Privacy notice

Identity and contact details of the controller

Incorvus Ltd.  (together referred to as “we” or “us”) is committed to respecting the requirements of The Data Protection Act 1998 (DPA), EU General Data Protection Regulation (GDPR), Privacy and Electronic Communications Regulations (PECR), the forthcoming EU ePrivacy Regulation and any other applicable national or international laws having regard to the privacy of personal data, electronic communications and data protection.  For the purpose of those laws, the data controller of this website is Incorvus Ltd.

This Notice (“Privacy Notice”), together with our Terms of Use and Cookie Declaration, sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us, typically when you use our services or communicate with us.

It is our policy to ensure that personal information is secured; that privacy is respected and that, where appropriate, confidentiality is observed.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it; for example when you contact us, visit our website, apply for a job, or purchase products or services.

Please note this Privacy Policy was last updated in April 2018 and will continue to be reviewed and updated to keep pace with regulatory and other changes.

Purpose of the processing and the legal basis for the processing

We only collect and process personal data where we have a legitimate business interest in so doing. This may be through various means: face-to-face, online, via email, phone or post.

We may collect personal data such as your name, company position, address, telephone number, mobile number, email address or IP address,

Such personal data may include the following:

  • First name and surname;
  • Postal and/or email address;
  • Country of residence and/or nationality;
  • Unique identifier information (e.g. a username or number and password);
  • Some details provided by your device such as IP address, device ID, device type, and location data.

We may use the personal data we collect and process about you in order to:

  • Provide you with access to our website or other systems;
  • Communicate legimitately with you and your organisation;
  • Provide you with information you have requested, including without limitation, quotations, service documentation, brochures, newsletters and responses to applications (which includes carrying out any obligations arising from any contracts entered into between you and us);
  • Provide you with information by post, email, telephone or otherwise about products and services of a similar nature to those you have previously purchased or expressed an interest in which are offered by us and which we think may be of interest to you. You have the right to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing by contacting us by phone, post or email using the details in the “Contact Us” section below. You can also unsubscribe from emails by following the unsubscribe (link) instructions included in every email;
  • Respond to any enquiries from you regarding our products and services;
  • Improve our sites to ensure that content is presented in the most effective manner for you and for your computer;
  • Measure or understand the effectiveness of content we serve to you and others, and to deliver relevant content to you;
  • Obtain your feedback on a product, service or our site;
  • Allow you to participate in interactive features of our sites, when you choose to do so;
  • Provide you with information about certain other suggested goods and services which we believe may be of interest to you;
  • Administer our sites and for internal operations, including troubleshooting, data analysis, load management, testing, research, statistical and survey purposes;
  • Conduct standard business tasks such as the issuance of payment due reminders;
  • To notify you about changes to our service;
  • Meet our legal, statutory and regulatory obligations.

Every time you connect to our site, we, or our internet provider, may store a log of your visit that shows the unique identifier of your machine. This records, inter alia, what your machine has looked at, whether the page request was successful or not and which browser your machine used to view the pages. This data is used for statistical purposes and helps us to understand which areas of the site are of particular interest, which pages are not being requested, and how many people are visiting the site in total. It also helps us to determine which products and services may be of specific interest to you. We may attempt to contact you through these details if necessary, including, without limitation, when you are using the wrong paths to access the site or are breaching restrictions on the use of the site. We may also use this information to block IP addresses where there is a breach of the Terms and Conditions regarding use of the site, as may, for instance, be the case with spamming or attempted penetration activity.

When you visit our site we may automatically collect the following information:

  • technical information, including the Internet Protocol (IP) address used to connect your computer to the internet;
  • your login information, your geographic location, browser type and version, browser plug-in types and versions, operating system and platform; and information about your visit, including the source of your visit, the full click path, mouse movement, through our sites (including date and time);
  • services you viewed, searches made on our sites, page response times, download errors, length of visits to certain pages, page interaction information (such as page scrolling, mouse clicks, mouse movements and keyed text), and methods used to browse away from the page.

We (or other selected third parties acting on our behalf) may contact you from time to time in order to provide you with information about products and services that may be of interest to you. All marketing emails that we send to you will follow the email guidelines described below. You have the right to ask us not to process your personal data for marketing purposes, but if you do so, we may need to share your contact information with third parties for the limited purpose of ensuring that you do not receive marketing communications from them on our behalf.

