Website Privacy Policy

Last updated: March 15, 2024

Chaarm Digital Solutions Limited  ("us", "we", or "our") operates the www.chaarm.com website (the "Service").

This page informs you of our policies regarding the collection, use and disclosure of Personal Information when you use our Service.

We will not use or share your information with anyone except as described in this Privacy Policy.

We use your Personal Information for providing and improving the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible at  https://chaarm.co.uk/policies

Information Collection And Use

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information ("Personal Information") may include, but is not limited to:

  • Name
  • Email address
  • Telephone number

Log Data

We collect information that your browser sends whenever you visit our Service ("Log Data"). This Log Data may include information such as your computer's Internet Protocol ("IP") address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages and other statistics.

Cookies

Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer's hard drive.

We use "cookies" to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Service Providers

We may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.

These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Security

The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.

Links To Other Sites

Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over, and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Children's Privacy

Our Service does not address anyone under the age of 18 ("Children").

We do not knowingly collect personally identifiable information from children under 18. If you are a parent or guardian and you are aware that your child has provided us with Personal Information, please contact us. If we discover that a child under 18 has provided us with Personal Information, we will delete such information from our servers immediately.

Compliance With Laws

We will disclose your Personal Information where required to do so by law or subpoena.

Changes To This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, please contact us at [email protected].

Website Terms & Conditions

Last updated: 01/4/2023

Please read these Terms of Use (“Terms”, “Terms of Use”) carefully before using the www.chaarm.co.uk website (the “Service”) operated by Chaarm Digital Services Limited (“us”, “we”, or “our”).

Your access to and use of the Service is conditioned on your acceptance of and compliance with these Terms. These Terms apply to all visitors, users and others who access or use the Service.

By accessing or using the Service you agree to be bound by these Terms. If you disagree with any part of the terms then you may not access the Service.

Intellectual Property

The Service and its original content, features and functionality are and will remain the exclusive property of Chaarm Digital Services Limited and its licensors.

Links To Other Web Sites

Our Service may contain links to third-party web sites or services that are not owned or controlled by Chaarm Digital Services Limited.

Chaarm Digital Services Limited has no control over, and assumes no responsibility for, the content, privacy policies, or practices of any third party web sites or services. You further acknowledge and agree that Chaarm Digital Services Limited shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods or services available on or through any such web sites or services.

We strongly advise you to read the terms and conditions and privacy policies of any third-party web sites or services that you visit.

Termination

We may terminate or suspend access to our Service immediately, without prior notice or liability, for any reason whatsoever, including without limitation if you breach the Terms.

All provisions of the Terms which by their nature should survive termination shall survive termination, including, without limitation, ownership provisions, warranty disclaimers, indemnity and limitations of liability.

Disclaimer

Your use of the Service is at your sole risk. The Service is provided on an “AS IS” and “AS AVAILABLE” basis. The Service is provided without warranties of any kind, whether express or implied, including, but not limited to, implied warranties of merchantability, fitness for a particular purpose, non-infringement or course of performance.

Governing Law

These Terms shall be governed and construed in accordance with the laws of United Kingdom without regard to its conflict of law provisions.

Our failure to enforce any right or provision of these Terms will not be considered a waiver of those rights. If any provision of these Terms is held to be invalid or unenforceable by a court, the remaining provisions of these Terms will remain in effect. These Terms constitute the entire agreement between us regarding our Service, and supersede and replace any prior agreements we might have between us regarding the Service.

Changes

We reserve the right, at our sole discretion, to modify or replace these Terms at any time. If a revision is material we will try to provide at least 30 days notice prior to any new terms taking effect. What constitutes a material change will be determined at our sole discretion.

By continuing to access or use our Service after those revisions become effective, you agree to be bound by the revised terms. If you do not agree to the new terms, please stop using the Service.

Contact Us

If you have any questions about these Terms, please contact us at [email protected].

Solution Data Protection Policy

Effective Date: 01/04/2024

Introduction
Chaarm is committed to protecting the privacy and security of personal data and maintaining a secure information environment. This policy outlines how we handle personal data in accordance with ISO/IEC 27001, an internationally recognised standard for information security management systems (ISMS). Our fully detailed policy is held in our ISMS-DOC-05-4 Information Security Policy.

Scope
This policy applies to all personal data processed by Chaarm, including data collected from customers, employees, vendors, and any other third parties.

Our Commitment to Data Protection
We adhere to the principles of the ISO/IEC 27001 standard and ensure that personal data is:

  1. Processed lawfully, fairly, and transparently
    We ensure that personal data is handled in a lawful and transparent manner, respecting individual rights.
  2. Collected for specified, legitimate purposes
    We only collect data that is necessary for the specific purposes disclosed at the time of collection.
  3. Minimised and relevant
    We only process the minimum amount of personal data required for the intended purpose.
  4. Accurate and kept up-to-date
    We take reasonable steps to ensure personal data is accurate and rectify any errors.
  5. Stored securely and protected against unauthorised access
    We use robust security measures, including encryption, access control, and monitoring, to protect personal data from unauthorised access, loss, or damage.
  6. Retained only as necessary
    Personal data is kept only for as long as required for its purpose, and securely deleted thereafter.

