terms of service
Contents
Security & Third party sub-processors
Terms of Service
EFFECTIVE FROM: May 1 2022; LAST REVIEWED: November 28 2024
The Terms of Service are produced in accordance with the Data Protection Law requirements (as defined below)
In order to use Cheribim to help with the management of your organisation and property, you must first agree to these Terms of Service on behalf of your organisation. By signing up your organisation to use Cheribim, you agree to be bound by these Terms of Service and acknowledge that any violation of the terms outlined below may result in the termination of your Organisation’s account.
Cheribim Ltd is a company registered in England and Wales with registered number 14029807. Cheribim is a web-based property and relationship management system and database tool, developed by Cheribim Ltd, and is provided on an “as is” and “as available” basis so far as the law allows – see more detail [below].
Although the language in these Terms of Service is simple, the intentions are serious, forming a contract considered to be a legal document under English Law and under the jurisdiction of English courts.
Definitions we use in this document
-
"Data Protection Law" means all data protection laws and regulations applicable to the UK including (i) the UK Data Protection Act 2018; (ii) UK General Data Protection Regulation ("UK GDPR"); (iii) the Privacy & Electronic Communications Regulations 2003 ("the PECR") relating to electronic communications; (iv) In the event that the EU GDPR (as defined in the Data Protection Act 2018) applies to activities, we will comply with the EU GDPR; and applicable national implementations of (iii) and (iv)
-
"The Service" means our Cheribim software, which is accessed online through a web browser. Access is provided through an email address/PIN.
-
"your Organisation" means your church, charity or other type of organisation that has opened a Cheribim account. In the relationship between us, your Organisation should be considered the Data Controller as defined within the context of Data Protection Law as to the users nominated by you in accordance with these Terms of Service.
-
"us", "we" and "our" refer to Cheribim Ltd. In the relationship between us, Cheribim Ltd should be considered the Data Processor as defined within the context of General Data Protection Regulation Data Protection Law as to the Personal Data concerning your users, account contact and data that they upload. We are a Data Controller as to Personal Data that we collect about you for our relationship and our privacy policy on our website from time to time applies.
-
"user" means your account contact, all end-users of the Service or website that you have enabled to have access whether staff, workers, agents, volunteers, members, tenants or contractors to the extent permitted by these Terms of Service to access and use The Service and /or our website.
-
"working day" means a day that is not a Saturday or Sunday, Christmas Day, Good Friday or any day that is a statutory bank holiday in England.
-
"you" means the Organisation that is the contracted subscriber of The Service.
Access to an account
-
In order to apply to use The Service, you must first submit your account contact details direct to us or through making a profile using The Service. We may create an account for you to access The Service, however we reserve the right, at our discretion, not to accept your application.
-
Should we accept your application to access The Service, we will confirm this by email to the account contact email address you provide in your application, at which point a legally binding contract will be created between us and you; you must therefore ensure that any signatory/enquirer is authorised to enter into this contract for and on behalf of you. These Terms of Service shall govern our agreement with you.
-
If at any time you need to update the Organisation account contact details you provided to us when applying to access The Service, you should do so by contacting us directly. You are required to maintain an up to date designated, named account contact. A change of account contact details does not change the contractual relationship between us and you.
-
By accepting your application to access The Service, we grant you a non-exclusive, non-transferrable, automatically renewing monthly license to use The Service for you and permitted users. This license is in accordance with these Terms of Service and our Acceptable Use Policy.
Your obligations to us (our rights)
-
You must only access The Service using an email address that your Organisation authorises.
-
You must not do anything which could reasonably be expected to damage, disable, overburden, or materially impair The Service or our website, or which is likely to interfere with any third party’s use or enjoyment of The Service.
-
You must accept that all software available through The Service or used to create and operate The Service is property of us or our licensors. You will not question or dispute our ownership of the intellectual property of The Service.
-
Each account held with The Service must only be used for the purpose of a single Organisation. You may, however, hold multiple accounts (one for each charity/project/subsidiary or division you need to administer).
-
You recognise that The Service stores and processes special category data on your behalf.
-
You accept that nothing in these Terms of Service, nor by using The Service, relieves you (the Data Controller) of your own direct responsibilities and liabilities under GDPR Data Protection Law. At all times you are responsible for the acts and omissions of your users and anyone using login details generated for your users that have been shared without our permission and you must ensure that they all comply with these Terms of Service and our Acceptable Use Policy.
