Effective Date: April 12, 2025
Privacy Statement

Introduction

VitVio, Inc., registered in Delaware, United States, and its United Kingdom subsidiary, VitVio Ltd, (“VitVio”, ”we”, “us”, ”our”) believe that protecting the privacy and personal information is one of our most important duties.

This Privacy Policy (“Privacy Policy”) describes VitVio’s policies and practices regarding its collection, use and storage of your personal data, and sets forth your privacy rights. VitVio uses this personal data to deliver the Products and Services effectively and efficiently, as described below. We recognize that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies.

Privacy Notice – VitVio as Data Controller

In situations where VitVio acts as the Controller, the Controller is either:

VitVio, Inc. with a registered office address at: 251 Little Falls Drive, Wilmington, DE 19808, USA; or

VitVio Ltd, (company number: 15305830) with a registered office address at: 5th Floor 167-169 Great Portland Street, London, United Kingdom, W1W 5PF.

VitVio is registered with the Information Commissioner’s Office (registration number ZB638542).

What Personal Information Does VitVio Collect, For What Purpose and What is the Legal Basis or Bases Relied Upon?

We collect information either directly from you or automatically during your interactions with our online services, events, or in the course of conducting business with you. When we collect personal information in our capacity as Controller, we must specify the types of personal information we collect, why we collect it (the “purpose”), and the legal basis upon which processing is justified. Below are the main categories of personal information we may process:

Type of Personal Information Purpose of Processing Legal Basis
Profile Information
(e.g., name, contact details, employer or organization, job title, feedback, identification or verification information)		 - To respond to your inquiries or requests.
- To provide information about new features, services, or offerings.
- To handle recruitment or job applications. 		- Legitimate interest (product research, development, marketing, improving our services)
- Consent (where indicated and may be withdrawn)
- Performance of a contract (if you are in a direct contract with us)
- Compliance with legal obligations (where relevant)
Financial Information
(e.g., payment details, bank account numbers)		 - To manage our financial arrangements, including paying suppliers or receiving payments. - Performance of a contract
- Legitimate interest (operating our business)
- Compliance with legal obligations
Device and Location Information
(e.g., IP address, geolocation, unique device attributes, OS/browser)		 - To understand how you interact with our website or platforms.
- To provide support or troubleshooting. 		- Legitimate interest (ensuring security and improving the user experience)
- Consent (where indicated, and which may be withdrawn)
Recruitment Information
(e.g., name, contact details, résumé or CV, special category data if provided)		 - To evaluate your qualifications for employment or contractual engagement.
- To keep a record of your application. 		- Consent (when you submit your application to us)
- Explicit consent (where special category data is involved)
Cookies and Related Technologies - To enable functionality of our websites, remember your preferences, and improve user experience.
- For analytics and performance. 		- Legitimate interest (operating and delivering services)
- Consent (in jurisdictions requiring opt-in)

We may also use your personal information to protect against and prevent fraud, claims, and other liabilities, to comply with or enforce applicable legal requirements, and to protect our rights and the rights of our users or partners.

How Does VitVio Protect Personal Information?

VitVio takes the security of personal information seriously. We maintain appropriate policies, practices, technical controls, and security measures to protect data from accidental loss, misuse, unauthorized access, disclosure, alteration, or destruction. These measures may include encryption, restricted access, and physical security controls.

We only retain personal information for as long as is necessary to fulfill the purpose for which it was collected, and no longer than 30 days, in accordance with VitVio’s retention policies, or as required by law. Personal information is only accessible by those who need it for legitimate business purposes, and where required, we enter into data protection agreements with service providers, partners, or affiliates to safeguard personal information.

Who Does VitVio Share Your Personal Information With?

Where permitted by law and to the extent necessary for legitimate business purposes, VitVio may share your personal information with:

  1. Affiliates: Members of VitVio’s corporate group (e.g., parent companies, subsidiaries) as needed to operate our business or provide our services.
  2. Service Providers: Third-party vendors we use for analytics, marketing, hosting, communications, payment processing, and related support services.
  3. Authorities: Your personal information may be disclosed or transferred to governing or public bodies to comply with: (i) our legal obligations; (ii) regulators; (iii) contracts; (iv) in response to a court order, administrative or judicial process; (v) or where legally compelled to do so.
  4. Corporate Transactions: Third parties in connection with a merger, sale of assets, reorganization, financing, or acquisition of all or part of our business.

We may transfer personal information outside your home country where data protection laws may differ, including to the United States, EU/EEA or other jurisdictions in which VitVio or its service providers operate. In such cases, we will ensure adequate safeguards (e.g., Standard Contractual Clauses or other mechanisms recognized by relevant authorities) are in place.

Your Data Protection Rights

Depending on applicable law (e.g., GDPR if you are in the EU/EEA), you may have rights that include:

  • Right to Access: Request a copy of the personal information VitVio holds about you.
  • Right to Rectification: Ask to correct or update inaccurate or incomplete data.
  • Right to Erasure: Request deletion of personal information that is no longer necessary, subject to certain exceptions.
  • Right to Restrict Processing: Ask us to limit the processing of your personal data if you believe it is incorrect, used unlawfully, or no longer needed.
  • Right to Data Portability: Ask for your personal information to be provided in a structured, commonly used, and machine-readable format.
  • Right to Object: Object to data processing carried out in the public interest or based on our legitimate interests, or to direct marketing.
  • Right to Withdraw Consent: Where we rely on consent, you can withdraw it at any time.

