For contacting sales, you can call us at 01483 668 309

Vidiia - External Website Group Privacy Policy Statement December 2021  VIDIIA WEBSITE (EXTERNAL) DATA & PRIVACY POLICY

Last update: 08/December/2021

1. Overview

This is the privacy policy of Vidiia, the trading name of VIDIIA LTD, Company number 12682252, with registered office address at Surrey Technology Centre, 40 Occam Road, Surrey Research Park, Guildford, Surrey, United Kingdom, GU2 7YG on behalf of itself, its affiliates and subsidiaries (Vidiia). Vidiia provides scalable testing technologies and products for the testing and aggregation of virus test results and information. Vidiia provides both an efficient test platform to enable the carrying out of virus testing, and also provides an artificial intelligence platform for the collection and aggregation of covid and similar test result data which is provided through third parties selling test kits to individuals who can process those test results via the Vidiia Services and which test results are processed and validated and the end results provided to permitted 3rd parties (“Vidiia Services”). We refer to ourselves in this Privacy Policy as "Vidiia" or "we" and "our" and "us" shall be construed accordingly.

 

2. Purpose

We are committed to protecting and respecting your privacy. We collect, store and use information in accordance with the General Data Protection Regulations (EU) 2016/679 (the "GDPR"), the UK Data Protection Act 2018 and any other relevant legislation and regulations as amended from time to time. For the purposes of the GDPR, we are the data controller of any personal data we collect, hold or process about you. This Privacy Policy applies to all personal information we gather or use in connection with your relationship with us as a customer or potential customer, partner to our services or supplier. This includes when you use our website www.vidiia.com (our "Website"), services provided by us or others acting on our behalf, and when you interact with us. We will only use your personal information in accordance with this Privacy Policy. This Privacy Policy should be read together with other terms and conditions posted elsewhere on our website, including the end user terms for the use of the Vidiia services available at www.vidiia.com/site-terms. By using the Vidiia services and our website, and by providing any personal information to us, you are consenting to our use of your personal information as set out in this Privacy Policy. For the sake of good order, we would confirm that such consent does not allow us to undertake Marketing Communications without your separate and additional explicit consent as detailed in item 8 below. Please do not provide us with such consent or use the Vidiia Services if you do not want that information to be used by us in this manner. We may amend this Privacy Policy, and by using our services and our website, and where such changes do not amend how we treat you, any personal information or data you have or will provide to us, you are deemed to accept any such amendments to our Privacy Policy. Other than for the provision of marketing communications, whereby your consent will be requested, we reserve the right to apply the amended terms of this Privacy Policy to the information we have already collected. You will be notified by email of any such changes to this Privacy Policy. Any changes will be shown updated here. You should read and review this page regularly to see if there have been any changes.

 

3. How we may collect and/or receive your personal information (including sensitive data) This is collected and/or received by us when you:  

• Use or access our services; • fill in forms on our website, including any information you provide when you register, create or modify an online account with us; • communicate with us by email, telephone, in writing, through our website or via social media; • use or access our website and services (including, but not limited to, traffic data and data in relation to the resources you access); • respond to questionnaires you may be asked to complete; • manage recruitment and any employment applications and processes.