Our obligations to you (your rights)
-
As Data Processor, we commit to only use the data you entrust to us for its intended purpose. We will never:
-
Pass your data on to third parties, except where instructed to do so by you or where such is required to comply with the law
-
Sell your or your users’ data to third parties
-
Use your or your users’ data for our own purposes, except where anonymised and for research and development purposes to improve The Service and related products, and to monitor the health and security of your Organisation’s account
-
-
We will ensure all our employees who are responsible for processing your data are subject to a duty of confidence.
-
At all times, we will protect your data by:
-
Restricting our access to your data and ensuring that only trusted staff can access your data
-
Taking suitable technical and organisational steps to ensure the technical security of your data and taking appropriate measures to ensure the security of processing such to include those detailed on our website
-
-
If Personal Data relating to an EU or UK Data Subject is transferred by or for us outside of the UK and/or European Economic Area to a country that has not been deemed to have adequate protection for Personal Data by the UK ICO then we shall ensure that we enter into an appropriate data transfer agreement containing provisions based on the EEA Standard Contractual Clauses (or UK Standard Contractual Clauses when adopted by the UK ICO) with our Data Processors and Sub-Processors and otherwise that they agree that it shall be processed in compliance with applicable Data Protection Laws. Note that The Service includes a number of optional integrations with third party services that you may already be using or wish to use in the future. If you decide to integrate any of the optional services that we support (e.g., card payment and direct debit handling, SMS messaging, email subscriber marketing service), then those providers will be responsible for data compliance, not us, and so you should check the terms of service on which you contract with them to cover off risk, suitability for your needs and compliance with data protection law.
-
We will ensure the technical and organisational measures detailed on our website from time to time shall be at all times adhered to as a minimum security standard save as otherwise authorised by applicable law.
-
We will comply with all obligations imposed directly on us by the Data Protection Laws.
-
We will support you with answering Subject Access Requests and in enabling data subjects to exercise their rights under applicable Data Protection Law where you do not already have access to the relevant data. Where you wish us to provide input for proceedings or regulatory investigations then you agree to pay our reasonable costs and expenses where we are not at fault.
-
We will only engage a Sub-Processor where instructed to do so by you, with your prior consent and written contract with that Sub-Processor, except where that Sub-Processor is a pre-existing requirement for The Service, (for example, your data is hosted on our Sub-Processor’s servers). Please see our list of third-party processors, and note that this may be subject to change at any time.
-
Through the functionality we provide within The Service and other information we may make available to you we are assisting you in meeting your GDPR obligations under applicable Data Protection Laws in relation to the security of processing and data protection impact assessments.
-
In the event that we discover or become aware of a data breach or have reasonable grounds to suspect any illegal or unauthorised activity, we will inform you without undue delay, so far as allowed by law; and provide reasonable assistance to facilitate your meeting your obligations to inform the data subjects.
-
We will co-operate with the ICO or any other Data Protection Authority as required by law.
-
We will delete all of the data we hold on your data subjects on termination of contract.
-
We will cooperate with reasonable audits and, to the extent that you cannot carry these out remotely through your existing access, reasonable inspections on a confidential basis where relevant and/or deemed necessary, but respecting our and third party’s data, the security of our operation and commercially sensitive information.
-
We shall ensure that all of our employees, agents, officers and contractors involved in the handling of Personal Data: (i) are aware of the confidential nature of the Personal Data and are contractually bound to keep the Personal Data confidential; (ii) have received appropriate training on their responsibilities as a data processor; and (iii) accept that they are bound by equivalent terms to these.
Paying for The Service
-
Full details of the subscription fees for the use of The Service will be provided prior to forming a contract. We reserve the right to vary these fees, at which time we will provide not less than one month notice.
-
Where customers are offered a free trial of The Service there will be no charge for the use of The Service during the free trial period. We may, at our discretion, extend any free trial period, or grant a further trial period for a valid reason. Your Organisation (and any related or associated organisation) is not entitled to benefit from more than one “free trial period”, and if we discover that your Organisation and its related or associated organisation has requested an additional “free trial period”, they will become liable for payment of all fees and charges for use of The Service from the start of the first additional “free trial period”.
-
Your subscription to The Service will renew automatically each month on your “billing day” – which is set as the day of the month when you first subscribe - and your Organisation will be billed in advance on a monthly basis. There will be no refunds for unused services or account downgrades.
-
Your Organisation’s subscription fee for using The Service is directly linked to (i) the total number of buildings/property entries associated with your account, (ii) the number of user profiles associated with your account, and (iii) each full or partial gigabyte of file storage in excess of the two-gigabyte free storage allowance on your Organisation’s account (full details of how your invoice has been calculated will be included in each invoice breakdown). As such, the fee for using The Service may vary during the period of use. You will be billed automatically and will be fully liable for any charges calculated on your billing day.
