Last Updated: 05 December 2025
1. Introduction
Vidatum Ltd (“we,” “our,” or “us”) respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you interact with our enterprise research management platform (the “Platform”) and our website (the “Site”).
This is a business-to-business (B2B) service provided to universities and research institutions (“Client Institutions”). The primary data we process relates to institutional users and their research administration activities.
2. Data Controller
Vidatum Ltd
Unit 7 The Anchorage
Ringsend Road
Dublin 4
Ireland
D04 T9V6
Data Protection Officer: privacy@vidatum.com
3. Information We Collect
3.1 Data Provided by Client Institutions
- Institutional Account Data: Name of institution, department, billing address, and administrative contact details.
- User Account Data: Names, institutional email addresses, job titles, department affiliations, and role-based permissions for Platform users (e.g., researchers, principal investigators, administrators).
- Research Administration Data: Information input into the Platform to manage the research lifecycle, including project proposals, award details, ethics applications, timesheet entries, and compliance documentation.
3.2 Data Collected via Our Website
- Enquiry Data: Name, email address, institution, job title, and message content submitted via “Arrange a call” or contact forms.
- Usage Data: Anonymous, aggregated data on website usage collected via cookies.
3.3 We Do Not Collect
We do not intentionally collect “special category” personal data via our public Site. Any such data processed within the Platform is done so under the explicit instruction and control of our Client Institution, who acts as the data controller for that content.
4. How We Use Your Information
| Purpose of Processing | Categories of Data | Legal Basis (GDPR) |
|---|---|---|
| To provide and operate the Platform under contract | Institutional & User Account Data, Research Admin Data | Performance of a Contract |
| To manage our client relationship (support, billing, notifications) | Institutional & User Account Data | Legitimate Interests / Performance of a Contract |
| To respond to website enquiries and arrange demonstrations | Enquiry Data | Legitimate Interests |
| To improve and secure our Site and Services | Aggregated, anonymised Usage Data | Legitimate Interests |
| To comply with legal and regulatory obligations | Relevant data as required | Legal Obligation |
5. Data Sharing and Transfers
We may share data with the following categories of third-party service providers who support our operations under strict contractual safeguards:
- Cloud Infrastructure Providers: Hosting services for the Platform and website.
- Business Support Services: Email communication and customer support tools.
- Professional Advisers: Accountants and lawyers as necessary.
International Transfers: We do not routinely transfer personal data outside the EU/EEA. If any sub-processor requires such a transfer, it will be protected by Standard Contractual Clauses (SCCs) or an equivalent adequacy mechanism.
We will never sell your personal data.
6. Data Security
We implement appropriate technical and organisational measures to protect data against unauthorised access, alteration, disclosure, or destruction. These include encryption, access controls, and regular security assessments.
7. Data Retention
- Client Institution Data: Retained for the duration of the contract and for a period thereafter as required for legal, financial, and audit purposes (typically 7 years), or as specified in our data processing agreement.
- Website Enquiry Data: Retained for 24 months to facilitate follow-up, unless a longer relationship is established.
- Platform User Data: Managed in accordance with the instructions of the Client Institution.
8. Your Rights (Individuals within the EEA/UK)
Under data protection law, you have rights including access, rectification, erasure, restriction, portability, and objection.
How to Exercise These Rights: If you are a user of our Platform through a Client Institution, please direct your request to your institution’s administrator in the first instance. For data collected directly via our Site, you can contact us using the details in Section 11.
9. Client Institution Responsibilities
Client Institutions are the data controller for the personal data of their users and the research data they input into the Platform. Institutions are responsible for ensuring they have a lawful basis for processing and for executing a Data Processing Agreement (DPA) with Vidatum.
10. Changes to This Policy
We may update this policy periodically. The “Last Updated” date will indicate when changes were made. We will notify Client Institutions of any material changes via email or through the Platform.
11. Contact Us
For any questions about this Privacy Policy or to exercise your data protection rights, please contact:
Data Protection Officer
Vidatum Ltd
Unit 7 The Anchorage, Ringsend Road, Dublin 4, Ireland D04 T9V6
Email: privacy@vidatum.com
If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Commission (www.dataprotection.ie).
