Preferences

Privacy is important to us, so you have the option of disabling certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may impact your experience on the website. More information

Accept all cookies
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Back pain is costing your business – we’ll show you how to fix it
Each month, get the latest MSK research, workplace injury prevention tactics, expert insights on the gender pain gap, new regulations, and real case studies showing how companies like Bupa cut pain by 50%+.

🧠 Built by experts in pro sports recovery
📉 Reduce absenteeism and healthcare costs
✅ Stay ahead of compliance – automatically
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Privacy Policy

1. Introduction

At Vitrue Health, we prioritise your privacy and data protection. We adhere to the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and applicable US privacy laws, including the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). This ensures that your personal data is handled lawfully, fairly, and transparently. This Privacy Policy explains how we process personal information related to assessments  addressing wider factors that contribute to your muscle, bone and joint wellbeing e.g. life-style and life-stage related factors.

Regardless of whether you access an assessment through your employer or via a friend or family member, this Privacy Policy applies to all users engaging with Vitrue Health’s assessments. Our commitment to privacy, security, and confidentiality remains the same for all individuals using our platform.

2. Why Vitrue Health Acts as a Data Controller for Specific Assessments

In our standard operations, Vitrue Health typically functions as a data processor on behalf of employers, who act as data controllers for regulatory assessments such as Display Screen Equipment (DSE) compliance and work-related risk factor evaluations. However, for assessments related to wider contributing factors of musculoskeletal (MSK) pain - such as lifestyle, life stage, hormone-related factors - Vitrue Health assumes the role of data controller. This distinction allows us to ensure confidentiality, provide personalised support, and comply with data protection regulations across multiple jurisdictions.

To provide full transparency, any assessment where Vitrue Health acts as the data controller will be clearly labeled, and a direct link to this Privacy Policy will be provided within the assessment interface.

3. Information We Collect

For assessments governed by this Privacy Policy (i.e., those that link to this policy), we may collect the following personal information:

  • Personal Identification Information: Name, date of birth, and contact details.
  • Health Information: Details related to contributing factors that may lead to strain on your musculoskeletal wellbeing, including but not limited to lifestyle choices, genetic factors, hormone-related factors such as menopause or menstrual cycles, pregnancy, and other personal health considerations.
  • Device and Usage Data: Information about how you interact with our platform, including IP address, browser type, and device information, in compliance with applicable privacy laws.

4. How We Use Your Information

The information collected is used to:

  • Conduct assessments to identify factors contributing to MSK pain.
  • Develop personalised recommendations and interventions.
  • Enhance our services and improve assessment tools.
  • Comply with legal and regulatory obligations.

5. Legal Basis for Processing

Our processing of sensitive personal data is based on:

  • Explicit Consent: We will obtain your explicit consent before collecting or processing your sensitive health information.
  • Vital Interests: In certain situations, processing may be necessary to protect your vital interests or those of another person.
  • Legitimate Interests: Where necessary, we may process data to improve our services, provided that such processing does not override your rights.

6. Data Sharing and Disclosure

We do not share your sensitive personal data with your employer without your explicit consent. However, we may share anonymized and aggregated data with employers to help them understand workplace trends and improve employee wellbeing.

To ensure your privacy, before sharing any data with employers:

  • All personally identifiable details (e.g., name, contact information, date of birth) are removed.
  • Data is aggregated so that it reflects workplace-wide trends rather than individual reports.
  • Statistical techniques are applied to prevent any re-identification of individuals.

This means that no employer or third party can link anonymized data back to you.

We may also share your information with:

  • Service Providers: We work with trusted third-party vendors who assist in delivering our services, such as cloud storage providers, analytics services, and customer support platforms. These providers are contractually bound to protect your data and may only use it as instructed by us.
  • Legal Obligations: We may disclose personal data when required to comply with applicable laws, regulations, legal processes, or government requests, or to protect the rights, safety, and security of our users, employees, or the public.

Under the CCPA, California residents have the right to know what categories of personal data we collect and whether we sell or share this data. Vitrue Health does not sell personal data.

7. Data Security

We implement robust security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. This includes encryption, access controls, and regular security assessments.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, including:

  • Personal Identification and Health Information: Retained for up to 2 years from your last interaction with our platform, unless a longer retention period is required for legal or regulatory compliance.
  • Device and Usage Data: Retained for up to 12 months for security monitoring and service improvement.
  • Anonymised and Aggregated Data: Retained indefinitely for research, service development, and reporting purposes, as this data does not contain identifiable information.

You may request the deletion of your personal data at any time by contacting us at support@vitruehealth.com.

9. Your Data Protection Rights

You have the following rights regarding your personal data:

  • Access: Request copies of your personal data.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your data under certain conditions.
  • Restriction: Request restriction of processing under certain conditions.
  • Objection: Object to processing under certain conditions.
  • Data Portability: Request transfer of your data to another organisation or to you.
  • Opt-Out (CCPA/CPRA): California residents may opt out of data sharing for targeted advertising and request additional information regarding how their data is used.

To exercise these rights, please contact us at support@vitruehealth.com.

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of any significant changes and update the effective date accordingly.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact:

  • Data Protection Officer: Alexandra Haslehurst
  • Address: 15 Ironmonger Row, London, EC1V 3QG
  • Email: alex@vitruehealth.com
  • Phone: 020 3920 7735