Last updated: February 10, 2026 · Email: [email protected] · Website: vunexbi.com
VunexBI is a business intelligence consultancy. We connect a company’s scattered data sources, model the data, and turn it into dashboards and forecasts that leaders can act on. The nature of that work means most of the personal data we come near is not ours and was never collected by us. It already lives in our clients’ systems, and we are brought in to make sense of it. This policy explains both the data we collect ourselves and the data we handle on a client’s behalf.
It applies to vunexbi.com and to every engagement we run, from a single dashboard build to a managed analytics environment. Where a section concerns client data inside a pipeline or warehouse, the terms of the engagement contract lead and this policy fills the gaps.
Reading This Policy
The sections split along a simple line. If you are a visitor, a prospect, or someone who contacts us, the early sections are about you, and VunexBI is the controller of that data. If your personal data has ended up in a dataset we are analysing for a client, the section on working inside client data is the relevant one, and your own company is the controller while we act as its processor.
Personal Data From Our Website and Enquiries
What You Provide
When you fill in the project form, ask for a consultation, or email us, we receive your name, work email, phone number, company, role, and whatever you write about your data sources, reporting goals, and current setup. We keep our correspondence so a conversation does not have to start over each time.
What We Collect Automatically
The site records standard technical data as you browse: IP address and approximate location, device and browser type, the pages you open, and the source that brought you here. We use it to keep the site working and to see which content is read. It is not used to profile you as an individual. There is a small irony in a BI firm measuring its own site traffic, and we keep that measurement modest.
Working Inside Your Data: Our Role as Processor
This is the part that defines a BI consultancy, so it carries the most weight.
The Data We Encounter
To build pipelines and dashboards we connect to a client’s source systems, which can include CRMs, ERPs, marketing tools, finance systems, and cloud warehouses. The data flowing through those connections often contains personal information about the client’s customers, prospects, and staff, such as names, contact details, transaction records, support history, and behavioural data. We move and model this data to produce the analytics the client asked for.
We Limit What We Touch
A core principle of our practice is taking only what the work needs. Many dashboards run on aggregated figures and do not require individual records at all, so wherever a report can be built without personal data, we build it that way. When personal fields are needed, we work under the access the client grants and within the scope of the engagement, and we do not extract copies into our own systems beyond what the project requires.
Aggregation and De-Identification
BI work leans heavily on aggregation, which groups individuals into totals and trends. Where it suits the goal, we de-identify or aggregate data so that reports show patterns rather than people. We are also honest about the limit of this: a dashboard sliced finely enough can sometimes point back to one person, so we design role-based views and filters to keep that from happening by accident.
Sample and Test Data
Building and validating a data model usually means working with real records during development. We minimise the volume of live personal data used for testing, prefer masked or synthetic samples where they will do the job, and remove development copies once a build is validated.
Across all of this, the data belongs to the client. We do not reuse it for other clients, we do not enrich it with outside sources unless asked, and we return or delete it at the end of the engagement on the agreed timeline. The data processing terms in your contract take precedence over this policy.
Data Accuracy and Quality
Data quality is something we sell, so it deserves a direct word here. Bad source data does not stay contained; it flows into every report built on top of it, and a confident dashboard drawn from wrong inputs can be worse than no dashboard at all. We build validation and quality checks into our pipelines to catch errors, duplicates, and stale records.
What we cannot do is guarantee the accuracy of data we did not create. The records come from the client’s systems, and the duty to keep personal data accurate rests with the client as controller. If you are an individual whose data appears in a client’s analytics and it is wrong, the correction has to happen at the source, which is your relationship with that company. We help clients fix data at the source so that errors stop propagating, but we are not the right party to receive the correction directly.
Combining Sources and Re-Identification
Much of our value comes from unifying data that used to sit in separate systems. That is also where a real privacy risk lives. Two datasets that are harmless apart can identify and reveal a great deal about a person once joined. We treat the act of combining sources as something to do deliberately, not by default. We work with clients on governance rules that decide which fields may be joined, who may see the result, and where personal detail should be dropped before it reaches a dashboard.
Purposes and Lawful Bases
Each kind of data maps to a reason and, where European law applies, to a lawful basis. We use enquiry and contact data to respond and run projects, relying on your consent or our legitimate interest in business communication. We process client datasets to deliver the analytics service, acting on the client’s instructions and their lawful basis as controller. We process site data to operate and secure the website. We also process data where a legal obligation requires it. If a new purpose arises that is not covered here, we either find a fresh lawful basis or ask first.