Vidiia - External Website Group Privacy Policy Statement December 2021  In running and maintaining our platform and services we may collect and process the following data:  • When you register for our services or register for information from us (“User”), we collect information such as your name, phone number, e-mail, company details, country, and a password.   • We also collect your IP address, browser type, operating system, mobile carrier, and your ISP, and receive the URLs of sites from which you arrive or leave the Vidiia website, or sites that have embedded Vidiia platform technology.  • We collect information through cookies and other technologies that allow us to recognize you and customize your experience.   • We collect your covid test results and any associated medical information which you provide to us either directly or via a 3rd party virus test provider (“Covid Test Information”); • When we receive your information from third parties, such as test providers or Government agencies or events providers; as part of the Vidiia servicers. As a User you are also be responsible for all the other personal data you include in your profile. • Vidiia also collects collect and process personal information in the following circumstances:    • When you give us your personal information by phone, email, and as part of the Vidiia services we provide. This includes but isn’t limited to information you give us when register with us, request information, upload test result details and associated information, work with us, request literature, or signup for newsletters. The information you give us can include your name, address, email address and other contact information. It can also include your financial information and other personal details. • When you authorise a 3rd party or provide your personal information and test results via a third party service;   • When you visit our website or use our services: we automatically collect information which includes: the Internet Protocol (IP) address used to connect your computer to the internet, your login information, your geographic location, your browser and browser plug-in type and version, and your operating system and platform. We also collect information about your visit, including the source of your visit, and the full click path and mouse movement through our sites (including date and time). This includes the services you viewed, searches you made on our sites, page response times, download errors, length of visits to certain pages, page interaction information (such as page scrolling, mouse clicks, mouse movements and keyed text), and how you navigated away from any page and any phone number you use to call our support services.  • When we email you: from time to time when you open an email we’ve sent you, we automatically collect information including your geographic location, browser type and version, the device, and the operating system and platform you’re using. We also collect information about your email consumption, including the full click path from within and on to our sites (including date and time), and whether you opened, deleted, forwarded, printed or unsubscribed from the email, and also how long the email was open.  If we don’t receive all of the personal information we’ve requested from you, then we won’t be able to provide our services for your benefit or use your information for our business purposes. Vidiia has no Responsibility or liability in connexion with the accuracy of information provided and relies solely on you or a third party full completeness and correctness of any information which is uploaded or provided to us via our services.

 4. What is personal information?

 

Vidiia - External Website Group Privacy Policy Statement December 2021 The types of personal information we receive, store and use may include:  • data provided by you or authorised third parties on your behalf to verify your identity, including your title, name, gender, address, telephone numbers, passport details, national insurance no., email address and date of birth; • your account information (including your username and password); • medical information provided as part of any virus test services or registration of test results; • your financial details including your bank account details, online banking information, credit or debit card number and transaction and credit information; • information about your interactions you may have with us and our staff, including interactions via email, telephone or through our website;  

5. Changes in your personal information

In order to ensure our records are accurate and update we may make periodic requests for you to confirm any or all of the relevant data items that we hold or we may ask to verify information with you.

6. How we use personal information

We use the personal information provided to us in order to provide the Vidiia Services. In particular, we collect, store and process your personal information listed at section 4 above. We process your data relying on any of the following grounds which apply to the collection and processing of your data: i) consent; or ii) where the processing is necessary for the performance of a contract with you; or iii) to meet our legal compliance obligations; or iv) under the legitimate interests ground. Vidiia’s legitimate business interest, and purpose of our processing your data, is to provide data and information on the firms and funds in the investment management industry. Processing your data also allows us to administer your account and customize the service we provide you and other Users as well as to send you service or promotional communications through email and notices on the Vidiia web platform. Specifically we process your data for the following reasons:  • to allow you to use the various features of our service; • to provide our services to you in connection with our legitimate business interests, includes carrying out any obligations specified in our end user terms and as part of the processing of your test results; • for purposes related to providing our products and services to you, including verifying and authenticating your identity, processing your payments, completing transactions and processing your requests; • to improve and tailor our products and services and train our staff; • for our own internal record-keeping requirements; • to help protect your account and prevent unauthorised access to your account; • where you have provided your explicit consent for us to do so, for marketing purposes, such as sending you email newsletters with our and our Affiliates' latest offers, information, promotions or products and services or other information we think you may find interesting or for customer satisfaction purposes in accordance with this Privacy Policy. • Gathering data for analysis and research, and to provide management information or other services internally and to third parties. • To administer our sites and for internal operations, including troubleshooting, data analysis, load management, testing, research, statistical and survey purposes. • To improve our sites to make sure that our content is as effective as we can for you and for the service we provide. • So you can choose to participate in any interactive features of our platform or sites.

Vidiia - External Website Group Privacy Policy Statement December 2021  • To monitor, record, store and use any telephone, email or other communication with you. We’ll update your records with any new information you or a third party give us, and we’ll add it to any information we already have. • When you call us or contact us we’ll collect the information and may keep a copy of the call or email for our records and for security purposes. We’ll also use your information to help improve our efficiency and effectiveness. • To deal with any enquiries or issues you have about how we collect, store and use your information, or any requests made by you for a copy of the information we hold about you. • For internal corporate reporting, business administration, ensuring adequate insurance coverage for our business, ensuring the security of company facilities, research and development, and to identify and implement business efficiencies.

