Legal
Privacy Policy
Last updated: 1 April 2026
1. Introduction and scope
This privacy policy explains how Veritas ("we", "us", "our") collects, uses, stores, and protects your personal data when you visit our website at tryveritas.co.uk, submit our contact form, or communicate with us by email or LinkedIn.
This policy covers data we collect as a data controller. It does not cover data we process on behalf of clients during Shadow Pilot engagements or ongoing service delivery, which is governed by separate data processing agreements.
We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).
2. Data controller
The data controller responsible for your personal data is:
3. What data we collect
3.1 Data you provide directly
When you submit the "Book Your Shadow Pilot" form, we collect:
- Full name
- Company name
- Work email address
- Job role (selected from: CEO/Founder, CRO/MLRO, CTO, Head of Compliance, Other)
This data is submitted via an encrypted HTTPS connection and stored in our lead management system.
3.2 Data collected automatically
When you visit our website, the following data may be collected automatically, but only after you explicitly consent to non-essential cookies via our cookie banner:
- Pages visited and scroll depth (25%, 50%, 75%, 100%)
- Session duration
- CTA button clicks
- Browser type and version
- Device type (desktop, tablet, mobile)
- Approximate geographic location (city-level, derived from IP address)
If you decline cookies, none of this data is collected. A single localStorage entry (veritas_cookie_consent) records your preference. This is classified as strictly necessary under PECR and does not require consent.
3.3 Data we do not collect
We do not collect:
- Payment or financial information via the website
- Government-issued identity documents
- Special category data (health, biometric, political opinions, etc.)
- Data from children under 18
4. How we use your data
| Purpose | Data used | Legal basis |
|---|---|---|
| Responding to your enquiry | Name, email, company, role | Legitimate interest (Art. 6(1)(f)) |
| Setting up a Shadow Pilot | Name, email, company, role | Contract performance (Art. 6(1)(b)) |
| Website analytics | Browsing behaviour, device info | Consent (Art. 6(1)(a)) |
| Product updates (if opted in) | Email address | Consent (Art. 6(1)(a)) |
5. Cookies and tracking
Our cookie consent mechanism is compliant with UK PECR and GDPR. Here is how it works:
- Before consent: No analytics cookies are set. Google Tag Manager is not loaded. No browsing data is collected.
- After you accept: Google Tag Manager loads and sets analytics cookies. We track page views, scroll depth, session duration, and CTA clicks. Your job role (not your name or email) is included in form submission analytics events.
- If you decline: No analytics cookies are set for the remainder of your visit. Your preference is stored in
localStorage.
You can change your cookie preference at any time by clearing your browser's local storage for this site.
Cookie inventory
| Name | Type | Purpose | Duration |
|---|---|---|---|
veritas_cookie_consent |
Strictly necessary | Stores your cookie preference | Persistent (localStorage) |
_ga |
Analytics (consent required) | Google Analytics visitor ID | 2 years |
_gid |
Analytics (consent required) | Google Analytics session ID | 24 hours |
6. Who we share your data with
We do not sell your personal data. We may share your data with the following categories of recipients:
| Recipient | Purpose | Location |
|---|---|---|
| Google (via GTM) | Website analytics (consent-gated) | US (SCCs in place) |
| GitHub Pages | Website hosting | US (SCCs in place) |
7. International data transfers
Some of our service providers are based outside the UK. Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, including:
- UK International Data Transfer Agreements (IDTAs)
- EU Standard Contractual Clauses (SCCs) with the UK addendum
- Transfers to countries with UK adequacy decisions
8. Data retention
| Data type | Retention period |
|---|---|
| Lead form submissions | 24 months from submission, unless an active business relationship exists |
| Analytics data | 26 months (Google Analytics default) |
| Cookie consent preference | Until you clear browser storage |
9. Your rights
Under UK GDPR, you have the following rights over your personal data:
- Access – request a copy of the personal data we hold about you
- Rectification – ask us to correct inaccurate or incomplete data
- Erasure – ask us to delete your data ("right to be forgotten")
- Restriction – ask us to limit how we process your data
- Portability – receive your data in a structured, machine-readable format
- Objection – object to processing based on legitimate interests or for direct marketing
- Withdraw consent – where processing is based on consent, withdraw it at any time
To exercise any of these rights, email us at support@tryveritas.co.uk. We will respond within 30 days.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113
10. Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- HTTPS encryption on all pages and form submissions
- Access controls limiting who can view lead data
- Regular review of data processing practices
No method of transmission over the internet is 100% secure. While we take reasonable steps to protect your data, we cannot guarantee absolute security.
11. Children's privacy
Our services are designed for business professionals at FCA-regulated firms. We do not knowingly collect personal data from anyone under the age of 18. If you believe we have inadvertently collected data from a minor, please contact us immediately.
12. Third-party links
Our website may contain links to third-party sites (e.g. LinkedIn). We are not responsible for the privacy practices or content of these external sites. We encourage you to read their privacy policies before providing any personal data.
13. Changes to this policy
We may update this policy from time to time. Material changes will be reflected in the "last updated" date at the top of this page. We encourage you to review this policy periodically.
14. Contact us
For any questions about this privacy policy or how we handle your data:
- Email: support@tryveritas.co.uk
- LinkedIn: linkedin.com/company/veritasuk