Privacy notice - professional services

Vantage Metrics customer privacy notice. This privacy notice explains what to expect us to do with your personal information.

Last updated: March 2026

Contact details

Email: hello@vantagemetrics.co.uk

ICO registration number: 00013303254

What information we collect, use, and why

We collect or use the following information to provide and improve products and services for clients:

• Names and contact details
• Addresses
• Payment details (including card or bank information for transfers and direct debits)
• Transaction data (including details about payments to and from you and details of products and services you have purchased)
• Usage data (including information about how you interact with and use our website, products and services)

We collect or use the following personal information for the operation of client or customer accounts:

• Names and contact details
• Addresses
• Purchase or service history
• Account information, including registration details
• Marketing preferences

We collect or use the following personal information for information updates or marketing purposes:

• Names and contact details
• Marketing preferences

We collect or use the following personal information to comply with legal requirements:

• Name
• Contact information
• Client account information

We collect or use the following personal information for dealing with queries, complaints or claims:

• Names and contact details
• Addresses
• Account information
• Purchase or service history
• Correspondence

Lawful bases and data protection rights

Under UK data protection law, we must have a lawful basis for collecting and using your personal information. Which lawful basis we rely on may affect your data protection rights.

You can find out more about lawful bases, your rights, and exemptions on the ICO website.

• Your right of access
• Your right to rectification
• Your right to erasure
• Your right to restriction of processing
• Your right to object to processing
• Your right to data portability
• Your right to withdraw consent (where consent is used as the lawful basis)

If you make a request, we must respond without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details above.

Our lawful bases for collection and use

To provide and improve products and services for clients:

• Contract: We have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
• Legitimate interests: We collect client names, contact details, and site information to install, configure, and maintain wireless environmental monitoring systems in laboratories; respond to sensor alerts; schedule maintenance visits; and communicate service updates. This supports continuous protection of environment-sensitive research materials and equipment. Risk is minimal because we collect basic business contact details in a work capacity and do not share this data with third parties. All of your data protection rights may apply, except the right to portability.

For operation of client or customer accounts:

• Contract: We have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

For information updates or marketing purposes:

• Consent: We have permission from you after providing relevant information. All of your data protection rights may apply, except the right to object. You can withdraw your consent at any time.
• Legitimate interests: We use client contact details to send service-related updates such as sensor alerts, system status notifications, and maintenance schedules. We may also send occasional information about new monitoring capabilities or service improvements relevant to an existing setup. Risk is minimal because communications are sent to professional contacts in a work capacity, are service-relevant, and non-essential updates can be opted out of. All of your data protection rights may apply, except the right to portability.

To comply with legal requirements:

• Legal obligation: We have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object, and the right to data portability.

For dealing with queries, complaints or claims:

• Contract: We have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
• Legitimate interests: We retain client contact details, account information, and service history to respond to queries, investigate complaints, and resolve claims related to our monitoring service. This supports accurate, timely responses and fair outcomes, and helps identify recurring issues. Risk is minimal because data access is limited to relevant staff for specific cases, is not shared unless legally required, and is retained only as long as necessary. All of your data protection rights may apply, except the right to portability.

For more information on our use of legitimate interests as a lawful basis, please contact us using the details above.

Where we get personal information from

• Directly from you

How long we keep information

We retain client personal information for the duration of the service contract and for 6 years after the contract ends, in line with HMRC record-keeping requirements and the UK limitation period for contractual claims. After this period, personal information is securely deleted.

Financial records, including invoices, payment records, and expense documentation, are retained for 6 years from the end of the relevant tax year as required by law.

Email correspondence is retained for 2 years after the contract ends unless it relates to a complaint or claim, in which case it is retained for 6 years.

Sensor monitoring data (temperature readings and door events) is retained on the relevant monitoring platform for the duration of the service contract and deleted within 30 days of the contract ending.

Who we share information with

Data processors

Others we share personal information with

• Insurance companies, brokers or other intermediaries
• Organisations we are legally obliged to share personal information with

Sharing information outside the UK

Where necessary, we may transfer personal information outside of the UK. When doing so, we comply with UK GDPR and ensure appropriate safeguards are in place.

For further information, or to obtain a copy of the relevant safeguard, please contact us using the contact details above.

• Organisation: Monnit Corporation (United States) - Cloud-based environmental monitoring platform provider - transfer basis: appropriate safeguards under UK GDPR, including the UK Addendum to the EU Standard Contractual Clauses, where applicable.
• Organisation: Google LLC (United States) - Email and cloud productivity services provider - transfer basis: UK adequacy regulations / UK data bridge.

Where necessary, our data processors may also transfer personal information outside the UK in compliance with UK GDPR and with appropriate safeguards.

How to complain

If you have concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this notice.

If you remain unhappy after raising a complaint with us, you can also complain to the ICO.

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint