Privacy & Cookie Policy.

VEM (Version Equipment Manager) provides a configuration and version-control platform for industrial operations, together with the informational website at getvem.com.

VEM acts as the data controller for personal data processed via this website and the VEM platform.

Contact: support@getvem.com.

This policy covers personal data processed when you:

• Visit getvem.com or any subdomain we operate.
• Contact us via forms, email or other channels listed on the site.
• Use the VEM platform under an active customer or evaluation agreement.
• Interact with us at events, demonstrations or in commercial discussions.

We collect only the data we need for clearly defined purposes. Categories include:

• Identity & contact data — name, work email, company, role, phone number where you provide it.
• Communication data — the content of messages, enquiries, demo requests and meeting notes.
• Account & platform data — credentials, configuration baselines, comparison and monitoring records you create inside VEM.
• Technical data — IP address, device and browser type, timezone, referrer, pages viewed, and basic diagnostic logs.
• Cookie & analytics data — see the Cookie Policy below.

We use personal data to:

• Respond to enquiries and provide requested information, demos and proposals.
• Deliver, secure, maintain and improve the VEM platform.
• Meet contractual, regulatory and audit obligations.
• Detect and prevent fraud, abuse and security incidents.
• Communicate about product updates and service-related notices.
• Aggregate and anonymise usage data to understand how the platform is used.

Where the GDPR or UK GDPR applies, we rely on the following legal bases depending on the activity:

• Contract — to deliver the services you or your organisation has engaged us for.
• Legitimate interests — to run, secure and develop our business, where not overridden by your rights.
• Consent — for non-essential cookies, marketing communications and similar activities where consent is required.
• Legal obligation — to comply with applicable law, regulation or lawful requests from authorities.

We share personal data only where necessary, and only with parties under appropriate confidentiality and data-protection obligations:

• Service providers acting as processors on our behalf — hosting, infrastructure, analytics, error monitoring, email delivery, customer support and CRM.
• Professional advisors — auditors, lawyers and accountants under duties of confidentiality.
• Authorities — where required by law, court order, or to protect rights, safety and security.
• Successors — in connection with a merger, acquisition, financing or reorganisation, subject to equivalent protections.

VEM uses a limited number of vetted subprocessors to operate the platform — typically cloud hosting, transactional email, error monitoring and analytics providers.

A current list of subprocessors is available on request to support@getvem.com.

We keep personal data only for as long as needed for the purpose it was collected, then delete or anonymise it. Typical retention windows:

• Sales and enquiry correspondence: up to 24 months from the last interaction.
• Customer account and platform data: for the duration of the agreement, plus the period required by law or for legitimate business records.
• Security and diagnostic logs: typically 30–90 days, longer where required for incident investigation.
• Backups: rolled forward and overwritten on the cycle defined in the relevant service description.

VEM and its subprocessors may process personal data in jurisdictions outside your own. Where personal data is transferred from the EEA, the UK or Switzerland to a third country without an adequacy decision, we use appropriate safeguards — typically the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum, supplemented by additional technical and organisational measures where required.

We apply industry-standard technical and organisational measures to protect personal data, including access controls, role separation, encryption in transit, secrets management, change logging and continuous configuration monitoring (the same primitives VEM provides to its customers).

No system is perfectly secure. If you believe you have discovered a vulnerability, please contact security@getvem.com.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Delete data, where there is no overriding legal basis to keep it.
• Restrict or object to certain processing.
• Receive a portable copy of data you provided.
• Withdraw consent at any time, where processing is based on consent.
• Lodge a complaint with your local data-protection authority.

To exercise any of these rights, contact privacy@getvem.com. We may need to verify your identity before responding.

The VEM website and platform are intended for business users. We do not knowingly collect personal data from children under 16.

We may update this policy from time to time. Material changes will be highlighted on this page with a new effective date. Continued use of the site or the VEM platform after an update constitutes acceptance of the revised policy.