Privacy Policy

PRIVACY POLICY

VEMAK LTD

Effective Date: January 2026

Version: 1.0

1. INTRODUCTION

VEMAK LTD ("we", "us", or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, and protect personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Company Details:

Legal Name: VEMAK LTD

Registered Office: 14 Creekside, Rainham, United Kingdom

Email: [email protected]

Lead Supervisory Authority: Information Commissioner's Office (ICO)

2. OUR ROLE: CONTROLLER VS. PROCESSOR

It is critical to distinguish how we handle data:

We act as Data Controller for the information you provide to us directly as our Client (e.g., your name, billing details, business contact info).

We act as Data Processor for the data stored inside the "Revenue Recovery System" (e.g., your leads, customer lists, and booking data). You (the Client) are the Controller of this data, and we process it strictly to provide the hosting and software services.

3. DATA WE COLLECT (AS CONTROLLER)

We collect the following data when you purchase our services or visit our website:

Identity Data: Names, usernames, or similar identifiers.

Contact Data: Billing address, email address, and telephone numbers.

Financial Data: Partial payment card details (processed securely via Stripe; we do not store full card numbers).

Transaction Data: Details about payments and services purchased.

Technical Data: IP address, browser type, and login data when you access our Support Portal or Client Dashboard.

4. HOW WE USE YOUR DATA

We rely on the following lawful bases to process your data:

Performance of Contract: To deliver the "Revenue Recovery System," manage payments, and provide support.

Legal Obligation: To keep accounting records for HMRC.

Legitimate Interests: To prevent fraud, secure our network, and send you service updates (e.g., "System Maintenance" alerts).

5. DATA SHARING & SUB-PROCESSORS

To provide our services, we share data with trusted third-party service providers ("Sub-Processors"). We have Data Processing Agreements (DPAs) in place with these providers.

Third Party

Purpose

Location

GoHighLevel (HighLevel, Inc.)

CRM & Hosting Platform

USA

Stripe

Payment Processing

USA/EU

Twilio / Mailgun

SMS & Email Infrastructure (via GHL)

USA

Google Workspace

Internal Email & Storage

USA/EU

6. INTERNATIONAL TRANSFERS

Many of our software partners (specifically GoHighLevel) are based in the USA. When we transfer data outside the UK/EEA, we ensure protection via:

UK 'Bridge' to the EU-US Data Privacy Framework: Ensuring US providers are certified; OR

Standard Contractual Clauses (SCCs): Legal contracts approved by the UK Government/ICO that mandate data protection standards.

7. DATA SECURITY

We have implemented security measures to prevent your personal data from being lost, used, or accessed in an unauthorized way, including:

Encryption: Data is encrypted in transit (SSL/TLS) and at rest where possible.

Access Control: Only authorized personnel have access to the backend systems.

Two-Factor Authentication (2FA): Enforced on our administrative accounts.

8. DATA RETENTION

Client Data: We retain your account data for the duration of your subscription plus 6 years for tax/legal purposes.

System Data (Your Leads): Upon termination of your service, we retain the data for 30 days to allow for the "Portability Guarantee" export, after which it is permanently deleted.

9. YOUR LEGAL RIGHTS

Under UK GDPR, you have the right to:

Request access to your personal data (Subject Access Request).

Request correction of inaccurate data.

Request erasure ("Right to be Forgotten") where there is no good reason for us to continue processing it.

Object to processing where we are relying on a legitimate interest.

To exercise these rights, please email us at [SUPPORT EMAIL ADDRESS]. We strive to respond to all legitimate requests within one month.

10. COOKIES

We use essential cookies to keep you logged into the Client Dashboard. We may use analytics cookies (like Google Analytics) to track website performance. You can block cookies via your browser settings, but some parts of the System may not function properly.

11. CHANGES TO THIS POLICY

We may update this policy from time to time. The latest version will always be posted on our website.