If you participate in surveys, we may use your personal data to carry out market research. This research is conducted for our internal business and training purposes and will improve our understanding of our users’ demographics, interests and behaviour.

If you use our services, we may collect the following types of information: (i) browser type, browser version, and operating systems being used; (ii) page load times; (iii) customer username; and (iv) IP address (of relevant devices). We may use such information for purposes which include but are not limited to:

  • providing the products/services and any associated maintenance and technical support;
  • providing incident and other alerts, and information about product upgrades, updates, renewals and product lifecycle changes;
  • providing maintenance and technical support;
  • providing information about product upgrades, updates and renewals;
  • generating logs, statistics and reports on service usage, and service performance;
  • evaluating, developing and enhancing products, services, and our infrastructure;
  • planning development roadmaps and product lifecycle strategies.

Certain services may include features that collect additional personal data for other purposes, as described below. For detailed information, please also refer to the applicable product or service description.

If you obtain products or services from us, we may use your contact details for the purposes of (i) providing training, customer support and account management, (ii) order processing and billing, (iii) verifying your usage of the products and services in accordance with the terms and conditions of your agreement with us, (iv) carrying out end user compliance checks for export control purposes; (v) issuing license expiry, renewal and other related notices; and (vi) maintaining our company accounts and records.

Incorvus does not use automated decision-making.

Finally, if you are making a job application or enquiry, you may provide us with a CV or other relevant information which will include personal data. We may use this information for the purpose of considering your application or inquiry or for vetting. You are consenting to us sharing this information with third parties for the specific purpose of managing our recruitment activities which may store data outside the UK. Except when you explicitly request otherwise, we may keep this information on file for future reference and as it is regarded as highly confidential and sensitive, access to it is restricted.

The legitimate interests of the controller or third party

Incorvus Ltd. seeks to do business with other businesses, not consumers. We therefore regard communication and interaction with other businesses, even at an individual level, as a legitimate interest fundamental to our ability to conduct business. It therefore follows that in the pursuance of that aim, it is impossible not to gather and hold a level of personal information about the people, businesses and other relevant contacts that we engage with.

If you provide personal data to us, we will collect that information, respect your privacy, and use it for the purposes for which you have provided it and in accordance with this Notice.

This privacy notice applies to personal data collected by us. If an email or site contains links to a third party site, please be aware that we are not responsible for the content or privacy practices of such sites.

Recipient or categories of recipients of the personal data

We will not share your personal data with anyone else unless you agree to this, or such sharing is necessary to fulfil our contract with you, or we are legally allowed or required to do so. Moreover, your personal data will only be shared with selected organisations which comply with our security procedures and policies.

We will never sell, trade, or rent your personal information to others however, we may share your information with selected third parties including:

  • our partners, suppliers, sub-contractors or associates for the performance of any contract we enter into with them or you; where they us help provide our services to you; or to enforce or apply our statutory disclosures or any other agreement or to protect the rights, property or safety of our sites, our users or others;
  • governmental, regulatory authorities, judicial bodies or agencies to comply with our legal and regulatory obligations;
  • fraud prevention or debt collection agencies when required to protect our legitimate interests; other companies and organisations where we are bound to prevent or detect financial and other crime;
  • services, software and other providers that assist us with our business, including our sites and systems.

Some of the above organisations may be based in a country outside the European Economic Area or where different data privacy laws apply. We will only transfer your personal data to that country if they ensure an adequate level of protection of your rights and freedoms, or you have given us your consent, or that organisation is contractually bound to meet European Economic Area data protection law.

Transfers to third countries and safeguards

We endeavour to hold all personal data securely in accordance with our internal security procedures and applicable law.

Unfortunately, no data transmission over the Internet or any other network can be guaranteed as 100% secure. As a result, while we strive to protect your personal data by using encryption and authentication, we cannot ensure and do not warrant the security of any information you transmit to us, and this information is transmitted at your own risk. As a safeguard we use encrypted e-mail services and two-factor authentication systems. Should a device with company data be lost or stolen we have further safeguards in place. We use third party services only from reputable suppliers, regarded as industry-standard.

