Who we are

Neural Vibe Ltd is a UK-based advisory and compliance partner for health technology, medical technology, healthcare AI, digital health and regulated medical software. For the purposes of UK data protection law, Neural Vibe Ltd is the controller for the personal data described in this policy unless we tell you otherwise.

  • Organisation: Neural Vibe Ltd.
  • Privacy contact: dpo@neuralvibe.io.
  • General contact: hello@neuralvibe.io.
  • Location: United Kingdom, working with clients globally.

If we process personal data on behalf of a client as part of a specific engagement, the relevant contract or data processing terms may set out additional details about roles, responsibilities and instructions.

Personal data we collect

The personal data we collect depends on how you interact with us. We only ask for information that is relevant to the relationship, enquiry or service being provided.

  • Identity and contact data: name, job title, organisation, email address, phone number and business contact details.
  • Enquiry and relationship data: messages, call notes, meeting notes, preferences, follow-up actions and correspondence.
  • Client and project data: information you provide about your product, service, organisation, regulatory questions, target markets, assurance needs or deployment context.
  • Commercial and billing data: proposal details, contract records, invoices, payment status and related administration.
  • Website and technical data: IP address, device, browser, usage, security and diagnostic information generated when you use the website.
  • Marketing preference data: your preferences about receiving updates or being contacted, where applicable.

We do not ask website users to provide special category data. If a client engagement could involve health, clinical, workforce or other sensitive information, the scope, safeguards and data protection roles should be agreed before that work begins.

How we use personal data

We use personal data for ordinary business, advisory, client relationship, security and legal purposes. We do not sell personal data.

  • To respond to enquiries and arrange discovery calls or meetings.
  • To assess whether Neural Vibe can help with a product, service, assurance or compliance question.
  • To prepare proposals, statements of work, contracts and engagement materials.
  • To deliver advisory services and manage client workstreams.
  • To coordinate trusted specialists where this is needed for an agreed engagement.
  • To manage billing, accounting, record keeping and business administration.
  • To protect the website, systems, confidential information and business operations.
  • To comply with legal, regulatory, tax, accounting and professional obligations.
  • To improve our services, content, processes and client communications.

Where a client engagement involves confidential product, clinical, technical, regulatory or organisational information, that information is handled for the purpose of delivering the agreed advisory work and managing the relationship.

Lawful bases

UK GDPR requires us to have a lawful basis for processing personal data. The lawful basis depends on the purpose and context.

  • Contract: where processing is necessary to provide services, manage a client engagement or take steps before entering into a contract.
  • Legitimate interests: where we manage enquiries, relationships, business development, service delivery, specialist coordination, website security and ordinary business administration, provided those interests are not overridden by your rights and freedoms.
  • Legal obligation: where we need to keep records or comply with legal, tax, accounting, regulatory or other obligations.
  • Consent: where we specifically ask for consent, for example for certain optional communications or activities.

Where special category data is ever processed as part of a client matter, the relevant UK GDPR condition, purpose limitation, safeguards and contractual arrangements should be agreed before that work begins.

Sharing personal data

We share personal data only where this is necessary, proportionate and connected to the purposes described in this policy.

  • IT, hosting, email, calendar, productivity, file storage and security service providers.
  • Finance, accounting, legal, insurance and professional advisers.
  • Trusted specialist partners where they are needed for an agreed client engagement.
  • Public authorities, regulators, courts or other third parties where required by law.
  • A successor organisation if Neural Vibe Ltd is involved in a reorganisation, merger, sale or transfer of business assets.

Where third parties process personal data for us, we expect appropriate confidentiality, security and data protection controls to be in place. We do not sell personal data.

International transfers

Neural Vibe is based in the UK but may work with clients, service providers or specialist partners in other countries. Some providers may process personal data outside the UK.

Where personal data is transferred internationally, we will take steps designed to ensure it remains protected in line with UK data protection requirements. This may include relying on adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to EU Standard Contractual Clauses, or another appropriate safeguard where required.

How long we keep data

We keep personal data only for as long as reasonably necessary for the purposes described in this policy. Retention periods vary depending on the type of information and the context in which it was collected.

  • Enquiry records are kept for as long as needed to respond and manage follow-up.
  • Client and project records are kept for the duration of the engagement and for a reasonable period afterwards for legal, audit, insurance, quality and professional record purposes.
  • Financial and accounting records are usually kept for the period required by tax and accounting law.
  • Website and security records are kept for a period appropriate to security, troubleshooting and operational needs.
  • Marketing preference records may be kept to respect opt-outs and communication choices.

When data is no longer needed, we will delete, anonymise or securely archive it where appropriate.

Your rights

Under UK data protection law, you have rights in relation to your personal data. These rights are not always absolute and may depend on the circumstances, the lawful basis for processing and any legal obligations that apply.

  • Right of access: you can ask for a copy of the personal data we hold about you.
  • Right to rectification: you can ask us to correct inaccurate or incomplete personal data.
  • Right to erasure: you can ask us to delete personal data in certain circumstances.
  • Right to restrict processing: you can ask us to limit how we use personal data in certain circumstances.
  • Right to object: you can object to processing based on legitimate interests or direct marketing.
  • Right to data portability: you can ask to receive certain personal data in a structured, commonly used and machine-readable format.
  • Right to withdraw consent: where we rely on consent, you can withdraw it at any time.
  • Rights related to automated decision-making: you have rights where decisions are made solely by automated means and have legal or similarly significant effects. Neural Vibe does not use website enquiry data for solely automated decisions of this kind.

To exercise your rights, contact dpo@neuralvibe.io. We may need to verify your identity before responding. We aim to respond within the time required by UK data protection law.

Security

We use proportionate organisational and technical measures designed to protect personal data against unauthorised access, loss, misuse, alteration or disclosure.

  • Access controls and least-privilege access where appropriate.
  • Use of reputable cloud, email, productivity and hosting providers.
  • Confidentiality expectations for people and partners involved in client work.
  • Reasonable care when storing, sharing and transmitting client information.
  • Review of security and data protection requirements where a client engagement involves sensitive or regulated information.

No system can be made completely secure, but we take data protection and confidentiality seriously because our work often involves sensitive commercial, technical, clinical, regulatory and organisational information.

Complaints

If you have concerns about how we use personal data, please contact us first at dpo@neuralvibe.io so we can try to resolve the issue.

You also have the right to complain to the UK Information Commissioner’s Office. The ICO website is ico.org.uk and the ICO can be contacted for guidance about data protection rights and complaints.

Changes to this policy

We may update this privacy policy from time to time to reflect changes in our services, legal requirements, technology or business operations. The latest version will be published on this page with an updated date.

Contact us

For privacy queries, rights requests or data protection concerns, email dpo@neuralvibe.io. For general enquiries, use the contact page.