Privacy Policy

1. Introduction

Vitalytics ("we", "us", or "our") is a business-to-business (B2B) managed IT services provider. We are committed to protecting the privacy of our business clients and their organisations. This Privacy Policy explains how we handle information in connection with our website and the managed IT services we deliver to corporate clients, including network management, cloud solutions, cybersecurity, IT support, automation, and monitoring.

Vitalytics does not collect personal data from individual end users. Our services are provided exclusively to businesses and organisations. By engaging our services, your organisation agrees to the data practices described in this policy.

2. Information We Collect

2.1 Business Client Information

As a B2B service provider, we do not collect personal data from individual consumers or end users. The information we collect is limited to what is strictly necessary for delivering our managed IT services to business clients. This may include:

• Company name and registered business address
• Business contact details for authorised representatives (name, business email, business phone number)
• Job title or role of the primary point of contact
• Service account credentials for our client portal
• Billing and invoicing information related to the business account

We collect this information only when it is voluntarily provided by an authorised representative of the client organisation during service onboarding or ongoing support engagements.

2.2 Automatically Collected Information

When authorised representatives visit our website, we may automatically collect limited technical information to ensure the website functions correctly, including:

• IP address and browser type
• Pages visited and time spent on pages
• Referring website addresses

This data is collected via analytics cookies and is used solely for website performance improvement. It is not linked to any individual user profile.

2.3 VPN Service — No-Logs Policy

As part of our network management services, Vitalytics configures and manages VPN solutions for our business clients. We operate a strict no-logs policy for all VPN services we manage. This means:

• We do not log, monitor, or store any VPN traffic data
• We do not record connection timestamps, session durations, or IP addresses used over VPN connections
• We do not inspect, log, or retain any data transmitted through VPN tunnels
• VPN configurations are managed solely for connectivity and security purposes, with no data collection of any kind

This no-logs policy applies to all VPN services managed by Vitalytics without exception.

3. How We Use Your Information

We use the information collected from our business clients solely for the following purposes:

• To deliver, maintain, and improve our managed IT services
• To process invoices and manage billing for business accounts
• To communicate service updates, maintenance schedules, and security advisories to authorised client contacts
• To respond to support requests and technical enquiries from client organisations
• To monitor service performance and uphold our service level agreements
• To comply with applicable legal and regulatory obligations

We do not use client information for marketing purposes unless the client organisation has explicitly opted in to receive such communications.

4. Data Sharing and Disclosure

We may share your information in the following circumstances:

4.1 Service Providers

We may share limited business client information with trusted third-party service providers who assist us in delivering our services. These providers are contractually bound to handle data in accordance with UK GDPR. They include:

• Cloud infrastructure providers (Microsoft Azure, OpenStack) for hosting managed services
• Payment processors for handling business invoicing
• Analytics providers for website performance monitoring only

4.2 Legal Requirements

We may disclose business client information if required to do so by UK law, or in response to valid legal requests by public authorities, such as a court order or regulatory enquiry.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our website and store certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

We use the following types of cookies:

• Essential Cookies: Required for the website to function correctly
• Analytics Cookies: Help us understand how visitors interact with our website to improve its performance

You can manage your cookie preferences through our Cookie Settings page.

6. Data Security

We implement appropriate technical and organisational security measures to protect business client information against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and audits
• Access controls and authentication mechanisms
• Employee training on data protection

However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security of business client data.

7. Data Retention

We retain business client information only for as long as necessary to fulfil our contractual obligations and deliver the managed IT services agreed upon. Once a service agreement is terminated, client data is securely deleted within a reasonable timeframe unless retention is required by law.

VPN-related data is never retained, as per our strict no-logs policy outlined in Section 2.3.

8. Your Rights

Under the UK General Data Protection Regulation (UK GDPR), authorised representatives of our business clients have the following rights regarding any data we hold in connection with their organisation:

• Right to Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Request restriction of processing your data
• Right to Data Portability: Request transfer of your data to another organization
• Right to Object: Object to processing of your personal data
• Rights related to Automated Decision-Making: Not to be subject to automated decisions

To exercise these rights on behalf of your organisation, please contact us using the details provided below.

9. International Data Transfers

As we operate globally across the UK, US, Switzerland, Germany, Norway, UAE, and Australia, business client information may be transferred to and processed in countries other than the client organisation's country of registration. We ensure appropriate safeguards are in place, including standard contractual clauses and adequacy decisions, to protect data in accordance with UK GDPR.

10. Children's Privacy

Our services are provided exclusively to businesses and organisations. We do not offer services to individual consumers or children. We do not knowingly collect any personal information from children under 16 years of age.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

12. Contact Us