ISO/IEC 27001 Compliance
To maintain compliance with ISO/IEC 27001, we have implemented an Information Security Management System (ISMS) that includes:

  • Regular risk assessments to identify, assess, and mitigate risks to personal data.
  • Continuous improvement mechanisms to enhance our data security measures.
  • Staff training and awareness programs to ensure all employees understand their responsibilities.
  • Regular audits and monitoring to ensure the effectiveness of our information security practices.

Data Subject Rights
In compliance with applicable laws, individuals have the right to:

  • Access their personal data.
  • Rectify inaccurate or incomplete data.
  • Request the erasure of their personal data (under certain conditions).
  • Restrict or object to the processing of their personal data.
  • Receive a copy of their personal data in a commonly used format.

Data Breach Management
In the unlikely event of a data breach, we have established procedures for identifying, reporting, and investigating breaches. If necessary, we will notify affected individuals and the relevant authorities promptly, in accordance with applicable regulations.

Third-Party Data Sharing
We do not share personal data with third parties unless required by law or with the explicit consent of the individual. Where we engage third-party service providers, they are required to adhere to our strict data protection policies and ISO/IEC 27001 standards.

Contact Us
If you have any questions about this policy or how we handle personal data, please contact us at [email protected].

Solution Vulnerability Management Policy

Effective Date: 01/04/2024

Introduction
At Chaarm, we are committed to maintaining the highest standards of information security by identifying, assessing, and mitigating vulnerabilities in our systems. This policy outlines our approach to vulnerability management and forms part of our broader Information Security Management System (ISMS) in alignment with ISO/IEC 27001 and industry best practices. Our fully detailed policy is held in our ISMS-DOC-05-4 Information Security Policy.

Scope
This policy applies to all IT infrastructure, systems, applications, and networks used by Chaarm, including cloud services, third-party systems, and any other technology platforms that interact with sensitive company or customer data.

Purpose
The purpose of this policy is to:

  • Identify potential vulnerabilities in a timely manner.
  • Assess the impact and likelihood of exploitation.
  • Prioritise remediation actions to minimize risks.
  • Ensure the security and integrity of our information assets and services.

Vulnerability Management Process
We follow a structured approach to vulnerability management consisting of the following key steps:

  1. Vulnerability Identification
    We continuously monitor our systems using industry-recognised vulnerability scanning tools and threat intelligence sources to identify known and potential vulnerabilities.

  2. Risk Assessment
    Once identified, vulnerabilities are assessed based on their potential impact (criticality) and the likelihood of exploitation. This includes evaluating the sensitivity of the affected systems and data, and the threat landscape.

  3. Prioritization and Remediation
    Vulnerabilities are prioritised for remediation based on risk levels, using the following categories:

    • Critical: Immediate remediation is required to prevent severe damage.
    • High: Prompt action is necessary within a short time frame.
    • Medium: Address as part of regular update cycles.
    • Low: Monitor and mitigate as necessary.

    We implement patches, updates, and configurations to mitigate or eliminate vulnerabilities. Where applicable, compensating controls may be introduced while permanent fixes are implemented.

  4. Monitoring and Continuous Improvement
    We continuously monitor systems and apply regular updates to maintain security. We use automated tools and manual processes to ensure vulnerabilities are addressed in a timely manner.

  5. Verification and Validation
    After remediation, we validate the effectiveness of the fix through retesting. This ensures the vulnerability is no longer exploitable and has not introduced new issues.

Incident Response and Reporting
In the event a vulnerability is actively exploited or poses an immediate risk, we escalate to our Incident Response Team (IRT) for rapid containment, investigation, and resolution.

If a breach occurs as a result of an unaddressed vulnerability, we will:

  • Promptly notify affected parties and relevant authorities in compliance with applicable laws.
  • Conduct a root cause analysis to prevent future occurrences.

Roles and Responsibilities
Our vulnerability management process involves collaboration across multiple teams, including:

  • Security Team: Oversees vulnerability scanning, assessment, and remediation efforts.
  • IT Operations: Responsible for applying patches, system updates, and configuration changes.
  • Third-Party Vendors: Required to follow our vulnerability management guidelines, including timely patching of any software or services they provide.
  • Employees: Must report any suspicious activity or potential vulnerabilities they identify to the security team.

Compliance and Governance
This policy aligns with ISO/IEC 27001 requirements and other applicable regulations and standards. Regular audits and reviews are conducted to ensure ongoing compliance with these standards and continuous improvement in our vulnerability management practices.

Third-Party Management
We hold our vendors and service providers to the same high standards of vulnerability management. Regular security assessments and contract clauses ensure that third parties adhere to industry best practices.

Contact Information
If you have any questions about this policy or need to report a potential vulnerability, please contact [email protected]