Effective Date: 25th May 2018

Covato respects your privacy and your rights to control your Personal Data. This statement is intended to let you know what personal data Covato processes, how we use this personal data and the rights you have to control and protect your own personal data. Please take the time to get to review our statement and if you have any questions please contact us by emailing


1. Background

The General Data Protection Regulation (“GDPR”) is the biggest shake up of Data Protection and Privacy laws in the EU in decades and is forcing companies to change the way they use Personal Data; and it ensures you have greater control over how your data is used by companies in today’s technological world. Please take the time to read this statement to understand how we process the personal data we may hold about you. We may need to update this from time to time so do check back regularly to stay up to date.


2. About Covato

Who we are: Covato Limited of Ormeau Business Park, 8 Cromac Avenue, Belfast, BT7 2JA (company number: NI641938). For any privacy or data protection queries please email Covato at You can also call us on +44 (0)2890 020 818, email us for general enquiries at or write to us at Covato Limited, Ormeau Business Park, 8 Cromac Avenue, Belfast, BT7 2JA United Kingdom.


What we do: Covato delivers business-to-business consultancy services and support to early-stage companies, growth businesses and established firms who are seeking improved ways to deliver value to their customers. Why we do it: It’s our mission to help grow sustainable businesses, and in the process, enable economic growth and prosperity for local communities.


3. Lawful Basis for processing Personal Data

The General Data Protection Regulation (GDPR) defines six lawful bases for the processing of Personal Data. Of these six we have concluded that the most appropriate lawful basis for processing personal data is our legitimate interests. This is because:

  • Owing to the nature of our business and the size of our database, it is impractical for us to contact every individual to obtain his/her consent.
  • The processing we do is unlikely to affect the fundamental rights and freedoms of the individuals whose data we collect and store. We have concluded this because:
  1. We only process information taken from the public domain that is specific to business (B2B) data, never personal (B2C) data
  2. We provide Business Data to help our customers promote their offerings to other businesses
  3. It’s in the interest of individuals whose personal data we process for us to maintain healthy and accurate information so that businesses can better reach the most relevant business contacts – promoting the legitimate interests of the individual and our customers.
  • Where you subscribe to and use Covato, we will rely on our contractual relationship to process your personal data to provide goods and/or services to you.
  • Should we rely on your consent in any circumstances to process your personal data you can easily withdraw your consent at any time by contacting us at or by using any unsubscribe mechanism supplied (such as an unsubscribe link in an email).

4. What data Covato have?

The type of information we may process about you includes but is not limited to:

  • Personal Data, such as your name, your business telephone number and email address, that is in the public domain, for example on a website or public register;
  • Details you provide to us by filling in forms, using chat tools on our sites or via telephone or email. This includes information provided when you register to use our site or subscribe to our service;
  • If you contact us, we may keep a record of that correspondence;
  • Details of transactions you carry out through our site and of the fulfilment of your orders; and
  • Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing or other purposes.
  • In order to support system administration and reporting we may collect your computer information (such as IP address to identify your location when signing up to Covato). We will never pass on this information to third parties unless required to by law.

5. Cookies

We use cookies to collect and store information about you when you visit or use our services. This may include information that is used to identify your browser and/or your device. This information helps us to provide better more streamlined experiences for you when you use our services.


A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer or mobile device. For example, cookies can be used to collect information about your use of the services during your current session and over time (including the webpages you view and the files you download), your operating system and browser type, your internet service provider, your domain name and IP address, the website that you visited before our website, and the link that you use to leave our website.


If you are concerned about having cookies on your computer, you can choose to set your browser to refuse all cookies or to indicate when a cookie is being set, allowing you to decide whether to accept it. You can also delete cookies from your computer. However, if you choose to block or delete cookies, certain features of the Covato services or web site may not operate correctly.


6. What does Covato do with the data?

Storage & Security: Covato stores Business Data in a secure third party cloud platform and all personal data is encrypted using 256-bit Advanced Encryption Standard (AES) at rest including the underlying storage, automated back-ups, logs, read replicas, and snapshots. The cloud platform uses Secure Sockets Layer (SSL)/Transport Layer Security (TLS) to protect data in transit between apps and its servers.


Retention: It is mission-critical for our business to be able to provide services to its customers. Therefore, we will retain your personal information for as long as it remains accurate and up to date (as best we can tell it is accurate) and we will remove your data if we confirm that it is no longer accurate or you have requested to restrict us from processing your data.

Use of the data: We use your information for several purposes, such as:

  • Promoting your business, services and offerings to the right people (decision makers, influencers, and key individual stakeholders.) in other businesses;
  • Helping us keep you up to date about changes to our services, changes in policies, and other important notifications;
  • Providing you with the services we have and offering new services;
  • Improving your customer experience;
  • Gathering analytics on usage and other statistics in order to improve our service offering to you

7. Your Rights

As an EU resident (a data subject as defined under GDPR) you have the right to:

  • Access: You may request to see the personal data we hold about you. This includes the right to obtain a confirmation as to whether or not we process any of your personal data;
  • Rectification: You may request that we correct any inaccuracies in the personal data that we hold on you;
  • Be Forgotten: From May 2018, in certain circumstances you may have the right to be forgotten (which means we have to erase your personally identifiable data). In such cases we would recommend typically that we suppress you from future communications, rather than delete your data;
  • Restriction: In some cases you may ask for the processing of your personal data to be restricted because there is some disagreement about its accuracy or legitimate usage – i.e. requesting that we do not process your personal data for direct marketing purposes by keeping a single record of your data on a suppression list;
  • Object: to state that you object to our processing of your personal data if we are relying on legitimate interest as the lawful ground for processing; and
  • Portability: You may request to have your personal data transferred from us to a different organisation.

8. Changes to this Privacy Notice

Changes to this Notice will be made on this page. If we make changes to our Privacy Policy, we will post these changes on our web site(s) in order to keep you informed and where appropriate, we shall notify you via email.