Updated: September 2nd, 2024

Privacy Policy

  1. Introduction

    The purpose of this privacy notice is to tell you what information Civo Ltd collects from you, how and when it may be collected and what happens to it. For the purpose of this privacy notice, "Civo", "we" and "us" refers to Civo Ltd.

    We take the protection of your personal data very seriously and strictly adhere to the rules laid out by data protection laws, Data Protection Act 2018 and the General Data Protection Regulation (GDPR-EU and GDPR-UK).

    Please note that this privacy notice does not apply to the extent we process personal data in the role of a "data processor" (see our Data Processing Agreement for more information).

    We have appointed a Data Protection Officer (DPO) who is responsible for monitoring and providing guidance with our GDPR status. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO/us using the contact information in section 16 of this privacy notice.

  2. Why we collect your personal information

    We may collect your personal information when you request services from us (or otherwise contact us from time to time) by:

    • inputting your data onto our website;
    • by directly contacting our business,
    • when you speak to one of our customer service agents by telephone, live chat or through our webpage; or
    • another business or organization passes your details to us;
    • when you register your interest to attend an event organized by us.
    • providing the requested services and/or information to you;
    • responding to your queries;
    • transmitting personal information between our offices or functions for internal administrative purposes;
    • hosting and maintaining our websites;
    • to create and activate your account as part of the services you requested;
    • to send you an invoice;
    • ensuring network and information security;
    • carrying out direct marketing; and/or
    • when you register your interest in or attend an event we organize.

    1. How we use the personal information that you provide to us

      We undertake the following processing of your personal information on the legal basis that it is necessary to perform the contract with you and to provide the services we have agreed to provide to you. Where we have not entered into a contract with you, we may also carry out this processing because in that pre-contractual stage where we consider it is necessary in our legitimate business interests in order to deal with requests, inquiries, or comments you have made to us.

      Pre-contract processing - we collect your personal information which you provide to us when applying for a service with us to comply with our legal obligations and to carry out fraud checks. We may also process your personal information for this purpose where we consider it necessary for the performance of the contract with you, or otherwise with your consent.

      Enhancing your experience and our business - we may use your personal information to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes. We may also share limited personal information with social media platforms to provide you with tailored services relevant to the services you have requested or received.

      Other lawfully permitted processing - we may also use any personal information that you provide to us for example to other companies within Civo Ltd or to other organizations required to provide you with the requested service. If you choose not to provide personal information requested by us, we may not be able to provide you with the services and/or information you have requested or otherwise fulfil the purpose(s) for which we have asked for the personal information.

      Marketing - we may also use any personal data that we collect to recommend products and services that might be of interest to you, to send you marketing and advertising messages such as newsletters, announcements, or special offers or to notify you about our upcoming events. Providing you with marketing communications is not essential to providing the Services to you, therefore you may opt-out from receiving such communications.

      You are entitled to opt-out from receiving marketing communication at any time (see Marketing Opt-out below). Your decision to opt-out from our marketing communications will not affect your ability to continue receiving our Services from us.

      Marketing Opt-Out - you are entitled to opt-out from receiving marketing communication at any time and free of charge by using the “unsubscribe” option included in any marketing e-mail or other marketing material received from us or by contacting us using the contact information in section 16 of this privacy notice.

  3. Lawful basis of processing information

    We only collect and use personal information about you when the law allows us to. Most commonly, we use it where:

    • the data subject (you) has given consent to the processing activity taking place
    • if the processing is necessary for the performance of a contract
    • if the processing is necessary for compliance with a legal obligation to which the controller is subject
    • if the processing is necessary for the purpose of the legitimate interest pursued by us or our partners i.e. to generate weekly reports our accounts team.

    Where legitimate interest is identified as a lawful basis, we will undertake a legitimate interest assessment which is a three-part test covering:

    • the Purpose test - to identify the legitimate interest;
    • necessity test - to consider if the processing is necessary for the purpose identified; and
    • balancing test - considering the individual's interests, rights or freedoms and whether these override the legitimate interests identified.