Personal data collected and processed in accordance with this Privacy Policy is stored on secure servers located in the European Economic Area.

All reasonable steps are taken to make sure that your data is stored and handled securely in the event that we may need to send any to countries outside the EU, where typically we deal with highly reputable organisations who are mostly technologically-oriented and whom we trust.

Whilst typically, data remains in the UK or EAA, we do work with and provide products and services from international partners with global operations. So when you give us personal data, that data may occasionally be used, processed or stored anywhere in the world, including countries outside the EEA. We may also pass your personal data to suppliers, service providers, subcontractors, agents, distributors, vendors and other partners, some of whom may be located outside the EEA, in order to provide you with the information, products and services that you requested or otherwise for the purposes described in this privacy policy.

We adhere to the following guidelines in relation to our emails:

  • emails will clearly identify us as the sender;
  • emails sent to you for marketing purposes will include an option to unsubscribe from future email messages;
  • you may unsubscribe from all mailing lists, with the exception of any emails regarding legal notices, invoicing, or license renewals;
  • any third parties who send emails on our behalf will be required to assert that they comply with legislative requirements on unsolicited emails and the use of personal data.

We do not store any information ourselves in third countries, nor would we buy from, or sell your data to, third countries.

It is however possible that your data may be transferred to, stored at, and processed at a destination inside or outside the European Economic Area by our partners, suppliers or service providers. By submitting your personal data to us, you agree to this transfer, storing or processing.

Our procedure regarding data transfer or sharing, is to seek consent whenever there is third party involved. Which we will now also record.

Retention period or criteria used to determine the retention period

We will only keep your personal data for as long as it is needed for the purposes for which it was collected and we will remove from our systems all personal data which is no longer required.

We will only retain your personal data after this time where we are required to do so, in order to meet a regulatory or legal obligation.

We handle your personal data in accordance with adequate and reasonable procedures and technologies in order to maintain and protect its security, availability, confidentiality and integrity, and prevent its unlawful or unauthorised processing, accidental loss or damage, from its collection until its destruction.

Data subject’s rights

Under current regulations, data subjects (i.e. you) have:

  • The right to be informed how their personal data is used;
  • The right to access their personal data;
  • The right to be forgotten and have their data deleted in specific circumstances;
  • The right to data portability to transfer their data to another service provider;
  • The right to have information corrected if it’s out of date, incomplete or incorrect;
  • The right to object to, or stop, their data being processed on certain grounds;
  • The right to restrict processing, meaning they can request that their data is only kept on file and not used for processing;
  • Rights in relation to automated decision making and profiling, meaning that in some cases individuals have the right not to be subject to a decision that is based on an automated process.

You have the right at any time and free of charge to access your personal data in the following ways:

  • Request a copy of the personal data we hold about you. We do this willingly but can refuse to give you this information if your requests are clearly vexatious;
  • Have your personal data corrected if it is inaccurate or incomplete;
  • Request the deletion of your personal data where it is no longer necessary for us to keep it for the purpose for which it was originally collected or processed, unless we have a legal or regulatory obligation to retain the personal data;
  • Restrict further processing of your personal data. Where you have previously entered into a contracted service or product with us, this may imply cancelling the contracted service or product;
  • If provided, to withdraw or amend your agreement to direct marketing, including profiling;
  • Obtain and reuse your personal data for your own purposes subject to certain conditions of portability.

You also have the right to raise a complaint with a supervisory authority such as the ICO.

Clearly, the provision of certain types of personal data e.g. contact details, is a necessary part of business communications, contracts and services without which it may well not be possible to conduct such activities, or even engage. We do not ask for contact details frivolously – they are required to make things happen!

How to contact us

For the purposes of data protection legislation, Incorvus Ltd is the data controller.

To exercise any of your rights; if you have any questions about our Privacy Policy; if you wish to make a complaint about the use of your personal data; or you want to report a security issue, please contact Incorvus Ltd.

Incorvus Ltd. is a Company registered in England & Wales. You should address any concerns to the Directors of the Company. Our contact information is set out below:

Incorvus Ltd.
Reg. Co. No. 5203890
Registered office: 5 Calico Row, Plantation Wharf, London, SW11 3YH.

T: +44 (0)20 8538 9898
E: info@incorvus.com