Privacy Policy
Last updated: 3 July 2026
1. Who We Are
ViridIQ Ltd (“ViridIQ”, “we”, “us”, “our”) is a strategic AI advisory and engineering firm registered in England and Wales.
Registered address: 2b Redbourne Avenue, London, England, N3 2BS
Company registration number: 16794382
ICO registration number: [Insert number]
Data controller contact: privacy@viridiq.com
We are a data controller in respect of the personal data we process about you. This policy explains what data we collect, why we collect it, how we use it, and what your rights are under UK data protection law — primarily the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. What Personal Data We Collect
Depending on how you interact with us, we may collect and process the following categories of personal data.
2.1 Data you provide directly
Contact and identity information — name, job title, organisation, email address, telephone number, and postal address.
Enquiry and project information — the contents of messages you send us, briefs you share, and information you provide during discovery conversations or project engagements.
Account and onboarding information — information you provide when setting up a client relationship, including billing details, contracts, and associated correspondence.
Marketing preferences — whether you have opted in to receive communications from us.
2.2 Data we collect automatically
Website usage data — IP address, browser type and version, operating system, referring URL, pages viewed, time on page, and other interaction data collected via cookies and analytics tools.
Device information — device type and identifier where relevant.
2.3 Data we receive from third parties
Professional background information — publicly available information from LinkedIn or similar professional platforms where we conduct research in connection with a business relationship.
Referral data — contact details passed to us by a referral partner or mutual contact where that party has confirmed you are expecting to hear from us.
We do not collect special category personal data (such as health, biometric, or political data) in the ordinary course of our business. If a specific engagement requires us to process such data on your behalf, this will be governed by a separate data processing agreement.
3. How and Why We Use Your Personal Data
We only process personal data where we have a lawful basis to do so under UK GDPR Article 6. The table below sets out our purposes, the data involved, and the legal basis for each.
Responding to an enquiry or request — Name, contact details, enquiry content — Legitimate interests / Pre-contractual steps
Delivering consulting services under contract — Contact details, project and client information — Contract performance
Issuing invoices and managing payments — Name, organisation, billing details — Contract performance / Legal obligation
Sending relevant thought leadership, insights, or service updates — Name, email, marketing preferences — Legitimate interests (for business contacts); Consent (where required by PECR)
Improving our website and understanding visitor behaviour — Website usage data, IP address — Legitimate interests
Complying with legal and regulatory obligations — Various — Legal obligation
Protecting our legitimate business interests, including fraud prevention and information security — Various — Legitimate interests
On legitimate interests: Where we rely on legitimate interests, we have conducted a balancing test and are satisfied that our interests do not override your fundamental rights and freedoms. You may request details of this assessment by contacting us.
4. AI-Specific Processing
ViridIQ builds and deploys AI systems. Where we engage with client data in the course of an AI advisory or engineering project, we act as a data processor on behalf of our clients, not as a data controller. Processing activities of that nature are governed by a separate Data Processing Agreement (DPA) with the relevant client.
Where we use AI tools internally — for example, to support analysis, drafting, or quality assurance — we implement policies that prevent personal data from being submitted to third-party AI models without appropriate safeguards. We do not use personal data about individuals to train our own or third-party AI models without your explicit consent.
5. Who We Share Your Data With
We do not sell personal data. We do not share personal data with third parties for their own marketing purposes.
We may share personal data with the following categories of recipients where necessary:
Technology and infrastructure providers — cloud hosting, CRM, email delivery, analytics, and document management platforms. All providers are selected on the basis of UK GDPR compliance and are subject to appropriate contractual safeguards.
Professional advisers — solicitors, accountants, and insurers, where required.
Regulatory and law enforcement bodies — where we are legally required to disclose information.
A buyer or successor entity — in the event of a business sale, merger, or restructuring, subject to standard confidentiality obligations.
Where we transfer personal data outside the UK (for example, to a cloud provider with servers in the EEA or further afield), we ensure an appropriate transfer mechanism is in place, such as the UK’s International Data Transfer Agreement (IDTA) or reliance on adequacy regulations.
6. How Long We Keep Your Data
We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by law or professional standards.
Client and project records — 7 years from end of engagement (statutory requirement)
Prospect and enquiry records — 2 years from last meaningful interaction
Marketing subscription records — Until unsubscribe, then 1 year for suppression purposes
Website analytics data — 26 months (rolling)
Employment and contractor records — 7 years from end of relationship
Where retention periods are determined by law (for example, VAT records, statutory employment records), those statutory periods take precedence.
7. Cookies
Our website uses cookies and similar tracking technologies. A summary of the cookies we use:
Strictly necessary — Core website functionality, security, session management — Consent required: No
Analytics — Understanding how visitors use the site (e.g. Google Analytics) — Consent required: Yes
Marketing/preference — Remembering your preferences or enabling remarketing — Consent required: Yes
You can manage your cookie preferences at any time via the cookie banner on our website. For a full list of cookies, please see our Cookie Policy.
8. Your Rights
Under UK GDPR, you have the following rights in respect of your personal data:
Right of access — to receive a copy of the personal data we hold about you.
Right to rectification — to have inaccurate or incomplete data corrected.
Right to erasure — to request deletion of your data where there is no compelling reason for us to continue processing it.
Right to restriction — to ask us to limit how we use your data in certain circumstances.
Right to data portability — to receive your data in a structured, machine-readable format where processing is based on consent or contract.
Right to object — to object to processing based on legitimate interests, including direct marketing.
Rights related to automated decision-making — to not be subject to a decision based solely on automated processing where it produces a legal or similarly significant effect on you.
To exercise any of these rights, please contact us at privacy@viridiq.com. We will respond within one calendar month. We will not charge a fee for reasonable requests.
9. Marketing Communications
We may send you information about our services, insights, and events where you have given consent or where we have a legitimate interest in doing so as a business contact.
You can unsubscribe at any time by clicking the unsubscribe link in any email we send, or by contacting us directly at privacy@viridiq.com.
Opting out of marketing does not affect our ability to contact you for the purposes of an ongoing contract or service.
10. Data Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or alteration. These include:
Encryption of data in transit and at rest.
Access controls and role-based permissions.
Regular security reviews of our tools and processes.
Staff training on data protection obligations.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner’s Office (ICO) within 72 hours and, where required, notify affected individuals without undue delay.
11. Complaints
If you are unhappy with how we have handled your personal data, please contact us first at privacy@viridiq.com and we will do our best to resolve your concern.
You also have the right to lodge a complaint with the UK’s supervisory authority:
Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Tel: 0303 123 1113. Website: ico.org.uk
12. Changes to This Policy
We review and update this policy periodically. Where we make material changes, we will notify you by updating the “Last updated” date at the top of this page. Where changes are significant, we may also notify clients directly.