  4. What information we collect and where from

    When you interact with us in the different ways described below, we may ask you for the following information:

    • personal and contact details (for example your name, email address, billing address, phone number with the area code, credit card information, IP detected country, and signature of the web browser);
    • personal and contact details which you give us when subscribing to receive emails, newsletters, or marketing information from us;
    • information we collect via cookies or similar technology stored on your device (you can find out more from our Cookie Policy);
    • technical information, including the Internet Protocol (IP) address used to connect your computer or device to the Internet, your login information, browser type and version, time zone setting, browser plug- in type and versions, operating systems and platform and geographic location;
    • information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time, products you have viewed or searched for, choices you make during your visit, page response times, download errors, on page errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page;
    • information from social media activity (such as likes, shares and tweets) when you interact with us on social media;
    • information and records obtained when you contact our customer service department by live chat or web;
    • information you provide if you report a problem with our website or service; or
    • additional information which you provide voluntarily and/or which we may ask from you to better understand you and your interests;

    We collect certain information when we organize our events.

    When you register your interest to attend an event organized by us:

    • full name, company name, job title, gender, email address, phone number, full company or home address, T-shirt size, bank details.
    • when you are a speaker at one of our events:
    • full name, company name, job title, gender, email address, phone number, full company address, T-shirt size.

    When you attend an event organized by us:

    • photographs
    • videos

    All events organized by us are public events. Where it is not possible to gain your consent for photographs and videos, we would like to reassure you that we will take all necessary measures to safeguard your privacy. In such cases, we will blur any personal data related to you, such as the names on the lanyards. We want to make it clear that we do not endorse or take any responsibility for photographs or videos taken by third-party individuals.

      Special category data

      When you register your interest to attend one of our events, we may collect the following special category data from you:

      • food allergies / dietary restrictions

      We will only process special category data where we have an Article 9 exception allowing us to do so, in this case, we will rely on Article 9(2)(a) condition of the UK GDPR (explicit consent).

      Where special category data may be collected during the course of activities relating to photography for marketing and publicity materials, we will rely on explicit consent.

  5. How long we keep information for

    We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation with respect to our relationship with you.

    To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements. If you would like to find out how long your information is being retained, please see "additional information", section 16 of this policy.

  6. Security of personal information

    We take the responsibility for protecting your privacy very seriously and we will ensure your data is secured in accordance with our obligations under the Data Protection laws. We have in place technical and organizational measures to ensure personal information is secured and to prevent your personal data from being accessed in an unauthorized way, altered, or disclosed. We have in place a robust access control policy which limits access to your personal data to those employees, contractors and other third parties who only have a business need to know. The processing of your personal data will only take place subject to our instruction.

    We have policies and procedures to handle any potential data security breaches and data subjects, third parties and any applicable regulators will be notified where we are legally required to do so.

    Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of the site, you are responsible for keeping this password confidential. We ask that you do not share your password with anyone.

    Unfortunately, the transmission of information via the Internet is not completely secure so we cannot guarantee the security of your information when it is transmitted to our website or from third party websites, any transmission is at your own risk, however, we use strict procedures and security features to prevent unauthorized access.

    From time to time, this site may contain links to and from the websites of our partner networks, advertisers, and affiliates. If you follow a link to any of these websites, we cannot accept any responsibility or liability and you will have to agree to such company's privacy notice, please ensure you agree to such policies before submitting your personal data.

    We acknowledge that the information you provide may be confidential. We do not sell, rent, distribute, or otherwise make personal information commercially available to any third party, but we may share information with our service providers for the purposes set out in this privacy notice. We will keep your information confidential and protect it in accordance with our privacy notice and all applicable laws.

    We have ensured that all employees have had information security and data protection training. If you would like more details of the security we have in place, please see "additional information", section 16 of this notice.

  7. Children's information

    We do not knowingly collect information on children. If we have collected personal information on a child, please contact us immediately using the details in section 16, so we can remove this information without any undue delay.

  8. Your individual rights

    In this Section, we have summarized the rights that you have under General Data Protection Regulation. Some of the rights are complex, and not all the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.

    Your principal rights under General Data Protection Regulation are:

    • right to object;
    • right of access;
    • right to be informed;
    • right to rectification;
    • right to erasure;
    • right to restrict processing; and
    • right to data portability.

    If you have any question about these rights, please see "additional information", section 16 of this notice.

  9. Consent

    Where you have given consent for processing, or explicit consent in relation to the processing of special category data, you have the right to withdraw this consent at any time, but this will not affect the lawfulness of processing based on consent before its withdrawal.

  10. Failure to provide personal information

    Where we need to collect personal data by law or in order to process your instructions or perform a contract, we have with you and you fail to provide that data when requested, we may not be able to carry out your instructions or perform the contract we have or are trying to enter into with you. In this case, we may have to cancel our engagement or contract you have with us, but we will notify you if this is the case at the time.

