Effective as of April 17, 2025
At Sterling Technology we take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. The policy also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.
We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR). We are also subject to the EU General Data Protection Regulation (EU GDPR) in relation to goods and services we offer to individuals and our wider operations in the European Economic Area (EEA).
1. Definitions and interpretation
Account: collectively the personal information, Payment Information and credentials used by Users to access material and/or any communications System on the Platform;
Content: any text, graphics, images, audio, video, software, data compilations and any other form of information capable of being stored in a computer that appears on or forms part of the Platform;
Cookie: a small anonymous text file placed on your computer by Sterling when you visit certain parts of this Platform. This allows us to offer the advanced functionality required for your business purpose;
Data: collectively all information that you submit to the Platform. This includes, but is not limited to, Account details and information submitted using any of our Services or Systems;
Disclaimer: the specific terms and conditions governing your use of a Project within the Platform;
Personal Data: any information relating to an identified or identifiable individual;
Project: a secure data room within the Platform that has been made available for access by you subject to the terms of the appropriate Disclaimer;
Service: collectively any data room, online facilities, tools, services or information that Sterling makes available through the Platform either now or in the future;
Sterling: Sterling Technology operating under its trading name Sterling Data Rooms. All expressions of “we” and “us” are references to Sterling;
System: any online infrastructure that Sterling makes available through the Platform either now or in the future. This includes, but is not limited to, web-based email, message boards, live chat facilities and email links;
User/Users: any third party that accesses the Platform. The expression “you” is a reference to such a user; and
Platform: means the Sterling data room site (vdr.sterlingdatarooms.com) and any sub-domains of this site unless expressly excluded by their own terms and conditions.
2. Data Collected
As part of your engagement Sterling Technology Ltd, the following data may be collected:
We collect and use this Personal Data for the purposes described in the section ‘Our use of Data’ below. Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or by specific explanation texts displayed prior to the Data collection. Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using the Website and/or our Platform.
Unless specified otherwise, all Data requested is mandatory and failure to provide this Data may make it impossible for Sterling to provide its services. In cases where it is specifically stated that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the service. Users who are uncertain about which Personal Data is mandatory are welcome to contact Sterling.
Users are responsible for any third-party Personal Data obtained, published or shared through this Website and/or the Platform and confirm that they have the necessary lawful basis to provide the Data to Sterling.
3. Our use of Data
We collect most Personal Data directly from you, in person, by telephone and via our Platform or website. However, we may also collect information from publicly accessible sources, directly from third parties or from cookies on our website with your consent.
Under data protection law, we can only use your personal data if we have a proper reason, e.g.:
A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own. You can obtain details of this assessment by contacting us (see ‘How to contact us’ below).
The table below explains what we use your personal data for and why.
What we use your personal data for | Our reasons |
Create and manage your account with us | For our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you at the best price or to perform our contract with you or to take steps at your request before entering into a contract |
Providing products and/or services to you | To perform our contract with you or to take steps at your request before entering into a contract |
Conducting checks to identify you and verify your identity or to help prevent and detect fraud against you or us | To comply with our legal and regulatory obligations or for our legitimate interests, i.e. to minimise fraud that could be damaging for you and/or us |
To enforce legal rights or defend or undertake legal proceedings | Depending on the circumstances:
|
Customise our website and its content to your particular preferences based on a record of your selected preferences or on your use of our website | Depending on the circumstances:
|
Retaining and evaluating information on your recent visits to our website and how you move around different sections of our website for analytics purposes to understand how people use our website so that we can make it more intuitive or to check our website is working as intended | Depending on the circumstances:
|
Communications with you not related to marketing, including about changes to our terms or policies or changes to the products and/or services or other important notices | Depending on the circumstances:
|
Protecting the security of systems and data used to provide the services | To comply with our legal and regulatory obligations We may also use your personal data to ensure the security of systems and data to a standard that goes beyond our legal obligations, and in those cases our reasons are for our legitimate interests, i.e. to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us |
Statistical analysis to help us understand our customer base | For our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you at the best price |
Updating and enhancing customer records |
Depending on the circumstances:
|
Disclosures and other activities necessary to comply with legal and regulatory obligations that apply to our business, e.g. to record and demonstrate evidence of your consents where relevant | To comply with our legal and regulatory obligations |
Marketing our services to existing and former customers | For our legitimate interests, i.e. to promote our business to existing and former customers |
To share your personal data with members of our group and third parties that will or may take control or ownership of some or all of our business (and professional advisors acting on our or their behalf) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency In such cases information will be anonymised where possible and only shared where necessary |
Depending on the circumstances:
|
Sterling processes the Personal Data of Users using computers and/or IT enabled tools, following organizational procedures and undertaking measures strictly related to the purpose indicated. Further details are set out below:
Advertising
This type of service allows Personal Data to be utilised for advertising communication purposes displayed in the form of banners and other advertisements on this Website.
