At Vitrue Health, your privacy and data protection are of enormous importance to us. We believe you should feel safe and secure using our products, and therefore we strive to observe the General Data Protection Regulation 2018 (GDPR) and the Data Protection Act 2018. We aim to go above and beyond our legal requirements to ensure our users feel in control of their data and comfortable with how it is used.
Vitrue VIDA performs unique quantitative assessments of users and partners with organisations across a range of industries. We typically operate as the data processor for each organisation. We are deemed the controller of the data when there is no prior data processing agreement with the organisation under whose responsibility the data is processed, or where our systems support the management of data across different organisations.
This privacy notice explains how we handle personal information about our users. For more details about how we process data, see our GDPR questions page.
This policy applies to our software, website and services. We’ve tried to make it easy to read, but if you do find anything unclear, please get in touch.
Who we are
Our full company name is Vitrue Limited
Our Data Protection Officer is Alexandra Haslehurst
What personally identifiable information (PHI) do we collect, and why?
After you have created an account, we receive standard details such as your name, email address and organisation name. We use these to provide our services to users and organisations. We may also use these details to inform you about alternative products that we have built that might interest you. As always, feel free to reach out to us and opt out of contact.
End user data that we collect usually consists of your full name, date of birth, email address as well as results on each assessment completed using our products. Please note that the results of your assessments may be shared with your employer, as part of our service offering, unless explicitly stated otherwise. Vitrue also collects usage data, such as what product features you use, the type of computer you are using, and when you open and close our software. This allows us to improve our software by better understanding how you interact with it and to provide you with usage data. End user data also helps us monitor our software security to work against fraud and cyberattacks.
For registered and non-registered website visitors, we gather IP addresses, cookie information, visited web pages, chat conversations, and contact details if they are provided. This data is gathered for analytics, cybersecurity, fraud prevention, as well as marketing and sales. Visitors can contact us and opt out of this processing.
We may process corporate prospects’ contacts or past corporate clients’ contacts data, including for marketing purposes. We may also process job candidates’ CVs and other information if this is required in the selection process.
What is our legal basis for processing this data?
The basis for processing user data is the provision of health and safety and wellbeing services. Where we act as the controller of user data, the purpose of processing of the data by Vitrue Health is the management of health care systems or services. This is explained in Schedule 1, Part 1, 2(f) Data Protection Act 2018 and Schedule 2, Part 2, 15(2) Jersey Data Protection Law 2018. According to Article 9(3) GDPR and s. 11(1) Data Protection Act 2018, such processing must be by or under the responsibility of one or more health professionals.
How long do we keep hold of your data for?
Our data retention stands in line with the Records Management Code of Practice for Health and Social Care 2016. We would delete the data earlier than the Code suggests if there are any changes to the GDPR or the Data Protection Act.
We retain data relevant to our actual or potential clients for as long as necessary in order to provide our services, to pursue sales transactions, or to market our services. You can contact us at firstname.lastname@example.org and request we delete your personal data.
How do we secure personal data?
We have policies and procedures that cover information governance, network security, confidential information, access control and other confidentiality measures. These are reviewed and updated when required. We conduct information governance training with all staff to make sure they are up to date with our policies equipped to handle information.
What non-identifiable information do we collect, and why?
Outside of the personal identifiable information we collect as part of providing our services (detailed above), we may also collect anonymous data on how you use our products. This data is used to help us understand how users interact with our tools and helps us to develop the best possible new features.
We use some technologies in our sales and marketing activities but not in our product website. Web pixels are used on our marketing website (https://www.vitrueremote.com) but not on our product (https://www.vitruevida.com). Pixels are not used to collect information on end users' usage of our product.
Do we share data with third parties?
We understand the importance of safeguarding your personal data and are committed to ensuring its security and privacy. To provide you with the best possible experience with VIDA, we may need to share your personal information with third-party sub-processors. Rest assured, we have stringent vetting procedures in place to ensure that we collaborate only with organizations that meet our high standards of data protection.
Here are some instances when we may share your personal information with third-party sub-processors:
- Cloud Service Providers: To securely store your data and ensure the reliable functioning of VIDA.
- Communication Platforms: For sending emails, notifications, or SMS messages to keep you updated about our services and offers.
- Payment Processors: To manage subscriptions and process payments securely.
- Analytics Services: To analyze usage patterns and improve the user experience of VIDA.
- Legal and Compliance Consultants: For ensuring that we are in compliance with laws and regulations.
- Regulatory Authorities: When required by law or in response to legal processes, we may have to disclose your data to government agencies.
All of our sub-processors are contractually obligated to handle your data with the utmost care and are prohibited from using the data for any other purpose. They are also required to comply with all relevant legal requirements, including GDPR, for any data processing activities they perform on our behalf.
Your personal data rights
You can request access, update, delete and restrict the use of your data. Simply contact us at email@example.com.
If you have questions or concerns about privacy, you can email firstname.lastname@example.org. You can also write to us at 15 Ironmonger Row, London, EC1V 3QG.
The Website (and the information which may be accessed through it) is not a substitute for professional medical care by a qualified doctor or other healthcare professional. You should always check with your doctor if you have any concerns about your condition or treatment and before taking, or not taking, any action on the basis of the content on our Website.
Many of the professionally authored links from the Website are to reputable institutions and societies and the content contained within can be a valuable source of information. However, not all medical resources on the internet are authoritative or current. Any decision about your health on information obtained from the internet could be dangerous. Whilst we hope that you will find the third party sites in respect of which we provide links to be of interest, we can accept no responsibility in respect of any third party web sites or any information contained therein.
The Exercise recommendations provided by Vitrue Health Wellness Coach are not a substitute to professional medical advice and are not designed to diagnose, examine, or treat specific medical conditions or determine the effect of any specific exercise on a medical condition. Never disregard professional medical advice, or delay in seeking it because of something you have been suggested in Vitrue Health Wellness Coach.
You should understand that when participating in any exercise or exercise program there is the possibility of physical injury. If you engage in this exercise program you agree that you do so at your own risk, are voluntarily participating in these activities, assume all risk of injury to yourself, and agree to release and discharge Vitrue Health from any claims or causes of action, known or unknown, arising out of Vitrue Health Wellness Coach programme.
Vitrue Health is not responsible or liable for any advice, course of treatment, diagnosis or any other information you see in Vitrue Health Wellness Coach. You are always encouraged to carefully review the information provided here with your professional healthcare provider.
We make every effort to ensure that we accurately represent our product and its potential for results. However, we make no guarantees concerning the level of success you may experience, and you accept the risk that results will differ for each individual.
We do not guarantee that you maintain the results achieved in the programme if you do not continue following the programme.
The use of our product should be based on your own due diligence and you agree that our company is not liable for any success or failure of your program that is directly or indirectly related to the use of Vitrue Health Wellness Coach.