Privacy Policy
How virolexandio protects and manages your personal information in accordance with UK data protection laws
Introduction and Data Controller Information
virolexandio operates as your trusted partner for financial statement analysis services. We're committed to protecting your personal data and being transparent about how we collect, use, and safeguard your information.
As the data controller, virolexandio is responsible for your personal data. Our registered office is located at 156 Arundel St, Sheffield City Centre, Sheffield S1 4RE, United Kingdom. You can reach our data protection team at info@virolexandio.com or +447841465311.
Data Controller Details:
Company Name: virolexandio
Address: 156 Arundel St, Sheffield City Centre, Sheffield S1 4RE, United Kingdom
Email: info@virolexandio.com
Phone: +447841465311
This policy explains how we handle personal data in compliance with UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We process your data fairly, lawfully, and transparently.
Information We Collect
Personal Information You Provide
- Contact details including name, email address, phone number, and business address
- Company information such as business name, industry sector, and company size
- Financial data and documents you submit for analysis purposes
- Communication records including emails, phone calls, and meeting notes
- Service preferences and specific analysis requirements
Information We Collect Automatically
- Website usage data through cookies and similar technologies
- IP address, browser type, and device information
- Pages visited, time spent on site, and referral sources
- System access logs for security and troubleshooting purposes
| Data Type | Purpose | Legal Basis | Retention Period |
|---|---|---|---|
| Contact Information | Service delivery and communication | Contract performance | 7 years after contract end |
| Financial Documents | Analysis and reporting services | Contract performance | 7 years (regulatory requirement) |
| Website Analytics | Site improvement and marketing | Legitimate interests | 26 months |
| Marketing Communications | Business development | Consent or legitimate interests | Until withdrawal of consent |
How We Use Your Information
We process your personal data for specific, legitimate purposes that support our business relationship and comply with legal requirements.
Service Delivery
- Performing financial statement analysis and creating customized reports
- Communicating about your projects and delivering completed analyses
- Managing client accounts and maintaining service records
- Providing technical support and addressing service inquiries
Business Operations
- Processing payments and managing invoicing procedures
- Maintaining accurate business records and client databases
- Conducting internal audits and quality assurance reviews
- Training staff to better serve client needs and improve service quality
Legal and Regulatory Compliance
We may process your data to comply with legal obligations, including anti-money laundering requirements, tax obligations, and regulatory reporting standards that apply to financial services.
Legal Basis for Processing: We process your personal data based on contract performance, legal obligations, legitimate interests, and where applicable, your explicit consent. We never process sensitive personal data without appropriate legal grounds and safeguards.
Data Sharing and Third Parties
We maintain strict control over your personal data and only share information when necessary for service delivery or legal compliance.
Trusted Service Providers
- Cloud storage providers for secure data hosting and backup services
- IT support companies for system maintenance and security monitoring
- Payment processors for handling invoices and financial transactions
- Professional advisors including legal counsel and accountants when required
Legal Disclosure Requirements
We may disclose personal data when required by law, court orders, or regulatory authorities. This includes cooperation with law enforcement agencies, tax authorities, and financial regulators when legally obligated.
Data Processing Agreements
All third-party service providers sign comprehensive data processing agreements that ensure they maintain the same high standards of data protection we uphold. These agreements specify security measures, data handling procedures, and confidentiality requirements.
International Transfers: If we transfer your data outside the UK, we ensure adequate protection through approved transfer mechanisms such as adequacy decisions or appropriate safeguards including standard contractual clauses.
Your Data Protection Rights
Under UK data protection law, you have several important rights regarding your personal data. We're committed to helping you exercise these rights effectively.
Your Individual Rights
- Right of Access: Request copies of your personal data and information about how we process it
- Right to Rectification: Ask us to correct inaccurate or incomplete personal data
- Right to Erasure: Request deletion of your personal data in certain circumstances
- Right to Restrict Processing: Ask us to limit how we use your personal data
- Right to Data Portability: Receive your data in a structured format for transfer to another provider
- Right to Object: Object to processing based on legitimate interests or for marketing purposes
Exercising Your Rights
To exercise any of these rights, contact us at info@virolexandio.com or call +447841465311. We'll respond to your request within one month, though complex requests may require additional time.
