Privacy Policy
Vianet Privacy Notice
ABOUT US
Vianet Limited (we, us, our) is committed to protecting and respecting your privacy. For the purposes of data protection legislation, we are the data controller and we will process your personal data in accordance with the United Kingdom General Data Protection Regulation (UK GDPR), Data Protection Act 2018, the Data (Use and Access Act) 2025 and the Privacy and Electronic Communication Regulations 2003 (data protection laws) which relate to the processing of personal data. We are registered with the Information Commissioner’s Office (or any successor body) (ICO), the UK’s data protection regulator, under registration reference ZA259668. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Please note that this Privacy Notice applies to our activities as a data controller.
PERSONAL DATA WE COLLECT ABOUT YOU
Personal data is defined in data protection laws as any information relating to an identified or identifiable living individual. We may collect personal data in the following circumstances:
When you visit our website or use our mobile applications:
• when you complete forms on our website, we may collect personal data such as your name, address, email address, telephone number, date of birth and employer which is provided at the time of registering to use our website, where you ask us to contact you about our goods or services, subscribe to our mailing list, or subscribe/request or goods or services;
• whenever you provide information to us when reporting a problem with our website and/or mobile applications, making a complaint, making an enquiry or contacting us for any other reason. If you contact us, we may keep a record of that correspondence;
• whenever you disclose your information to us, or we collect information from you in any other way, through our website and/or mobile applications;
• data that is automatically collected, such as your Internet Protocol address, for reasons of fraud protection. We may also collect information about your device’s operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual;
• cookie data: our website uses cookies to distinguish you from other users of our website. This helps us provide you with a good experience when you browse our website and also helps us improve it. If you do not wish to allow the use of cookies, you can change your browser settings to block their deployment. You can find our cookie policy here https://vianetplc.com/cookie-policy/.
Links to third party websites: Our website may, from time to time, contain links to and from the websites of third parties. Please note that if you follow a link to any of these websites, those websites will apply different terms regarding the collection and use of your personal data, and we do not accept any responsibility or liability for these policies. When you leave our website, we encourage you to read the privacy notice/policy of every website you visit.
When you enter into a contract with us:
• When you enter into a contract with us, we may collect details such as your name, contact details, bank details, the equipment you use/our goods/services you interact with, details of any work we undertake on your behalf, sales data and transaction history when you order or receive goods or services from us either via our website, on the telephone or in person, trading names, shareholdings, trading history, details of how you process payments and the channel through which you generate sales.
• We will use this information to process your order/provide you with services, perform checks, monitor transactions to prevent or detect crime, assess suitability for credit and comply with our contractual obligations.
• Know Your Customer (KYC): We may conduct KYC checks when required to comply with our legal obligations. We may request your passport details and any other information as required under applicable laws or regulations to fulfil our KYC obligations. We use this information to confirm your identity and comply with legal requirements. Some of this data may constitute ‘Special Category Data’ such as ID documents (see ‘Special Category Data’ below for more detail), which is given special protection under data protection laws due to its particular sensitivity. To process this information, we will generally rely on the lawful basis of compliance with a legal obligation (Article 6(1)(c) UK GDPR) and an additional condition of reasons of substantial public interest (Article 9(1)(g) UK GDPR).
• We may also advertise your feedback on our website and marketing materials (subject to obtaining your prior consent where necessary).
When you are a customer of our customer:
• If a customer of ours provides services/goods to you and instructs us to attend your premises to provide services to our customer as part of their arrangement with you, we may collect details such as your name, contact details, and the equipment you use.
• The information we collect will be used to perform our contractual obligations, for our legitimate interests, to contact you to arrange access to your premises/the equipment, and to address any other issues that may arise as part of the service/goods we supply.
Where you are a supplier of ours:
• We will collect details such as name, contact details and bank details to contact you about goods or services ordered with you, to place further orders and to pay you for the goods and/or services supplied.
SPECIAL CATEGORY DATA
Special Category Data is personal data that is afforded additional protection under data protection laws due to its sensitive nature, including, for example, data revealing racial or ethnic origin, data concerning health, and biometric data where used for identification purposes.
We may process Special Category Data for a several purposes, including to complete KYC checks (see ‘Know Your Customer’ section above), to comply with employment laws, or to make reasonable adjustments for individuals.
In each case where we process Special Category Data, we will ensure that such processing complies with data protection laws, including ensuring that we have an appropriate lawful basis under Article 6 UK GDPR, and an applicable condition under Article 9 UK GDPR.