-
Payment for The Service will be by Direct Debit, credit or debit card, or bank transfer. An invoice will be sent to the email address provided by the account holder and you will be responsible for the timely payment of this. Where by Direct Debit, payments will be taken for The Service on your designated monthly billing date using the direct debit or card payment handler that we have authorised for your Organisation’s account. We are unable to accept payment for The Service by any other method.
-
We shall be under no obligation to provide The Service to you and your Organisation if payment of the subscription fee is not made within a timely manner. If subscription fees become overdue, we reserve the right to suspend access to The Service until the outstanding balance is paid. In the event that payment is not made in accordance with any mutually agreed period of grace we will serve a 7-day notice of intention to suspend access to The Service; during this period your access to the Service and your data will be in no way restricted. Following this period, in the event that payment has not been made, we may suspend access to your Organisation’s account whereupon access to the data within the account will be restricted and we will serve a 7-day notice of intention to terminate the account. Following this period, in the event that payment has not been made, we may close your Organisation’s account with The Service permanently and all data relating to the account removed.
Cancelling your subscription
-
If you wish to cancel your subscription to The Service, you must contact Cheribim Support by email at least 5 clear working days before your next billing day; your next billing day will be as described on your invoice or may be requested from us. We will require verification of the cancellation by your pre-designated account contact, or by another known contact within your Organisation. In the event of a serious breach of the Terms of Service by Cheribim you shall be entitled to forthwith terminate the Service.
-
If you or your users fail to abide by these Terms of Service, we reserve the right to suspend access to The Service or permanently cancel the Cheribim account. If we withdraw access to The Service due to a breach of these Terms of Service, no refund will be payable by us.
-
A copy of your user data can be requested at any time. If this contract/The service are terminated by either you or us then, subject to any legal obligations to the contrary or our need to handle the defence of any claim and other legal enquiries or the requirements of our insurers, our policy is to delete the data within thirty days after termination takes effect.
Privacy, data ownership and security
By using The Service, you are accepting these Terms of Service (our written contract), our Acceptable Use Policy and our description of the way we collect and use data within The Service as described in the Cheribim Privacy Policy.
General terms
-
It is your responsibility to keep your Organisation’s account contact information up to date at all times.
-
You are responsible for ensuring your Organisation’s and users’ login information is kept secure at all times. We will not be responsible for any loss or damage incurred as a consequence of login details being compromised, save where such loss or damage occurs by reason of a breach by Cheribim, in which case you must notify us without delay.
-
We do not guarantee that The Service will meet all your requirements, be available 100% of the time or be “bug free”. While we will exercise our reasonably-commercial endeavours to keep disruptions to a minimum, from time to time it may be necessary to suspend The Service to carry out maintenance or support work, or there may be outage that is caused by a reason out of our control.
-
The Service has been created and tested in accordance with industry best practices and on that basis, to the best of our knowledge, The Service is free from material defect against the agreed specification. If you discover a defect or fault with The Service (and such defect or fault does not result from you, your users or anyone through you having amended or misused The Service, our Terms of Service or Acceptable Use Policy), you shall provide us with all the information that may be necessary to assist us in resolving the defect without delay, including sufficient information to enable us to reproduce the defect and shall then endeavour to do so within 48 hours of discovering the defect or fault.
-
We reserve the right to remove any information from The Service that we consider to be unlawful, offensive or that violates the intellectual property of a third party.
-
You and your Organisation may not use The Service to send unsolicited communication of any kind, including but not limited to emails and SMS.
-
We reserve the right to make changes to these Terms of Service at any time.
Limitation of liability
-
You use The Service entirely at your own risk.
-
Where we are not legally entitled to exclude our liability, our total liability for any loss or damage relating to The Service shall not exceed an amount equal to the subscription fees which your Organisation has paid to us in the previous calendar year
-
Except in respect of death or personal injury caused by our negligence, our entire liability to you, your users and others that have shared logins, whether arising in contract, tort (including without limitation negligence), breach of statutory duty, or otherwise, arising under or in connection with this contract and these Terms of Service (whether in respect of the provision of the Service, damages, breach, indemnity or otherwise) shall not in any circumstance exceed 100% of the amount of the total annual subscriptions paid by you to us for the provision of The Service for the previous year under this contract or annualised if less than a year has passed.
-
We shall have no liability to you or any third party for any loss, damage, costs, expenses, or other claims for compensation arising from any material or instructions supplied by you or your users (or those that have shared logins) which are unauthorised, illegal, incomplete, incorrect, inaccurate, illegible, out of sequence or in the wrong form or due to any other fault of yours or those persons.
