Privacy Policy

This privacy policy (“Privacy Policy”) and any other documents referred to in it set out the basis on which we collect and process your personal data as a data controller when you use our website or services. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting https://www.infovetted.com/ (the “Site”) or using our services or apps (“Services”) you are accepting and consenting to the practices described in this Privacy Policy.

Please note: This Privacy Policy does not apply to any data you provide to us when we process personal data as a data processor i.e. where we process customer data within the cloud service we provide to you, as a business to business service provider.

The Site and Services are not intended for use by children or anyone under the age of 18 and we do not knowingly collect information relating to children.

Data Controller

For the purposes of EU and UK data protection laws and any applicable national implementing laws, regulations and secondary legislation relating to the processing of personal data (together “Data Protection Law”), the data controller is Info Vetted Limited of 10 Orange Street, London, WC2H 7DQ, England (“we”, “us”, “our”).

Legal Basis for Processing

We will only use your personal data when the law allows us to. We rely on one or more of the following legal bases:

• Performance of a contract with you: Where we need to perform the contract we are about to enter into or have entered into with you.
• Legitimate interests: Where it is necessary for our legitimate business interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Legal obligation: We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to.
• Consent: We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose, for example if you subscribe to an email newsletter.

Personal Data We May Collect

We collect, use, store and transfer different kinds of personal data about you:

• Identity Data: first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
• Contact Data: billing address, delivery address, email address and telephone numbers, business name.
• Financial Data: bank account and payment card details.
• Transaction Data: details about payments to and from you and other details of products and services you have purchased from us.
• Technical Data: internet protocol (IP) address, your login data, device ID, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform.
• Profile Data: your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
• Usage Data: information about how you use our Site and Services, including URL clickstream to, through and from our Site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages.
• Marketing and Communication Data: your preferences in receiving marketing from us and our third parties and your communication preferences.
• Location Data: GPS technology used to determine your current location. Some of our location-enabled Services require your personal data for the feature to work.
• Aggregated Data: We also collect, use and share aggregated data such as statistical or demographic data. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity.
• Special Category Data: We do not collect, store and/or use special category data about you. We will only collect and use such data where we have obtained explicit consent from you.

If You Fail to Provide Personal Data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

How Personal Data is Collected

• Direct Interactions: You may give us your Identity Data, Contact Data and Financial Data when you fill in forms or correspond with us by post, phone, email or otherwise. This includes personal data you provide when you register to use our Site or Services, subscribe to our newsletter, create an account, request marketing, place an order, participate in surveys, attend a conference or webinar, give us feedback or contact us.
• Purchases: If you make purchases via our Site or within any Services, or register for an event or webinar, we may require you to provide your Identity Data, Contact Data, Financial Data and Transaction Data.
• Automated Technologies or Interactions: As you interact with our Services, Sites or emails, we automatically collect Technical Data about your device, browsing actions, patterns, Location Data and Usage Data. We collect this personal data by using cookies, server logs, web beacons, pixels, and other similar technologies.

Personal Data We Collect from Other Sources

We also collect personal data about you from publicly available sources including:

• Identity and Contact Data from publicly available sources such as Companies House.
• Identity, Contact and Profile Data published on social media profiles such as LinkedIn, Facebook, Twitter.
• We collect information from other sources, such as publicly available content, licensed content, and content generated by human reviewers to develop our AI model used within the Services.

Cookies and Tracking Technologies

We use cookies or similar tracking technology on our Site and in the Services to distinguish you from other users and to analyse usage. This helps us to provide you with a good experience when you browse our Site and also allows us to improve the Site and Services.

What are cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the website.

Persistent Cookies

A persistent cookie is stored on a user's device in between browser sessions which allows the preferences or actions of a user across the Site to be remembered. We use persistent cookies to save your login information for future logins to the Site or Services.

Session Cookies

A session cookie allows the Site or Services to link your actions during a browser session. Unlike persistent cookies, session cookies are deleted from your computer when you log off from the Site or Services and then close your browser.

Which cookies we use and why

• Strictly necessary cookies: Required for the operation of our Site, including cookies that enable you to log into secure areas of our Site.
• Analytics and tracking cookies: Allow us to recognise and count visitors and to see how visitors move around our Site when they are using it.
• Functional cookies: Used to recognise you when you return to our Site, enabling us to personalise our content for you.
• Marketing cookies: Record your visit to our Site, the pages you have visited and the links you have followed.

Third-party cookies we use

• Google (Analytics) — up to 2 years
• Hotjar (Analytics) — session to 365 days
• Intercom (Functional) — session to 9 months
• HubSpot (Marketing) — 30 minutes to 13 months
• Stripe (Functional) — session to 1 year
• Geotargeting (Location) — session only
• Registration/Sign-in — session duration or until logout
• YouTube (Embedded) — session to 2 years

You can set up your browser options to stop your computer accepting cookies. To find out more, visit www.allaboutcookies.org. To opt out of Google Analytics tracking visit http://tools.google.com/dlpage/gaoptout.

