Legal

Privacy Policy

How we collect, use, and protect your personal data.

Last updated: 5 April 2026

1. Who we are

Vertanet Ltd is a company registered in England and Wales (company number 09811451) with its registered office at Second Floor, Kirkland House, 11-15 Peterborough Road, Harrow, Middlesex, United Kingdom, HA1 2AX.

When we refer to "Vertanet", "we", "us", or "our" in this policy, we mean Vertanet Ltd. We are the data controller responsible for deciding how your personal data is collected, used, and stored.

We take your privacy seriously and are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).

If you have any questions about this policy or how we handle your data, you can contact us at [email protected].

2. What data we collect

We collect different types of personal data depending on how you interact with our website. We only collect data that is necessary for the purposes described in this policy.

Information you provide directly

When you submit an enquiry through our contact form, we collect:

  • Your name
  • Your email address
  • Any additional information you choose to include in your message, such as your company name, telephone number, or details about your project

We only collect this information when you actively choose to provide it. We do not collect personal data through our contact form without your knowledge.

Information collected automatically

When you visit our website, certain data is collected automatically through cookies and similar technologies. This only occurs if you have given your consent through our cookie consent banner. The data collected includes:

  • Analytics data (via Google Analytics 4): pages you visit, the order in which you visit them, time spent on each page, how you arrived at our site (e.g. search engine, direct link, referral from another website), interactions with page elements such as buttons and links, bounce rate, and general geographic location at the country or region level. This data is aggregated and does not identify you personally.
  • Session recordings and heatmaps (via Microsoft Clarity): anonymised visual recordings of how you navigate our website, including mouse movements, clicks, taps, and scrolling behaviour. Microsoft Clarity automatically masks sensitive input fields such as passwords and payment details. These recordings help us identify usability issues and improve the browsing experience.
  • Technical data: your IP address (anonymised where supported by the service), browser type and version, operating system, screen resolution, device type (desktop, tablet, or mobile), and preferred language settings.

Information we do not collect

We do not collect any special category data (also known as sensitive personal data), such as information about your health, racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, or sexual orientation. We do not collect financial information such as bank account or payment card details through this website.

3. How we use your data

We use the personal data we collect for the following specific purposes:

Responding to enquiries

When you submit our contact form, we use your name and email address to respond to your message. If your enquiry relates to a potential project, we may follow up to discuss your requirements in more detail. We will not add you to any marketing lists or send you unsolicited communications as a result of submitting an enquiry.

Improving our website

Analytics data from Google Analytics 4 and session recordings from Microsoft Clarity help us understand how visitors use our website. We use this information to identify pages that are performing well, find and fix usability problems, improve navigation and content structure, optimise page load times and performance, and make informed decisions about future design and development work.

Ensuring security and technical operation

Technical data such as IP addresses and browser information helps us ensure the website functions correctly, monitor for and prevent security threats, diagnose technical problems, and maintain the overall integrity of our systems.

What we do not do with your data

We do not sell, rent, lease, or trade your personal data to any third party. We do not use your data for automated decision-making or profiling. We do not use your data for advertising or targeted marketing purposes. We do not share your data with third parties for their own marketing purposes.

4. Lawful basis for processing

Under the UK GDPR, we must have a valid legal reason (known as a "lawful basis") for processing your personal data. We rely on the following lawful bases:

Consent (Article 6(1)(a))

We rely on your consent for setting non-essential cookies, including analytics cookies (Google Analytics 4) and session recording cookies (Microsoft Clarity). When you first visit our website, a consent banner will ask you to accept or decline these cookies. You can change your mind and withdraw your consent at any time by adjusting your preferences through the cookie settings link in the footer of any page, or by clearing cookies in your browser settings.

Withdrawing consent does not affect the lawfulness of any processing that took place before you withdrew it.

