Privacy Policy Notice – Vestcom UK

Last updated: June 11, 2019

Vestcom UK Privacy Policy

Vestcom UK believes that protecting your personal data is very important. In this privacy policy we want to explain to you what we do with the personal data that Vestcom UK and all its affiliates (hereafter referred to as Vestcom or Integrated Retail), or “we” or “us” or our”) receives or collects.

The policy: This privacy policy notice is served by Vestcom UK, The Old Forge, Market Square, Toddington, LU5 6BP under the website The purpose of this policy is to explain to you how we control, process, handle and protect your personal information through the business and while you browse or use this website.

If you do not agree to the following policy you may wish to cease viewing / using this website, and or refrain from submitting your personal data to us.

To whom does this Privacy Policy Apply?

This privacy policy applies only to the following persons:

  • Visitors means any person who visits, as well as any other websites that Vestcom uses and where a link to this policy is included (“the Websites”); and
  • Subscribers means any person who is subscribed to the software services that we offer “(the Services”), either through a paid subscription or a trial.

Policy key definitions:

  • “I”, “our”, “us”, or “we” refer to the business, Vestcom, Vestcom UK, iRexM3 or Integrated Retail
  • “you”, “the user” refer to the person(s) using this website.
  • GDPR means General Data Protection Act.
  • PECR means Privacy & Electronic Communications Regulation.
  • ICO means Information Commissioner’s Office.
  • Cookies mean small files stored on a users computer or device.

Key principles of GDPR:

Our privacy policy embodies the following key principles; (a) Lawfulness, fairness and transparency, (b) Purpose limitation, (c) Data minimisation, (d) Accuracy, (e) Storage limitation, (f) Integrity and confidence, (g) Accountability.

Definition of Personal Data

When we use the term ‘Personal Data’ we mean any information that relates to an identified or identifiable natural person. This includes the obvious data such as a name, business role, business address, email address and phone number, but does not include sensitive information, or data specific to the physical, physiological, genetic, economic, cultural or social identity of natural persons.

Third party websites

This privacy policy does not apply to any third-party websites, products or services, even if they are accessible through Vestcom’s Websites or Services. The linking to a third-party website, service or application is subject to the terms and conditions of such website, service or application.

Responsibility of our Subscribers

Subscribers are responsible for complying with all applicable laws and regulations concerning the personal data they process when using our Services, this includes customers and employees of Subscribers. Such processing of personal data shall not be governed by this policy but by the applicable agreement and privacy policy of Subscribers. Our role in relation to the processing of such personal data on behalf of our Subscribers may, if required, be governed by a separate data processing agreement.

We process personal data of our Subscribers’ data subjects only as instructed by these Subscribers. If you are an individual who interacts with a Subscriber using our Services (such as a customer of one of our Subscribers) and would either like to amend your information or no longer wish to be contacted by one of our Subscribers, please contact the Subscriber that you interact with directly.


Our Website and Services are not directed to children under 13, and we do not knowingly collect or store any Personal Data about persons under the age of 13. If we learn that we have collected Personal Data of a child under 13, we will take steps to delete such information from our files as soon as practicable.

Information you provide to us

When you use our Website to download a whitepaper, request a trial or ask any other information, you will be asked to provide contact details and Personal Data which we will then use to deliver the requested information/ service.

If you are using or accessing our Services, whether in connection with a paid subscription or a free trial, we may ask for specific information, such as your name, address, e-mail address and phone number for us to be able to perform our obligations under the terms of these Services. In addition, we may need your payment details to be able to process the payment of your subscription fee.

Technologies used by us

As part of our Services, we use various technologies such as “session” and “persistent” cookies (small data files that we transfer to your computer), web beacons (tiny image files on web pages that communicate information about the page viewer to the beacon owner), log data, and third-party analytics services to collect and analyze information about Visitors or Subscribers.

Session cookies

We use “session” cookies to keep you logged in while you use our Services, to better understand how you interact with our Services, and to monitor aggregate usage and web traffic information on our Services.

Persistent cookies

We use “persistent” cookies to recognize you each time you return to our Website or Services. For example, we create a persistent cookie that includes some basic information about you, like your most recent search. We use this persistent cookie to remember your preferences and, if you create an account, to make your user experience consistent after you register.

Tracking technologies

Web beacons, tags and scripts may be used on our Websites, our Services, in e-mails or other electronic communications we send to you. These technologies help us in understanding how our Websites and Services are used, what other websites our visitors have visited and when an email is being opened and acted upon.

Log Data

Our servers automatically record information (Log Data) created by your use of the Website or Services. Log Data may include information such as your IP address, browser type, operating system, the referring web page, web pages visited, location, your mobile carrier, your computer or mobile device type, search terms and cookie information. We receive Log Data when you interact with our Website or Services, for example, when you visit our websites, sign into our Services, or interact with our email notifications.

