How we collect, use and protect personal information.

VIVIROS Global Protection Ltd. (“VIVIROS”, “we”, “our”, “us”), registered in England & Wales under No. 12894571, with offices at 88 Market Square, London EC2V 8BB, is the controller of personal data collected through the VIVIROS website and the publicly accessible portions of the Platform. Our Data Protection Officer can be reached at [email protected]. For enterprise customers, where VIVIROS processes Personal Data on the Customer’s behalf, VIVIROS acts as a processor under the Data Processing Addendum (DPA) executed with that Customer.

We process the following categories of personal data, collected directly from you or generated by your interaction with our Services:

• Identification data: name, professional title, employer, email, phone number.
• Account data: credentials, role assignments, audit log entries, session timestamps, IP addresses.
• Usage data: pages visited, features used, dashboards accessed, reports generated, support tickets.
• Communications data: emails, calls and messages exchanged with our team, including their content.
• Enforcement evidence: URLs, screenshots, fingerprints, takedown receipts and other evidence collected to support enforcement workflows.
• Marketing data: preferences, event registrations, content downloaded.

We process Personal Data for the following purposes and on the following legal bases:

• Provide and improve the Platform — performance of the contract between us and you (Article 6(1)(b) GDPR).
• Compliance with legal obligations — including bookkeeping, tax, audit and regulatory disclosures (Article 6(1)(c) GDPR).
• Legitimate interests — including security monitoring, abuse prevention, and Service improvement (Article 6(1)(f) GDPR).
• Consent — for marketing communications and non-essential cookies (Article 6(1)(a) GDPR).

We do not sell Personal Data. We share Personal Data with vetted sub-processors (cloud infrastructure, analytics, customer support tooling) under contractual obligations consistent with applicable data protection laws. A current list of sub-processors is available on request from [email protected]. Where Personal Data is transferred outside the UK or the EEA, we rely on the UK International Data Transfer Agreement, the EU Standard Contractual Clauses or any other lawful mechanism, and we conduct transfer impact assessments.

We retain Personal Data for as long as necessary to fulfil the purposes for which it was collected, including to comply with our legal, accounting, regulatory or contractual obligations. Enforcement evidence may be retained for the duration of pending or potential proceedings, plus the applicable statute of limitations.

Subject to applicable law, you may exercise the following rights: access, rectification, erasure, restriction of processing, portability, objection, withdrawal of consent and the right to lodge a complaint with a supervisory authority. To exercise any of these rights, contact us at [email protected]. We will respond within the deadlines set by applicable law (typically thirty (30) days).

VIVIROS implements appropriate technical and organizational measures to protect Personal Data, including encryption in transit and at rest, role-based access controls, principle of least privilege, multi-factor authentication, hardened perimeter, intrusion detection and continuous logging. Security controls are aligned with ISO/IEC 27001 and audited annually by independent third parties.

The VIVIROS Services are intended for enterprise users only and are not directed to children under the age of 16. We do not knowingly collect Personal Data from children. If you become aware of any Personal Data that has been collected from a child, please contact us immediately so we can delete it.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal obligations or for other operational reasons. The most current version is always available on this page, with the “Effective date” at the top. Material changes will be notified through the Platform or by email.