Privacy Policy
This policy explains how The Viral Group collects, uses, stores and protects your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Contents
01 Who We Are
The Viral Group Ltd (“we”, “us”, “our”) is the data controller responsible for your personal data collected through our websites theviralgroup.co.uk and theviral.group.
We are a UK-based media publisher and marketing agency. Our registered company details are available upon request by contacting us at the address below.
Data Controller: The Viral Group Ltd
Company No.: 12295038
ICO Registration No.: ZA900061
Contact: enquiries@theviralgroup.co.uk
We are registered with the Information Commissioner’s Office (ICO) under registration number ZA900061. If you have any concerns about how we handle your data, you have the right to contact the ICO directly (see Section 13).
02 Data We Collect
Information You Provide Directly
When you complete a contact form, enquiry form, or audit request on our websites, we may collect:
- First name and last name
- Email address
- Phone number (optional)
- Business or brand name
- Type of enquiry
- Message content
- Any other information you choose to provide
Information Collected Automatically
When you visit our websites, we automatically collect certain technical information, including:
- IP address and approximate geographic location
- Browser type and version
- Device type and operating system
- Pages visited, time on site, and referral source
- Cookie data (where you have consented — see Section 5)
Information from Third Parties
We may receive information about you from third-party platforms such as LinkedIn, Facebook, or Instagram if you interact with our business pages or advertising on those platforms, subject to their own privacy policies.
03 How We Use Your Data
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Responding to your enquiry or contact form submission | Name, email, phone, message | Legitimate interests / Contract |
| Managing our CRM and client relationships | Contact details, enquiry type | Legitimate interests |
| Sending follow-up communications about our services | Name, email | Consent / Legitimate interests |
| Processing Everywhere Score / Audit requests | Business details, contact info | Consent / Contract |
| Analysing website traffic and improving our services | Analytics data (anonymised) | Consent (where cookies used) |
| Legal compliance and record keeping | All relevant data | Legal obligation |
| Fraud prevention and security | Technical / IP data | Legitimate interests |
We will never sell your personal data to third parties. We will never use your data for automated decision-making that produces legal or similarly significant effects without your explicit consent.
04 Legal Basis for Processing
Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following:
- Consent — where you have actively opted in, such as subscribing to communications or accepting analytics cookies.
- Legitimate Interests — where processing is necessary for our legitimate business interests, such as responding to enquiries, fraud prevention, and CRM management, provided these interests are not overridden by your rights.
- Contract — where processing is necessary to fulfil a contract with you or take pre-contractual steps at your request.
- Legal Obligation — where we are required to process data to comply with applicable law.
05 Cookies & Tracking
We use cookies and similar tracking technologies on our websites. A cookie is a small text file placed on your device. You can control cookies through our consent banner when you first visit the site, and update your preferences at any time.
Essential Cookies
These are strictly necessary for the website to function and cannot be disabled. They do not track you for marketing purposes.
Analytics Cookies
With your consent, we use Google Analytics 4 (GA4) to understand how visitors use our websites. This includes pages visited, time on site, and traffic sources. GA4 data is pseudonymised and we do not share it with third parties for their own purposes.
Marketing Cookies
We may use cookies from platforms such as Facebook (Meta Pixel) and Google to measure the effectiveness of advertising campaigns. These are only activated with your explicit consent.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| _ga, _ga_* | Google Analytics | Analytics — distinguishes users | 2 years |
| _gid | Google Analytics | Analytics — distinguishes users | 24 hours |
| tvg_cookie_consent | The Viral Group | Stores your cookie preferences | 1 year |
You can also manage cookies in your browser settings. Note that disabling cookies may affect website functionality. For more information, visit aboutcookies.org.
06 Third-Party Services
We use the following third-party services which may process your personal data on our behalf as data processors:
| Service | Provider | Purpose | Location |
|---|---|---|---|
| CRM / Contact Management | GoHighLevel (HighLevel Inc.) | Storing and managing contact enquiries, email and SMS communications | USA (SCCs) |
| Website Analytics | Google Analytics (Google LLC) | Traffic and behaviour analytics | USA (SCCs) |
| Website Hosting | Various (WordPress / Krystal) | Hosting our website infrastructure | UK / EU |
| Email Service | Google Workspace | Business email communications | USA (SCCs) |
| Font Delivery | Google Fonts | Loading web fonts | USA (SCCs) |
“SCCs” refers to Standard Contractual Clauses — the legal mechanism used to lawfully transfer data outside the UK/EEA under UK GDPR. We ensure all processors operate under appropriate data processing agreements.
We do not allow third-party processors to use your data for their own purposes beyond the services they provide to us.
07 Data Retention
We retain personal data only for as long as necessary for the purposes it was collected, or as required by law:
- Contact enquiries — retained for up to 3 years from last contact, then securely deleted unless a contract relationship has developed.
- Client records — retained for 7 years from the end of the contract in accordance with HMRC requirements.
- Analytics data — retained for 14 months within Google Analytics (our configured retention period), then automatically deleted.
- Cookie consent records — retained for 1 year.
- Marketing communications — retained until you unsubscribe or withdraw consent.
You may request deletion of your data at any time (see Section 8).
08 Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
- Right of Access — request a copy of the personal data we hold about you (Subject Access Request).
- Right to Rectification — request correction of inaccurate or incomplete data.
- Right to Erasure — request deletion of your data where there is no compelling reason to continue processing it.
- Right to Restrict Processing — request that we limit how we use your data in certain circumstances.
- Right to Data Portability — request a copy of data you provided in a structured, machine-readable format.
- Right to Object — object to processing based on legitimate interests or for direct marketing.
- Right to Withdraw Consent — where processing is based on consent, withdraw it at any time without affecting prior processing.
- Rights related to automated decision-making — not to be subject to solely automated decisions that have significant effects on you.
To exercise any of these rights, contact us at enquiries@theviralgroup.co.uk with the subject line “Data Rights Request”. We will respond within 30 days. We may need to verify your identity before processing your request.
09 Data Security
We implement appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, alteration, or disclosure. These include:
- Encrypted data transmission (HTTPS/TLS) across all our websites
- Access controls limiting staff access to personal data on a need-to-know basis
- Use of reputable, security-certified third-party processors
- Regular review of our data processing practices
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform affected individuals without undue delay where required.
10 International Transfers
Some of our third-party processors are based outside the UK, primarily in the United States. We ensure appropriate safeguards are in place for any such transfers, including Standard Contractual Clauses (SCCs) approved by the ICO, or transfers to countries with an adequacy decision.
You can obtain details of the safeguards we rely on by contacting us at enquiries@theviralgroup.co.uk.
11 Children’s Privacy
Our websites and services are not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it promptly.
12 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post the updated policy on this page with a revised “Last Updated” date. For significant changes, we will take reasonable steps to notify you.
We encourage you to review this policy periodically.
13 Contact & Complaints
If you have questions, concerns, or wish to exercise your rights, please contact us:
The Viral Group Ltd
Company No. 12295038 · ICO Reg. ZA900061
Email: enquiries@theviralgroup.co.uk
Website: www.theviralgroup.co.uk
If you are unhappy with how we have handled your data or your rights request, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
- Website: ico.org.uk
- Helpline: 0303 123 1113
- Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
We would always appreciate the opportunity to address your concerns before you contact the ICO.