Do Not Track

We do not support Do Not Track (“DNT”). You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

How We Use Your Personal Data

We use your personal data for the following purposes:

• To register you as a new customer — Identity Data, Contact Data — Performance of a contract with you.
• To process and deliver your order, manage payments and recover money owed — Identity Data, Contact Data, Financial Data, Transaction Data — Performance of a contract / Legitimate interests.
• To manage our relationship with you, including notifying you of changes to our terms or Privacy Policy — Identity Data, Contact Data, Profile Data — Performance of a contract / Legal obligation / Legitimate interests.
• To enable you to partake in a prize draw, competition or survey — Identity Data, Contact Data, Profile Data, Usage Data — Performance of a contract / Legitimate interests.
• To administer and protect our business and this Site, including troubleshooting, data analysis and security — Identity Data, Contact Data, Technical Data — Legitimate interests / Legal obligation.
• To deliver relevant Site and Services content and advertising and measure effectiveness — Identity Data, Contact Data, Profile Data, Usage Data, Technical Data — Legitimate interests.
• To use data analytics to improve our Site and Services — Technical Data, Usage Data — Legitimate interests.
• To send you relevant marketing communications — Identity Data, Contact Data, Technical Data, Usage Data, Profile Data — Legitimate interests.
• To enable you to apply to work for us — Identity Data, Contact Data, Financial Data, Technical Data — Performance of a contract / Legal obligation / Legitimate interests.

We will not sell or rent your personal data to anyone.

Personal Data We Receive from Other Sources

• HubSpot Inc: Our marketing platform. Your data may be stored through HubSpot's data storage and applications. See HubSpot's Privacy Policy.
• Xero UK Ltd: We use Xero to manage our customer invoicing and accounts. Customer data such as billing contact details and payment history may be stored by Xero. See Xero's Privacy Policy.
• Stripe Inc: We use Stripe as our third-party payment processor. We do not store your full credit or debit card details on our servers. See Stripe's Privacy Policy.
• Intercom Inc: Used for customer support and communications on our Customer Portal and Candidate Portal. Intercom may collect your name, email address, device and browser information, and any messages you send via the Intercom chat. See Intercom's Privacy Policy.

Information Sharing and Disclosure

We may share or disclose your personal data to:

• Service Providers: Third-party service providers who help us operate our Site and Services, including hosting, analytics, communication, payment and invoicing services. These include Intercom, Xero and Stripe. These service providers are bound by confidentiality obligations and are prohibited from using your information for any purpose other than providing services to us.
• Screening and Verification: If you are a candidate or a business customer, we may share your personal data with relevant third parties, agencies and authorities to perform background checks, compliance screening, verification and due diligence. This may include the DVLA, Home Office, Disclosure & Barring Service (DBS), credit reference agencies, educational institutions, previous employers, or other regulatory or government bodies.
• Legal Requirements: If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms, or to protect our rights, property, safety, our customers or others.
• Group companies: We may disclose your personal data to any member of our group as defined in section 1159 of the UK Companies Act 2006.
• Business Transfers: In the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets.
• Professional Advisors: Lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
• Credit Reference Agencies: For the purpose of assessing your credit score where this is a condition of us entering into a contract with you.

We require all third parties to respect the security of your personal data and to treat it in accordance with applicable law.

International Transfers

Our Services are global and your personal data may be stored and processed in any country where we have operations or our staff are located. When we transfer personal data outside the UK, EU or Switzerland, we ensure appropriate safeguards are in place, including standard contractual terms (IDTA, EU SCCs), binding corporate rules, or transfers to countries with adequacy decisions.

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. All information you provide is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. We limit access to your personal data to those who have a business need to know.

We have put in place procedures to deal with any personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Third Party Links

Our Site and Services may contain links to third party websites, plug-ins and applications. These third party websites have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to third party websites.

Data Retention

We retain your information for as long as reasonably necessary to fulfil the purposes we collected it for, including satisfying any legal, regulatory, tax, accounting or reporting requirements. By law we have to keep basic information about our customers (including Contact Data, Identity Data, Financial Data and Transaction Data) for 6 years after they cease being customers for tax purposes.

Your Rights and Choices

You have the right to:

• Request access to your personal data (subject access request).
• Request rectification of inaccurate or incomplete personal data we hold about you.
• Request erasure of your personal data in certain circumstances.
• Request restriction of the processing of your personal data.
• Object to the processing of your personal data where we are relying on a legitimate interest.
• Request the transfer of your personal data to you or to a third party in a structured, commonly used, machine-readable format.
• Object at any time to the processing of your personal data for direct marketing purposes.
• Withdraw consent at any time where we are relying on consent to process your personal data.

To exercise any of the above rights, please contact us as set out at the end of this Privacy Policy.

Data Deletion Requests

If you wish to request the deletion of your personal data, please contact us at: data.deletions@infovetted.com. Please include your full name, the email address associated with your account, and any specific information you would like deleted. We will try to respond to all legitimate requests within 30 days.

Marketing Communications

You will receive marketing communications if you opt in to receive them, or if you have purchased our goods or services and have not opted out. You can ask us to stop sending you marketing communications at any time by following the unsubscribe links in any marketing communication or by contacting us directly.

Complaints

We take complaints we receive very seriously. If you have any complaints about our use of your personal data, please contact us or you have the right to make a complaint to the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.

Changes to our Privacy Policy

We reserve the right to modify this privacy policy at any time. Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email. This Privacy Policy was last updated on 23 September 2025.

Contact Information

If you have any questions, comments or requests regarding this Privacy Policy or you wish to exercise any of your privacy rights, please contact us:

• By email: info@infovetted.com
• By mail: Info Vetted Limited, 10 Orange Street, London, WC2H 7DQ, England.