Privacy Policy

Who we are

Compliance Online Limited,  a company registered in England and Wales with company registration number 05706431 and having its registered address at St Clare House, 33 Minories, London, EC3N1DD trading as VIXIO Regulatory Intelligence (“we”; “us”), is committed to protecting and respecting your privacy. This Privacy Policy (“policy”) forms part of and is incorporated by reference into Compliance Online Limited’s standard Terms and Conditions.

This policy governs the data which we collect from users and other third parties in the course of our business and the way in which we protect and process such information. Please read this policy carefully to understand how we will treat your personal data.

Last updated: December 2023

1. Data Controller

For the purpose of applicable data protection laws,  we are the data controller of your personal data.

2. Information we may collect about you

We may collect personal data, that includes: name, job title, contact information including email address and mailing address, telephone number, demographic information such as postcode, preferences and interests, employer details, pay data/information, IP address, other information relevant to customer surveys and/or offers.

We may collect, use, store and transfer different kinds of personal data about you:

  • Contact Data includes data such as your email address, telephone number, geographical address and billing address;
  • Identity Data includes data such as first name, last name, date of birth;
  • Financial Data includes details you provide to us so that we can process your payments through our payment provider;
  • Transaction Data includes details of products or services you have purchased and payments made;
  • Technical Data includes data such as internet protocol (IP) address, your login data, browser type and version, cookies, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website and any communications we may send to you.
  • Usage Data includes information about how you use our website such as  information about your visit to our website, including the full Uniform Resource Locators (URL) clickstream to and through, pages you viewed or searches you made, page response times, download errors, length of visit, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
  • Marketing Data includes your preferences in receiving marketing from us.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as it does not directly or indirectly identity you.  However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we will treat the combined data as personal data which will be used in accordance with this policy. Personal data you provide to us.

From time to time you may provide to us personal data as follows:

(a) Information you provide when you use our website www.vixio.com (the “website”). This includes information provided by you at the time you place an order for any of our products or services. We may also ask you for information if you report a problem with our website.

(b) If you contact us by email, through our contact form, by telephone or in writing, We may keep a copy of that correspondence or communication.

(c) Details of any transactions you carry out with us through the website or by any other means, including those contained in an order form, and of fulfilment of your orders.

(d) Details of your visits to the website and the resources that you access.

Personal data we automatically collect about you

When you use our website, we may automatically collect and store information about your Technical Data and Usage Data for the purposes of research and analysis.

Some of this information is collected using cookies and similar tracking technologies. If you want to find out more about the types of cookies we use, why, and how you can control them, please see our Cookies Policy/paragraph 3 below.

Personal data we receive from others

We may receive personal data about you from our third party service providers, including our payment service providers and our analytic service providers.

If you have provided us with the personal data of another person, you confirm that he/she consents to the processing of his/her personal data and that you have informed him/her of our identity as a data controller and provided him/her with a copy of our Terms and Conditions and this policy.

We also monitor visitors to and content on our message board and blog sites to meet our obligations to ensure that rules as to content are being followed. We will review and, if appropriate, edit content on these sites.

3. IP addresses and cookies

We may collect information about your mobile phone, computer or other device from which you access the website. Such information may include your domain name and IP address, details of your computer operating system and browser, the website you visited prior to visiting our website and unique number identifiers that are automatically generated by our systems when you visit our website. This will include details of the choices you make on our website indicating whether you wish to receive information on other products and services.

Some of this information is retained in “cookie” files on your computer. These files retain useful information that can speed your navigation through frequently visited sites. They can also retain records that track site usage, preferences and passwords. These cookies can be disabled or deleted by activating the setting on your browser if you do not wish them to be used. However, if you select this setting you may be unable to access certain parts of our website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log in to our website.

Please note that our advertisers may also use cookies, over which we have no control.

4. Legal basis for data processing

We can process personal data on various legal bases.

For processing operations for which we obtain consent for a specific processing purpose, Article 6(1)(a) of the GDPR is our legal basis.

If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as for example when processing operations necessary to provide our service, the processing is based on Article 6(1)(b) of the GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services.

If our company is subject to a legal obligation by which processing of personal data is required, such as for the fulfilment of tax obligations, our processing is based on Article 6(1)(c) of the GDPR.