-
Except in respect of death or personal injury caused by our negligence, we shall not be liable to you or your users by reason of any representation (unless fraudulent), or any term or any duty for any loss of anticipated savings, donation or business revenues, or profits (whether categorised as direct or indirect) or any indirect, special or consequential loss, loss of goodwill or reputation, and all other such loss (whether or not arising in the normal course of activities), or other economic loss or other claims however caused under the contract or the provision of The Service.
-
You agree and acknowledge that the allocation of risk in this clause is fair and reasonable in the circumstances having been taken into account by us in setting the level of charges and agreeing the extent of Service. You accept that if you have risk not covered by us then you have had ample opportunity to secure your own insurance for such risks before and during any arrangement with us.
-
For the avoidance of doubt, we:
-
make no express warranties and specifically disclaim any implied warranties, including any implied warranty of merchantability or fitness for a particular purpose, with respect to the performance of Service under our contract and these Terms of Service to the extent permissible by law.
-
do not guarantee, and nothing contained in our contract, these Terms of Service, shall be construed as a guarantee, that the use of the Service by you or your users will achieve any projected level of results.
-
-
We shall not be liable for any default (or deemed to be in breach of contract) by reason of any delay due to any circumstance beyond our reasonable control.
-
You declare and acknowledge that we have no control, involvement, role, or responsibility as to the type or use of data input by you, your users or others with their logins and we merely provide software as a service and an IT repository for data with a specified conduit for its movement to and from you and your users or third-party infrastructure. Our processing does not include the manipulation, selection, ordering, searching, or monitoring of such Personal Data other than in a generic sense of storage in the scope of the Service or in the running of the software. You are solely responsible for the cleansing, updating, timely deletion and maintenance of Personal Data by your access, other than our deletion as stated otherwise in these Terms of Service.
-
You will ensure that you comply with all Data Protection Laws and have all necessary appropriate consents and notices in place to enable lawful transmission of the Personal Data for the Service and its processing in accordance with this contract for the duration and purposes of this contract.
-
This clause shall survive termination of the contract.
Cookie Policy
EFFECTIVE FROM: May 1 2022; LAST REVIEWED: November 28 2024
What is a cookie?
-
A cookie is a small amount of data, which often includes a unique identifier that is sent to your computer or mobile phone (referred to hereby as a "device") browser from a website's computer and is stored on your device's hard drive. Each website can send its own cookie to your browser if your browser's preferences allow it, but (to protect your privacy) your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other websites. Many websites do this whenever a user visits their website in order to track online traffic flows.
-
On the Cheribim website and web app, cookies record information about your online preferences and allow us to tailor the websites to your interests. Users have the opportunity to set their devices to accept all cookies, to notify them when a cookie is issued, or not to receive cookies at any time. Each browser is different, so check the "Help" menu of your browser to learn how to change your cookie preferences.
-
During the course of any visit to the Cheribim website and web app, the pages you see, along with a cookie, are downloaded to your device. Many websites do this, because cookies enable website publishers to do useful things like find out whether the device (and probably its user) has visited the website before. This is done on a repeat visit by checking to see, and finding, the cookie left there on the last visit.
How does the Cheribim website and web app use cookies?
-
The web app uses a user authentication cookie to enable it to identify if you have signed in before meaning you will not be required to receive a new PIN any time you sign in subsequently, if you choose to accept the user authentication cookie when you sign in.
-
Information supplied by cookies can help us to analyse the profile of visitors to the website and help us to provide you with both a better user experience and more relevant information.
Third Party Cookies on this website's pages
Please note that during your visits to this website you may notice some cookies that are not related to this website. When you visit a page with content embedded from, for example, YouTube, Vimeo or Facebook, you may be presented with cookies from these websites. This website does not control the dissemination of these cookies. You should check the third party websites for more information about these.
How to reject cookies
The Cheribim website will not use cookies to collect personally identifiable information about you. However, if you wish to restrict or block the cookies which are set by this website, or indeed any other website, you can do this through your browser settings.
Alternatively, you may wish to visit www.aboutcookies.org which contains comprehensive information on how to do this on a wide variety of browsers. You will also find details on how to delete cookies from your computer as well as more general information about cookies. For information on how to do this on the browser of your mobile phone you will need to refer to your handset manual.
Cookies set by the Cheribim website
The Cheribim website does not use or set any cookies directly with the exception of those required for the basic functionality of the website.
Cookies set by Third Parties
The Cheribim website uses a number of suppliers who also set cookies on the website on its behalf in order to deliver the services that they are providing. If you would like more information about the cookies used by these suppliers, as well as information on how to opt-out, please see their individual privacy policies listed below, under Security & Third party sub-processors.