HOW WE DETERMINE HOW LONG PERSONAL DATA IS RETAINED FOR
We only retain your personal data as long as it is necessary to carry out the purpose for which it was collected. Depending on the type of personal data and the products or services you use, different retention periods will apply. Where we are a data controller, this is generally in line with statutory limitation periods (6-7 years). After that time, we securely erase your personal data. Where we are a ‘processor’, the relevant controller company will be responsible for dictating retention.
We determine the length of time personal data is retained for by taking into account a number of factors, such as whether there are any statutory requirements to process that personal data, the length of time it is required in order to carry out our business activities relating to that personal data, and if we have contractual obligations that need to be complied with. We will never retain personal data for longer than necessary.
OUR LAWFUL BASIS FOR PROCESSING YOUR PERSONAL DATA
We will only process your personal data where we have a lawful basis under data protection laws. The lawful bases we rely on are set out below:
• Contract: for the performance of a contract we enter into with you;
• Legal obligation: where necessary for compliance with a legal or regulatory obligation we are subject to;
• Consent: where you have provided your consent in order for us to process your personal data;
• Legitimate interests: where we have a legitimate interest to do so. This includes to:
• provide you with information or services that you requested from us;
• allow you to participate in interactive features of our website and/or mobile applications, when you choose to do so;
• ensure that content from our website and/or mobile applications is presented in the most effective manner for you and for your device;
• improve our website, mobile applications and services;
• process and deal with any complaints or enquiries made by you; and
• contact you for marketing purposes where you have signed up for these;
• Recognised legitimate interests: where we have a recognised legitimate interest, including where it is necessary to process personal data to: (i) detect, investigate or prevent crime; or (ii) apprehend or prosecute offenders.
IF YOU FAIL TO PROVIDE PERSONAL DATA
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide the data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.
SHARING YOUR PERSONAL DATA
We only share your data with third parties who agree to comply with our data security standards and applicable data protection laws. We may disclose your information to third parties as follows:
• to staff members in order to facilitate the provision of goods or services to you;
• to our affiliated entities to support internal administration;
• IT software providers that host our website and/or mobile applications and store data on our behalf;
• in order to perform our contract with you, we may need to share personal data with third parties such as payment providers, credit agencies, payment processers such as Elavon Financial Services, and postal service organisations to assist in the delivery of goods or services you have ordered;
• professional advisers, including consultants, lawyers, bankers and insurers who provide us with consultancy, banking, legal, insurance and accounting services;
• HM Revenue and Customs, regulators and other authorities who require reporting of processing activities in certain circumstances; and
• third parties who we may choose to sell, transfer or merge parts of our business or assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
We may disclose personal data to the police, regulatory bodies, legal advisors or similar third parties where we are under a legal duty to disclose or share personal data in order to comply with any legal obligation, or in order to enforce or apply our website terms and conditions and other agreements; or to protect our rights, property, or safety of our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
MARKETING
In addition to the uses described above, where permitted under data protection laws, we may use your personal data for our legitimate interests in order to provide you with details about our goods, services, business updates and events which we think may be of interest.
You have the right to opt out of receiving our marketing communications at any time. To opt out of receiving such information, you can:
• tick the relevant box situated in the form on which we collect your information;
• clicking the unsubscribe button contained in any such communication received; or
• email us at dpo@vianetplc.com providing us with your name and contact details.
MONITORING AND RECORDING
We may monitor and record communications with you (such as telephone communications and emails) for the purpose of quality assurance, training, fraud prevention and compliance. All telephone communication recordings are removed after 6 months.
AUTOMATED PROCESSING
Some decisions that we make that have a legal or similarly significant effect on you may be made by automated means. Where we do so, we will at all times comply with data protection laws and we will inform you that such a decision is made by use of automated means.
If you are not happy or disagree with a decision that has been made about you by way of automated means, you can ask us to instruct a human to review that decision. You also have the right to contest the decision.
USE OF AI SYSTEMS
Where we refer to AI Systems, we mean any machine-based system that is designed to operate with varying levels of autonomy, may exhibit adaptiveness after deployment, and, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments.
We may use AI Systems to support certain parts of the customer lifecycle and to make our processes more efficient. Any use of AI Systems will be proportionate and responsible. Where we undertake a material use of AI Systems that concerns you, we will update this notice in respect of such use.
TRANSFERRING YOUR PERSONAL DATA OUTSIDE OF THE UNITED KINGDOM
As a global organisation, we strive to uphold the highest standards of data protection and privacy, ensuring your personal data is handled with care and accessed by authorised personnel located in the United Kingdom and other territories.
