Privacy Policy

CariSurg CIC ("CariSurg", "we", "us", or "our") is a not-for-profit, Caribbean-led Community Interest Company registered in England and Wales, dedicated to advancing surgical robotics, AI, and context-appropriate MedTech through training, research, and regional capacity building.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit www.carisurg.com or interact with our services. We are committed to safeguarding your privacy in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

CariSurg CIC is the data controller responsible for your personal data. If you have any questions about this policy or our data practices, please contact us:

3.1 Information You Provide to Us

When you contact us through our website contact form, join the waitlist, or email us directly, we may collect the following personal data:

• Your full name
• Your email address
• Your phone number, if provided
• Your organisation or affiliation, if provided
• The content of your message or enquiry
• Any other information you voluntarily provide

3.2 Information Collected Automatically

When you visit our Website, we automatically collect certain technical information through cookies and analytics tools, including:

• IP address, anonymised where possible
• Browser type and version
• Operating system
• Device type such as desktop, mobile, or tablet
• Pages visited and time spent on each page
• Referring website or source
• Date and time of your visit
• General geographic location at city or country level, not precise location

3.3 Information We Do Not Collect

We do not collect sensitive personal data such as health information, racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data, or data concerning sexual orientation. We do not process payment or financial information through our Website. We do not knowingly collect data from children under the age of 16.

We use the personal data we collect for the following purposes:

• Responding to enquiries submitted through our contact channels or waitlist forms
• Providing information about our programmes, training, research, and capacity-building initiatives
• Understanding how visitors use our Website so we can improve its content, functionality, and user experience
• Complying with applicable legal obligations, including UK GDPR and the Data Protection Act 2018
• Administering and protecting our Website, including troubleshooting, data analysis, and system maintenance

Under the UK GDPR, we rely on the following lawful bases to process your personal data:

• Consent under Article 6(1)(a), where you have given clear consent for a specific purpose, such as submitting a contact form, joining the waitlist, or accepting cookies
• Legitimate interests under Article 6(1)(f), where processing is necessary for improving our Website, understanding our audience, and furthering our charitable mission
• Legal obligation under Article 6(1)(c), where we need to process your data to comply with the law

Our Website uses cookies, which are small text files placed on your device, to help us analyse how visitors use the site. We use Google Analytics for this purpose.

6.1 Types of Cookies We Use

6.2 Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling cookies may affect the functionality of our Website. You can also opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.

We do not sell, rent, or trade your personal data to third parties. We may share your information only in the following limited circumstances:

• Service providers such as Google Analytics, which processes website analytics data in line with its own privacy policy
• Legal requirements where disclosure is necessary by law, regulation, or legal process, or to protect our rights, the safety of others, or investigate fraud
• Organisational transfers such as restructuring, merger, or transfer of assets, subject to the same privacy protections

Because we use Google Analytics, some of your data may be transferred to and processed in countries outside the United Kingdom, including the United States. Where such transfers occur, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner's Office or reliance on an adequacy decision, so your data receives an equivalent level of protection.

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Contact form submissions, waitlist submissions, and email correspondence are retained for up to 24 months after the date of last contact unless an ongoing relationship requires longer retention
• Google Analytics data is retained for 14 months, after which it is automatically deleted
• Where required by law, we retain data for longer in compliance with applicable legislation

Under the UK GDPR, you have the following rights in relation to your personal data:

• Right of access
• Right to rectification
• Right to erasure
• Right to restrict processing
• Right to data portability
• Right to object
• Right to withdraw consent

To exercise any of these rights, please contact info@carisurg.com. We will respond within one month as required by law. In complex cases, this period may be extended by a further two months, and we will let you know if that happens.

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction.

• SSL or TLS encryption on our Website to protect data in transit
• Access controls that limit who can access personal data
• Regular reviews of data processing practices and security measures
• Secure storage of electronic records

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100 percent secure. We cannot guarantee absolute security but are committed to maintaining the highest standards reasonably achievable.

Our Website may contain links to external websites that are not operated by CariSurg. We are not responsible for the privacy practices or content of those third-party sites, and we encourage you to review the privacy policy of every site you visit.

Our Website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 16 without appropriate parental consent, we will delete that information as soon as possible. If you believe we may have collected data from a child, please contact us immediately at info@carisurg.com.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Any changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this policy periodically.

If you are not satisfied with how we handle your personal data or wish to make a complaint, please contact us first at info@carisurg.com. You also have the right to lodge a complaint with the UK supervisory authority:

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

This Privacy Policy was last updated on 16 March 2026.