 7. Do we share personal information with anyone else?

We do not sell, rent, or otherwise provide personally identifiable information to third parties without your consent except where it is necessary to carry out your instructions (to process your payment information, for example) or as described in this Privacy Policy. Please note that in order to fulfil any requests for paid services, we share your payment information with our payment processor. We may disclose personal information we collect or receive: • As part of our test services will provide your data to third parties who have been authorised by you to access your test results and associated personal information which may include sensitive personal data • to authorised government agencies, or regulators as required by law for the processing of any covid test information; • to you as part of the services provided; • to our associated companies only for the purposes of providing our services on your behalf • to third parties to provide a service to, or perform a function for us, or you, or who are otherwise appointed by us in connection with the services we offer you including those who are acting as our agent or sub-contractor, including, without limitation, data processing service providers executing brokers, custodians and our legal and professional advisors; • to any entity to whom we are required by any applicable law, regulation or legal process, to disclose the data. We would advise that on such occasions we may be restricted by law from notifying you of such disclosure.

  8. Marketing Communications

Only when you have provided your explicit consent will we send you marketing communications electronically (e-mail or text). Such communications may relate to goods, products, services or opportunities which are in our legitimate business interest and substantively similar to those that you have previously purchased, invested or expressed an interest in or if you have explicitly consented to us contacting you in this way. Please do not provide us with such consent if you do not want that information to be used by us in this manner. During the setting up of your account, you will have the choice as to whether you wish to provide your explicit consent to receive marketing communications from us and/or third parties. You can change your marketing preferences at any time by contacting us at info@vidiia.co.uk Where we hold your email address and you have not proceed to open an account or make an explicit request to receive any marketing communications, unless otherwise instructed, and in the absence of a response we will delete such email address from our records after 28 days.

9. Statistical information

We may aggregate information about you with information about other users of our website or services to create anonymised statistical data about users. This is statistical data that does not identify you nor contain any of your personal data. We may distribute any such aggregate information to third parties we work with in the legitimate interests of the business.

Vidiia - External Website Group Privacy Policy Statement December 2021

 10. Information security

We take the security of your personal data very seriously, and we use appropriate technologies and procedures to protect your personal information. We keep our data security procedures up to widely accepted international standards and only work with recognised suppliers. In addition, we review our policies regularly and update them whenever needed to protect you, and to meet our business needs, changes in technology, and regulatory requirements. Here are examples of the ways we protect your data: a) We have appropriate technical and organisational measures in place to protect you against accidental loss and unauthorised access, use, destruction or disclosure of your data. b) We have a business continuity and disaster recovery plan that is designed to help us offer our services and protect our people and assets no matter what happens. c) We place appropriate restrictions on access to personal information. d) We implement measures and controls, including monitoring and physical measures, to store and transfer data securely. e) We complete data protection impact assessments in accordance with legal requirements and our business policies. f) We provide data security training for our employees. g) We use a stringent approach to vendor risk management. The internet is an open medium and we can’t guarantee that any information you send to us by email or via our platform won’t be intercepted or tampered with. Any transmission is at your own risk. Once we’ve received your information, we use strict procedures and security features to try to prevent unauthorised access.

11. How long do we retain your data?

Contact details are stored for varying lengths depending on the nature and purpose for which it was collected. We will only retain test result information for a maximum of 1 month. Vidiia will review your personal data periodically to ensure it is still necessary to be retained for the purpose for which it was collected. Billing data is kept for the lifetime of our contract with you and then ongoing for seven years to comply with tax legislation. Backups of our products are retained for a year. However, we have processes to ensure if a restore is required Subject Rights are maintained. Financial data is retained is accordance with statutory and regulator requirements Marketing and sales data is retained and limited in accordance with this policy. Our services process and aggregate end user data and provide this information to authorised 3rd parties on your behalf. Once this data has been provided this cannot be cancelled.

12. Third party links

Our Website may contain links to enable you to visit third-party websites, mobile sites and mobile applications. Please note that while we try to work with reputable parties we do not have any control over there third-party websites, mobile sites or mobile applications. Therefore, we are not responsible for the protection and privacy of any information that you provide whilst visiting such sites. Such sites are governed by their own privacy policies and not this Privacy Policy. We would therefore strongly recommend that if you have any concerns you should review their relevant Privacy / Data protection policy prior to providing them with any personal data.