When contacting us about your data rights, please provide sufficient information to help us locate your records and verify your identity. This helps us protect your personal data from unauthorized access.
Right to Complain: If you're not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling their helpline on 0303 123 1113.
Data Security and Protection Measures
Protecting your personal data is fundamental to our business operations. We implement comprehensive security measures to safeguard information against unauthorized access, alteration, disclosure, or destruction.
Technical Security Measures
- End-to-end encryption for all data transmissions and storage systems
- Multi-factor authentication for all system access points
- Regular security audits and penetration testing by independent specialists
- Automated backup systems with encrypted off-site storage
- Firewall protection and intrusion detection monitoring
Organizational Security Measures
- Comprehensive staff training on data protection principles and procedures
- Strict access controls ensuring personnel only access data necessary for their role
- Regular review and updating of security policies and procedures
- Incident response procedures for potential data breaches
- Confidentiality agreements for all employees and contractors
We maintain detailed records of all processing activities and conduct regular assessments to ensure our security measures remain effective against evolving threats.
Breach Notification: In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we'll notify you within 72 hours of becoming aware of the breach, along with details of what happened and steps we're taking to address it.
Data Retention and Deletion
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and protect our legitimate business interests.
Retention Periods
- Client Service Records: 7 years after completion of services (in line with accounting standards)
- Financial Documents: 7 years (regulatory requirement for financial records)
- Communication Records: 6 years after last contact for business purposes
- Marketing Consent Records: Until consent is withdrawn or 3 years of inactivity
- Website Analytics: 26 months from collection date
- Legal Documentation: As required by applicable limitation periods
Deletion Procedures
When retention periods expire, we securely delete personal data using industry-standard methods that ensure information cannot be recovered. This includes secure deletion of digital files and physical destruction of paper records.
We maintain deletion logs to document when and how personal data has been removed from our systems, ensuring accountability and demonstrating compliance with data protection requirements.
Active Review Process: We regularly review stored personal data to identify information that has reached its retention limit and schedule it for secure deletion. This process runs quarterly to ensure compliance with our retention schedule.
Cookies and Website Technologies
Our website uses cookies and similar technologies to improve your browsing experience, analyze site performance, and support our marketing efforts.
Types of Cookies We Use
- Essential Cookies: Required for basic site functionality and security features
- Performance Cookies: Help us understand how visitors interact with our website
- Functional Cookies: Remember your preferences and personalize your experience
- Marketing Cookies: Used to deliver relevant advertisements and track campaign effectiveness
You can control cookie settings through your browser preferences. However, disabling certain cookies may limit some website functionality.
Third-Party Analytics
We use Google Analytics to understand website usage patterns and improve our online services. This service collects anonymized data about your site interactions, which helps us enhance user experience.
Cookie Consent: When you first visit our website, we'll ask for your consent to use non-essential cookies. You can withdraw this consent at any time by contacting us or adjusting your browser settings.
Children's Privacy
Our services are designed for businesses and professional users. We do not knowingly collect personal data from individuals under 16 years of age.
If we become aware that we have collected personal data from someone under 16 without appropriate parental consent, we will delete this information promptly. Parents or guardians who believe we may have collected information from their child should contact us immediately.
Our website content and services are not directed toward children, and we implement age-appropriate design measures to minimize data collection from young users.
Changes to This Privacy Policy
We review and update this privacy policy regularly to reflect changes in our services, legal requirements, or data handling practices. The "Last Updated" date at the top of this policy indicates when changes were last made.
For significant changes that affect how we use your personal data, we'll notify you by email or through a prominent notice on our website. We encourage you to review this policy periodically to stay informed about how we protect your information.
Continued use of our services after policy updates constitutes acceptance of the revised terms, though your fundamental rights under data protection law remain unchanged.
Version Control: We maintain records of previous policy versions for reference purposes. If you need information about how we handled your data under previous policies, please contact our data protection team.
Contact Our Data Protection Team
For questions about this privacy policy or how we handle your personal data:
Email: info@virolexandio.com
Phone: +447841465311
Address: 156 Arundel St, Sheffield City Centre, Sheffield S1 4RE, United Kingdom
We aim to respond to all data protection inquiries within 48 hours.