AI, Predictive Models, and Profiling
Several features we deliver use AI: surfacing trends and correlations across a dataset, flagging anomalies, answering plain-language questions, and forecasting outcomes such as customer behaviour. The forecasting work is profiling in the proper sense, since it makes predictions about individuals or groups from their data.
Here is how we treat it. Predictive models inform decisions; the people running the business make them. When we build a model that scores or forecasts behaviour for a client, it is a tool for their analysts and leaders, not an automatic gatekeeper. We configure these systems so that a person can review and question what the model produces. We do not run them on our website visitors, and we do not feed one client’s data into models serving another. If you are an individual affected by a prediction inside a client’s analytics, the client controls that data, so the request goes to them and we support the response.
Sharing and Disclosure
We do not sell personal data. Beyond the subprocessors below, we disclose data only in defined situations: when the law or a regulator requires it, when we must defend our legal rights or protect people from harm, and in a sale or merger where records would pass to a buyer held to protections no weaker than these, with notice to you. We do not share client datasets with anyone outside the engagement.
Platforms and Subprocessors
Our work runs on analytics platforms and a few operational tools, and data may sit with or move through them:
- BI and visualisation platforms we build in, including Power BI, Tableau, Looker, Qlik, and Domo
- Cloud data warehouses and pipeline tools used to ingest and model data during an engagement
- Hosting, email, and scheduling services we use to run VunexBI and talk to you
Each runs under its own privacy terms. We select providers that meet established security standards and bind them to use shared data only for the agreed task. For client engagements, the platforms and warehouses are usually the client’s own, configured under their control.
Retention
Contact and enquiry records stay with us for up to two years after your last interaction, then we remove them, unless a legal need extends that. Client datasets and any working copies follow the engagement contract and are returned or deleted when the work ends. Validated dashboards and models live in the client’s environment under the client’s retention rules, not ours. De-identified and aggregated statistics that point to no individual may be kept without a set end date.
Security and Access Controls
We protect data with technical and organisational safeguards suited to its sensitivity. Connections are encrypted, and access to a client’s data is restricted to the people on that account and removed when the project closes. Because BI is built on who-sees-what, we put particular care into role-based access inside the dashboards we design, so that a user sees only the data appropriate to their role. We run quality and integrity checks through every migration and pipeline build.
No online system is completely secure, and we will not pretend otherwise. Keep your platform credentials strong and private, and let us know promptly if you suspect a problem on an environment we manage with you.
Cookies
Our site uses a small set of cookies: necessary ones that run security and forms, analytics cookies that show in anonymised form how the pages perform, and preference cookies that remember simple settings. Your browser can block or delete them, and where consent is legally required for non-essential cookies, we ask first.
Your Rights
You can ask to access the data we hold on you, get a copy, correct it, delete it, restrict or object to its use, or withdraw consent. Email [email protected] to begin, and we verify identity before acting. A reminder that fits our work: if your data sits in a dataset we analyse for a client, the client controls it, so access, correction, and deletion run through them, and we assist.
EEA, UK, and Switzerland
We process personal data on a lawful basis: consent, a contract, a legal obligation, or a legitimate interest weighed against your rights. Where we rely on consent, you can withdraw it at any time without affecting earlier processing. You may also complain to your national data protection authority.
California
Under the CCPA and CPRA you can request the categories and pieces of personal information we collected, ask for access, deletion, or correction, and opt out of any sale or sharing. We do not sell personal data, and using your rights will not get you treated differently.
International Transfers
VunexBI and some providers operate across borders, the United States included, where privacy law may differ from your own. For international transfers we apply recognised safeguards such as Standard Contractual Clauses or rely on an adequacy decision. Using the site means you understand this can occur.
Children
This is a business service not directed to anyone under 16. We do not knowingly collect children’s data and will delete it if we find we have. A parent or guardian with a concern can write to [email protected].
Links to Other Sites
Our pages may link to platforms, articles, or resources we do not operate. This policy ends at our boundary. Once you follow a link, that site’s own policy applies, so review it before sharing anything.
Updates
We revise this policy as our services and the law change. The current version sits on this page with its date, and we make a reasonable effort to flag significant changes. Continuing to use the site after an update means the new version applies to you.
Contact
For any privacy question, request, or complaint, reach us directly: [email protected]