Information that we receive from third parties

We may sometimes obtain Personal Data about you from third parties (e.g., Facebook, Twitter, Google) and use it to re-market our Services or provide a more tailored experience with our Services.

How we use the information we collect


We use your personal data for the following purposes:

  • To send you communications or documents you have indicated you wish to receive (such as offers, demonstrations, whitepapers, newsletters, marketing materials);
  • To call you to ask you if you have any questions about the products or information that you have requested from us;
  • To communicate with you via email, telephone, text (SMS), postal services, social media and websites and update you with Vestcom and iRexM3 related news and information or to tell you about products or services that may be of interest to you, if you allow us to do so;
  • To respond to your questions or requests for additional information;
  • To set up a trial or regular account for our Services;
  • To provide our Services to you;
  • To manage our customer relationship with you and to provide you with customer support;
  • To process payments to us;
  • To get a better understanding on how you browse our Website so that we can optimize your searches;
  • To research and analyze your use of or interest in our Services and those products and services offered by others;
  • To analyze the effectiveness of our Services;
  • To help you find the most relevant information by customizing our Services to optimize your experience;
  • To perform any additional purposes explicitly described to you at the time of collection and for which we received your consent.

Legal grounds for processing (for individuals residing in European Economic Area (EEA))

If you are an individual residing in the EEA we can only process your personal data if we have a lawful ground to do so (known as Lawful Basis). Depending on the processing activity, we can process your personal data on the following grounds:

  1. In order to comply with our obligations under an agreement we concluded, for example for the provision of our Services;
  2. Where you have freely given your active explicit consent have not revoked this consent;
  3. Where we are pursuing a legitimate interest, which is not outweighed by your fundamental rights or freedoms.
  4. Pursuant to legal obligation under EU law or the law of a member state of the EU, or in very exceptional cases to protect your vital interests.

Sharing of Information

Vestcom UK is part of Vestcom International, Inc. a global company headquartered in the US. To do business globally and help improve the Services provided, Vestcom may share Visitor and Subscriber information with its parent company and affiliates. Some of these companies may be located outside the EEA. If this is the case, we will provide for an adequate level of protection regarding your personal data. Otherwise, we will only share your Personal Data at your direction and according to this Privacy Policy.

Information that we share with third parties

We may engage third-party service providers to work with us to administer, provide and improve the Services and the Website, and these third-party service providers have access to Subscribers’ Personal Data only to perform these services for us. Some of these third-party service providers may be located outside the EEA. If this is the case, we will provide for an adequate level of protection regarding your personal data. Otherwise, we will only share your Personal Data at your direction and according to this Privacy Policy.

Non-personally identifiable information

In order to provide and improve our Services, we may use and disclose to our service providers and analytics partners non-personally identifiable information which we collect, including cookie data and Log Data. We retain the right to use, at our reasonable discretion, any information, in any form, about more than one individual where the identity of the individuals is not known and cannot be inferred.

Social network sharing

When you use any social network sharing function in connection with the Services (for example, sharing on Twitter or LinkedIn), your sharing activity will be processed through a third party’s site or service. These third parties’ privacy policies, not ours, govern the collection and use of the information collected on those sites or networks, including Personal Data.

User-Generated Content (UGC)

Some parts of our Services allow Subscribers to submit and view UGC. UGC includes such things as posting a question, an answer or a blog post. When you post UGC, other Subscribers will be able to see certain information about you, such as your username or handle. You should be aware that any Personal Data you submit in UGC can be read, collected, distributed or used by other Subscribers and could be used by third parties to send you unsolicited messages. We are not responsible for the Personal Data you choose to include in the UGC you provide through the Services.

Protecting ourselves and our Subscribers

We may release Personal Data when we believe that doing so is appropriate to comply with applicable laws, regulations or legal requests; to enforce or apply our policies and guidelines; to initiate, render, bill, and collect amounts owed to us; to protect our rights or property; to protect the safety of our Subscribers; to address fraud, security or technical issues; to prevent or stop activity that we consider to be illegal or unethical; or if we reasonably believe that an emergency involving immediate danger of death or serious physical injury to any person requires disclosure of communications or justifies disclosure of records without delay. Without limiting the generality of the foregoing, we may also be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.


Information about our Subscribers is a business asset of Vestcom. Consequently, information about our Subscribers, including Personal Data, may be disclosed as part of any merger or acquisition involving Vestcom, the creation of a separate business to provide some or all the Services, the sale or pledge of Vestcom’s assets, as well as in the event of an insolvency, bankruptcy or receivership.