Google Analytics
-
The Cheribim website uses Google Analytics, a web analytics service provided by Google, Inc. Google Analytics sets a cookie in order to evaluate your use of the website and compile reports for us on activity on this website.
-
Google stores the information collected by the cookie on servers in the United States. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
-
To reject, delete or find out more about this cookie visit developer.google.com
-
You can also install a browser plugin to reject these cookies which can be found at tools.google.com
Privacy Policy
EFFECTIVE FROM: May 1 2022; LAST REVIEWED: November 28 2024
Introduction
Cheribim Ltd. is committed to the protection of the privacy of all our customers. Your privacy is really important to us and we understand how important it is to you. Our aim is to be as clear and open as possible about what we do with your personal data and why we do it.
Definitions we use in this privacy notice
-
"Data Protection Law" means all data protection laws and regulations applicable to the UK including (i) the UK Data Protection Act 2018; (ii) UK General Data Protection Regulation ("UK GDPR"); (iii) the Privacy & Electronic Communications Regulations 2003 ("the PECR") relating to electronic communications; (iv) In the event that the EU GDPR (as defined in the Data Protection Act 2018) applies to activities, we will comply with the EU GDPR; and applicable national implementations of (iii) and (iv).
-
"The Service" means our Cheribim software, which is accessed online through a web browser by using our web app.
-
"you", "your Organisation" means your church, charity or other type of organisation that may have opened a Cheribim account. In the relationship between us as you use The Service, our website, and our customer support services, your Organisation is considered the Data Subject (our Customer) as defined within the context of Data Protection Law.
-
"us", "we" and "our" refer to Cheribim Ltd. In the relationship between us as you use The Service, our website, and our customer support services, Cheribim Ltd should be considered the Data Controller (the Service Provider) as defined within the context of General Data Protection Regulation Data Protection Law. This means we decide how your personal data is processed and for what purposes (explained below).
How do we use your information?
-
When using our website, the personal information we collect might include your IP address, what pages you may have visited on our website and when you accessed them (as part of our log files). This information, in conjunction with our use of cookies to record information about your online preferences, helps us to tailor the website to your interests. (Full details on our use of cookies can be found in our Cookie Policy).
-
When you first sign up for The Service, you are required to provide basic contact information (about your Organisation, and about yourself as the organisation’s ‘account contact’) to enable us to create your account to access The Service. The contact details you provide are used solely to communicate with you and for as long as you wish to continue to access The Service those account contact details are retained.
-
You are able to update the account, billing and data protection contact details for your Organisation at any time by contacting us directly; for example, if the account contact person changes within your Organisation or if you wish to change the log in email address associated with your profile.
-
We comply with our obligations under UK Data Protection Law by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
-
In the interests of transparency and to be as clear as possible, we’ve set out the specific information we may collect about you when you sign up for a Cheribim account, how we keep your information confidential and secure, and how you can access your information if you need to at the end of this privacy policy.
What is our lawful basis for using your information?
There are various scenarios within which we may use your information, and for each we have identified the lawful bases for processing, as described below:
-
Contract applies:
-
If you/your Organisation has subscribed to use The Service (see our related Terms of Service), processing is necessary to perform and manage the contract.
-
-
Legitimate interest applies:
-
Where the contract between us has ended – either because you have closed your trial of Cheribim or you have cancelled your subscription to The Service. We will opt you out of all communication and not contact you after the contract has ended; unless you contact us or have requested we contact you at a later date. However, we will retain your basic contract contact details for internal statistical and reporting purposes.
-
Where you sign-up for a training event and we communicate with you about that event, both before the event, and in follow up after the event.
-
Where you have engaged with us at an exhibition or marketing event, or you have approached us independently for information about The Service. We will only use your contact details to respond to your enquiry.
-
Where we need to communicate with you about: -
-
A technical issue or bug within The Service that affects you,
-
Any security-related matter relating to The Service,
-
New features and functionality added to The Service, or changes to existing functionality that may affect your Organisation’s use of The Service,
-
Training events we are running designed to help train your users and maximise your Organisation’s use of The Service.
-
For good governance and accounting, for market research, analysis and developing statistics.
-
-
-
Legal obligation applies:
-
When you exercise your rights under Data Protection Law and related disclosures.
-
For maintaining and reporting financial accounting information for up to 6 years from the end of the tax year in which a financial transaction was processed. Financial information may be for use of The Service, support services provided outside of the scope of the support included in your monthly subscription, and for training.
-
-
Consent applies:
-
Where you have voluntarily subscribed to our emailing list and explicitly consented to receiving our emails informing you about new features and functionality. You can unsubscribe from this list at any time using the unsubscribe link in the footer of those periodic emails.
