— Effective 1 October 2025

Privacy Policy

Nevari is committed to safeguarding the privacy, confidentiality, and security of all personal information entrusted to us.

Effective Date: 1 October 2025

1. Introduction

Nevari ("we", "our", "us") is committed to safeguarding the privacy, confidentiality, and security of all personal information entrusted to us.

We adhere to the UK GDPR, EU GDPR, the Data Protection Act 2018, and globally recognised privacy frameworks including CCPA/CPPA, PIPEDA, SOC 2, ISO 27001, and ISO 14001.

This Policy explains how we collect, use, store, share, and protect your data when you visit www.nevari.com, engage with our content, or use our consulting and advisory services.

2. Scope

This Policy applies to all data collected through:

  • Our website and any subdomains;
  • Contact forms, chat interfaces, and downloadable resources;
  • Email marketing, newsletters, or events;
  • Client engagements, CRM interactions, and billing systems;
  • Third-party integrations and partner services used by Nevari.

It applies to both prospective and current corporate clients, vendors, and any individuals interacting with our brand.

3. Who We Are and Data Controller Information

Nevari International Limited (trading as Nevari) is the Data Controller responsible for determining the purposes and means of processing your data.

Company Name & Registration Number: Nevari International Limited – 16018299 (England and Wales) Registered Office: Nevari HQ, The Summit, Church Lane, Guiting Power, Cheltenham, England, GL54 5TX VAT Number: GB 516689652

Data Protection Officer (DPO): Privacy@nevari.com Nevari HQ, The Summit, Church Lane, Guiting Power, Cheltenham, England, GL54 5TX

For EU data subjects, Nevari appoints an EU Representative to ensure compliance with cross-border requirements.

4. Categories of Data Collected

We may collect the following categories of information:

A. Personal and Professional Identifiers Name, title, company, role, contact details (email, phone, address).

B. Business and Contractual Information Organisation details, engagement history, purchase records, and invoicing information.

C. Technical and Analytical Data IP address, browser type, device identifiers, session data, geolocation, operating system, and cookies.

D. Marketing and Preference Data Communication preferences, newsletter subscriptions, downloads, event attendance.

E. Sensitive or Special Category Data Only where strictly necessary (e.g., compliance checks); such data is processed under Article 9 GDPR safeguards.

5. Legal Basis for Processing

We process personal data under the following lawful bases:

  • Contractual necessity – to perform obligations under a service agreement or respond to a business enquiry.
  • Legitimate interests – to maintain and improve services, ensure security, and send relevant professional communications.
  • Consent – for optional marketing, cookies, or participation in events.
  • Legal obligation – to satisfy regulatory, tax, and compliance duties.
  • Vital interests – in rare cases, to protect rights, property, or safety.

6. Purpose of Processing

We use your data to:

  • Provide and manage consulting and advisory services.
  • Respond to enquiries, proposals, and support requests.
  • Issue invoices and manage contractual relationships.
  • Send insights, invitations, and marketing updates (where permitted).
  • Improve user experience through analytics and site optimisation.
  • Maintain cybersecurity and prevent fraudulent activity.
  • Comply with statutory and professional obligations.

All processing aligns with our mission to deliver AI-First, ROI-driven transformation responsibly.

7. Cookies and Tracking Technologies

Nevari uses cookies to enable core functionality, analytics, and personalised experiences.

  • Necessary cookies ensure website operation.
  • Analytical cookies measure traffic and behaviour (e.g., Google Analytics, HubSpot).
  • Marketing cookies help deliver relevant content.

You can manage preferences through our Cookie Consent Manager or via browser settings. Cookie data is anonymised and retained for a maximum of 26 months unless otherwise required.

8. Data Sharing and Third-Party Processors

We share limited data with trusted third parties that support our operations, including:

  • Cloud hosting (AWS, Microsoft Azure, Google Cloud);
  • CRM and marketing automation (HubSpot, Salesforce, Mailchimp);
  • Analytics and performance tools (Google Analytics, Hotjar);
  • Payment processors (Stripe, Wise, banking partners);
  • Professional service providers (legal, accounting, IT security).

All vendors operate under Data Processing Agreements (DPAs) with strict confidentiality, encryption, and compliance clauses. We never sell or rent personal information.