Vidiia - External Website Group Privacy Policy Statement December 2021

 13. Data storage

Personal information we collect from you may be transferred to and stored in destinations outside the European Economic Area ("EEA") and may be subject to be processed by staff operating outside the EEA. Countries outside the EEA may not offer the same levels of data protection as the UK. We will take reasonable steps to ensure that any of your personal information transferred outside the EEA will be treated securely and in accordance with our GDPR obligations and this Privacy Policy. By the use of our services and or Website, and by submitting your personal information to us, you agree that your personal information may be transferred, stored and processed outside of the EEA. We will take steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy. You should be aware that transmission of information via the internet is not entirely secure and we cannot guarantee the security of any data you transmit to our Website via the internet or any other means. We will retain your personal information and other information which we have collected or received to the extent required by applicable laws and as we may require for operational and legal purposes.

 

14. Access to information

You have a right under the GDPR to access information we hold about you by contacting us at dpo@vidiia.co.uk. Please include your name and address and any other information which may identify you. We will not charge you for any reasonable and or periodic requests to access this information. You will have the right to instruct us to move, copy or transfer your personal data from one IT environment to another in a safe and secure way, without any hindrance to usability. Where you request a transfer of your data we reserve the right to maintain a copy in line with our regulatory and statutory obligations. In addition, we may redact or remove any proprietary information relating to the activities of our firm or its affiliates.

15. What are your rights in relation to our use of your information?

You have rights under data protection law in relation to our use of your information, including to: 1. request access to your information, which you can do by emailing dpo@vidiia.co.uk stating you are submitting a Subject Access Request; 2. update or amend your information if it is inaccurate or incomplete by emailing dpo@vidiia.co.uk requesting an update; 3. object to certain uses of your personal data (which includes direct marketing and processing based on legitimate interests and processing for purposes of scientific or historical research and statistics) on grounds relating to your particular situation by emailing dpo@vidiia.co.uk; 4. withdraw any consents you have provided in respect of our use of your information either by clicking unsubscribe links in emails or emailing dpo@vidiia.co.uk; 5. request the return of information you have provided to us, to use for your own purposes (often called your right to data portability) where the processing is based on your consent or for the performance of a contract, and the processing is carried out by automated means; 6. lodge a complaint with the Information Commissioner’s Office (https://www.ico.org.uk/global/contact- us/email/) or other relevant supervisory authority. We may need to ask you for further information and identification to help us to comply with this request. More information about these rights can be found at https://ico.org.uk/for-the-public/. If you have any questions about these rights, or you would like to exercise any of them, please contact us at dpo@vidiia.co.uk We may need to ask you for further information and identification to help us to comply with this request. More information about these rights can be found at https://ico.org.uk/for-the-public/. If you have any questions about these rights, or you would like to exercise any of them, please contact us at dpo@vidiia.co.uk

16. Right to have your data deleted

You have the right to ask us to delete your personal data without undue delay and we shall comply where one of the following grounds applies:

Vidiia - External Website Group Privacy Policy Statement December 2021 • your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; • there is no other legal ground for us processing; • you object to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2); • your personal data has been unlawfully processed; • your personal data must be erased for compliance with a legal obligation in the UK or a Member State law to which the we are subject; (note we will require written evidence of such legal obligation) • please note that any personal data we hold in relation to the opening and or operation of your account with us may be subject to our record keeping obligations as provided by the Financial Conduct Authority in the UK. If you require further information, please email us at dpo@vidiia.co.uk  

17. Cookies

Cookies are small files placed on your device when you visit our Website. We use cookies to recognise you and your preferences, improve the performance of our Website and to create statistical data. Cookies generally fall into one of the following categories: • strictly necessary cookies which are cookies that are required to allow you to use a website and its features; • performance cookies which recognise and collect information about how visitors use a website to create aggregated, anonymous information that does not identify the visitor; • functionality cookies which allow the website to remember you and provide a more personalised service to you; • targeting or advertising cookies which are used to deliver adverts relevant to you.  Our Website uses the following types of cookies: strictly necessary cookies, performance cookies, functionality cookies and those, where you have provided explicit consent, targeting or advertising cookies. Some of our cookies may remain on your device between your browsing sessions. You can disable our cookies by changing the settings on your browser but doing so might mean you are unable to use certain features of our Website.

18. Contacting us

If you have any questions or comments on this policy or you would like to request a copy of your personal information, you can contact us at dpo@vidiia.co.uk