-
Where you have explicitly consented for us to publish a “Review” that you or your Organisation has written about The Service for our website. Your name, Organisation name and website may be included in the review, along with any profile image you have supplied us. You may withdraw your consent at any time and we will remove your review from our website. We’ll remove your review if you cancel your subscription.
-
Sharing your information
The information we hold about you will be treated as strictly confidential and we will only share your data with third parties with your prior consent, or unless required to do so by law.
How long do we keep your information?
We keep data in accordance with the guidance set out by UK Data Protection Law. We endeavour to only maintain data that is necessary, relevant, accurate and up to date. If you subscribe to The Service you are responsible for keeping account contact, billing contact and data protection contact details up to date (managed via your profile in The Service or by direct contact with us). We have internal processes to periodically review the data we hold and delete data that is no longer relevant to our purposes for processing.
Your rights and your information
Unless subject to an exemption under UK Data Protection Law, you have the following rights with respect to your personal data:
-
Access to your information: You have the right to request a copy of the personal information that we hold about you.
-
Correcting your information: We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards.
-
Deletion of your information: You have the right to ask us to delete personal information about you where:
-
you consider that we no longer require the information for the purposes for which it was obtained or that we no longer need to retain it in accordance with our statutory obligations under UK Data Protection Law;
-
you have validly objected to our use of your personal information - see ‘Objecting to how we may use your information’ below;
-
our use of your personal information is contrary to law or our other legal obligations.
-
-
Objecting to how we may use your information: Where we use your personal information to perform tasks carried out in the public interest then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.
-
Restricting how we may use your information: In some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. The right might also apply where there is no longer a basis for using your personal information but you do not want us to delete the data. Where this right is validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.
-
Withdrawing consent using your information: Where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given. Please contact us in any of the ways set out in the ‘Contact information and further advice’ section if you wish to exercise any of these rights.
-
Lodging a complaint: If you feel we have used your information incorrectly or without lawful basis, or you dispute our lawful basis, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).
Further processing
If we wish to use your information for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining the new use prior to starting the processing and setting out the relevant purposes and legal basis for processing. Where and whenever necessary, we will seek your prior consent to the new processing.
Our contact details
-
We can provide you with access to your personal data at any time. We ask that requests are made in writing to The Data Protection Officer, Cheribim Ltd, Sheffield Technology Parks, Arundel Street, Sheffield, S1 2NS, UK, or by email to katie@cheribimapp.com.
-
If you have a data protection, security or privacy-related question or complaint, please contact Cheribim by email in the first instance, where we will do our best to assist you or resolve an issue.
Full disclosure
Information we may collect about you/your organisation and what we use this information for
-
Organisation name: Used to create an account for The Service for your named Organisation
-
Organisation address: Used by us to verify the existence of your Organisation when a trial account is opened for The Service.
-
Account contact first and last name: Each organisation will designate a named individual who will serve as our point of contact for matters relating to The Service. The account contact will also be our initial billing contact and data protection contact; however, you can update any of these at any time by contacting us.
-
Account contact email address: An email address is required in order for us to communicate with you about your account and account-related matters. Communications will also include information about Cheribim training events, periodic updates about new features and functionality, and to confirm certain changes you may request to your account.
-
Account contact telephone number: Either a landline or mobile/cell number is required. We don’t usually communicate by telephone unless you have requested a call back, or if we need to contact you quickly about your account for any reason.
-
Referrer: So that we know who to thank for referring you to Cheribim.
Other information we may derive or obtain from third parties
-
Job title within your Organisation: This may be stated on your organisation’s website, in your email signature, or where you have made this known to us. It’s helpful to know if we are dealing with an Organisation’s leader, an operational/office admin, a finance admin, an officer of the Organisation (such as a trustee, director, elder or churchwarden), someone with another role within your Organisation, or a data subject member.
-
Your organisation address, including postcode/zip code and country: This may be taken from your website, or you may add/update this information to your account. This is primarily used to correctly configure your account with the appropriate time zone, currency, tax-deductible donation or Gift Aid functionality if applicable, date/time format settings for your country.
-
Organisation Social Media Channel handles: As a customer, we’ll follow you on Social Media. You can follow us too if you wish – all our channels are linked from our website
-
Organisation type: We produce internal reporting about the different types of organisations in our customer base (e.g. church, independent charity, other; and for churches, if applicable, your denomination).
-
Organisation ‘known by’ names: Where your Organisation is known by more than one name, or by an abbreviation of your Organisation name, we’ll note these to help us better match email support enquiries to the correct customer account, and to make it easier for your data subject members to find their church/charity when they log in to their member-facing side of The Service.
