VeraSafe Sales, Marketing, Outreach, and Website Privacy Notice

Effective on: August 29, 2025

1. Introduction and Scope

At VeraSafe, privacy is what we do. Because of our focus on privacy, we take very seriously the protection of information commonly referred to as “Personal Data”, which means information that identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular individual. 

In the course of operating our business, we process Personal Data in a variety of ways. This privacy notice (this “Notice”) addresses the individuals (“Data Subjects”) whose Personal Data we receive in the course of our sales, marketing, or outreach processes. Those processes include, among other activities, the sharing of information about our service offerings (“Services”), webinar hosting, and certain regulatory outreach activities. 

2. What Is Not Covered by This Notice?

Information That Is Not Personal Data 

This Notice does not apply to information that is not Personal Data. 

VeraSafe Human Resources Data 

This Notice does not apply to our collection of Personal Data related to VeraSafe team members or recruitment candidates, as described in our HR Privacy Notice.  

Professional Services Data 

This Notice does not apply to our collection of Personal Data in the provision of Services to our clients, as described in our Services Privacy Notice. 

3. Entities Covered by This Privacy Notice

This Notice covers VeraSafe, LLC and its affiliated entities, which include: 

  • VeraSafe Czech Republic s.r.o.; 
  • VeraSafe Ireland Ltd.; 
  • VeraSafe Legal, LLP; 
  • VeraSafe Netherlands BV;  
  • VeraSafe South Africa (Pty) Ltd.; and 
  • VeraSafe United Kingdom Ltd. 

Throughout this Notice, when we refer to “VeraSafe”, “we”, “us”, or “our”, we mean VeraSafe, LLC and its abovementioned affiliates, collectively. 

4. Our Role with Respect to Your Personal Data

Within the scope of this Notice, VeraSafe acts as a data controller in respect of the Personal Data we process. That means we decide how and why such Personal Data is collected and further processed.

5. Basis of Processing

We may process your Personal Data on the basis of: 

  • the need to perform a contract that we entered into with you; 
  • our legitimate interests, such as our interest in marketing and selling our Services; 
  • our obligation to comply with applicable law; 
  • your consent; or 
  • any other ground, as required or permitted by applicable law. 

Where we process your Personal Data based on your consent, you may withdraw your consent at any time. Your withdrawal of consent will not, however, affect the lawfulness of our processing of your data prior to such withdrawal, nor will it affect our processing of your Personal Data on other lawful grounds where applicable. 

6. How We Receive Personal Data

We may collect or otherwise receive your Personal Data when:

  • you provide it to us directly;
  • you visit our website, click on one of our ads or social media posts, or open one of our marketing emails;
  • we receive it from an affiliate within our corporate group, as described above;
  • we receive it from a data protection authority or another government agency;
  • we obtain it from publicly available sources, such as social media pages and publicly accessible websites; or
  • an associate of yours or one of our partners or clients refers you to us by providing your Personal Data to us.

7. Categories of Personal Data

We may process the following categories of Personal Data:

  • biographical information, such as your first and last name;
  • professional information, such as your job title, your position within your organization, the industry in which you work, and details about your organization;
  • billing information, such as your bank account information and payment card number;
  • contact information, such as your email address, postal address, phone number, fax number, and social media pages;
  • identifiers and device information, such as your IP address and associated location, operating system, and device IDs; and
  • other information, such as whether or not you have opened emails or website links we send to you; content or topics that may be of interest to you; your participation in and interaction with our activities and content; and any other information you choose to share with us.

8. Purposes of Processing Personal Data

We may process your Personal Data for the purposes of:

  • managing our relationship with you;
  • offering our Services to you;
  • providing content to you, such as webinars and newsletters;
  • responding to your requests or questions;
  • sending you marketing communications related to our business or our business partners;
  • enforcing our legal rights;
  • measuring and improving our Services, marketing initiatives, and website performance;
  • tailoring content, recommendations, and advertisements we display to you;
  • tracking visits to our website through cookies and other tracking technologies, such as trackable tags and links; and
  • complying with laws and regulations applicable to VeraSafe.

9. Personal Data Retention

We will retain your Personal Data for as long as is necessary to fulfill the purpose for which it was collected, or any other permitted purpose, and to comply with our legal obligations. Such retention will continue for no longer than permitted by applicable law.

10. Sharing Personal Data with Third Parties

We may share your Personal Data with third parties, including: 

  • our affiliates; 
  • our business partners; 
  • our vendors; 
  • recipients you authorize; and 
  • government or law enforcement officials. 

Some of those service providers may be located outside the European Economic Area (the “EEA”). We remain liable for the protection of your Personal Data that we transfer or have transferred to third parties, except to the extent that we are not responsible for the event that leads to any unauthorized or improper processing of your Personal Data. Where your Personal Data is protected by the General Data Protection Regulation (the “GDPR”), before transferring your Personal Data to any of those third parties, we will either ask for your explicit consent or require the third party to maintain at least the same level of privacy and security in respect of your Personal Data as we do. We will only transfer your Personal Data to third parties in countries not recognized by the European Commission as providing an adequate level of protection (a list of countries with levels of protection recognized as adequate is available here) where there are appropriate safeguards in place. Such safeguards may include the Data Privacy Framework or Standard Contractual Clauses as approved by the European Commission. 