Finally, we can base our processing operations on Article 6(1)(f) of the GDPR: this legal basis is used for processing operations which are not covered by the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

Purpose/Activity Type of Data Lawful Basis for Processing Including Basis of Legimiate Interest
To send you marketing communications Contact Identity Consent or Legitimate interests
To register you as a customer Contact Identity Performance of a contract with you
To manage your account Contact Identity Financial Transaction Performance of a contract with you Legitimate interests (fraud-checking)
To manage our relationship with you such as notifying you about changes to our terms or this policy Contact Identity Performance of a contract with you Necessary to comply with a legal obligation Necessary for our legitimate interests
To administer and protect our business and this website (including improving and fixing our service, analysis, testing, system maintenance, support, reporting) Technical Necessary for our legitimate interests (for running our business security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure and understand the effectiveness of the advertising we serve to you Contact Identity Usage Marketing Technical Necessary for our legitimate interests (to analyse how customers use our website and manage our business accordingly)
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences Technical Usage Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

5. Security of your information

We protect your data by:

Offering you a secure transmission method to send us personal or company information.

Implementing security policies and technical measures to protect data from:

  • unauthorised access;
  • improper use or disclosure;
  • unauthorised modification; and
  • unlawful destruction or accidental loss.

However, unfortunately, because of the nature of electronic storage,  we cannot promise that your personal data or any other data you provide to us will always remain secure.   If there is a security breach, we will do all that we can as soon as we can to stop the breach and minimise the loss of any data.

If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. We would like to ask you to help us better protect our clients and our systems.

Please do the following:

  • E-mail your findings to tech@vixio.com. Encrypt your findings using our PGP key to prevent this critical information from falling into the wrong hands,
  • Do not take advantage of the vulnerability or problem you have discovered, for example by downloading more data than necessary to demonstrate the vulnerability or deleting or modifying other people’s data,
  • Do not reveal the problem to others until it has been resolved,
  • Do not use attacks on physical security, social engineering, distributed denial of service, spam or applications of third parties, and
  • Do provide sufficient information to reproduce the problem, so we will be able to resolve it as quickly as possible. Usually, the IP address or the URL of the affected system and a description of the vulnerability will be sufficient, but complex vulnerabilities may require further explanation.

What we promise

  • We will respond to your report within 3 business days with our evaluation of the report and an expected resolution date,
  • If you have followed the instructions above, we will not take any legal action against you in regard to the report,
  • We will handle your report with strict confidentiality, and not pass on your personal details to third parties without your permission,
  • We will keep you informed of the progress towards resolving the problem,
  • In the public information concerning the problem reported, we will give your name as the discoverer of the problem (unless you desire otherwise).

We strive to resolve all problems as quickly as possible, and we would like to play an active role in the ultimate publication on the problem after it is resolved.

6. Marketing

We may send you marketing email messages from us about our website and our services.  This could be because you have consented to receive such messages, or because to do so is in our legitimate interests and for example, you have request to attend an event, or because you are our customer. You can choose to no longer receive marketing emails from us by contacting us or clicking unsubscribe from a marketing email.  Please note that it may take us a few days to update our records to reflect your request.

If you ask us to remove you from our marketing list, we shall keep a record of your name and email address to ensure that we do not send to you marketing information.

7. Profiling or other automated individual decision making

Automated individual decision making refers to a decision made solely on the basis of automated processing of your personal data, without human involvement. For instance, this means processing using an algorithm or a software code. Profiling is defined as automated processing of personal data to evaluate certain things about an individual: profiling can be part of an automated decision-making process.

We may conduct automated decision making or profiling to better understand your centre of interests and preferences and adapt our communications to your profile. However, we want you to know that you have certain rights in respect of automated decision making and profiling, where that decision produces a legal effect on you. Please see below the section on “Your rights under the GDPR” for more information about your rights.

8. Retention of your information

We take appropriate measures to ensure that any information collected from you is kept only for so long as is necessary for the purpose for which such information is used.

We normally update your personal data within seven (7) working days of any new or updated personal data being provided to us, to ensure that the personal data we hold We may also be required to retain personal data for a particular period of time to comply with legal, auditory or statutory requirements, including requirements of HMRC in respect of financial documents and in order to deal with any dispute you might raise.  To determine the appropriate retention period for personal data, we consider the type of the personal data, the potential risk of harm from unauthorised use or disclosure of the  personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means.

Where we have no legal basis for continuing to process your personal data, we shall either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

For the avoidance of doubt, we may use Aggregated Data and Usage Data  for research or statistical purposes indefinitely without further notice to you.