Your rights in relation to your personal data

Your individual rights

Under the GDPR your rights are as follows. You can read more about your rights in details here;

  • the right to be informed;
  • the right of access;
  • the right to rectification;
  • the right to erasure;
  • the right to restrict processing;
  • the right to data portability;
  • the right to object; and
  • the right not to be subject to automated decision-making including profiling.

You also have the right to complain to the ICO [] if you feel there is a problem with the way we are handling your data.

We handle subject access requests in accordance with the GDPR.

Unsubscribing to Vestcom Communications:

You may unsubscribe at any time from receiving non-Service related communications from Vestcom through your account settings or through the instructions included in the communication.

Right to access, rectify, transfer (for individuals residing in EEA)

You have the right to access your Personal Data at any time and to receive a copy of the personal data undergoing processing. You can require us to rectify your personal data modified if it is not correct. You can also ask us to receive your data in a commonly used electronic form Right to object to further processing (for individuals residing in EEA)

If we are processing your personal data on the basis of a legitimate interest you may object to the processing activity. Upon receipt of an objection we will cease the processing activity unless we can demonstrate a legitimate ground which overrides your interests, or that the processing is necessary for the establishment, exercise or defense of legal claims.

Right to erasure and to restrict processing (for individuals residing in EEA)

If there is no longer a reason for us to process your personal data or if we don’t have a legal ground for the processing you can require us to delete your personal data. We will take steps to delete your information as soon as is practicable, but some information may remain in archived/backup copies for our records or as otherwise required by law. You can also require us to restrict the processing of your data if such processing is unlawful or if there is a dispute about the accuracy of the data.

How to invoke your rights

If you wish to invoke any of your rights in relation to your personal data, please send us a written notice in this regard to the email address indicated at the end of this Privacy Policy.

We may ask you to provide certain information to verify your identity.

How we protect your personal data


We treat your Personal Data as private, confidential information and we strive to ensure that Personal Data under our control, regardless of format, is protected and kept secure at all times. Please be aware, however, that no method of transmitting information over the Internet or of storing information is completely secure. Accordingly, we cannot absolutely guarantee the protection of any information shared with us.

Location of data

Your Personal Data may be stored on servers located in a country other than where you reside. Personal Data is always subject to the local laws of the jurisdictions within which it is collected, used, disclosed and/or stored, and may be accessed by governmental authorities and law enforcement agencies in those jurisdictions. When the data concerns personal data of data subjects from the EEA, we will provide for an adequate level of protection of this data.

Retention of data

When we have no further need to process your personal data in line with the purpose for which we received it, we will delete it unless we are legally required to keep it. This may in any event be the case if you terminate your agreement for the Services. If deletion is not possible we will anonymise it in a way that it cannot be reversed. If anonymising is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.


Privacy Shield Principles

All personal data that Vestcom International Inc. receives from the individuals residing in the EEA shall be processed in accordance with the Privacy Shield Principles.

Accountability for Third Parties

We may transfer personal data to third parties for processing on our behalf. We will ensure that such data may only be processed for limited and specified purposes consistent with the consent provided by you. In addition, any such third-party processor will process the data with the same level of protection as the protection provided by us including adherence to the EU/US Privacy Shield Principles to the extent it relates personal data that is transferred from the EEA. We remain liable for any failure of the third party to do so unless we can prove that we are not responsible.


Vestcom International Inc. complies with the EU/US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Vestcom International Inc. has certified to the U.S. Department of Commerce that they adhere to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit

Enforcement Authority

The Federal Trade Commission has jurisdiction over Vestcom International Inc’s compliance with the E.U./U.S. Privacy Shield Framework.

Changes to the privacy policy

We may update this Privacy Policy from time to time to reflect changes to our information practices. If we make material changes to our Privacy Policy, we will notify you by prominently posting the revised Privacy Policy on this Site (including the revision date). Your continued access or use of our Websites constitutes your acceptance of the Privacy Policy as revised. It is your responsibility to review the Privacy Policy periodically.

Contacting Us

If you have any questions or suggestions regarding our Privacy Policy, please do not hesitate to contact us. You can email us at or send a letter to either of the following addresses:

If you are from outside the European Economic Area

Vestcom International, Inc.
2800 Cantrell Road
Suite 500
Little Rock, AR 72202

If you are from inside the European Economic Area

Vestcom UK
The Old Forge, Market Square,
Toddington, LU5 6BP
United Kingdom


Resources & further information

Overview of the GDPR – General Data Protection Regulation

Data Protection Act 2018

Privacy and Electronic Communications Regulations 2003

Guide to the PECR 2003

Guide to the EU-U.S. Privacy Shield

Twitter Privacy Policy

Google Privacy Policy

Linkedin Privacy Policy

Mailchimp Privacy Policy

Hubspot Privacy Policy