  11. Cookies

    When you visit our website for the first time, you will be asked to consent or reject the collection and use of cookies and similar tracking technologies. If you reside in the United Kingdom (UK), European Union (EU), the European Economic Area (EEA), or Switzerland, we do not collect cookies until you consent or opt-in using Cookie Preferences. Please see our Cookie Policy.

    You may update, change, or read more about the specific cookies we collect by reviewing your Cookie Preferences from the icon available on the landing page.

  12. Automated decision making

    Your personal data is used in automated decision making (a decision made solely by automated means without any human involvement) for verification to determine the validity of the information you provided to us in order to activate your account with us, and profiling (automated processing of personal data to evaluate certain conditions about an individual) based on the cookies for retargeting and to show you ads based on your preferences.

    For automated decisions making the below information will be used:

    • country billing address, detected country, and phone number

    If your account verification has failed, as part of the automated decision making, we will manually check the validity of the information and make a decision.

    We only perform profiling if you have consented to the use of tracking cookies on our website. These cookies help us understand your interests based on your online activity, enabling us to show you ads that are relevant to you.

    For more information regarding cookies, please see our cookie policy.

    Where we make an automated decision which has a legal or substantially similar effect, you have the right to speak to us and we may then review the decision, provide a more detailed explanation and assess if the automated decision was made correctly.

  13. Transfers to third parties

    We may disclose your personal data, listed in section 4 to some third parties to help us deliver our services/products. All third parties are contractually bound to protect the personal data we provide to them. We may use several or all of the following categories of recipients:

    • country billing address, detected country, and phone number
    • business partners, suppliers, and sub-contractors for the performance of any contract we enter into with them or you;
    • companies within our businesses and to other functions or offices within the same corporate group as defined by section 1159 of the Companies Act for the purposes set out above;
    • where we employ third-party companies or individuals to process personal information provided by us on our behalf for business functions, including (without limitation) IT support, hosting our data on cloud platforms, legal, accounting, audit, consulting and, other professional service providers, and providers of other services related to our business;
    • advertisers (we do not disclose information about identifiable individuals to our advertisers but will provide them with aggregate information to help us serve more relevant advertisements to a cohort of visitors and/or customers on various advertising platforms) analytics, search engine providers and, evaluation companies;
    • portions of our services may be provided by organizations with which we have a contractual relationship, including subcontractors. We only provide these organizations with the information that they need to be able to perform their services;
    • payment service providers;
    • professional advisors e.g. lawyers, auditors;
    • web analytics and search engine provider to ensure the continued improvement and optimisation of our website; or
    • regulators and law enforcement agencies, where we are required by law to do so, where necessary for the purposes of preventing and detecting fraud, and other criminal offenses and/or to ensure network and information security.

  14. Transfers outside of the UK

    In this section, we provide information about the circumstances in which your personal data may be transferred and stored in countries outside the UK.

    We may share personal information to third parties outside of the UK. Any personal information transferred will only be processed on our instruction and we ensure that information security at the highest standard would be used to protect any personal information as required by the Data Protection laws.

    Where personal data is transferred outside of the UK to a country without an adequacy decision, we will ensure appropriate safeguards are in place prior to the transfer. These could include:

    • EU Standard Contractual Clauses + UK Addendum;
    • International Data Transfer Agreement;
    • Binding Corporate Rules; or
    • an exception as defined in Article 49 of the EU GDPR

    For more information about transfers and safeguarding measures, please contact us using the information in section 16.

  15. Right to complaint

    We take any complaints about our collection and use of personal information very seriously.

    If you think that our collection or use of personal information is unfair, misleading, or inappropriate, or have any other concern about our data processing, please raise this with us in the first instance.

    To make a complaint, please contact us via email on dpo@civo.com.

    Alternatively, you can contact us:

    • by Post: Units H-K, Gateway 1000, Whittle Way, Stevenage, Hertfordshire, SG1 2FP

    Alternatively, you can make a complaint to the Information Commissioner's Office:

  16. Additional information

    Your trust is important to us. That is why we are always available to talk with you at any time and answer any questions concerning how your data is processed. If you have any questions that could not be answered by this privacy notice or if you wish to receive more in-depth information about any topic within it, please contact our DPO and Compliance Team via email on dpo@civo.com.

  17. Global privacy compliance

    We operate on a global scale, serving customers across various countries. As a result, we are committed to ensuring that your information is handled securely and responsibly, adhering to the privacy standards established by the respective jurisdiction where we operate.