01 Overview
VirsAI Solutions ("we," "us," or "our") operates the website at virsaisolutions.com (the "Site"). This Privacy Policy describes how we collect, use, disclose, and safeguard personal data when you visit our Site or interact with us.
We are committed to protecting personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and where applicable, the EU General Data Protection Regulation (EU GDPR) and the California Consumer Privacy Act (CCPA).
This policy applies to all personal data processed by VirsAI Solutions in connection with the Site. It does not apply to data processed in the context of our professional services engagements, which are governed by separate data processing agreements with clients.
02 Data Controller
The data controller responsible for your personal data is:
If you have any questions about how we handle your personal data, please contact us using the details above. We aim to respond to all privacy-related enquiries within 72 hours.
03 Data We Collect
We collect only the data that is necessary for the purposes described in this policy. We do not collect sensitive personal data (such as health data, financial data, or special category data) through the Site.
3.1 Data You Provide Directly
When you submit our contact form, we collect:
| Data Field | Purpose | Required |
|---|---|---|
| First and last name | To address you appropriately in correspondence | Yes |
| Work email address | To respond to your enquiry | Yes |
| Organisation type | To understand the nature of your business and tailor our response | Yes |
| Message / project description | To understand your requirements and provide relevant information | Yes |
3.2 Data Collected Automatically
When you visit the Site, standard web server logs and browser communications may result in the automatic collection of certain technical information, including:
- IP address (typically anonymised at the server level)
- Browser type and version
- Operating system
- Referring URL and pages visited
- Date and time of visit
This data is collected for security and operational purposes and is not used to identify individual users. We do not currently use third-party web analytics platforms (such as Google Analytics) on this Site.
3.3 Data We Do Not Collect
We do not collect, and have no interest in collecting, the following through the Site:
- Payment or financial information
- Government identification numbers
- Health or medical information
- Social media account credentials
- Data from children under the age of 18
04 How We Use Your Data
We use the personal data we collect for the following purposes:
| Purpose | Description | Legal Basis |
|---|---|---|
| Responding to enquiries | Processing and responding to messages submitted via the contact form | Legitimate interests |
| Business development | Evaluating the fit of an enquiry and following up with relevant information about our services | Legitimate interests |
| Record keeping | Maintaining records of business communications for continuity and compliance | Legitimate interests / Legal obligation |
| Site security | Monitoring server logs to detect and prevent malicious activity | Legitimate interests |
| Legal compliance | Complying with applicable laws, regulations, or court orders | Legal obligation |
We do not use your personal data for automated decision-making or profiling, as defined under Article 22 of the GDPR. We do not sell, rent, or trade your personal data to third parties for marketing purposes.
05 Legal Basis for Processing (GDPR)
For individuals located in the United Kingdom or European Economic Area (EEA), we are required to identify a lawful basis for each processing activity. We rely on the following legal bases:
Legitimate Interests (Article 6(1)(f) UK/EU GDPR)
The primary legal basis for processing contact form submissions is our legitimate interest in operating a business, responding to prospective client enquiries, and maintaining business records. We have conducted a Legitimate Interests Assessment (LIA) and determined that this interest is not overridden by your fundamental rights and freedoms, given the B2B nature of our services and the reasonable expectation of commercial correspondence when submitting a business enquiry.
Legal Obligation (Article 6(1)(c) UK/EU GDPR)
Where we are required to process or retain data to comply with applicable law (including tax and financial record-keeping obligations), we rely on the legal obligation basis.
Consent
We do not currently rely on consent as the primary legal basis for processing personal data via the Site. Should we introduce marketing communications, subscription services, or other consent-dependent processing activities in the future, we will update this policy accordingly and obtain your explicit consent at that time.
06 Data Sharing & Third-Party Processors
We do not sell your personal data. We share data only where necessary to operate the Site and respond to enquiries, and only with service providers who process data on our behalf under appropriate contractual protections.