Legitimate interests (Article 6(1)(f))

We rely on legitimate interests for processing the data you submit through our contact form. Our legitimate interest is to respond to your enquiry and, where appropriate, to discuss how we might help with your project. We have carried out a legitimate interests assessment and concluded that this processing is necessary for our business operations and does not override your rights and freedoms, particularly because you initiate the contact, we only use the data for the purpose you would expect, and we do not use it for marketing or any unrelated purpose.

5. Third-party services and data processors

We use a limited number of third-party services to operate our website. Each of these services may process personal data on our behalf (making them "data processors" under the UK GDPR). We have assessed each service to ensure appropriate data protection safeguards are in place.

Google Analytics 4 (GA4)

We use Google Analytics 4 to collect and analyse anonymous website usage data. GA4 uses cookies to distinguish between visitors and track session information. Data collected by GA4 is processed by Google LLC. We have configured GA4 to anonymise IP addresses where possible and have disabled data sharing with Google for advertising purposes. Google's privacy policy governs their processing of this data.

Google Tag Manager (GTM)

We use Google Tag Manager to manage the deployment of analytics and tracking scripts on our website. GTM is a tag management system. It does not set cookies itself and does not collect or store personal data. Its role is to facilitate the conditional loading of other services (such as GA4 and Clarity) based on your consent preferences.

Microsoft Clarity

We use Microsoft Clarity to record anonymous session replays and generate heatmaps showing how visitors interact with our pages. Clarity automatically masks sensitive fields (such as passwords and form inputs marked as sensitive) to prevent the capture of personal information in recordings. Data collected by Clarity is processed by Microsoft Corporation. Microsoft's privacy statement governs their processing of this data.

We do not use any other third-party services that process personal data collected through this website.

6. International data transfers

Some of the third-party services we use (Google and Microsoft) are based in the United States. This means that personal data collected through cookies may be transferred to, stored in, and processed in countries outside the United Kingdom.

Where data is transferred outside the UK, we ensure that appropriate safeguards are in place to protect your data. These safeguards include:

  • Adequacy decisions: where the UK government has determined that a country provides an adequate level of data protection.
  • Standard contractual clauses (SCCs): contractual agreements approved by the relevant authorities that require the data recipient to protect personal data to UK standards.
  • Additional security measures: technical and organisational measures implemented by the service providers, such as encryption in transit and at rest.

Both Google and Microsoft participate in recognised data transfer frameworks and maintain comprehensive data processing agreements that include standard contractual clauses.

7. Data retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Our specific retention periods are:

  • Contact form submissions: we retain your name, email address, and message for as long as necessary to respond to your enquiry and manage any resulting business relationship. For enquiries that do not lead to an ongoing engagement, we review and delete data periodically and will not retain it for longer than 24 months after your last interaction with us.
  • Google Analytics 4 data: GA4 retains user-level and event-level data for 14 months from the date of collection. After this period, the data is automatically deleted from Google's servers. Aggregated reports based on this data (which do not contain personal information) may be retained indefinitely.
  • Microsoft Clarity session recordings: session recordings and associated data are retained by Microsoft for 30 days from the date of the recording. After this period, the data is automatically and permanently deleted.
  • Cookie consent preferences: your consent preferences are stored in a cookie on your device for 12 months. After this period, you will be asked to confirm your preferences again.

When personal data is no longer needed, we ensure it is securely deleted or anonymised so that it can no longer be associated with you.

8. Data security

We take appropriate technical and organisational measures to protect the personal data we collect against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption in transit: all data transmitted between your browser and our website is encrypted using TLS (Transport Layer Security), commonly indicated by the padlock icon and "https://" in your browser's address bar.
  • Secure hosting: our website is hosted on infrastructure with appropriate security controls, including firewalls, intrusion detection, and regular security patching.
  • Access controls: access to personal data is restricted to authorised personnel only, on a need-to-know basis.
  • Third-party security: the third-party services we use (Google and Microsoft) maintain their own comprehensive security programmes, including ISO 27001 certification and regular independent security audits.

