, records of advertising and content displayed on pages or App screens displayed to you and any interaction you may have had with such content or advertising (including mouse hover, mouse clicks, any forms you complete;
  • Personal Data included in correspondence, transaction documents, or other materials that we process in the course of providing services;
  • Records of any consents you may have given, together with the date and time, means of consent and any related information;
  • We may also create personal data about you, such as records of your communications and interactions with us. We may record telephone calls, meetings, and other interactions in which you are involved, in accordance with applicable law.
  • Information we receive from other sources. When we also work with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) we may receive information about you from them.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

How We Collect Your Data

We collect data when you access our website, fill in forms on our websites (including when you register to receive one of our products or company newsletters), through our CRM database, when we receive/access tender documents, or when you correspond with us by phone, e-mail, paper or otherwise.  This may include information provided when you register to use our sites, subscribe to our services, participate in social media functions, or when you report a problem with our sites/products/services.  

Where we need to collect personal data by law or under the terms of a contract we have with you/your organisation and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you/ your organisation  (for example, to provide you with goods or services). In this case, we may have to cancel a product or service we provide but we will notify you, if this is the case, at the time.

Purposes of Processing and Legal Basis for Processing

  • We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

Uses made of the personal data

  • To carry out our obligations (and exercise our rights) arising from any contracts/arrangement entered into between you/your organisation and us/our partner and to provide you/your organisation with the information, products and services that you/your organisation request from us/our partner.

  • To provide you with information about other goods and services we offer that are similar to those that you/your organisation have already purchased, searched for, or enquired about and we feel may interest you/your organisation.

  • To provide you/your organisation, or permit other organisations within our group of companies (or their appointed representatives) to provide you with information about goods or services we feel may interest you/your organisation.

  • Compliance with legal obligations – as necessary under applicable law


Lawful basis for use

  • We have a legitimate interest in carrying out the processing for the purpose of providing our services under a contract we/our partner have with you/your organisation.

  • We have a legitimate interest in carrying out the processing for the purpose of providing our services and sites.

  • We have a legitimate interest in carrying out the processing for the purpose of providing our services and sites.

  • The processing is necessary for compliance with a legal obligation e.g. regulatory, tax, accounting or reporting requirements.


Retention Period

  • To carry out our obligations (and exercise our rights) arising from any contracts/arrangement entered into between you/your organisation and us/our partner and to provide you/your organisation with the information, products and services that you/your organisation request from us/our partner.

  • To provide you with information about other goods and services we offer that are similar to those that you/your organisation have already purchased, searched for, or enquired about and we feel may interest you/your organisation.

  • To provide you/your organisation, or permit other organisations within our group of companies (or their appointed representatives) to provide you with information about goods or services we feel may interest you/your organisation.

  • Compliance with legal obligations – as necessary under applicable law

How We Use Your Personal Data

We will process the information you provide in a manner compatible with the applicable data protection laws, including the Data Protection Act 2018 (“DPA”) in the UK, the European Union General Data Protection Regulation ((EU) 2016/679) (“GDPR”) and any applicable implementing laws, regulations and secondary legislation, as amended or updated from time to time, any relevant codes of practice and any successor legislation applicable from time to time. We will endeavour to keep your information accurate and up to date and not keep it for longer than is necessary however, we are required to retain certain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements, agreed practices and individual business needs.

Information about the Personal Data that We Hold About You

At your request, we can confirm what information we hold about you and how it is processed. If we hold personal data about you, you can request the following information:

  • The categories of personal data collected, stored and processed
  • The purpose of the processing as well as the legal basis for processing
  • If the processing is based on our legitimate interests or a third party, information about those interests
  • Recipient(s) or categories of recipients that the data is/will be disclosed to
  • If we intend to transfer the personal data to a third country or international organisation, information about how we ensure this is done securely. For data transferred from the EU, the EU has approved sending personal data to some countries because they meet a minimum standard of data protection; in other cases, we will ensure there are specific measures in place to secure your information
  • Details of your rights to correct, erase, restrict or object to such processing
  • Information about your right to withdraw consent at any time
  • How to lodge a complaint with the supervisory authority
  • Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data
  • The source of personal data if it wasn’t collected directly from you
  • Any details and information of automated decision making (if applicable), such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing, where applicable.

Please, send us e-mail at [email protected] and request our subject access request form which you can fill in and e-mail back to us.

If you provide us with any information or material relating to another individual, you should make sure that the sharing with us and our further use as described to you from time to time is in line with applicable laws, for example, you should duly inform that individual about the processing of their personal data and obtain their consent, as may be necessary under applicable data protection laws.

