Privacy Policy

Verisum.org is owned and operated by Verisum Ltd, which acts as a data controller in relation to personal data collected through this website and, where applicable, as a data processor when providing services to clients.

This Privacy Policy explains how and why Verisum Ltd (“Verisum”, “we”, “us”, “our”) collects, uses, stores, and protects personal data when you visit our website, interact with our content, or engage with our products and services.

You should read this Privacy Policy carefully before using the Verisum website or submitting personal information.

We take the confidentiality, integrity, and security of personal data seriously and implement appropriate safeguards to protect it.

Personal information we collect

When you visit the Verisum website, we automatically collect certain information about your device, including:

• web browser type and version

• IP address

• time zone

• referring URLs

• pages viewed and interactions with the site

• cookies or similar technologies installed on your device

This information is referred to as “Device Information.”

In addition, we may collect personal data that you voluntarily provide to us, including (but not limited to):

• name and surname

• email address

• organisation or employer

• role or job title

• contact details (such as telephone number)

• correspondence and enquiry information

• newsletter or mailing list preferences

Where relevant to our services (for example, TrustIndex diagnostics, advisory work, or transformation engagements), we may also process professional or organisational information provided by you or your organisation. This may include high-level, non-sensitive information relating to organisational structure, decision-making practices, governance, or AI usage.

Verisum does not intentionally collect sensitive personal data (such as health, biometric, or special category data) unless explicitly required and contractually agreed, with appropriate safeguards in place.

Why do we process your data?

Our primary objective is to minimise data collection while enabling the effective operation of our website, products, and services.

We process personal data for the following purposes:

• to operate, maintain, and improve the Verisum website

• to respond to enquiries, requests, or communications

• to provide access to newsletters, insights, or updates (where requested)

• to deliver products or services you have requested

• to administer TrustIndex diagnostics and provide results or follow-up insights

• to support advisory, transformation, or research engagements

• to monitor and protect against misuse, fraud, or security threats

• to comply with legal and regulatory obligations

Automatically collected information is used only to identify potential abuse, ensure site security, and generate aggregated statistical insights about website usage. These statistics do not identify individual users.

You may browse the website without providing personally identifiable information. However, certain features (such as contact forms, diagnostics, or subscriptions) require you to provide limited personal data. You may choose not to provide such data, but doing so may limit your ability to access certain features.

If you are unsure which information is mandatory, you may contact us at privacy@verisum.org.

Legal basis for processing

Where applicable under GDPR and related regulations, Verisum processes personal data on the basis of:

• your consent

• the performance of a contract or pre-contractual steps

• our legitimate business interests (including research, service delivery, and security)

• compliance with legal obligations

Your rights

If you are a resident of the European Economic Area or another jurisdiction with similar data protection laws, you have the following rights:

• the right to be informed

• the right of access

• the right to rectification

• the right to erasure

• the right to restrict processing

• the right to data portability

• the right to object

• rights related to automated decision-making and profiling

Verisum does not use TrustIndex or other tools to make automated decisions with legal or similarly significant effects without human involvement.

To exercise any of these rights, please contact us using the details below.

International data transfers

Where necessary, personal data may be transferred or processed outside the European Economic Area, including in countries such as the United States or Canada. In such cases, Verisum takes reasonable steps to ensure appropriate safeguards are in place, including contractual protections where required.

Links to other websites

The Verisum website may contain links to third-party websites that are not owned or controlled by us. We are not responsible for the privacy practices or content of such websites. We encourage you to review the privacy policies of any external sites you visit.

Information security

We store personal data on secure servers in controlled environments and apply reasonable administrative, technical, and organisational measures to protect against unauthorised access, alteration, disclosure, or destruction.

However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect personal data, we cannot guarantee absolute security.

Legal disclosure

We may disclose personal data if required to do so by law or if we believe in good faith that such disclosure is necessary to:

• comply with a legal obligation or lawful request

• protect our rights or property

• protect the safety of users or others

• investigate fraud or security issues

• respond to regulatory or governmental authorities

Contact information

If you would like to understand more about this Privacy Policy or wish to exercise your data protection rights, please contact:

Email: privacy@verisum.org