Privacy Policy

1. Who We Are

VerityNodes Ltd is a company registered in England and Wales. We provide regulatory intelligence, compliance gap analysis, and clinical evidence documentation services to medical device manufacturers. Our registered address and contact details are set out at the end of this policy.

VerityNodes Ltd is the data controller for personal data collected through this website and in the course of our service engagements. We are subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data We Collect

Information you provide directly

When you complete an enquiry form, download a free resource, or contact us by email, we collect:

• Contact information — your full name and work email address
• Company information — company name and country of operation
• Device information — device classification and target regulatory markets you provide in our forms
• Correspondence — the content of any messages you send us

Information collected automatically

When you visit veritynodes.ai we may collect standard technical data including your IP address, browser type, pages visited, and time spent on pages. This data is collected in aggregate and is not used to identify you individually unless you have also submitted a form on the site.

3. How We Use Your Data

We use personal data collected through this website for the following purposes:

• Responding to enquiries — to contact you in response to a form submission or email
• Delivering free resources — to send you downloadable content you have requested such as our EU MDR Readiness Checklist
• Service delivery — where you become a client, to deliver the regulatory intelligence or documentation services you have engaged us for
• Marketing communications — with your consent, to send you regulatory intelligence updates, new guides, and information about our services. You can withdraw consent at any time using the unsubscribe link in any email we send
• Improving our website — to understand how visitors use veritynodes.ai and improve its content and usability

4. Legal Basis for Processing

Under UK GDPR, we rely on the following legal bases for processing personal data:

• Legitimate interests (Article 6(1)(f)) — for responding to enquiries and delivering services you have requested
• Contract performance (Article 6(1)(b)) — for processing data necessary to deliver services under an engagement agreement
• Consent (Article 6(1)(a)) — for sending marketing communications. You may withdraw consent at any time
• Legal obligation (Article 6(1)(c)) — where we are required to retain records by law

5. Data Sharing

We do not sell, rent, or trade your personal data. We may share data with the following categories of third party only where necessary to operate our services:

• Email service providers — to send transactional and marketing emails (e.g. Mailchimp or similar). These providers act as data processors under our instruction
• Form processing services — our website enquiry forms may be processed by a third-party form handler (e.g. Netlify Forms or Formspree) solely for the purpose of delivering submissions to us
• Cloud storage — client documents shared with us for service delivery are stored in access-controlled cloud storage and deleted within 30 days of project completion
• Legal requirement — we may disclose data if required to do so by law or in response to a valid request from a public authority

All third-party processors we use are subject to data processing agreements and are required to maintain appropriate technical and organisational security measures.

6. Data Retention

We retain personal data only for as long as necessary for the purpose for which it was collected:

• Enquiry data — retained for 12 months from the date of enquiry if no engagement follows
• Client engagement data — retained for 6 years from the end of the engagement in compliance with UK financial record-keeping requirements
• Marketing consent data — retained until you withdraw consent or unsubscribe
• Technical/website data — aggregated analytics data retained for up to 24 months

7. Your Rights

Under UK GDPR you have the following rights regarding your personal data:

• Right of access — to request a copy of the personal data we hold about you
• Right to rectification — to request correction of inaccurate data
• Right to erasure — to request deletion of your data in certain circumstances
• Right to restrict processing — to request that we limit how we use your data
• Right to data portability — to receive your data in a machine-readable format
• Right to object — to object to processing based on legitimate interests
• Right to withdraw consent — where processing is based on consent, to withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

Our website uses cookies — small text files stored on your device — for the following purposes:

• Strictly necessary cookies — required for the website to function. These cannot be disabled
• Analytics cookies — if we use website analytics, these help us understand how visitors interact with the site. We use these only with your consent

You can control cookie preferences through the cookie consent banner displayed when you first visit the site, or through your browser settings. Disabling cookies may affect certain website functionality.

9. Contact Us

If you have any questions about this privacy policy or how we handle your personal data, please contact us:

This policy was last reviewed in April 2025. We may update it from time to time to reflect changes in our practices or legal requirements. The current version is always available at veritynodes.ai/privacy.