11. Other Disclosures of Your Personal Data

We may disclose your Personal Data:

  • to the extent required by applicable law or if we have a good-faith belief that we need to disclose it in order to comply with official investigations or legal proceedings;
  • if we sell or transfer all or some of our business interests, assets, or both, or in connection with a corporate restructuring;
  • with your permission, to prospective clients or in our marketing materials; or
  • to recipients you authorize, such as your license or certification commission to evidence your participation in a webinar offering educational credit.

12. Cookies

A “cookie” is a small file stored on your device that contains information about your device. For more information about the cookies we use, please refer to our Cookie Policy, which forms a part of this Notice.

13. Data Integrity & Security

We have implemented and will maintain appropriate technical, administrative, and physical security measures designed to facilitate the protection of your Personal Data against unauthorized processing, such as unauthorized access, disclosure, alteration, or destruction.

14. Your Privacy Rights: Access & Review

You may have specific rights in respect of how we treat your Personal Data. In particular, you may be entitled to object to the processing of your Personal Data, or to instruct us to:

  • identify the Personal Data we have about you and provide you with a copy of it;
  • update, correct, or delete your Personal Data;
  • send your Personal Data to another company in line with data portability requirements;
  • limit how we process your Personal Data;
  • refrain from processing your Personal Data; or
  • refrain from sharing your Personal Data with third parties.

To submit any such request or raise any questions related to your Personal Data, please contact us using the information in the “Contact Us” section below. To exercise your rights with respect to information processed by a third party, please refer to the privacy notice of that third party.

15. Choice in Respect of Use and Disclosure

If Personal Data processed within the scope of this Notice is to be used for a new purpose that is materially different from that for which it was originally collected or subsequently authorized, or if such Personal Data is to be disclosed to a non-agent third party in a manner not specified in this Notice, we will provide you with an opportunity to choose whether to have your Personal Data so used or disclosed. To opt out of such use or disclosure of your Personal Data, please contact us using the information in the “Contact Us” section below.

16. Data Privacy Framework 

For Personal Data processed within the scope of this Notice, VeraSafe, LLC complies with the principles of the U.S. Department of Commerce Data Privacy Framework (the “Data Privacy Framework” or “DPF”) when processing Personal Data transferred under the Data Privacy Framework from the European Union (the “EU”) and the EEA, the United Kingdom (the “UK”), and Switzerland to the United States (the “U.S.”), or Personal Data otherwise received in reliance on the Data Privacy Framework.

We adhere to the Data Privacy Framework and VeraSafe, LLC has certified to the Department of Commerce its commitment to comply with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

To learn more about the Data Privacy Framework principles, and to view our certification information, please visit https://www.dataprivacyframework.gov and https://www.dataprivacyframework.gov/s/participant-search, respectively. 

17. Data Privacy Framework Dispute Resolution

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, VeraSafe, LLC commits to resolve DPF principles-related complaints about our collection and use of your Personal Data. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of Personal Data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, or the Swiss-U.S. DPF should first contact VeraSafe, LLC by emailing [email protected] or calling +1-617-398-7067.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, VeraSafe, LLC commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of Personal Data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

If your dispute or complaint related to your Personal Data that VeraSafe, LLC received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, or the Swiss-U.S. DPF cannot be resolved by us or through the dispute resolution mechanism mentioned above, you may have the right to require that we enter into binding arbitration with you under the Data Privacy Framework’s “Recourse, Enforcement and Liability” principle and Annex I of the Data Privacy Framework.

18. U.S. Regulatory Oversight

VeraSafe, LLC is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

19. EEA and UK Supervisory Authority Oversight

If the GDPR applies to our processing of your Personal Data, you may have the right to lodge a complaint with a supervisory authority in the EEA or the UK if you are not satisfied with how we process your Personal Data.

20. Data Protection Representatives

EU – VeraSafe Czech Republic s.r.o.
Address: Rohanské nábřeží 678/23, Prague 8, 18600, Czech Republic

UK – VeraSafe United Kingdom Ltd.
Address: 37 Albert Embankment, London, SE1 7TL, United Kingdom

Phone: +420 228 881 031
Email: [email protected]

21. Changes to This Notice

If we make any material change to this Notice, we will post the revised Notice to this webpage. We will also update the effective date at the top of this Notice.

22. Contact Us

If you have any questions about this Notice or our processing of your Personal Data, you can contact us at: 

Address: VeraSafe
Attn: Internal Privacy Team
100 M Street S.E., Suite 600
Washington D.C., 20003
USA
Email: [email protected]
Phone: +1-617-398-7067

 

We will respond to legitimate inquiries within 30 days of receipt.

Why VeraSafe?

Track record of successful GDPR implementations across industries.

Work directly with our in-house team of US and European attorneys, IT experts, and project managers.

Strategic, risk-based approach to compliance.

Fully customizable GDPR compliance program, tailored to fit your needs.

Holistic approach: We help you identify business opportunity hidden inside the GDPR.

Going beyond just EU privacy law, VeraSafe is your end-to-end partner for the entire privacy and cybersecurity domain.