6.1 Formspree
Formspree, Inc. (USA) processes contact form submissions on our behalf and forwards them to our team email inbox. Formspree is our data processor for this purpose. Data submitted via the contact form passes through Formspree's infrastructure and is subject to their Privacy Policy and Data Processing Agreement. Formspree is certified under the EU-U.S. Data Privacy Framework.
6.2 Google Fonts
Google LLC (USA) serves typefaces used on the Site. When your browser loads the Site, it may make a request to Google's servers to retrieve font files. Google may collect your IP address as part of this request. Please refer to Google's Privacy Policy for further detail. Where feasible, we will consider self-hosting fonts to eliminate this data transfer.
6.3 Photography (Unsplash)
Photography displayed on the Site is served directly from Unsplash (Unsplash Inc., Canada). Unsplash may collect technical data when images are loaded. Refer to the Unsplash Privacy Policy for details.
6.4 Legal and Regulatory Disclosures
We may disclose personal data to law enforcement agencies, courts, regulators, or other authorities if required to do so by applicable law, or if we reasonably believe such disclosure is necessary to protect the rights, property, or safety of VirsAI Solutions, our personnel, or others.
6.5 Business Transfers
In the event of a merger, acquisition, restructuring, or sale of all or part of VirsAI Solutions, personal data we hold may be transferred to the successor entity, subject to equivalent privacy protections. We will notify you of any such transfer in accordance with applicable law.
07 International Data Transfers
VirsAI Solutions is based in the United Kingdom. When we share data with third-party processors such as Formspree, your data may be transferred to and processed in the United States or other countries outside the UK and EEA.
Where we transfer personal data outside the UK, we ensure that appropriate safeguards are in place in accordance with Chapter V of the UK GDPR, including:
- Transfers to countries with UK adequacy regulations in place;
- Use of the UK International Data Transfer Agreement (IDTA) or equivalent standard contractual clauses;
- Reliance on approved certification schemes such as the EU-U.S. Data Privacy Framework where applicable.
For EEA residents, equivalent safeguards under Chapter V of the EU GDPR apply, including Standard Contractual Clauses (SCCs) adopted by the European Commission.
08 Data Retention
We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law.
| Data Type | Retention Period | Rationale |
|---|---|---|
| Contact form enquiries (active prospect) | Duration of pre-engagement discussions + 12 months | Business development and correspondence continuity |
| Contact form enquiries (no engagement) | 6 months from last contact | Reasonable follow-up window; deleted thereafter |
| Client business communications | Duration of engagement + 6 years | Legal and contractual compliance |
| Server and access logs | Up to 90 days | Security monitoring and incident response |
Upon expiry of the applicable retention period, personal data is securely deleted or anonymised. You may request earlier deletion of your data in accordance with Section 9 below.
09 Your Rights
Under the UK GDPR (and EU GDPR where applicable), you have the following rights in relation to your personal data. These rights are not absolute and are subject to certain conditions and exemptions under applicable law.
Right of Access
You have the right to obtain confirmation of whether we hold personal data about you and, if so, to receive a copy of that data along with information about how it is processed.
Right to Rectification
You have the right to have inaccurate personal data corrected and, where appropriate, incomplete personal data completed.
Right to Erasure
You have the right to request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected, or where you have withdrawn consent (if consent was the legal basis).
Right to Restriction
You have the right to request that we restrict the processing of your personal data in certain circumstances, such as where you contest the accuracy of the data.
Right to Data Portability
Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format.
Right to Object
You have the right to object at any time to processing of your personal data where we rely on legitimate interests as the legal basis. We will cease processing unless we can demonstrate compelling legitimate grounds.
Right to Withdraw Consent
Where processing is based on consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
Right to Lodge a Complaint
You have the right to lodge a complaint with your supervisory authority. In the UK, this is the Information Commissioner's Office (ICO): ico.org.uk.
