Skip to main content

Website Privacy Notice

Effective Date: 13 April 2026 Last Updated: 15 May 2026 Version: 1.0.1

About This Notice

This notice explains how the certaria.co.uk website (“the Website”) handles visitor data. It covers the marketing website only.

For information about how the Certaria product processes data within your Microsoft 365 tenant, see our Product Privacy Policy.

Who We Are

Talastron Ltd (formerly Orion Data Analytics Ltd) (“Talastron”, “we”, “us”) Registered in England and Wales, Company Number 15464691 Registered Office: The Long Barn, Cobham Park Road, Cobham, Surrey, KT11 3NE Privacy contact: [email protected]

What Data Does This Website Collect?

Data We Do Not Collect

The Website does not use analytics cookies, tracking pixels, advertising scripts, or third-party analytics services (such as Google Analytics). We do not fingerprint browsers, track visitors across sessions, or build visitor profiles.

Hosting and Security (Cloudflare)

The Website is hosted on Cloudflare Pages and protected by Cloudflare’s security services. Cloudflare may set the following strictly necessary cookies to protect the Website from malicious traffic:

  • __cf_bm (bot management, 30 minutes)
  • cf_clearance (security challenge, up to 1 year)
  • __cfruid (rate limiting, session)

These cookies are essential for Website security and do not require consent under the Privacy and Electronic Communications Regulations 2003 (PECR). Cloudflare processes IP addresses, HTTP request headers, and TLS connection metadata as part of its security and performance services. See Cloudflare’s Privacy Policy for details.

Google Fonts

The Website loads typefaces from Google Fonts (fonts.googleapis.com). When your browser requests a font file, Google receives your IP address and standard HTTP request data. Google states it does not use this data to track users or build profiles. See Google Fonts Privacy for details.

Free ISO 27001 Readiness Scan

The Website offers a free M365 readiness scan at certaria.co.uk/scan. This scan:

  • Requests read-only access to your Microsoft 365 tenant configuration via Microsoft Graph API
  • Authenticates through Microsoft’s standard OAuth flow (your credentials are handled by Microsoft, not by Talastron)
  • Processes your configuration data entirely within your browser
  • Does not transmit scan results to Talastron’s servers
  • Does not store your scan results anywhere

The scan requests three Graph API scopes: SecurityEvents.Read.All (Microsoft Secure Score), DeviceManagementManagedDevices.Read.All (Intune device compliance), and AuditLog.Read.All (directory audit logs). All scopes are delegated and read-only. You can revoke access at any time via your Entra ID admin portal under Enterprise Applications.

Contact and Enquiries

If you contact us via email (e.g. [email protected] or [email protected]), we process your name and email address to respond to your enquiry. We retain correspondence for up to 24 months after our last exchange unless a longer retention is required for legal purposes. The lawful basis for this processing is legitimate interest (UK GDPR Article 6(1)(f)).

Your Rights

Under UK GDPR, you have the right to access, rectify, erase, restrict, or port your personal data, and to object to processing. To exercise any right, email [email protected]. We will respond within 30 calendar days.

If you are unsatisfied with our response, you may lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113.

Changes to This Notice

We may update this notice to reflect changes to the Website’s functionality. We will update the “Last Updated” date at the top of this page. Material changes will be flagged on the Website.

Contact

Privacy enquiries: [email protected] General enquiries: [email protected]

Talastron Ltd Last updated: 13 April 2026