Privacy policy
Zavara Holdings Ltd ("Zavara", "we", "us", or "our") is a software development company registered in England and Wales.
This privacy policy explains how we collect, use, and protect personal data in connection with our website (zavara.uk) and our business operations, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Data controller
Zavara Holdings Ltd is the data controller responsible for your personal data. If you have questions about this policy or wish to exercise your data rights, contact us at: privacy@zavara.uk.
2. What data we collect
We may collect and process the following categories of personal data:
- Contact information: name, email address, telephone number, and company name — provided when you contact us, apply for a role, or engage with our services.
- Professional information: CV, work history, qualifications, and references — provided in connection with recruitment.
- Technical data: IP address, browser type, operating system, and usage data — collected automatically when you visit our website.
- Correspondence: the content of emails and messages you send to us.
3. How we use your data
We process personal data for the following purposes:
- Responding to enquiries and communications (legal basis: legitimate interests).
- Recruitment and employment administration (legal basis: contract performance and legitimate interests).
- Administering and improving our website (legal basis: legitimate interests).
- Complying with legal and regulatory obligations (legal basis: legal obligation).
- Establishing, exercising, or defending legal claims (legal basis: legitimate interests).
4. Who we share data with
We do not sell, rent, or trade personal data. We may share personal data with:
- Service providers who assist with our business operations (hosting, email, accounting), bound by contractual data protection obligations.
- Professional advisors (legal, tax, audit) where necessary.
- Regulatory or law enforcement bodies where required by law.
5. International transfers
Where we transfer personal data outside the United Kingdom, we ensure appropriate safeguards are in place, including UK GDPR-compliant Standard Contractual Clauses or transfers to countries with adequate data protection standards as recognised by the UK Government.
6. Data retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Contact and correspondence data is typically retained for two years after our last interaction. Recruitment data is retained for twelve months after a decision is made, unless you consent to longer retention. Website technical data is retained for twelve months.
7. Your rights
Under the UK GDPR, you have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your data (in certain circumstances).
- Object to or restrict our processing of your data.
- Request data portability.
- Withdraw consent at any time (where processing is based on consent).
To exercise any of these rights, contact privacy@zavara.uk. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
8. Cookies
Our website uses only essential cookies necessary for the site to function. We do not use tracking cookies, analytics cookies, or advertising cookies. No cookie consent banner is required as we do not set non-essential cookies.
9. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These include encryption of data in transit, access controls, and regular security reviews.
10. Changes to this policy
We may update this policy from time to time. The "last updated" date at the top of this page indicates when the policy was most recently revised. We encourage you to review this page periodically.