Exercising Your Rights
To exercise any of the above rights, please contact us at hello@virsaisolutions.com with the subject line "Data Subject Request." We will respond within one calendar month of receipt, as required by the UK GDPR. We may request reasonable proof of identity before processing your request.
10 California Privacy Rights (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you specific rights regarding your personal information.
10.1 Categories of Personal Information Collected
In the preceding 12 months, VirsAI Solutions has collected the following categories of personal information from California residents who contacted us through the Site: Identifiers (name, email address), Professional or employment-related information (organisation type), and Communications content (message / enquiry description).
10.2 Your CCPA Rights
- Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months.
- Right to Delete: You may request deletion of personal information we have collected from you, subject to certain exceptions.
- Right to Correct: You may request correction of inaccurate personal information.
- Right to Opt Out of Sale or Sharing: We do not sell or share your personal information as defined under the CCPA.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
To exercise your CCPA rights, contact us at hello@virsaisolutions.com. We will respond within 45 days, with a possible extension of an additional 45 days where necessary.
11 Cookies & Tracking Technologies
11.1 Google Analytics
We use Google Analytics 4 (Google LLC) to collect anonymised information about how visitors use the Site — such as pages visited, time on site, and general geographic region. This data helps us understand what content is useful and improve the Site over time.
Google Analytics sets cookies on your device to distinguish unique visitors and track sessions. We have enabled IP anonymisation and operate under GA Consent Mode v2, which means analytics cookies are only placed after you explicitly accept. If you decline, no GA cookies are set and no data is sent to Google.
Data collected by Google Analytics is processed by Google LLC and may be transferred to the United States. Google LLC participates in the EU-U.S. Data Privacy Framework. For further information, see Google's Privacy Policy and Google's Analytics opt-out tool.
We do not use Google Analytics for advertising, remarketing, or cross-site tracking purposes.
11.2 Third-Party Cookies
Third-party services used by the Site — specifically Google Fonts and Unsplash — may set cookies or collect technical data through their respective content delivery systems. These are set by external parties and are outside our direct control. Please refer to those parties' privacy policies for details.
11.3 Browser Controls
You can control or disable cookies through your browser settings. Note that disabling certain cookies may affect the functionality of third-party services embedded in the Site. For guidance on managing cookies, visit aboutcookies.org.
11.4 Do Not Track
Some browsers offer a "Do Not Track" (DNT) signal. As we do not engage in cross-site tracking, the DNT signal does not materially affect the Site's behaviour.
12 Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, alteration, or disclosure. These measures include:
- HTTPS encryption for all data transmitted to and from the Site;
- Secure email infrastructure with access controls;
- Limiting access to personal data to personnel with a legitimate need;
- Regular review of our data handling practices.
Form submissions are processed by Formspree, which maintains its own security controls. Please refer to Formspree's security documentation for details.
Data Breach Response
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required under Article 33 of the UK GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.
13 Children's Privacy
The Site is directed exclusively at business professionals and is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from anyone under 18 years of age.
If we become aware that we have collected personal data from a person under 18, we will take steps to delete such information promptly. If you believe we may have inadvertently collected personal data from a minor, please contact us at hello@virsaisolutions.com.
14 Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will update the "Last updated" date at the top of this page.
We encourage you to review this policy periodically. Your continued use of the Site after any changes constitutes your acknowledgement of the revised policy. Where changes are significant, we may provide additional notice through the Site or by other appropriate means.
Prior versions of this Privacy Policy are available upon written request to hello@virsaisolutions.com.
15 Contact & Complaints
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: hello@virsaisolutions.com
Subject line: "Privacy Enquiry" or "Data Subject Request"
Response time: Within 72 hours for general enquiries; within 1 calendar month for formal data subject requests.
Supervisory Authority
If you are located in the United Kingdom and are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Phone: 0303 123 1113
If you are located in the European Union, you may also contact the supervisory authority in your EU member state.
This Privacy Policy was last reviewed on 1 January 2025 and is effective as of that date.