At Vitrue Health, your privacy and data protection are of enormous importance to us. We believe you should feel safe and secure using our products, and therefore we strive to observe the General Data Protection Regulation 2018 (GDPR) and the Data Protection Act 2018. We aim to go above and beyond our legal requirements to ensure our users feel in control of their data and comfortable with how it is used.
Vitrue Remote performs unique quantitative assessments of users and partners with organisations across a range of industries. We typically operate as the data processor for each organisation. We are deemed the controller of the data when there is no prior data processing agreement with the organisation under whose responsibility the data is processed, or where our systems support the management of data across different organisations.
This privacy notice explains how we handle personal information about our users. For more details about how we process data, see our GDPR questions page.
This policy applies to our software, website and services. We’ve tried to make it easy to read, but if you do find anything unclear, please get in touch.
Who we are
Our full company name is Vitrue Limited
Our office is at Camden Collective, Collective Auction Rooms, 5-7 Buck Street NW1 8NJ
Company Registration Number is 1077594
Please direct questions about privacy to
Our Data Protection Officer is Alexandra Haslehurst
Address: Camden Collective, Collective Auction Rooms, 5-7 Buck Street NW1 8NJ
Phone: 020 3920 7735
What personally identifiable information do we collect, and why?
After you have created an account, we receive standard details such as your name, email address and organisation name. We use these to provide our services to users and organisations. We may also use these details to inform you about alternative products that we have built that might interest you. As always, feel free to reach out to us and opt out of contact.
End user data that we collect usually consists of your full name, date of birth, email address as well as results on each assessment completed using our products. Vitrue also collects usage data, such as what product features you use, the type of computer you are using, and when you open and close our software. This allows us to improve our software by better understanding how you interact with it and to provide you with usage data. End user data also helps us monitor our software security to work against fraud and cyberattacks.
For registered and non-registered website visitors, we gather IP addresses, cookie information, visited web pages, chat conversations, and contact details if they are provided. This data is gathered for analytics, cybersecurity, fraud prevention, as well as marketing and sales. Visitors can contact us and opt out of this processing.
We may process corporate prospects’ contacts or past corporate clients’ contacts data, including for marketing purposes. We may also process job candidates’ CVs and other information if this is required in the selection process.
What is our legal basis for processing this data?
The basis for processing user data is the provision of health care services. Where we act as the controller of user data, the purpose of processing of the data by Vitrue Health is the management of health care systems or services. This is explained in Schedule 1, Part 1, 2(f) Data Protection Act 2018 and Schedule 2, Part 2, 15(2) Jersey Data Protection Law 2018. According to Article 9(3) GDPR and s. 11(1) Data Protection Act 2018, such processing must be by or under the responsibility of one or more health professionals.
How long do we keep hold of your data for?
Our data retention stands in line with the Records Management Code of Practice for Health and Social Care 2016. We would delete the data earlier than the Code suggests if there are any changes to the GDPR or the Data Protection Act.
We retain data relevant to our actual or potential clients for as long as necessary in order to provide our services, to pursue sales transactions, or to market our services. You can contact us at and request we delete your personal data.
How do we secure personal data?
We have policies and procedures that cover information governance, network security, confidential information, access control and other confidentiality measures. These are reviewed and updated when required. We conduct information governance training with all staff to make sure they are up to date with our policies equipped to handle information.
What non identifiable information do we collect, and why?
Outside of the personal identifiable information we collect as part of providing our services (detailed above), we may also collect anonymous data on how you use our products. This data is used to help us understand how users interact with our tools and helps us to develop the best possible new features.
Cookies: Cookies are small text files placed in device browsers to store their preferences. For example if you do not finish an assessment, cookies allow us to remember where you left off for when you come back to finish. Most browsers allow you to block and delete cookies. However, if you do that, some aspects of our services may not work properly.
Analytics: We use Google Analytics as well as internal analytics tools to process analytics and other information on our Services. For example, that a user has clicked a particular button or used a certain feature. We use this information to understand how to best develop new features and to understand how our users are using our products.
We use some technologies in our sales and marketing activities but not in our product website. Web pixels are used on our marketing website () but not on our product (). Pixels are not used to collect information on end users' usage of our product.
Web Pixels: A web pixel is a piece of code embedded in the services that collects information about engagement on the services. The use of a pixel tag allows us to record, for example when a user views a certain page on our website, We may also include web pixels in marketing e-mails to understand whether messages have been opened and acted on.
Do we share data with third parties?
We don't share your personal with third parties for anything but keeping it safe and secure for you so we may share your data with service providers such as communications, storage and email processors. Your information may also be shared with other organisations in the context of your communications. User information might be shared with other organisations only if he or she is a client or employee with these organisations, or the data has been anonymised. When we are the sole controller, we may share the data with bodies in anonymised form, subject to legal requirements and legitimate interest assessment.
Your personal data rights
You can request access, update, delete and restrict the use of your data. Simply contact us at .
If you have questions or concerns about privacy, you can email firstname.lastname@example.org. You can also write to us at Camden Collective, Collective Auction Rooms, 5-7 Buck Street NW1 8NJ.
The Website (and the information which may be accessed through it) is not a substitute for professional medical care by a qualified doctor or other healthcare professional. You should always check with your doctor if you have any concerns about your condition or treatment and before taking, or not taking, any action on the basis of the content on our Website.
Many of the professionally authored links from the Website are to reputable institutions and societies and the content contained within can be a valuable source of information. However, not all medical resources on the internet are authoritative or current. Any decision about your health on information obtained from the internet could be dangerous. Whilst we hope that you will find the third party sites in respect of which we provide links to be of interest, we can accept no responsibility in respect of any third party web sites or any information contained therein.