Your privacy matters

We respect your data and handle it with care and transparency always.

1. Who we are

Viking Office Systems Limited (“Viking”, “we”, “us”, “our”) is a company incorporated in the Isle of Man with its registered office at Sovereign House, Station Road, St John’s, Isle of Man IM4 3AJ.

For the purposes of data protection law in the Isle of Man (including the GDPR as applied in the Isle of Man and related legislation, together “Applied GDPR”), Viking is the data controller of personal data collected through this website.

You can contact us about privacy at: info@vikingiom.com.​

2. What this policy covers

This Privacy Policy explains how we collect, use, share and protect personal data when you:

  • visit or use our website and online forms; or
  • contact us using the details provided on the Site.

It does not cover how we process personal data as part of delivering contracted services to clients, which is governed by separate agreements and, where relevant, separate privacy notices.

3. The personal data we collect

We collect and process the following categories of personal data when you interact with the Site:

  • Contact details – name, job title, organisation, email address, telephone number, and any other details you provide in enquiry forms or emails.
  • Enquiry information – the subject and content of your messages, including any information about your organisation, projects or requirements.
  • Technical information – basic server logs such as IP address, date and time of access, pages visited and the website you came from. This is collected automatically by our hosting environment for security and operational purposes.
  • Recruitment information – if you respond to any opportunities published on the Site, we may collect CVs and related information you provide.​

We do not currently use cookies or similar technologies for analytics, advertising or behavioural tracking on the Site. If this changes, we will update this Policy and, where required, provide a cookie banner and obtain consent.​

4. How we use personal data and legal bases

We only process personal data where we have a legal basis to do so under Applied GDPR.

We use your personal data for the following purposes:

  1. Responding to enquiries and providing information
    • To respond to your requests for information, demonstrations, workshops or proposals.
    • Legal basis: our legitimate interests in operating our business and responding to potential and existing clients; and, where relevant, performance of a contract or steps taken at your request before entering into a contract.
  2. Managing client and supplier relationships
    • To manage ongoing communications, meetings and contractual discussions.
    • Legal basis: performance of a contract and our legitimate interests in managing relationships and projects.
  3. Operating, securing and improving the Site
    • To administer the Site, maintain security, detect and prevent misuse or attacks, and understand basic performance (e.g. server load, error logs).
    • Legal basis: our legitimate interests in maintaining the security and reliability of our IT systems and services.
  4. Legal and regulatory compliance
    • To comply with legal obligations, respond to lawful requests from regulators or authorities, and establish or exercise legal claims.
    • Legal basis: legal obligation and, where appropriate, our legitimate interests in protecting our rights and defending claims.​
  5. Recruitment (if applicable)
    • To assess applications, arrange interviews and make recruitment decisions where you apply for a role.
    • Legal basis: legitimate interests in recruiting staff and, where relevant, performance of a contract or steps prior to entering into a contract.

We do not carry out automated decision‑making or profiling via this website that produces legal or similarly significant effects on individuals.

5. How long we keep personal data

We keep personal data only for as long as necessary for the purposes set out above, taking into account:

  • the nature and duration of our relationship with you;
  • any legal, regulatory, contractual or reporting obligations; and
  • limitation periods for potential claims.

In general, enquiry‑related personal data is retained for up to three years from our last meaningful interaction with you, unless we need to keep it longer in connection with a contract, dispute or legal obligation.

Server logs are typically retained for a shorter period necessary for security and troubleshooting, unless a specific incident requires longer retention.

6. Sharing personal data

We do not sell your personal data. We may share personal data with:​

  • Service providers – carefully selected providers who supply hosting, IT support, email or communication tools. They act as our processors and may only process personal data on our documented instructions and subject to appropriate confidentiality and security obligations.
  • Professional advisers – such as legal, accounting or insurance advisers, where reasonably necessary for the establishment or defence of legal claims or for compliance.
  • Regulators and authorities – where we are legally required to do so or in order to protect our rights or those of others.

Where any service provider is located outside the Isle of Man, United Kingdom or European Economic Area, we will ensure that appropriate safeguards are in place in accordance with Applied GDPR (for example, adequacy decisions or standard contractual clauses).

7. Security

We use appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access, having regard to the risks involved and the nature of the data.

No system is completely secure, and we cannot guarantee absolute security. However, we aim to ensure that access to personal data is limited to those who need it and that people handling such data are subject to confidentiality obligations.

If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will act in accordance with our legal obligations, including notifying the Isle of Man Information Commissioner and, where required, affected individuals.​

8. Your data protection rights

Under Applied GDPR, you have a number of rights in relation to your personal data, subject to certain conditions and exemptions:

  • Right of access – to obtain confirmation of whether we process your personal data and, if so, to receive a copy and certain information about it.
  • Right to rectification – to have inaccurate or incomplete personal data corrected.
  • Right to erasure – to request deletion of your personal data, for example where it is no longer needed for the purposes for which it was collected and we have no overriding legitimate grounds for continued processing.
  • Right to restriction of processing – to request that we restrict processing of your personal data in certain circumstances.
  • Right to object – to object to processing based on our legitimate interests, on grounds relating to your particular situation; we will stop processing unless we have compelling legitimate grounds or the processing is for legal claims.
  • Right to data portability – where processing is based on consent or contract and carried out by automated means, to request a copy of personal data you provided to us in a structured, commonly used and machine‑readable format.
  • Right to withdraw consent – where we rely on your consent, you may withdraw it at any time. This will not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us at info@vikingiom.com. We may need to verify your identity before acting on your request, and we will respond within the timeframes required by law.

You also have the right to lodge a complaint with the Isle of Man Information Commissioner if you believe your data has been processed in a way that does not comply with data protection law. Details of how to do this are available on the Information Commissioner’s website.

9. Children

The Site is aimed at business users and is not intended for children. We do not knowingly collect personal data from anyone under the age of 16 through the Site. If you believe a child has provided personal data to us, please contact us and we will take appropriate steps to delete it.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our processing activities, legal requirements or best practice. The updated version will be posted on the Site with a revised “last updated” date and will take effect from the date of publication.

11. Contact

If you have any questions about this Privacy Policy or how we handle personal data, please contact:

Viking Office Systems Limited
Sovereign House, Station Road, St John’s, Isle of Man IM4 3AJ
Email: info@vikingiom.com