9. Disclosure of your information

For our legitimate interests, We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries as defined in Section 1159 of the UK Companies Act 2006.

Again, for our legitimate interests, we may disclose your personal information to third parties:

(a) In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.

(b) If we or substantially all of our assets are acquired by a third party, in which case personal data held about our customers will be one of the transferred assets.

(c) If we are under a duty to disclose or share your personal data to comply with any legal obligation.

(d) To enforce or apply our Terms and Conditions and other agreements.

(e) If it is required to do so to deliver our services. We sometimes outsource certain functions of our business to service providers: some of these service providers may use cloud-based systems: in that case, your personal data would be hosted on their servers, but under our direction and control.

f) Where we have received your permission for us to do so.

10. Transfers outside the United Kingdom

We will only transfer your personal data to countries which are considered as providing an adequate level of legal protection or where alternative arrangements are in place to protect your rights.

We may transfer your personal data outside the UK in the unlikely event that we receive a legal request from a foreign law enforcement body. All requests for information we receive from these bodies will be carefully checked before personal data is transferred.

We may use remote website server hosts to provide and maintain some aspects of our service and website, which may be based outside the UK (in “the cloud”).   Where your personal data is transferred outside the United Kingdom, it will only be transferred to countries that have been identified as providing adequate protection for personal data or to a third party where we have approved transfer mechanisms in place to You have the right to ask for more information about the safeguards we have put in place as mentioned above.

Your rights under GDPR

11. Right of access

Right of access

The GDPR gives you the right to access information held about you. If you wish to exercise such right, please submit a request to us in writing at dataprotection@vixio.com.

Any access request shall be subject to your providing acceptable proof of identification.

If we are processing your personal data, we will provide you with a copy of that personal data.

Right of rectification

You are entitled to have your personal data rectified if it is inaccurate or incomplete. You should instruct us to correct or update any personal data we hold about you (for instance, if you change your address or your name).

You can instruct us to do this at any time by contacting us at dataprotection@vixio.com.

Right to erasure

You have a right to have your personal data erased and to prevent processing in specific circumstances. If you wish to exercise such right, please submit a request to us in writing at dataprotection@vixio.com. However, whilst we respect your right to be forgotten, we may still retain your personal data in accordance with applicable laws and when we respond to your request we shall notify you of any specific legal reasons that we have to retain your personal data

Right to restrict processing

If you believe our processing impacts on your fundamental rights and freedoms, , you have the right to obtain from us restriction of processing (especially when the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data)..  However, we may demonstrate that we have legitimate grounds to process your personal data not withstanding your rights and freedoms.

Right to withdraw your consent

In certain circumstances, we must have your consent before we contact you. You have the right to withdraw your consent to processing of your personal data at any time by contacting us at dataprotection@vixio.com.

Right to data portability

You have the right, in certain circumstances, to obtain personal data you have provided us with, in a structured, commonly used and machine-readable format, and to reuse it elsewhere or ask us to transfer this to a third party of your choice.

Right to object

You have the right to object to:

  • Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling).
  • Direct marketing (including profiling).
  • Processing for purposes of scientific/historical research and statistics.

Rights related to automated decision making and profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, as long as the decision is not necessary for entering into, or the performance of, a contract between you and us; or is not based on your explicit consent.

Right to lodge a complaint with a supervisory authority

You have a right to lodge a complaint with a supervisory authority, to enforce your rights, as specified above. You can find details about how to do this on the UK Information Commissioner’s Office (ICO) website at https://ico.org.uk/concerns/ or if you are based outside of the United Kingdom, please contact your local regulatory authority.

12. Links to other websites

Our website offers links to many third-party websites. We are not responsible for the accuracy or efficacy of the information or data policies or procedures of these third parties. If you access these sites using the links provided on our website, you should satisfy yourself as to the relevant data policies in effect on these sites.

13. Changes to this policy

Any changes we may make to thisolicy in the future will be posted on this page and on our website. Please check this page occasionally to ensure you are happy with any changes.

14. Contact

If any of your personal data changes, or if you have any questions, comments or requests regarding the protection of your personal data or this policy, please contact us by email at dataprotection@vixio.com or in writing at the address set out on the Contact Us page of the website.

Opt in to hear about webinars, events, industry and product news

To find out more about Vixio, contact us today