At Vitrue Health, your privacy and data protection are of enormous importance to us. We believe you should feel safe and secure using our products, and therefore we strive to observe the General Data Protection Regulation 2018 (GDPR) and the Data Protection Act 2018. We aim to go above and beyond our legal requirements to ensure our users feel in control of their data and comfortable with how it is used.
Vitrue Remote performs unique quantitative assessments of users and partners with organisations across a range of industries. We typically operate as the data processor for each organisation. We are deemed the controller of the data when there is no prior data processing agreement with the organisation under whose responsibility the data is processed, or where our systems support the management of data across different organisations.
This privacy notice explains how we handle personal information about our users. For more details about how we process data, see our GDPR questions page.
This policy applies to our software, website and services. We’ve tried to make it easy to read, but if you do find anything unclear, please get in touch.
Who we are
Our full company name is Vitrue Limited
Our office is at Camden Collective, Collective Auction Rooms, 5-7 Buck Street NW1 8NJ
Company Registration Number is 1077594
Please direct questions about privacy to
Our Data Protection Officer is Shane Lowe
Address: Camden Collective, Collective Auction Rooms, 5-7 Buck Street NW1 8NJ
Phone: 020 3920 7735
What personally identifiable information do we collect, and why?
After you have created an account, we receive standard details such as your name, email address and organisation name. We use these to provide our services to users and organisations. We may also use these details to inform you about alternative products that we have built that might interest you. As always, feel free to reach out to us and opt out of contact.
End user data that we collect usually consists of your full name, date of birth, email address as well as results on each assessment completed using our products. Vitrue also collects usage data, such as what product features you use, the type of computer you are using, and when you open and close our software. This allows us to improve our software by better understanding how you interact with it and to provide you with usage data. End user data also helps us monitor our software security to work against fraud and cyberattacks.
For registered and non-registered website visitors, we gather IP addresses, cookie information, visited web pages, chat conversations, and contact details if they are provided. This data is gathered for analytics, cybersecurity, fraud prevention, as well as marketing and sales. Visitors can contact us and opt out of this processing.
We may process corporate prospects’ contacts or past corporate clients’ contacts data, including for marketing purposes. We may also process job candidates’ CVs and other information if this is required in the selection process.
What is our legal basis for processing this data?
The basis for processing user data is the provision of health care services. Where we act as the controller of user data, the purpose of processing of the data by Vitrue Health is the management of health care systems or services. This is explained in Schedule 1, Part 1, 2(f) Data Protection Act 2018 and Schedule 2, Part 2, 15(2) Jersey Data Protection Law 2018. According to Article 9(3) GDPR and s. 11(1) Data Protection Act 2018, such processing must be by or under the responsibility of one or more health professionals.
How long do we keep hold of your data for?
Our data retention stands in line with the Records Management Code of Practice for Health and Social Care 2016. We would delete the data earlier than the Code suggests if there are any changes to the GDPR or the Data Protection Act.
We retain data relevant to our actual or potential clients for as long as necessary in order to provide our services, to pursue sales transactions, or to market our services. You can contact us at and request we delete your personal data.
How do we secure personal data?
We have policies and procedures that cover information governance, network security, confidential information, access control and other confidentiality measures. These are reviewed and updated when required. We conduct information governance training with all staff to make sure they are up to date with our policies equipped to handle information.
Do we share data with third parties?
We don't share your personal with third parties for anything but keeping it safe and secure for you so we may share your data with service providers such as communications, storage and email processors. Your information may also be shared with other organisations in the context of your communications. User information might be shared with other organisations only if he or she is a client or employee with these organisations, or the data has been anonymised. When we are the sole controller, we may share the data with bodies in anonymised form, subject to legal requirements and legitimate interest assessment.
Your personal data rights
You can request access, update, delete and restrict the use of your data. Simply contact us at email@example.com.
If you have questions or concerns about privacy, you can email firstname.lastname@example.org. You can also write to us at Camden Collective, Collective Auction Rooms, 5-7 Buck Street NW1 8NJ.