-
Charity information: Where applicable, we use your charity number to obtain basic information about your charity for internal reporting purposes.
Other information we maintain about your organisation
-
Billing information: We maintain a financial history with audit trail of invoices raised and payments made for The Service, including payment method, and correspondence relating to due, overdue and unpaid accounts.
-
Statistics about your account: We maintain a record and statistical information about your usage of the The Service. This is used to calculate your monthly billing and internal statistical reporting.
-
Third-party integrations: We maintain a record of the third party integrations that you’ve completed for your account.
-
If you sign up for a training event: When you sign-up for a training event, your sign-up details are used solely to communicate with you about the event, both before and in follow up to the event. Sign-up details are retained for financial accounting and audit purposes. We do not use your event sign-up details for any other marketing purpose.
Acceptable Use Policy
EFFECTIVE FROM: May 1 2022; LAST REVIEWED: November 28 2024
Definitions we use in this document
This policy is aimed at all users who are granted privileged access to your Organisation’s Cheribim account and the data and files within it. Whether your Organisation is currently trialling The Service or regularly subscribes to The Service, this policy is designed to help you to comply with Data Protection Law and the Terms of Service that govern the contract that exists between Cheribim and your Organisation.
-
"Data Protection Law" means all data protection laws and regulations applicable to the UK including (i) the UK Data Protection Act 2018; (ii) UK General Data Protection Regulation ("UK GDPR"); (iii) the Privacy & Electronic Communications Regulations 2003 ("the PECR") relating to electronic communications; (iv) In the event that the EU GDPR (as defined in the Data Protection Act 2018) applies to activities, we will comply with the EU GDPR; and applicable national implementations of (iii) and (iv)
-
"The Service" means our Cheribim software, which is accessed online through a web browser by using our web app. Access is provided through an email address/PIN.
-
"your Organisation" means your church, charity or other type of organisation that has opened a Cheribim account.
-
"us", "we" and "our" refer to Cheribim Ltd.
-
"user" means your Organisation’s designated account contact and all users of The Service that have been granted access - whether staff, workers, agents, volunteers, members, or contractors.
-
"you" means the Organisation that is the contracted subscriber of The Service.
Introduction
This Acceptable Use Policy sets out a list of acceptable and unacceptable conduct for use of The Service. If we believe a violation of the policy is deliberate, repeated or presents a credible risk of harm to other users, our customers, the data subjects within your Organisation’s Cheribim account, The Service, or any third parties, we may suspend or terminate your access to The Service.
Do:
-
Comply with all Terms of Service, including the terms of this Acceptable Use Policy.
-
Comply with all applicable laws and governmental regulations, including, but not limited to, all intellectual property, data protection laws and privacy laws.
-
Comply with all internal policies and procedures that your Organisation has created to control or manage their intended use of The Service.
-
Upload only such data and files that have been provided to you/your Organisation with the consent of the Data Subject or in accordance with another lawful basis for processing the Data Subject’s personal data.
-
Use commercially reasonable efforts to prevent unauthorised access to or use of The Service.
-
Keep PINs and all other login information confidential.
-
Monitor and control all activity conducted through your user account in connection with The Service, including logging out of the software when not in use and not leaving logged in devices unattended.
-
Notify us promptly if you become aware of, or reasonably suspect any illegal or unauthorised activity, or a security breach involving your user account or your Organisation, including any loss, theft, or unauthorised disclosure or use of a username, password, user account or data relating to a Data Subject whose data you process through The Service.
-
Comply in all respects with all applicable terms of any optional third-party integrations installed on your Organisation’s account in connection with your use of The Service.
Do not:
-
Permit any third party that is not an authorised user to access or use an log in email or PIN for The Service.
-
Share, transfer or otherwise provide access to a user account designated for you to another person.
-
Access The Service if you are under the age of thirteen.
-
Use The Service to store or transmit any data or files that may infringe upon or misappropriate someone else's trademark, copyright, or other intellectual property, or that may be unlawful.
-
Upload to, or transmit from The Service any data, file, software, or link that contains or redirects to malicious software (e.g. virus, Trojan horse, worm), or other harmful component or a technology that unlawfully accesses or downloads content or information stored within The Service or any third party.
-
Attempt to reverse engineer, decompile, hack, disable, interfere with, disassemble, modify, copy, translate, or disrupt the features, functionality, security, integrity, or performance of The Service (including any mechanism used to restrict or control the functionality of The Service); any third-party use of The Service; or any third-party data contained therein (except to the extent such restrictions are prohibited by applicable law).