To exercise these rights or if you have privacy-related questions, please contact us at trust@vitvio.com. We may request proof of identity before acting on certain requests. If we cannot resolve a privacy concern, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.

Subject Access Requests can be submitted through this form.

Marketing Communications

Where you have consented to receive marketing or promotional messages from us, you may withdraw this consent at any time. You can do so by:

  • Clicking “unsubscribe” in the email you receive, or
  • Emailing us at hello@vitvio.com

Complaints

If you believe VitVio has not complied with data protection obligations, we encourage you to contact us first at trust@vitvio.com so we can address your concerns. Should you remain unsatisfied, you may contact your local data protection authority (e.g., the Information Commissioner’s Office in the UK).

Privacy Statement For Product End Users – VitVio As A Data Processor

In many cases, VitVio’s technology platforms are licensed on a business-to-business basis to hospitals or other organizations for their clinical/operational uses. Under these arrangements:

  • Our customer (such as a hospital) is the Controller of any personal information related to their staff, patients, or any individuals captured in videos or logs.
  • VitVio operates as a Processor, acting on behalf of and under the instructions of our customer to provide the relevant services.

What Personal Information Does VitVio Collect and Why?

VitVio’s solutions often involve processing audio-visual data from the operating room. This may include patient information (e.g., video streams, images), staff profiles, or usage logs. As a Processor, VitVio only processes this information to fulfill our contractual obligations to the customer.

Examples of personal information we may handle on behalf of our customers:

Data Type Purpose of Processing
Profile Information
(name, email, phone number, organization, job role, user IDs, login details) 		- To create and manage user accounts, grant or restrict access, and deliver the products/services.
Audiovisual Content
(video, images, audio) 		- To enable real-time action tracking, operating block orchestration, surgical notes creation, etc. as agreed with each customer in a Master Services Agreement or equivalent.
User-Generated Content
(logged times of key events, operative notes) 		- To enable real-time action tracking, operating block orchestration, surgical notes creation, etc. as agreed with each customer in a Master Services Agreement or equivalent.
Financial Information
(where relevant) 		- To manage billing or payment processes for the services provided.
Usage Data
(session logs, frequency of use, metrics) 		- To provide insights to the customer on platform use (analytics, troubleshooting, usage trends).
Device/Location Info
(IP address, geolocation, device type) 		- For security, user authentication, service improvement, and support or troubleshooting.
Special Category Data
(patient age category, patient weight category) 		- To enable our customers to use the products and improve predictions. Strictly processed under the instructions of the Controller (hospital or healthcare system).

How Does VitVio (as a Processor) Protect Personal Information?

In our role as a Processor, we protect personal information with the following measures:

  • VitVio designs its systems to collect only the minimum data necessary to achieve its objectives.
  • VitVio shares or discloses personal information only as authorized by their customers (the Controllers) or as permitted by law.
  • This can include sharing with affiliates or service providers that support hosting, analytics, or technical solutions, and with regulatory or legal authorities where legally required.
  • Data may be transferred to or stored in jurisdictions outside your home country, but VitVio ensures appropriate safeguards or contractual clauses are in place. This is further agreed on with each Data Controller on an individual basis.
  • VitVio maintains robust technical and organizational measures to protect data from unauthorized access, alteration, or loss.
  • VitVio engages sub-processors like Microsoft Azure for cloud infrastructure and hosting. These engagements are governed by Data Processing Agreements that include clauses on data security, confidentiality, and adherence to GDPR regulations, among others.
  • VitVio has established procedures for reporting and managing personal data breaches in accordance with GDPR and HIPAA requirements, including notifications to the Data Controller and, where required, to supervisory authorities and data subjects.
  • VitVio has appointed a Data Protection Officer (DPO) and a HIPAA Security Officer with responsibilities for overseeing compliance with relevant data protection regulations and policies. All personnel with access to customer data are subject to confidentiality obligations.
  • Personal information is retained only as directed by the Controller or as required to provide services, and for no longer than 30 days.

Sharing Personal Information

In our role as a Processor, we share or disclose personal information only in ways authorized by our customers or as permitted by law. This can include:

  • Affiliates or Service Providers that support hosting, analytics, or technical solutions.
  • Regulatory or Legal Authorities where required by law or valid legal process.

Where necessary, data may be transferred to or stored in jurisdictions outside your home country; however, VitVio will ensure appropriate safeguards or contractual clauses are in place.

Your Rights

If you are an end user (for example, a hospital staff member) or a patient whose data is processed through VitVio’s solutions, please direct requests regarding data access, correction, or deletion to the relevant Controller (the hospital or healthcare provider). VitVio will assist our customers in fulfilling these requests, as required by law or contract.

Cookies

VitVio’s website uses cookies to provide and improve our services. Some cookies are essential for site functionality. We will ask for your consent before placing certain non-essential cookies on your device. You can disable and manage the use of cookies at any time by clicking the ‘Manage Cookies’ button at the bottom of VitVio website.

Questions, concerns or complaints

If you have questions, concerns, complaints, or would like to exercise your rights, please contact us at:

VitVio Ltd
167-169 Great Portland Street
Fifth Floor
W1W 5PF
London, United Kingdom
dpo@vitvio.com