PRIVACY POLICY

Last updated: October 10, 2025

GENERAL

This Privacy Policy applies to all collected and processed personal data that you have provided to us, or we have collected as part of delivering our services/products. "Personal Data" means any information relating to an identified or identifiable natural person.

IDENTITY OF THE DATA CONTROLLER

If there are any questions regarding this Privacy Policy, you may contact us using the information below.

Vutal Inc.
A Delaware Corporation
Email: legal@vutal.com

We are processing your personal data in accordance with the General Data Protection Regulation (GDPR) and any national regulation applicable to us.

PURPOSE OF PROCESSING

Non-sensitive personal data

We collect the following non-sensitive personal data about you when you sign up as a customer/user:

  • Name
  • Address
  • Email
  • Employee relationships
  • Country
  • Title
  • Bank account details
  • Resumes/CV
  • Position
  • Area of work
  • Work phone
  • Date of birth

We process non-sensitive personal data on the basis of Article 6 in the GDPR. The processing of your data is based on:

  • Consent – processing is based on consent obtained from you
  • Contract – processing is necessary to fulfil a contractual obligation with you or to enter into such obligation
  • Legal obligation – it is required by law that we process the personal data
  • Legitimate interest – processing occurs to pursue our legitimate interest

If the processing is based on your consent, you may at any time withdraw your consent by contacting us.

Sensitive personal data

We collect sensitive personal data only when necessary and in accordance with Article 9 of the GDPR. This may include data concerning health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union memberships, genetic data, biometric data, or data concerning a person's sex life or sexual orientation.

TRANSFER OF PERSONAL DATA

We do not share your personal data with any third party without your consent, unless it is specifically stated or required by law that we do so.

We may transfer your personal data to countries outside the EU/EEA. In such cases, we ensure an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

PROFILING AND AUTOMATED DECISION MAKING

Our processing activities do not include profiling or automated decision-making.

BUSINESS TRANSFERS

In the event of an actual or contemplated transfer of our company or our assets, or if we discontinue our business or enter into bankruptcy proceedings, we will include data, including your personal information, among the assets transferred to any parties who acquire us or such assets may be the subject of review (due diligence) by such parties (or their representatives). You acknowledge that such transfers may occur, and that any parties who acquire, or contemplate to acquire us may, to the extent permitted by applicable law, continue to use your personal information according to this policy.

USE OF PERSONAL DATA

We only process your personal data as stated in this privacy policy and we do not use your personal data for any other purpose than explicitly described above or communicated directly to you elsewhere.

We process your personal data in a lawful, fair and transparent manner. The data we collect is solely used for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

All use of your personal data is relevant and limited to what is necessary in relation to the purposes for which they are processed.

SECURITY

When we store and process personal data that we have received from you, we always take every step possible to store it in a secure manner. However, we cannot guarantee that your data is 100% secure as we cannot guarantee that the data will not be accessed or otherwise misused as a result of an unlawful act or similar. We do take all necessary precautions to keep your data safe.

The following security measures are in place to keep your data safe:

  • Encryption
  • ISO certificates
  • Anonymization
  • Firewalls & anti-virus
  • Internal policies & password protection

To further increase the level of security, we have "deletion policies" in place. Personal data is kept for a maximum period of 12 months from when the purpose of the processing has ended.

ACCESS TO YOUR INFORMATION

Right to access

GDPR Article 15: You have the right to obtain a confirmation from us as to whether or not personal data concerning you are being processed, including information on the purpose, categories, recipients, and time of storage of the processing.

Right to rectification

GDPR Article 16: If you figure out that the data that is being processed about you is inaccurate or incomplete, you have the right to get that data rectified.

Right to erasure and restriction of processing

GDPR Article 17: You have the right to get your personal data erased if the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed.

Right to restriction of processing

GDPR Article 18: You have the right to restrict the processing of your personal data if it is (i) inaccurate; (ii) unlawful; (iii) the purpose of the processing has changed; or (iv) you have objected to the processing according to Article 21.

Right to data portability

GDPR Article 20: You have the right to receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format. You can also request that we transmit your data to another party.

Right to object

GDPR Article 21: You have the right to object to the processing of your personal data if it is being used for profiling or direct marketing purposes.

CONTACT INFORMATION, REQUESTS & COMPLAINTS

If you want to exercise any of your above rights, please contact us:

Vutal Inc.
Email: legal@vutal.com

For EU/EEA Residents

If you are located in the European Union or European Economic Area and believe that your personal data has been processed in a way that does not meet the requirements of the GDPR, you have the right to lodge a complaint with your local data protection supervisory authority.

You can find your local supervisory authority contact information at: European Data Protection Board - List of Supervisory Authorities

For US Residents

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA). For questions about your privacy rights or to exercise your rights, please contact us at legal@vutal.com.