-
Attempt to gain unauthorised access to The Service or related systems or networks or to defeat, avoid, bypass, remove, deactivate, nullify, or otherwise circumvent any operational components, software protection, safety or security measure or monitoring mechanisms of The Service.
-
Access The Service in order to build a similar or competitive product or service or copy any ideas, features, functions, or graphics of The Service.
-
Use The Service in any manner that may harm minors (under 18s) or that interacts with or targets people under the age of thirteen.
-
Impersonate any person or entity, including, but not limited to, an employee of ours, an “Administrator”, an “Owner”, or any other authorised user, or falsely state or otherwise misrepresent your affiliation with a person, organisation, or entity.
-
Send unsolicited communications, promotions, advertisements, or spam.
-
Send altered, deceptive or false source-identifying information, including "spoofing" or "phishing".
-
Sublicense, resell or similarly exploit The Service.
-
Use information obtained from The Service (including email addresses) to contact authorised users outside of The Service, or to create or distribute mailing lists or other collections of contact or user profile information of authorised users for use outside of The Service; or
-
Authorise, permit, enable, induce, or encourage any third party to do any of the above.
Contacting Cheribim
Please feel free to contact us if you have any questions about our Acceptable Use Policy
Security & Third party sub-processors
EFFECTIVE FROM: March 22 2024; LAST REVIEWED: November 28 2024
Definitions we use in this document
-
"user" and “you” mean anyone who uses the Service by accessing it with an email address/PIN. A user may be an individual or associated with an Organisation (as defined below) including your account contact, all end-users of The Service that you have enabled to have access whether staff, workers, agents, volunteers, members, or contractors to the extent permitted by our Terms of Service to access and use The Service and /or our website.
-
"your Organisation" refers to your company, charity, church or other type of organisation that has a Cheribim account / is a contracted subscriber of The Service (as defined below). Regarding any users associated with your Organisation, in accordance with our Terms of Service, your Organisation should be considered the Data Controller (as defined by Data Protection Law (as defined below).
-
"we", "us" and "our" refer to Cheribim Ltd. Regarding the Personal Data concerning your users, account contact and data that they upload, we should be considered the the Data Processor (as defined in the context of General Data Protection Regulation Data Protection Law)
-
"The Service" refers to our Cheribim web app, which is accessed using an email address/PIN using a web browser
-
"Data Protection Law" all data protection laws and regulations applicable to the UK including (a) the UK Data Protection Act 2018; (b) UK General Data Protection Regulation ("UK GDPR"); (c) the Privacy & Electronic Communications Regulations 2003 ("the PECR") relating to electronic communications; (d) EU GDPR (as defined by (a)) as and when it applies to our activities; and any applicable national implementations of (c) and (d).
Introduction
Cheribim Ltd may engage and use data processors (“sub-processor(s)”) to deliver The Service. The identity, role and location of each sub-processor is listed below (effective as of the date stated above) and may change as the business grows and evolves. Any changes to this list will be circulated to relevant Users of The Service by email.
Each sub-processor will have access to certain Service data in order to perform their functions. Users of the Service are provided no additional rights or remedies from this document, it is for transparency purposes only, it should not be construed as a binding agreement. Our selection of sub-processors involves an evaluation of their security, privacy and confidentiality practices. We only engage sub-processors if we believe they represent equivalence in terms of our obligations as a Data Processor (as described in our Terms of Service or their Data Processing Addendum (“DPA”).
Service data storage sub-processors (required for using The Service)
[Entity name, Country; Sub-processing activities; Adequacy]
Sub-processors hosting Service data and providing other infrastructure
-
Google Workspace, United Kingdom; Cloud service provider; ISO 27001; DPA; Encryption; GDPR
-
Influx, United States; Cloud service provider; Legal; Privacy Notice
-
wix.com, United States; Website hosting/email marketing; ISO 27001; Security ‘22
Sub-processors providing specific support services around use of The Service; some of your data may be transferred to these Sub-processors in order for them to perform the indicated activities.
-
Grafana, United States; data visualisation; Legal and Security; Privacy Policy; Terms of Service
-
The Things Industries, The Netherlands; IoT provisioner; Privacy Policy; Terms of Service
-
Alliot Technologies (Symbius), United Kingdom; IoT provisioner; Privacy Policy; Terms and Conditions; Symbius Service Level Agreement
-
Telegraf, United States; data transfer software (part of Influx); Legal; Privacy Notice
-
Quick Chart, United States; graph generator; Privacy Policy; Terms of Use
-
OpenJS Foundation (Node-Red), United States; data transfer software; Privacy Policy; Terms of Use