Privacy Policy

Last updated: Monday 28th July, 2025

Who We Are

Legal entity: Store Trials Limited
Trading name: VST
Address: Work.Life Old Street, Rivington House, 82 Great Eastern Street, London, EC2A 3JF, United Kingdom
Email: security@storetrials.com
‍

VST is a B2B technology company helping CPG brands and retailers make smarter commercial decisions through virtual testing and planogram data solutions. We are the controller of your personal data unless otherwise stated in this policy.

Purpose of this Privacy Policy

This policy explains how and why we collect, use, and protect your personal data when you engage with us — for example, by visiting our website, downloading a report, requesting a demo, or using our platform. It also covers how we handle professional contact data used for prospecting.

Our services are not directed at children, and we do not knowingly collect data from anyone under 16.

What Information We Collect and Why

We collect personal information to support four key areas:

1. Providing and improving our services:

• Names and business contact details
  
• Company and role information

We use this to deliver services, offer support, and continue to improve the tools we provide to clients.

2. Operating client or customer accounts:

• Account registration and login credentials
  
• Role-based permissions and activity logs

This allows us to manage secure access, monitor platform usage, and personalise onboarding and support.

3. Marketing and information updates:

• Names, contact details, job titles, company info
  
• Preferences and engagement data

We use this to send relevant insights, product updates, and invites — only where appropriate and always with an opt-out.

4. Research and benchmarking (anonymised only):

We may process aggregated, anonymised usage data for research or product development purposes. All research participation is handled by third-party providers, and VST does not collect or store personal data from research participants.

We do not collect any special category or sensitive personal data.

Lawful Bases for Processing

We process personal data only where we have a valid lawful basis under UK GDPR. These include:

Consent

We rely on consent when you opt in to receive marketing emails or participate in specific activities. You can withdraw consent at any time.

Contract

We process your data when it’s required to enter into or fulfil a contract — for example, to create an account or deliver services to your organisation.

Legitimate Interest

We rely on legitimate interest for certain types of processing that are low-risk and expected in a B2B context, including:

• Sharing relevant insights, reports, or case studies with existing clients or contacts
  
• Using aggregated data to improve the platform or inform product development
  
• Enriching professional contact records using publicly available sources (e.g. LinkedIn)
  
• Monitoring platform login activity to improve security and onboarding
  
  

We always balance our business needs with your rights and provide clear ways to opt out of communications or object to processing.

Where We Get Personal Information From

We collect personal information:

• Directly from you (e.g. when filling in forms, emailing us, or using the platform)
  
• From professional tools and platforms such as HubSpot, LinkedIn Sales Navigator, and Lusha
  
• From publicly available sources like LinkedIn or Companies House
  
• Through aggregated usage analytics (via tools like Google Analytics)
  
  

How Long We Keep Your Data

We only keep personal data for as long as necessary. Our current retention approach is:

• Marketing and newsletter subscribers – up to 24 months from last engagement or opt-out
  
• Sales prospecting data – 24 months from last meaningful contact
  
• Client account and contract data – for the duration of the contract plus six years (legal requirement)
  
• Platform login and activity data – 12 months after the user’s last login
  
• Anonymised analytics – stored indefinitely (not personally identifiable)
  
• Customer support records – 2 years after issue resolution
  
  

You can request deletion or clarification of your data at any time using the contact details at the top of this policy.

Third-Party Processors

We use trusted third parties to help us operate efficiently. These include:

• HubSpot – CRM and marketing automation
  
• Google Analytics – aggregate usage analytics
  
• AWS – hosting and infrastructure
  
• Lusha – B2B data enrichment
  
• LinkedIn Sales Navigator – contact discovery
  
  

All third-party vendors are under data processing agreements and are only allowed to use data as instructed by us — not for their own purposes.

International Data Transfers

Some of our providers are based outside the UK or EEA. When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs)
  
• International Data Transfer Agreements (IDTAs)
  These mechanisms ensure your data receives a similar level of protection.
  
  

When VST Acts as a Data Processor

In some cases, such as when conducting research or surveys for clients, we act as a data processor — processing information solely under our client’s instructions. In these cases, our clients are responsible for the lawful basis and participant consent, and their own privacy policy will apply.

This privacy notice applies to situations where VST is the data controller — for example, in relation to our own marketing, platform operations, and sales activity.

Your Data Protection Rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you
  
• Correct or update inaccurate information
  
• Request deletion of your personal data
  
• Restrict or object to certain types of processing
  
• Request a copy of your data in a portable format
  
• Withdraw consent at any time (where consent is the lawful basis)
  
  

To exercise these rights, email us at privacy@storetrials.com. We’ll respond within one month.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): www.ico.org.uk, but we’d always prefer to resolve it with you directly first.

Changes to This Privacy Policy

We may update this policy from time to time to reflect legal, technical, or business changes. The latest version will always be published at storetrials.com/privacy (or equivalent).

If we make significant changes, we’ll let you know via email or in-platform notification if applicable

We take information and data security seriously. We operate a bug bounty program and if you believe that you have found any issue in our software, please email us at security@storetrials.com

‍

‍