VenRAAG

1. Information We Collect

We collect the following categories of personal data:

• Usage & Account Data: Business contact details, uploaded documents, login credentials, and usage metadata while accessing our Services.
• Website Interactions: IP addresses, browser type, cookie identifiers, page views, form submissions (e.g., demo requests, newsletter sign-ups).

2. How We Use Your Information

Your information is used for the following purposes:

• To provide, maintain, and personalize our Website and Services.
• To communicate with you regarding updates, service support, and marketing messages (based on your preferences).
• To analyze website and service usage for performance improvement and user experience optimization.
• To comply with legal obligations and enforce our rights.

3. Lawful Basis for Processing

We process your personal data under the following legal bases:

• Consent: For sending marketing emails, newsletter subscriptions, and optional cookies.
• Contractual necessity: To provide you with access to our Services when you sign up.
• Legal obligation: For complying with regulatory and legal requirements.
• Legitimate interests: For internal analytics, service optimization, and security monitoring, provided your rights do not override these interests.

4. Sharing of Personal Information

We do not sell your personal data. However, we may share your data with:

• Affiliates and Partners: Under non-disclosure agreements (NDAs) for joint service delivery.
• Service Providers: Third-party vendors such as hosting platforms, analytics tools, or email service providers—only to the extent necessary. All processors are contractually obligated to comply with GDPR.
• Legal Authorities: When required by applicable laws, regulations, or legal processes.

5. Cookies & Analytics

We use cookies and pixel tags for:

• Authentication
• Website functionality and performance
• Usage analytics via platforms like Google Analytics

When you first visit our site, you will be presented with a cookie consent banner allowing you to:

• Accept all cookies
• Reject non-essential cookies
• Customize your preferences

Cookies are not activated unless you provide consent (except strictly necessary cookies). You can change your preferences at any time via the "Cookie Settings" link in the footer.

For full details, please refer to our Cookie Policy.

6. Security Measures

We maintain industry-standard security practices, including:

• 256-bit AES encryption (in transit and at rest)
• Role-based access controls
• Regular internal audits and third-party assessments
• Privacy by design and default in all software development and infrastructure decisions

These safeguards are designed to protect your data's integrity, confidentiality, and availability.

7. Data Retention

We retain personal data only as long as:

• Necessary to fulfil the purposes outlined in this policy
• Required by applicable legal, tax, or contractual obligations

Typical durations include:

• Contact and account data: up to 6 years
• Analytics data: 26 months
• Form submissions: 12 months

Once the retention period expires, data is securely deleted or anonymized.

8. Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware
• Notify affected individuals without undue delay, when applicable

9. Data Protection Impact Assessments (DPIAs)

Where data processing poses a high risk to individuals' rights and freedoms (e.g., large-scale use of AI tools), we conduct Data Protection Impact Assessments (DPIAs) to evaluate and mitigate such risks.

10. Records of Processing Activities (RoPA)

In accordance with Article 30 of the GDPR, we maintain internal records of processing activities (RoPA) that document the purposes, categories, recipients, and safeguards of all personal data processed.

11. Your Rights

Under the UK/EU GDPR, you have the right to:

• Access your data
• Correct inaccurate or incomplete data
• Request deletion of your data ("right to be forgotten")
• Object to certain types of processing
• Request a copy of your data (data portability)
• Withdraw previously given consent at any time

To exercise these rights, contact us at: privacy@venraag.com

12. International Data Transfers

We may process and store your data in jurisdictions outside the UK/EU, including the US and Canada. In such cases, we use appropriate safeguards, such as:

• Standard Contractual Clauses (SCCs)
• Binding corporate rules (where applicable)
• Vendor-level GDPR compliance agreements

13. Policy Updates

We may periodically update this Privacy Policy. We will update the "Last Updated" date at the top of this page and may notify you of significant changes.

14. Contact Us

If you have any questions or concerns about this Privacy Policy or your personal data, please contact: