Privacy Policy
Last updated: 1 January 2026 · Effective date: 1 January 2026
1. Who We Are
Vertafy is a specialist technology brand owned and operated by IMA Management Group Ltd, a company registered in England and Wales (Company No. 14603036), with its registered office at 30 Churchill Place, London, E14 5RE, United Kingdom.
For the purposes of UK GDPR and EU GDPR, IMA Management Group Ltd is the Data Controller responsible for your personal data. For enquiries regarding this policy, contact us at: [email protected] or by post at the registered address above.
2. Data We Collect
We collect and process the following categories of personal data:
| Category | Examples | Purpose |
|---|---|---|
| Identity Data | Full name, job title, company name | Account creation, service delivery |
| Contact Data | Email address, phone number, postal address | Communication, support, billing |
| Technical Data | IP address, browser type, device identifiers, cookies | Security, analytics, service improvement |
| Usage Data | Pages visited, features used, session duration | Product analytics, UX improvement |
| Transaction Data | Subscription plan, payment history (not card details) | Billing, account management |
| Communication Data | Messages sent/received via our platform | Service delivery, compliance |
| Marketing Data | Communication preferences, campaign interactions | Targeted communications (with consent) |
We do not collect special category data (such as health, racial, or biometric data) unless explicitly required and consented to for a specific service.
3. How We Collect Your Data
We collect personal data through the following means:
- Direct interactions: When you complete a contact form, book a demo, subscribe to a plan, or communicate with us via email or phone.
- Automated technologies: As you interact with our website, we automatically collect Technical Data using cookies, server logs, and similar technologies.
- Third parties: We may receive data from analytics providers (e.g., Google Analytics), payment processors, and CRM platforms integrated with our service.
- Service usage: Data generated through your use of the Vertafy platform, including communication logs and automation workflow activity.
4. Legal Basis for Processing
We process your personal data under the following lawful bases:
- Contract performance: Processing necessary to deliver the services you have subscribed to.
- Legitimate interests: For fraud prevention, network security, improving our services, and direct marketing to existing clients.
- Legal obligation: Where we are required to process data to comply with applicable law (e.g., tax records, anti-money laundering).
- Consent: For marketing communications to prospects, and for non-essential cookies. You may withdraw consent at any time.
5. How We Use Your Data
We use your personal data to:
- Provide, operate, and maintain the Vertafy communication infrastructure platform.
- Process transactions and manage your subscription account.
- Send transactional communications (invoices, service updates, security alerts).
- Respond to enquiries, support requests, and demo bookings.
- Send marketing communications where you have consented or where we have a legitimate interest.
- Conduct analytics to improve our website and services.
- Comply with legal and regulatory obligations.
- Detect and prevent fraud, abuse, and security incidents.
6. Data Sharing and Disclosure
We do not sell your personal data. We may share your data with:
- Service providers: Third-party vendors who assist in delivering our services (e.g., cloud hosting, payment processing, email delivery, analytics). All processors are bound by data processing agreements.
- Professional advisers: Lawyers, accountants, and auditors under duties of confidentiality.
- Regulators and authorities: Where required by law, court order, or regulatory obligation.
- Business transfers: In connection with a merger, acquisition, or sale of assets, subject to appropriate confidentiality protections.
7. International Transfers
Vertafy operates infrastructure in both the United Kingdom and the United States. Where personal data is transferred outside the UK or European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office (ICO) or the European Commission, as applicable.
8. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements. Specifically:
- Active client account data: retained for the duration of the subscription plus 7 years (for tax and legal compliance).
- Enquiry and contact form data: retained for 2 years from last contact.
- Communication logs: retained for 12 months unless a longer period is required by contract or law.
- Marketing data: retained until you opt out or withdraw consent.
9. Your Rights
Under UK GDPR and EU GDPR, you have the following rights:
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate or incomplete data.
- Right to erasure: Request deletion of your data where there is no compelling reason for continued processing.
- Right to restrict processing: Request that we limit how we use your data.
- Right to data portability: Request transfer of your data to you or a third party in a structured, machine-readable format.
- Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
- Rights related to automated decision-making: Not to be subject to solely automated decisions that produce significant legal effects.
California residents (CCPA): You have the right to know what personal information is collected, the right to delete personal information, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising your rights.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the UK ICO (ico.org.uk) or your local supervisory authority.
10. Cookies
Our website uses cookies and similar tracking technologies to enhance your experience and gather analytics. We use:
- Strictly necessary cookies: Required for the website to function. Cannot be disabled.
- Analytics cookies: Help us understand how visitors interact with our site (e.g., Google Analytics). Only set with your consent.
- Marketing cookies: Used to deliver relevant advertisements. Only set with your consent.
You can manage your cookie preferences at any time through your browser settings or our cookie consent tool.
11. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include AES-256 encryption at rest and in transit, access controls, regular security audits, and staff training. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email (where we hold your contact details) or by posting a prominent notice on our website. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of our services after changes become effective constitutes acceptance of the revised policy.
13. Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:
IMA Management Group Ltd (trading as Vertafy)
30 Churchill Place, London, E14 5RE, United Kingdom
Email: [email protected]
Phone: +44 7729 395452
Company No. 14603036 · Registered in England & Wales