While we take all reasonable precautions, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your data, but we are committed to protecting it to the highest standard reasonably achievable.

9. Your rights under the UK GDPR

The UK GDPR gives you a number of rights in relation to your personal data. You can exercise any of these rights free of charge by contacting us at [email protected].

Right of access (Article 15)

You have the right to request a copy of the personal data we hold about you. This is commonly known as a "subject access request". We will provide the information in a commonly used electronic format within one month of receiving your request.

Right to rectification (Article 16)

If you believe that any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it. We will do so without undue delay.

Right to erasure (Article 17)

You have the right to request the deletion of your personal data where there is no compelling reason for us to continue processing it. This right applies in certain circumstances, including where the data is no longer necessary for the purpose for which it was collected, where you withdraw your consent, or where you object to the processing and there are no overriding legitimate grounds.

Right to restrict processing (Article 18)

You have the right to request that we temporarily stop processing your personal data in certain circumstances, for example while we verify the accuracy of your data or consider your objection to processing.

Right to data portability (Article 20)

Where processing is based on consent or contract and carried out by automated means, you have the right to receive the personal data you provided to us in a structured, commonly used, machine-readable format. You also have the right to request that we transmit this data directly to another controller where technically feasible.

Right to object (Article 21)

You have the right to object to our processing of your personal data where we are relying on legitimate interests as our lawful basis. If you object, we will stop processing your data unless we can demonstrate compelling legitimate grounds that override your rights, or the processing is necessary for the establishment, exercise, or defence of legal claims.

Right to withdraw consent

Where we process your data based on consent (specifically, for non-essential cookies), you can withdraw your consent at any time. You can do this by adjusting your cookie preferences through the cookie settings link in the footer of any page, or by clearing your browser cookies. Withdrawing consent does not affect the lawfulness of any processing carried out before the withdrawal.

Exercising your rights

To exercise any of the above rights, please email us at [email protected]. We may need to verify your identity before fulfilling your request. We will respond to all legitimate requests within one month. In exceptional circumstances, where a request is particularly complex or we receive multiple requests, we may extend this period by a further two months, but we will inform you of any extension within the initial one-month period.

If you are not satisfied with how we handle your request or you believe we are processing your data unlawfully, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection. You can contact the ICO at ico.org.uk.

10. Cookies

Our website uses cookies and similar technologies to provide analytics and session recording functionality. Cookies are small text files stored on your device that help us understand how visitors use our site.

We categorise cookies into two groups: essential cookies (required for the website to function, such as storing your consent preferences) and analytics cookies (used by Google Analytics 4 and Microsoft Clarity to collect usage data). Analytics cookies are only set with your prior consent.

For a full list of the cookies we use, their purposes, and their durations, please see our Cookie Policy.

11. Children's data

Our website and services are designed for businesses and are not directed at children under the age of 16. We do not knowingly collect, store, or process personal data from anyone under 16 years of age.

If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at [email protected].

12. Links to other websites

Our website may contain links to external websites that are not operated by us. If you follow a link to a third-party website, please be aware that the website will have its own privacy policy. We have no control over and accept no responsibility for the content, privacy practices, or policies of any third-party websites. We encourage you to read the privacy policy of every website you visit.

13. Changes to this policy

We may update this privacy policy from time to time to reflect changes in our practices, the services we use, or applicable laws and regulations. When we make changes, we will update the "last updated" date at the top of this page.

For significant changes that materially affect how we process your personal data, we will make reasonable efforts to notify you, such as displaying a prominent notice on our website.

We encourage you to review this policy periodically to stay informed about how we are protecting your data.

14. How to contact us

If you have any questions, concerns, or requests regarding this privacy policy or our handling of your personal data, please contact us:

  • Email: [email protected]
  • Post: Vertanet Ltd, Second Floor, Kirkland House, 11-15 Peterborough Road, Harrow, Middlesex, HA1 2AX

We aim to respond to all enquiries within 5 working days.