Some of the services listed below may use Cookies to identify Users or they may use the behavioural retargeting technique, i.e. displaying ads tailored to the User’s interests and behaviour, including those detected outside this Website. For more information, please check the privacy policies of the relevant services.
Google AdSense (Google Inc.): This service uses the ‘Double-click’ Cookie, which tracks use of the Platform and User behaviour concerning ads, products and services offered. Users may decide to disable all the double click Cookies by clicking on: google.com/settings/ads/onweb/optout.
Personal Data collected: Cookies; Usage Data. Place of processing: US.
Analytics
The services contained in this section enable Sterling to monitor and analyse web traffic and can be used to keep track of User behaviour using cookies. These cookies are governed by our Cookie Policy sterlingvdr.com/cookie-policy and shall only be activated where the necessary consents are provided
Google Analytics (Google Inc.): Google utilises the Data collected to track and examine the use of this Website, to prepare reports on its activities and share them with other Google services. Google may use the Data collected to contextualise and personalise the ads of its own advertising network. Personal Data collected: Cookies; Usage Data. Place of processing: US.
Google Ads conversion tracking (Google Inc.): This analytics service provided by Google LLC or by Google Ireland Limited, depending on the location this Platform is accessed from, connects data from the Google Ads advertising network with actions performed on this Platform. Personal Data collected: Cookies; Usage Data. Place of processing: US.
HubSpot Analytics (HubSpot, Inc.): This is an analytics service provided by HubSpot, Inc. Personal Data collected: Cookies; Usage Data. Place of processing: US.
LinkedIn conversion tracking (LinkedIn Corporation): This is an analytics service provided by LinkedIn Corporation that connects data from the LinkedIn advertising network with actions performed on this Platform. Personal Data collected: Cookies; Usage Data. Place of processing: US.
Salesforce Analytics Cloud (salesforce.com, inc.): This is an analytics service provided by salesforce.com, inc. Personal Data collected: Cookies; Usage Data. Place of processing: US.
Twitter Ads conversion tracking (Twitter, Inc.): This is an analytics service provided by Twitter, Inc. that connects data from the Twitter advertising network with actions performed on this Website. Personal Data collected: Cookies; Usage Data. Place of processing: US.
5. How and why we use your personal data – sharing
If you are an existing or former customer or business user, we will use your personal data to send you updates (by email, text message, telephone or post) about our products and/or services, including exclusive offers, promotions or new products and/or services. We have a legitimate interest in using your personal data for marketing purposes. This means we do not need your consent to send you marketing information. If we change our marketing approach in the future so that consent is needed, we will ask for this separately and clearly.
You have the right to opt out of receiving marketing communications at any time by contacting us at marketing@sterlingvdr.com or using the "unsubscribe" link in emails.
We may ask you to confirm or update your marketing preferences if you ask us to provide further products and/or services in the future, or if there are changes in the law, regulation, or the structure of our business. We will always treat your personal data with the utmost respect and never sell or share it with other organisations for marketing purposes. For more information on your right to object at any time to your personal data being used for marketing purposes, see ‘Your rights’ below.
We routinely share personal data with:
We only allow those organisations to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on them to ensure they can only use your personal data to provide services to us and to you.
We or the third parties mentioned above occasionally also share personal data with:
The recipient of any of your personal data will be bound by confidentiality obligations.
6. Transferring your personal data out of the UK and EEA
The EEA, UK and other countries outside the EEA and the UK have differing data protection laws, some of which may provide lower levels of protection of privacy.
As we are based in the UK we will also transfer your personal data between the UK and the EEA.
We also offer support services through our sister company based in Chennai, India.