We or our sub-processors may transfer your personal data outside of the United Kingdom. Where we transfer your personal data outside of the United Kingdom, we always comply with data protection laws designed to ensure the privacy and appropriate protection of your personal data, including assessing whether the standard of protection for personal data in the relevant territory is not materially lower than that in the United Kingdom.
Where we or our sub-processors transfer personal data outside of the United Kingdom, we do so on the basis of:
• the relevant receiving party being located in a territory that is subject to an adequacy decision under Article 45 UK GDPR;
• binding corporate rules;
• adequate safeguards in accordance with Article 46 UK GDPR, including legally-approved standard data protection clauses; or
• as otherwise permitted by applicable data protection law.
DATA SECURITY
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website and/or mobile applications, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted to our website and/or mobile applications; any transmission is at your own risk.
Information you provide to us is shared on our secure servers. We have implemented appropriate physical, technical and organisational measures designed to secure your information against accidental loss and unauthorised access, use, alteration or disclosure. In addition, we limit access to personal data to those employees, agents, contractors and other third parties that have a legitimate business need for such access.
YOUR PRIVACY RIGHTS
Data protection laws provide individuals with certain rights that relate to the processing of their personal data. These rights can be exercised at any time by contacting us. These rights are:
Your right
What this means for you
The right to access
The right to be provided with a copy of your personal data.
The right to have information corrected ("right to rectification")
The right to require us to correct any mistakes in your personal data.
The right to have information deleted ("right to erasure" or the "right to be forgotten")
The right to require us to delete your personal data, in certain circumstances.
The right to object
The right to object:
• at any time to your personal data being processed for direct marketing (including profiling);
• in certain other situations, to our continued processing of your personal data (e.g., processing carried out for the purpose of our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims).
The right to restrict processing
The right to require us to restrict processing of your personal data in certain circumstances (e.g., if accuracy is contested).
The right to data portability
The right to receive your personal data in a structured, commonly used and machine readable format and/or transmit that data to a third party – in certain circumstances.
The right to withdraw consent at any time
Where you have consented to processing, you have a right to withdraw that consent easily at any time. Please note that withdrawing consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn.
The right to complain
The right to complain directly to us, and have your complaint investigated, if you believe there has been a breach or infringement of data protection laws or your data subject rights.
When you contact us to exercise your privacy rights, we may request specific information from you to help us confirm your identity.
Right to access
When you request your personal data from us, we may ask you for more information to identify what your request relates to. Where we do so, the time limit for responding to your request will be paused from the time we ask for this information and resume when we receive it from you.
Upon receiving your request and verifying your identity, we will conduct a reasonable and proportionate search for the personal data within the scope of your request.
Data protection laws may allow or require us to refuse to provide you with access to some or all the personal data that we hold about you or to comply with any requests made by you. If we cannot provide you with access to your personal data, or process any other request we receive, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
Right to complain
You have the right to make a complaint to us if you consider that we have acted in a way that has infringed your data protection rights or an infringement of data protection laws. Upon receiving your complaint, we will acknowledge it within 30 days. We will investigate your complaint and inform you of the outcome.
If you wish to make a complaint, please use the complaints form on our Website or contact us by using the details listed at the end of this notice.
How can I exercise my rights?
Please send any requests relating to the above to us at dpo@vianetplc.com specifying your name, the action you would like us to undertake, and any other information you think may be relevant to the facilitation of your request.
CHANGES TO OUR PRIVACY NOTICE
We reserve the right to update this privacy notice at any time, and any changes we make to our privacy notice will be posted on this page. Please check periodically for any updates. If we would like to use your previously collected personal data for different purposes than those we notified you about at the time of collection, we will provide you with notice and, where required by law, seek your consent before using your personal data for a new or unrelated purpose. We may process your personal data without your knowledge or consent where required by applicable law or regulation.
HOW TO CONTACT US
We have appointed a Data Lead to oversee compliance with this privacy notice. If you have any questions, comments or requests regarding this notice or how we use your personal data please contact our Data Lead at dpo@vianetplc.com.
We encourage all individuals to contact us first in respect of any questions or queries they may have and we will do all that we can to resolve them. If you are not happy with our response or the way in which we have dealt with your query, you may then contact the Information Commissioner's Office (or successor body) at https://ico.org.uk/global/contact-us/.
ITPOL24 011 19.03.26