GDPR
GDPR Compliance
Transparency and trust are our foundation
Last updated: February 2026
At Viral-Impact LTD (“we”, “our”, or “us”), we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect personal data when you visit our website, contact us, or use our services. We operate in accordance with the UK GDPR, the EU General Data Protection Regulation (GDPR), and all other applicable data protection laws.
If you have any questions about this policy or how we handle your data, you can contact us at mak@viral-impact.com.
Lawful Basis & Source of Data
Viral Impact processes data strictly under the lawful bases defined by GDPR, including legitimate interest, consent, and legal obligation, depending on the context.
All datasets made available through our systems are compiled exclusively from publicly available sources where individuals or organizations have intentionally published their information for professional or business contact purposes (e.g. company websites, public profiles, business directories, or similar sources).
We confirm that:
We do not buy data
We do not use data brokers or resellers
We do not collect private, gated, or sensitive personal data
We do not scrape content behind logins, paywalls, or non-public systems
Publicly available contact data is processed only after internal checks, including:
Email verification
Domain validation
Contextual relevance checks
Data is used solely for informational, research, or operational purposes and is never repurposed for unsolicited or unlawful activity.
Data Processing, Storage & Security
Any personal data processed by Viral Impact is handled with strict technical and organizational safeguards in place.
This may include:
• Contact data submitted directly via email, forms, or chat
• Technical data such as IP address, browser type, and usage metadata
• Comments or feedback left on the website (including metadata for spam prevention)
All data is:
• Stored on GDPR-compliant infrastructure located in the UK and/or EU
• Encrypted at rest and in transit where appropriate
• Accessible only to authorized internal personnel
• Used only for defined, legitimate purposes
We do not sell, rent, or share personal data with third parties for marketing, advertising, or resale. Any third-party tools used (e.g. analytics or security services) operate under GDPR-compliant data processing agreements.
Your Rights as a Data Subject
Under GDPR, you retain full control over your personal data.
You have the right to:
• Request access to your personal data
• Request correction of inaccurate or outdated data
• Request deletion (“right to be forgotten”)
• Object to or restrict processing
• Request confirmation of data source and lawful basis
If your publicly available data appears in our systems and you wish it to be removed, no justification is required. Simply contact us at mak@viral-impact.com, and we will process your request promptly and in accordance with GDPR timelines.
We respond to all GDPR requests within 30 days, as required by law.
GDPR Compliance Summary
This summary explains how data is sourced, processed, stored, and controlled, and outlines your rights as a data subject.
Lawful Basis for Processing
All personal data processed by Viral Impact is handled under lawful bases defined by GDPR, primarily legitimate interest, consent, and legal obligation, depending on the context. We process only the minimum amount of data necessary and only for clearly defined purposes.
We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on individuals.
Source of Data
Any datasets processed or referenced by Viral Impact are collected exclusively from publicly available sources, where individuals or organizations have intentionally made their information public for professional or business contact purposes. Examples include company websites, public business directories, or professional profiles.
We confirm the following:
• We do not buy personal data
• We do not use data brokers or resellers
• We do not scrape private, gated, or non-public systems
• We do not collect sensitive personal data
Publicly available contact data is subject to internal quality and compliance checks, including email verification, domain validation, and contextual relevance screening.
Data Processing & Security
Personal data may be processed when you contact us, submit a request, leave a comment, or interact with our website. This may include contact details, technical metadata (such as IP address and browser type), and message content.
All data is protected using appropriate technical and organizational safeguards, including:
• Secure, GDPR-compliant infrastructure
• Encryption at rest and in transit where applicable
• Strict internal access controls
• Limited access by authorized personnel only
We do not sell, rent, or share personal data with third parties for marketing or advertising purposes. Any third-party services used for infrastructure, analytics, or security operate under GDPR-compliant data processing agreements.
Data Retention
Personal data is retained only for as long as necessary to fulfill its original purpose, comply with legal obligations, or maintain operational records. We regularly review retention practices to ensure compliance with GDPR’s data minimization and storage limitation principles.
Your Rights Under GDPR
As a data subject, you have full rights under GDPR. These include the right to:
• Access your personal data Privacy Policy
• Correct inaccurate or outdated information
• Request deletion of your data
• Object to or restrict processing
• Request confirmation of data source and lawful basis Terms of Service
If your publicly available data appears in our systems and you wish it to be removed, no justification is required. Requests can be made by emailing mak@viral-impact.com, and we will respond within 30 days, in accordance with GDPR requirements.
Contact
For any GDPR-related question, request, or concern, you can contact us directly at:
📧 mak@viral-impact.com
🏢 Viral-Impact LTD
📍 United Kingdom