Privacy Policy | Veramed

EXTERNAL PRIVACY NOTICE

Last updated on: 25 September 2025

Introduction

At Veramed we are committed to protecting the privacy and security of your personal data. The majority of our website can be operated without providing any of your personal data, although there are some circumstances in which we require additional information to provide you with the information or services you are requesting.

This privacy notice describes how Veramed Limited and our group companies (collectively referred as “Veramed” or “we” or “us” or “our”) collect, use and share your personal data through our website and the decisions you can make about the way your personal data is collected and used.

Veramed group members include Veramed Limited; Veramed GmbH; Veramed Inc.; Veramed LLC; and Veramed Data Services Private Limited.

We have a separate job applicant privacy statement which explains what types of personal data we may collect about job applicants, and candidates and how it may be used. That will be provided to you at the relevant time or can be provided by contacting us.

Under the UK GDPR and the Data Protection Act 2018 (Data Protection Law) “personal data” means any information relating to an identifiable person that enables them to be identified. Personal data covers obvious information such as name and contact details, as well as less obvious information such as identification numbers, electronic location data, and other online identifiers.

Veramed is a Data Controller. This means that we are responsible for determining the purpose and means of processing personal data. We are committed to ensuring that your personal data is handled lawfully, fairly and transparently.

We may update this privacy notice periodically to reflect changes in our data processing activities or legal obligations. Any updates will be made available on this page. We recommend that you check this page regularly.

Data Protection Principles

We handle all personal data in accordance with Data Protection Law. This means that your personal data will always be:

Lawful, fair and transparent – processed on a valid legal basis and in a clear manner
Collected only for specified purposes – used only for the purpose explained to you.
Limited to what is necessary and not excessive in relation to the purposes.
Accurate and kept up to date – corrected or removed when identified as inaccurate
Stored only as long as necessary for the stated purposes.
Processed securely – protected against unauthorised access, loss or damage.

What Personal Data do we collect?

We collect your Personal Data when you use our website, including information provided by you, information we automatically collect and information we obtain from third parties. This does not include information where the identity has been removed (anonymised data) so that individual can no longer be identified.

The Information we collect depends on how you interact with us and this website. It may include:

Identity Data includes first name, last name, title or role and the company you work for.
Contact Data includes email address, work details, work address, telephone numbers, and LinkedIn url.
Technical Data includes IP address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
Usage Data includes information about how you use our website and email tracking data about whether you open, or click on links within, our marketing-related emails.
Marketing and Communications Data includes your preferences in receiving marketing communications from us.

How we will use your personal data

We store the personal data you provide about yourself in a secure environment in order to provide you with the information, products, and/or services you request.

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

Where you have given your consent to the processing of your personal data for a particular purpose.
Where it is necessary for the performance of a contract with you or to take steps to enter into a contract with you.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal or regulatory obligation.

For example, if you provide your name, mailing address, telephone and email address and request more information about Veramed’s services we will use this information to fulfil your request.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Automated decision-making

No decisions will be taken about you using automated means.

Data sharing

We may share your personal data with selected third parties, including:

third parties involved or engaged in the course of the services we provide.
third party service providers such as data hosting and IT support suppliers who we use to help manage our business.
taxation authorities, regulators, law enforcement agencies and other authorities if required by such authorities or by due process of law.
third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets.

International transfers of your personal data

Personal Data may be shared between the group members. A number of entities within the Veramed Group are based outside the UK and European Economic Area (EEA) so their processing of your personal data will involve a transfer outside of the UK or EEA (including in the US).

Whenever we transfer your data outside of the UK/EEA we ensure a similar degree of protection is afforded to it by utilising data transfer safeguards prescribed by Data Protection Law. If you would like more information, please reach out to us at DPO@veramed.co.uk.

Data security

We have put in place measures to protect the security of your personal data. Details of these measures are available at https://www.veramed.co.uk/technical-organisational-measures/.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Marketing and Opting out

You may receive our communications if you have requested information from us, if you are a client, if you have provided us with your details or if we have identified you as someone who may be interested in our services and you have not unsubscribed from our marketing communications.

You can unsubscribe from our marketing messages at any time by following the opt-out links on any marketing message sent to you or by emailing DPO@veramed.co.uk at any time.

Cookies and other anonymous web tracking techniques

When you use our website, Veramed may assign cookie files to you, which are a small amount of data we send to your web browser. Cookies enable our website to recognise and differentiate between visitors; to track the patterns of activities engaged in by different visitors; and to. The cookie preferences can be updated as and when you so wish.

When you visit and browse our website we automatically collect data which may include your device and browsing information, and we use and share this data with certain vendors in order to provide certain functionality on our website and to analyse which pages you visited. We may also use aggregated, non-identifiable data regarding persons who visit our site to learn more about the use of the site and how we can improve it.

Please see our Cookie Policy for more information.

How long will you use my personal data for?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. If you would like more information as to specific retention periods, please do reach out to us at DPO@veramed.co.uk.

In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Where we no longer need to process your personal data, we will delete your personal data from our systems unless we need to retain a limited amount of information to make sure that we act in accordance with your wishes.

What are your rights under Data Protection Law?

You have various other rights under applicable Data Protection Law, including the right to:

access your personal data (also known as a “subject access request”);
correct incomplete or inaccurate data we hold about you;
ask us to erase the personal data we hold about you in certain circumstances;
ask us to restrict our handling of your personal data;
data portability – where you provide personal data to us directly, we process it using automated means with your consent or to perform a contract, you can ask us to transfer a copy personal data to another service or business;
object to how we are using your personal data – You have the right to:
ask us not to process your personal data for direct marketing purposes;
object, on grounds relating to your particular situation, to the processing of your personal data where we are relying on a legitimate interest; and
withdraw your consent to us handling your personal data where we are relying on consent as the legal basis for processing.

If you wish to exercise any of the rights set out above, please contact us at DPO@veramed.co.uk.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) (https://ico.org.uk/) or, in the EU, your relevant supervisory authority, you can find which one applies to you here. However, before doing we would welcome the opportunity to resolve your concerns ourselves, however, so please contact us first.

Please keep in mind that privacy law is complicated, and these rights will not always be available to you all of the time.

What we may need from you – We may need to request specific information from you to confirm your identity. This is a security measure to ensure that personal data is not disclosed to anyone who has no right to it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond – We try to respond to all legitimate requests within one month. Occasionally it may take us longer if your request is complex or you have made a number of requests. In this case, we will notify you and keep you updated.

How do I contact you?

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions, including any requests to exercise your legal rights, please contact them at DPO@veramed.co.uk.

Our EU Representative is Veramed GmbH who can be contacted at DPO@veramed.co.uk.

Our UK Representative is Veramed Limited who can be contacted at DPO@veramed.co.uk.