Effective Date: March 1st, 2026 | Version 2.0
Vidium Ltd

Privacy Policy

1. Introduction

Vidium Ltd ("Vidium", "we", "us", or "our") is a video intelligence company incorporated in the United Kingdom. We are committed to protecting privacy and handling data transparently and responsibly.

This Privacy Policy explains what data we collect, why we collect it, how we use and protect it, and what rights individuals have in relation to it. It covers all data processing activities carried out by Vidium, including our Video Intelligence product, our website, and our business operations.

Our privacy contact is: Elliot MacNay, Company Director — elliot@vidium.co

2. What Vidium Does and the Data We Process

2.1 Video Intelligence Product

Vidium’s core product is a Video Intelligence platform. Using a proprietary web crawler, Vidium continuously analyses live publisher environments at the video URL level to capture execution-level signals about how video players function in practice.

The data collected by our crawler is entirely publisher-side and placement-level. It includes:

  • Player behaviour signals: click-to-play vs autoplay (deterministic); muted vs sound-on initiation; sticky/floating behaviour; fixed vs dynamic position; in-article, in-feed, and outstream execution type; player expansion, collapse and movement behaviour.
  • Quality signals: player size and placement integrity; page layout and ad-to-content ratio; surrounding editorial context; engagement opportunities; playback integrity.
  • Contextual page signals: URL, page category, and content metadata associated with video placements.

This data does not contain personal data. No individual identifiers — including cookie IDs, device IDs, IP addresses, or any other data capable of identifying a natural person — are collected, processed, or made available to clients. Vidium video intelligence data is made available to advertising agency clients and their brand advertisers for the purpose of video inventory quality assessment and campaign optimisation.

2.2 Contextual Bid-Stream Signals

In addition to our proprietary crawler, Vidium may receive contextual signals via the RTB (real-time bidding) bid-stream. These signals are limited to URL strings and page-level contextual metadata only. No individual identifiers are captured or retained from bid-stream sources.

2.3 Third-Party Website and App Data

Vidium may receive batch contextual data from third-party websites and applications. This data is limited to publisher-side, page-level, and contextual signals. No personal data is processed via these sources.

2.4 Website and Business Operations Data

When you visit our website (vidium.co) or contact us directly, we may collect limited personal data including your name, email address, and the content of your enquiry. This data is used solely to respond to your enquiry and manage our business relationship with you.

3. Lawful Basis for Processing

For personal data collected in the course of business operations (e.g. enquiries via our website or direct communications), Vidium relies on the following lawful bases under UKGDPR:

  • Legitimate interests — to respond to business enquiries, maintain client and partner relationships, and improve our services.
  • Contractual necessity — to fulfil obligations under agreements with clients and partners.
  • Legal compliance — to meet our obligations under applicable law.
  • Consent — where you have explicitly consented, for example to receive marketing communications.

    • Vidium's Video Intelligence product does not process personal data. Accordingly, UK GDPR lawful basis requirements do not apply to that data processing activity.

    4. Who We Share Data With

    Vidium does not sell personal data. We may share data in the following circumstances:

    • Advertising agencies and their brand advertiser clients — Vidium's video intelligence data (non-personal) is made available to marketing and advertising agencies and their clients for video inventory quality assessment, campaign planning, and optimisation purposes. This may include Omnicom Group agencies and their clients, as well as other advertising holding groups and independent agencies.
    • Technology and cloud service providers — Vidium uses Google Cloud Platform (GCP, UK region) for data storage and processing. GCP processes data on our behalf under a data processing agreement and is subject to appropriate security and data protection obligations.
    • Regulatory and legal authorities — we may disclose data where required to do so by law, court order, or regulatory authority.
    • Business transfers — in the event of a merger, acquisition, or sale of all or part of our business, data may be transferred to the relevant third party subject to equivalent privacy protections.

    5. International Data Transfers

    Vidium's primary data environment is Google Cloud Platform (GCP), hosted in the UnitedKingdom. Vidium does not transfer personal data outside the UK as a standard practice. Team members based in Portugal (an EEA member state) and staff travelling in other regions may access Vidium's GCP environment remotely. Where such access involves any personal data, it is conducted via encrypted, authenticated connections. As Portugal is an EEA member state, access from Portugal does not constitute a restricted transfer under UKGDPR.

    Remote access by travelling staff to non-personal data (such as video intelligence signals)does not constitute a personal data transfer and no transfer mechanism is required.

    Vidium does not transfer personal data to countries outside the UK or EEA as part of its standard operations. Should this change, we will ensure appropriate safeguards are in place (such as UK International Data Transfer Agreements or equivalent mechanisms) and will update this policy accordingly.

    6. Data Retention

    Vidium retains data for as long as is necessary to fulfil the purposes for which it was collected, subject to applicable legal retention requirements

    • Video intelligence and contextual data (non-personal): retained and refreshed on a continuous basis as part of our live crawler operation. Historical snapshots are retained for product development and quality assurance purposes.
    • Business contact data (personal): retained for the duration of a business relationshipand for a reasonable period thereafter, typically no longer than three years from last contact, unless a longer retention period is required by law or contract. Where data is no longer required, it is securely deleted or anonymised.

    7. Security

    Vidium implements appropriate technical and organisational measures to protect data against unauthorised access, disclosure, alteration, or destruction. These include:

    • All data stored in Google Cloud Platform (GCP UK), with encryption at rest and in transit (TLS).
    • Access restricted to authorised personnel (owners and engineers) via GCP Identity and Access Management (IAM) with least-privilege principles
    • Multi-factor authentication (MFA) enforced across all systems.
    • Regular security training for all staff, updated annually
    • Background checks conducted on all employees and contractors.
    • Quarterly vulnerability assessments.
    • Documented incident response and business continuity plans.
    • Cyber liability insurance.
    • Right to rectification — to request correction of inaccurate or incomplete personal data.
    • Right to erasure — to request deletion of your personal data in certain circumstances.
    • Right to restriction — to request that we restrict processing of your personal data.
    • Right to object — to object to processing based on legitimate interests.
    • Right to data portability — to receive your personal data in a structured, commonly used format.
    • Right to withdraw consent — where processing is based on consent, to withdraw that consent at any time.
    • Right to lodge a complaint — with the Information Commissioner's Office (ICO) at ico.org.uk, or another relevant supervisory authority.

    Where Vidium processes your personal data, you have the following rights under UK GDPR and other applicable data protection law:

    8. Your Rights

    To exercise any of these rights, please contact Elliot MacNay at elliot@vidium.co. We will respond within one month of receiving your request.

    9. Global Privacy Control (GPC)

    Vidium supports the Global Privacy Control (GPC) signal as a valid expression of a user's privacy preferences. Where GPC signals are received, Vidium honours these as requests to limit data processing in accordance with applicable law.

    10. Children's Data

    Vidium's services are not directed at children under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at elliot@vidium.co.

    11. Cookies

    Vidium's Video Intelligence product and crawler do not set or read cookies on end-user devices.

    12. Changes to This Policy

    Vidium may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. The current version will always be published at: https://vidium.co/privacy-policy/

    Where changes are material, we will take reasonable steps to bring them to the attention of relevant parties.

    13. Contact Us

    If you have any questions, concerns, or requests relating to this Privacy Policy or Vidium's data processing activities, please contact:

    Elliot MacNay

    Company Director — Vidium Ltd

    elliot@vidium.co

    You also have the right to lodge a complaint with the UK Information Commissioner's Office(ICO):

    ico.org.uk

    Book a call
    Video to connect people to brands