At Vitrue Health, your privacy and data protection are of enormous importance to us. We believe you should feel safe and secure using our products, and therefore we strive to observe the General Data Protection Regulation 2018 (GDPR) and the Data Protection Act 2018. We aim to go above and beyond our legal requirements to ensure our users feel in control of their data and comfortable with how it is used.

This Privacy Policy outlines how we handle the information of our clients, users, team members and any personnel who are involved in purchasing or using our remote products. The information outlined in our policy may also apply to current and prospective employees as well as contractors.

Vitrue Remote performs unique quantitative assessments of users and partners with organisations across a range of industries. We typically operate as the data processor for each organisation. We are deemed the controller of the data when there is no prior data processing agreement with the organisation under whose responsibility the data is processed, or where our systems support the management of data across different organisations.

We may exercise joint control over data with other organisations. This joint controllership would only apply to operations within the Vitrue Health platform – no other organisation can operate with this data outside of our platform. Where we jointly control your data with another organization, you can exercise your rights against Vitrue Health or the organisation. This Privacy Policy shall form part of our arrangement with the organisation.

This privacy notice explains how we handle personal information about our users. For more details about how we process data, see our GDPR questions page.

This policy applies to our software, website and services. We’ve tried to make it easy to read, but if you do find anything unclear, please get in touch.

Who we are

Our full company name is Vitrue Limited

  • Our office is at Camden Collective, Collective Auction Rooms, 5-7 Buck Street NW1 8NJ

  • Company Registration Number is 1077594

  • Please direct questions about privacy to


Our Data Protection Officer is Shane Lowe

  • Address: Camden Collective, Collective Auction Rooms, 5-7 Buck Street NW1 8NJ

  • Email:

  • Phone: 020 3920 7735‬

What personally identifiable information do we collect, and why?

After you have created an account, we receive standard details such as your name, email address and organisation name. We use these to provide our services to users and organisations. We may also use these details to inform you about alternative products that we have built that might interest you. As always, feel free to reach out to us and opt out of contact.


End user data that we collect usually consists of your full name, date of birth, email address as well as results on each assessment completed using our products. Vitrue also collects usage data, such as what product features you use, the type of computer you are using, and when you open and close our software. This allows us to improve our software by better understanding how you interact with it and to provide you with usage data. End user data also helps us monitor our software security to work against fraud and cyberattacks.


For registered and non-registered website visitors, we gather IP addresses, cookie information, visited web pages, chat conversations, and contact details if they are provided. This data is gathered for analytics, cybersecurity, fraud prevention, as well as marketing and sales. Visitors can contact us and opt out of this processing. 


We may process corporate prospects’ contacts or past corporate clients’ contacts data, including for marketing purposes.  We may also process job candidates’ CVs and other information if this is required in the selection process.

What is our legal basis for processing this data? 

The basis for processing user data is the provision of health care services. Where we act as the controller of user data, the purpose of processing of the data by Vitrue Health is the management of health care systems or services. This is explained in Schedule 1, Part 1, 2(f) Data Protection Act 2018 and Schedule 2, Part 2, 15(2) Jersey Data Protection Law 2018. According to Article 9(3) GDPR and s. 11(1) Data Protection Act 2018, such processing must be by or under the responsibility of one or more health professionals.


Our other legal bases for processing this data is to fulfil our contract to provide a service, given that this contract is with you  (GDPR Art. 6 (1)(b)), or our legitimate interests, which are listed in this Privacy Policy, provided they are not overridden by your individual interests, rights and freedoms surrounding data protection (GDPR Art. 6 (1)(f).

How long do we keep hold of your data for?

Our data retention stands in line with the Records Management Code of Practice for Health and Social Care 2016. We would delete the data earlier than the Code suggests if there are any changes to the GDPR or the Data Protection Act.


We retain data relevant to our actual or potential clients for as long as necessary in order to provide our services, to pursue sales transactions, or to market our services. You can contact us at and request we delete your personal data.

How do we secure personal data?

We have policies and procedures that cover information governance, network security, confidential information, access control and other confidentiality measures. These are reviewed and updated when required. We conduct information governance training with all staff to make sure they are up to date with our policies equipped to handle information.

Do we share data with third parties? 

We don't share your personal with third parties for anything but keeping it safe and secure for you so we may share your data with service providers such as communications, storage and email processors. Your information may also be shared with other organisations in the context of your communications. User information might be shared with other organisations only if he or she is a client or employee with these organisations, or the data has been anonymised. When we are the sole controller, we may share the data with bodies in anonymised form, subject to legal requirements and legitimate interest assessment.

Your personal data rights

You can request access, update, delete and restrict the use of your data. Simply contact us at

Future privacy policy updates

Our privacy policy may update over time. If we make any changes we will notify you and provide you with the opportunity to review these changes.

Contact us:

If you have questions or concerns about privacy, you can email  You can also write to us at Camden Collective, Collective Auction Rooms, 5-7 Buck Street NW1 8NJ.