It is sometimes necessary for us to transfer your personal data to countries outside the UK and EEA. In those cases, we will comply with applicable UK and EEA laws designed to ensure the privacy of your personal data. For example, in respect of cookies as defined in our Cookie Policy sterlingvdr.com/cookie-policy
Under data protection laws, we can only transfer your personal data to a country outside the UK/EEA where:
Where we transfer your personal data outside the UK we do so on the basis of an adequacy regulation or (where this is not available) an appropriate transfer mechanism. In the event we cannot or choose not to continue to rely on either of those mechanisms at any time we will not transfer your personal data outside the UK unless we can do so on the basis of an alternative mechanism or exception provided by UK data protection law and reflected in an update to this policy.
Where we transfer your personal data outside the EEA we do so on the basis of an adequacy decision or (where this is not available) an appropriate transfer mechanism. In the event we cannot or choose not to continue to rely on either of those mechanisms at any time we will not transfer your personal data outside the EEA unless we can do so on the basis of an alternative mechanism or exception provided by applicable data protection law and reflected in an update to this policy.
Any changes to the destinations to which we send personal data or in the transfer mechanisms we rely on to transfer personal data internationally will be notified to you in accordance with the section on ‘Changes to this privacy policy’ below.
If you would like further information about data transferred outside the UK/EEA, please contact us (see ‘How to contact us’ below)
7. Changes of business ownership and control
Users have the following rights, which can be exercised free of charge:
Access | The right to be provided with a copy of your personal data |
Rectification | The right to require us to correct any mistakes in your Personal Data |
Erasure (also known as the right to be forgotten) | The right to require us to delete your Personal Data – in certain situations |
Restriction of processing | The right to require us to restrict the processing of your Personal Data in certain circumstances, e.g. if you contest the accuracy of the data |
Data portability | The right to receive the Personal Data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party – in certain situations |
To object | The right to object:
|
Not to be subject to automated individual decision making | The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you |
The right to withdraw consents | If you have provided us with a consent to use your Personal Data you have a right to withdraw that consent easily at any time. Withdrawing a consent will not affect the lawfulness of our use of your Personal Data in reliance on that consent before it was withdrawn |
For more information on each of those rights, including the circumstances in which they apply, please contact us (see ‘How to contact us’ below).
9. Security
Personal Data shall be processed and stored for as long as required by the purpose it has been collected for. Therefore:
Sterling may retain Personal Data for a longer period in circumstances where the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, Sterling may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.
Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
11. CookiesA Cookie is a small file which is placed onto your device when you use our website. We use cookies on our website to help us recognise you and your device in order to allow us to store information regarding your preferences and past actions. This does not result in a negative impact to performance or security. For more information about cookies, visit http://www.allaboutcookies.org/cookies/.
For further information on cookies, how we use them, when we will request your consent before placing them, and how to disable them, please see our full Cookie Policy at sterlingvdr.com/cookie-policy.
13. Changes to this policy
Sterling reserves the right to change this Privacy Policy as we may deem necessary from time to time or as may be required by law.
13. How to complainPlease contact us if you have any queries or concerns about our use of your Personal Data (please see below ‘How to contact us’). We hope to be able to resolve any problem that you may be having.
You also have the right to lodge a complaint with the Information Commissioner [in the UK], our lead supervisory authority in the EEA, and a relevant data protection supervisory authority in the EEA state of your habitual residence, place of work or of an alleged infringement of data protection laws in the EEA.
The UK’s Information Commissioner may be contacted using the details at https://ico.org.uk/make-a-complaint or by telephone: 0303 123 1113.
14. How to contact us
To contact us about your personal data, you may contact our Data Protection Officer at:
Sterling Technology Limited, 33 Aldgate House, Aldgate High Street, London, EC3N 1AH, England
Email: dpo@sterlingvdr.com Tel: +44(0) 20 7100 9680
Europe HQ: Aldgate House, 33 Aldgate High Street, London, EC3N 1AH
Tel: +44 (0) 20 7100 9680
Americas HQ: Nomad Tower, 1250 Broadway, New York, NY 10001
Tel: +1 (800) 916-9858
Asia HQ: 33 Lockhart Road, 19/F, Wan Chai, Hong Kong
Tel: +852 3105 8263
Enquiries: enquiries@sterlingvdr.com
Support: support@sterlingvdr.com