top of page

Privacy Policy

We’re committed to protecting your data. Our Privacy Policy provides details information.

Effective Date: November 20, 2024


At Virtual GRC Inc. ("Virtual GRC," "we," "our," or "us"), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you interact with our Site, services, and platform.

By using our Site or services, you agree to the collection and use of your information in accordance with this Privacy Policy.


1. Scope of This Policy

This Policy applies to:

  • Visitors and users of our Site, including www.VirtualGRC.com and related platforms.

  • Customers and individuals using our services and software solutions.

  • Individuals interacting with our sales, support, or marketing teams.

This Policy does not apply to employment-related data or information collected on behalf of our customers under separate agreements.


2. Information We Collect

We collect the following types of personal information:


2.1. Information You Provide

  • Contact details (e.g., name, email address, phone number).

  • Account information (e.g., username, password).

  • Payment information (e.g., billing details for subscriptions).

  • Feedback and communication (e.g., emails or support requests).

2.2. Automatically Collected Information

  • Device Data: IP address, browser type, operating system.

  • Usage Data: Pages visited, time spent on the Site, and actions taken.

  • Cookies and Tracking Technologies: Data collected via cookies, web beacons, and similar tools (see our Cookie Policy).

2.3. Third-Party Sources

We may obtain personal information from:

  • Public databases.

  • Marketing and business partners.

  • Social media platforms.

3. How We Use Your Information

We use personal information for the following purposes:

  1. Service Delivery: To provide, maintain, and enhance our services and solutions.

  2. Customer Support: To respond to inquiries and resolve issues.

  3. Marketing and Communication: To send promotional messages and newsletters (with an opt-out option).

  4. Compliance: To meet legal obligations and enforce our agreements.

  5. Security: To detect and prevent fraudulent or malicious activities.

4. Legal Bases for Processing

For users in the European Union and UK, we rely on the following legal bases under the GDPR:

  • Consent: When you explicitly consent to data collection and use.

  • Contractual Obligation: When data processing is necessary to perform a contract.

  • Legal Obligation: When required by law.

  • Legitimate Interests: For purposes like improving our services and ensuring security.

5. Sharing Your Information

We may share personal information with:

  1. Service Providers: Vendors assisting in operations like payment processing, hosting, and analytics.

  2. Affiliates: Companies within our corporate group for business purposes.

  3. Business Partners: Trusted partners involved in delivering our services.

  4. Authorities: Government agencies or law enforcement as required by law.

  5. Transfers: In connection with mergers, acquisitions, or asset sales.

6. International Data Transfers

For global operations, your personal data may be transferred to and processed in the United States and other countries. These transfers comply with:

  • GDPR: Standard Contractual Clauses (SCCs) for EEA/UK-to-U.S. transfers.

  • Other Regions: Similar safeguards under local laws.

By using our services, you consent to these transfers.


7. Your Privacy Rights


7.1. United States

  • California (CCPA/CPRA): Rights include access, deletion, correction, and opt-out of personal data sales.

  • Virginia (VCDPA) and Colorado (CPA): Similar rights for data portability, correction, and deletion.

7.2. European Union and UK (GDPR)

  • Right to Access: Request details of personal data processing.

  • Right to Rectification: Correct inaccurate data.

  • Right to Erasure: Request deletion of data.

  • Right to Restrict Processing: Limit data use under certain conditions.

  • Right to Data Portability: Receive data in a structured format.

  • Right to Object: Object to processing for legitimate interests or direct marketing.

7.3. Asia

  • PDPA (Singapore): Transparency and consent requirements for data use.

  • DPDP Bill (India): Rights include data correction, deletion, and withdrawal of consent.

To exercise your rights, contact us at contact@virtualgrc.com.


8. Retention of Information

We retain personal information as long as necessary to fulfill the purposes outlined in this Policy, including legal, regulatory, and operational needs.


9. Security

We implement technical and organizational measures to protect your data. While we prioritize security, no system is completely secure. Users must acknowledge inherent risks in online data transmission.


10. Cookies and Tracking

Our Site uses cookies and similar technologies to enhance user experience. For details, review our Cookie Policy.


11. Children's Privacy

Our services are not intended for children under 16. If you believe a child has provided us with personal information, contact us at contact@virtualgrc.com.


12. Updates to This Policy

We may revise this Policy to reflect changes in our practices, laws, or operational needs. Updates will be posted with a new Effective Date.


13. Contact Us

For questions or concerns about this Privacy Policy, contact us:

bottom of page