Where We Store and Process Your Data

Personal data collected from you may be stored and processed in a country in which we or our agents/partners or contractors maintain facilities and by accessing our sites and using our services, you consent to any such transfer of information outside of your country.

We will take all reasonably necessary security measures to prevent personal information from being accidentally lost, used, or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our sites, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so and within the time frame legally required.

Disclosure of your Personal Data

Our business is a global business.  To offer and perform our services, we may need to transfer your personal data among several countries with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries (You can find list of our affiliated companies and subsidiaries on our website). We may share your information with selected third parties, including: business partners, suppliers, distributors, agents and sub-contractors for the performance of any contract we enter into with them or you/your organisation. The personal information that we collect from you may be transferred to, and stored at, a destination outside the EEA, including the United States of America.  Those countries may not have the same data protection laws as the country in which you initially provided the data.  It may also be processed by staff operating outside the EEA who work for us or for one of our business partners or sub-contractors. We will take all steps reasonably necessary to ensure that your data is processed and treated securely and in accordance with this Policy and with the data protection law applicable in the respective country.

We use third parties which provide services to us in different cases - for example, system administration service providers; providers of legal, insurance, financial and other services, including consultancy services, marketing activities, analytics and search engine services, customer-relationship management service and enterprise applications. We may need to share your personal data with such third parties, situated within and outside of the EEA, in connection with their services. We do not allow third parties to use your personal information for their own purposes.

We may also disclose your personal information to third parties in the following circumstances:

  • In the event that we sell any business or assets, in which case we may disclose your personal data to the prospective buyer of such business or assets 
  • If Ovarro Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets 
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of Ovarro, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction

We require all third parties to respect the security of your personal data and to treat it in accordance with the respective applicable law.

The Internet is an open system and therefore the transmission of information via the Internet is not completely secure. Although we will implement all reasonable measures to protect your personal data, we cannot guarantee the security of your data transmitted to us using the Internet – any such transmission is at your own risk and you are responsible for ensuring that any personal data that you send to us is sent securely.

Retention Period of Your Personal Data

We take every reasonable step to ensure that your personal data is only processed for the minimum period necessary for the purposes set out in this Policy, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means. We also consider the applicable legal, regulatory, tax, accounting or other relevant requirements.


At any time, you have the right to unsubscribe or withdraw your consent to our processing of your personal data for marketing purposes. To withdraw this consent please email: [email protected].

We may Process your personal data to enable us to contact you via email, telephone, direct mail or other communication formats to provide you with information regarding services that may be of interest to you. If we provide services to you, we may send information to you regarding our services and other information that may be of interest to you, using the contact details that you have provided to us in compliance with applicable law. 

You may unsubscribe from our marketing email list at any time by simply clicking on the unsubscribe link included in every marketing email we send. After you unsubscribe, you will be removed from the marketing list We may continue to contact you to the extent necessary for the purposes of any services you have requested or to inform you of important information relating to a product or service we provide you with, such as an important firmware update or product recall. 

Your Data Protection Rights

Under certain circumstances you may have the rights outlined below under data protection laws in relation to your personal data. The rights below are likely to apply to you if you are based in the European Union:

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

  • If you want us to establish the data’s accuracy.
  • Where our use of the data is unlawful, but you do not want us to erase it.
  • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
  • You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.

Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

File a complaint - you have the right to make a complaint at any time to us or the data protection authority in your country. The UK supervisory authority for data protection issues is the Information Commissioner’s Office (ICO), (


Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see the Cookies’ information on our website.

Links to 3rd Party Websites

Our Privacy Policy applies only to our websites. Our websites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

Changes to This Policy

We keep our Privacy Policy under regular review and any changes will be added to this Policy and updated on our website.

How to Contact Us

If you have any questions about our Policy, the data we hold about you, or you would like to exercise any of your data protection rights, please do not hesitate to contact us.

Email: [email protected]

Call us on: +44 (0) 1246 437580

Or write to us at: Legal at Ovarro Ltd, Rotherside Road, Eckington, Sheffield, UK, S21 4HL

How to contact the appropriate authority

Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may contact the respective data protection authority. We would, however, appreciate the chance to deal with your concerns before you approach any such authority and would ask you to contact us in the first instance by using the contact information above.

If you are located in the UK, you may contact the UK’s Data Protection Authority

Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF

Telephone: 0303 123 1113 Fax: 01625 524510