9. International Data Transfers

Where data is transferred outside the UK or EEA, Nevari ensures equivalent protection through:

  • UK International Data Transfer Agreements (IDTAs);
  • EU Standard Contractual Clauses (SCCs);
  • Vendor adherence to Privacy Shield successor frameworks or Binding Corporate Rules (BCRs);
  • Regular security audits for SOC 2 and ISO 27001 certification.

10. Data Security

Nevari maintains comprehensive technical and organisational measures to prevent unauthorised access or loss, including:

  • Encryption in transit (SSL/TLS) and at rest (AES-256).
  • Multi-factor authentication for all systems.
  • Role-based access control and least-privilege policies.
  • Continuous vulnerability and penetration testing.
  • Incident response and breach notification protocols compliant with ICO guidelines.

Our infrastructure aligns with SOC 2 Type II and ISO 27001 controls.

11. Data Retention

Data is retained only for as long as necessary to fulfil its purpose or comply with legal requirements.

Typical retention periods:

  • Client records – 7 years (post-contract).
  • Marketing and contact lists – 3 years after last interaction.
  • Analytics and cookies – 26 months.
  • Legal and financial data – per statutory obligation.

When retention expires, data is securely deleted or anonymised.

12. Automated Decision-Making and Profiling

Nevari may use limited automation to segment business audiences or tailor communications. No decision with legal or significant effect is made solely by automated means. All automated processing is transparent, proportionate, and subject to human oversight.

13. Your Data Protection Rights

Under UK/EU GDPR you have the right to:

  • Access – request a copy of your personal data.
  • Rectification – correct inaccurate information.
  • Erasure – request deletion where no longer necessary.
  • Restriction – limit how we process your data.
  • Portability – receive data in a structured machine-readable format.
  • Objection – opt out of processing based on legitimate interests or marketing.
  • Withdraw consent – at any time for optional activities.

To exercise rights, email privacy@nevari.com. We will respond within 30 days and may request verification of identity.

If unsatisfied, you may lodge a complaint with the Information Commissioner's Office (ICO) or your local authority.

14. Marketing and Communications

We send communications relevant to your professional role and interests.

You may unsubscribe at any time via email footer or by contacting us.

We maintain suppression lists to prevent further contact after opt-out.

We do not engage in unsolicited or automated mass marketing to individuals.

15. Third-Party Links

Our website may contain links to other sites not controlled by Nevari. We are not responsible for their privacy practices or content. Users should review external privacy policies before providing any personal information.

16. Children's Data

Nevari's services are intended for corporate and professional audiences. We do not knowingly collect data from individuals under 16 years of age. If we learn that such data has been collected inadvertently, it will be deleted promptly.

17. Data Breach Notification

In the event of a data breach likely to result in risk to individuals' rights or freedoms, Nevari will:

  • Notify the ICO within 72 hours of awareness.
  • Inform affected data subjects without undue delay when required.
  • Maintain detailed incident records and corrective action reports.

18. International Rights and Jurisdictional Addenda

  • EU Residents: protected under EU GDPR (Regulation 2016/679).
  • US Residents: rights under CCPA/CPRA and equivalent state laws.
  • Canadian Residents: protections under PIPEDA.
  • Australian Residents: covered by the Privacy Act 1988 (Cth).

Nevari applies a "highest-standard wins" policy — if multiple frameworks apply, the stricter standard governs.

19. Changes to This Policy

We may update this Policy to reflect regulatory changes, technological advancements, or operational adjustments. Updates will be posted on this page with an updated effective date. Significant changes will be communicated directly to clients or subscribers.

20. Contact and Queries

For any questions, concerns, or data-related requests:

Data Protection Officer – Nevari (Nevari International Limited) Privacy@nevari.com +44 (0)20 3985 4759 Nevari HQ, The Summit, Church Lane, Guiting Power, Cheltenham, England, GL54 5TX

If unresolved, contact the Information Commissioner's Office (ICO) – www.ico.org.uk

21. Final Statement

Nevari upholds privacy as a cornerstone of intelligent enterprise. We believe responsible AI and ethical data governance are inseparable from transformation excellence.

Our commitment is simple: to protect, respect, and empower every client, partner, and user through transparency, integrity, and security.