GDPR Compliance

Commitment to General Data Protection Regulation (GDPR)

At Viewlix, we are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we have updated and expanded this program to meet the demands of the GDPR and the UK's Data Protection Act 2018.

Information We Collect

Under GDPR, we ensure that we collect and process data lawfully, fairly, and transparently. We collect the following types of personal data:

• Identity Data: Includes first name, last name, username, or similar identifier.
• Contact Data: Includes billing address, email address, and telephone numbers.
• Technical Data: Includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, and operating system and platform.
• Transaction Data: Includes details about payments to and from you and other details of products and services you have purchased from us.

Your Rights Under GDPR

If you are a resident of the European Economic Area (EEA) or the United Kingdom, you have the following data protection rights:

• The right to access: You have the right to request copies of your personal data.
• The right to rectification: You have the right to request that we correct any information you believe is inaccurate.
• The right to erasure: You have the right to request that we erase your personal data, under certain conditions ("Right to be forgotten").
• The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
• The right to object to processing: You have the right to object to our processing of your personal data, under certain conditions.
• The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

Legal Bases for Processing

Under Article 6 of the UK GDPR we must have a lawful basis for each category of processing. We rely on the following:

• Contract (Art. 6(1)(b)) — for processing strictly required to deliver the service you have purchased: account provisioning, credential issuance, billing, support correspondence, fraud prevention on the account itself.
• Legal obligation (Art. 6(1)(c)) — for retaining billing and tax records under HMRC rules, responding to lawful regulatory or law-enforcement requests, and complying with our DMCA repeat-infringer record-keeping obligations.
• Legitimate interest (Art. 6(1)(f)) — for narrowly-scoped processing where your fundamental rights are not overridden: aggregate service-quality telemetry (web vitals), security logging, and minimal customer-relationship analytics. Where we rely on legitimate interest, we have completed a written balancing test and you have the right to object at any time.
• Consent (Art. 6(1)(a)) — for any optional processing: analytics cookies (Google Analytics 4), marketing email opt-in, and any feature you actively choose to enable. Consent can be withdrawn at any time without penalty by following the link in any marketing email or by contacting our data team.

International Transfers

Where personal data leaves the United Kingdom or European Economic Area — for example to processors operating servers in the United States — we ensure each transfer is covered by an adequate safeguard. As of the most recent review of this page, our active safeguards are: the UK Government’s adequacy decision for the United States (UK Extension to the EU-US Data Privacy Framework) where the recipient is certified; the EU Standard Contractual Clauses (2021 modules) layered with the UK Addendum where the recipient is not framework-certified; and Binding Corporate Rules where the recipient operates under approved BCRs. A current list of our processors and the safeguard that applies to each is available on request.

Data Security & Retention

We take the security of your data seriously. We have implemented appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These include TLS 1.2+ encryption for all traffic, hashed password storage with modern algorithms, role-based access to admin systems with audit logging, and quarterly review of access lists. We retain your personal data only for as long as is necessary to fulfill the purposes for which we collected it: active-account data for the lifetime of the subscription, billing records for 6 years to satisfy HMRC requirements, support correspondence for 12 months, and rotating server traffic logs for 30 days.

How to Exercise Your Rights

Send a written request — email is fine — to our data team at with the subject line “GDPR Request” and the email address used at sign-up. To prevent identity-based fraud, we may ask you for a single additional verification step (typically a confirmation reply from the registered email address). We respond within one calendar month, free of charge. The maximum response window can be extended by a further two months for complex or high-volume requests; if that applies to your case we will tell you within the first month with reasons.

If you are not satisfied with our response, you have the right to lodge a complaint with the supervisory authority in your country of residence. In the United Kingdom this is the Information Commissioner’s Office (ICO) — ico.org.uk or 0303 123 1113. In the European Economic Area, your national data-protection authority is listed on the European Data Protection Board website.

Cookies & Tracking Technologies

Our cookie practice is described in detail in our Privacy Policy. In summary: strictly-necessary cookies (session, cart, anti-CSRF) are set without consent because the service cannot function without them; functional cookies (language, currency) and analytics cookies (Google Analytics 4) are only set after you accept them via the cookie banner. We do not use advertising cookies, retargeting pixels, or social-media trackers.

Contact Us

If you wish to exercise any of the rights set out above, or if you have any questions about this GDPR Compliance statement, please contact our Data Protection Team at or via our Contact Page.