Privacy Statement

We take your privacy seriously and will only use your personal information to administer your account and to provide the products and services you have requested from us. We will never sell, share, or use your personal information other than as described here.

GDPR LOCAL is a GDPR compliance platform that provides Article 27 services and helps users complete GDPR documentation and manage the tasks required to maintain compliance in the future.

ABOUT THIS PRIVACY POLICY

This policy sets out how we will use and share the information that you give us or allow us to obtain from third parties. This policy describes your relationship with GDPR Local Ltd in relation to this website and our eugdprrep.com website. This document in no way represents any agreement between you and GDPR Local Ltd [GDPRLOCAL] other than as described here.

WHO WE ARE AND HOW TO CONTACT US

GDPRLOCAL is a trading name of GDPR Local Ltd which is registered in England and is registered with the Information Commissioner’s Office under the Data Protection Act [GDPR]. The Data Controller and Data Protection Officer is: Adam Brogden. You can get in touch with us in any of the following ways:
By email: support@optindigo.com
Call: 01772217772 [office hours]
Through our website: GDPRLOCAL.COM
By post: Adam Brogden, C/O GDPR Local Ltd. The Belfry, Lytham, FY84NW

HOW TO CHANGE YOUR PREFERENCES

You can visit our website to contact us to change your preferences at anytime. This includes requests to object to processing, to be forgotten [right to be deleted], for your data to be corrected, or to transfer your data to another platform, and all other rights. We take your rights seriously and will always reply promptly and professionally.

HOW WE OPERATE

We operate in line with the EU GDPR [May 2018] Data Protection guidelines. We are committed to maintaining your personal rights and allow all users to change or withdraw their consent options at anytime. We will also advise you on how to complain to the relevant authorities, namely the Information Commissioners Office.

WHO THIS PRIVACY POLICY APPLIES TO

This policy relates to users/visitors of our websites, users of our services, anyone that contacts us, and all other third parties. Registration may be required and if you are not willing to register you may not be able to use all the services on this site. Processing of your data is required in order to offer you these services however you are free to try and register without any personal data. This policy applies to individuals who have registered with GDPRLOCAL as either a customer, affiliate, user, administrator, or in any other capacity.

We respect the rights of all Data subjects including all data subjects outside the UK. We do not guarantee to comply with all regulations however will endeavour to act in a compliant manner and will always respond quickly and professionally to any request.

WHAT THIS POLICY APPLIES TO

This section describes the lawful basis for processing your data and applies to the information about yourself that you choose to provide us with or that you allow us to collect. We exercise our rights under the consent lawful basis as you are free at anytime to register to use this service and consent to receive information from us or at anytime to choose to stop using this service and remove your consent. We will always respect your decision to remove consent.
The information we collect and use includes:

As a customer/potential customer:
- information we collect when you visit our sites
- information we collect about you from our third party data providers
- information you provide during the registration process,
- information you provide when you use our services,
- information you provide documents, spreadsheets, or other material
- information we collect about how you use the website,
- information given and stored as part of our ongoing relationship
- information we collect on visits and all other interactions and exchanges.

WHAT THIS POLICY APPLIES TO

This section describes the lawful basis for processing your data and applies to the information about yourself that you choose to provide us with or that you allow us to collect. We exercise our rights under the consent lawful basis as you are free at anytime to register to use this service and consent to receive information from us or at anytime to choose to stop using this service and remove your consent. We will always respect your decision to remove consent.

The information we collect and use includes:
As a customer/potential customer:
- information we collect when you visit our sites
- information we collect about you from our third party data providers
- information you provide during the registration process,
- information you provide when you use our services,
- information you provide documents, spreadsheets, or other material
- information we collect about how you use the website,
- information given and stored as part of our ongoing relationship
- information we collect on visits and all other interactions and exchanges.

SCOPE OF PROCESSING

When you visit our site we will collect information about you through our data collection forms, cookies and using our connection to visitor tracking and similar products. By visiting our site and choosing to navigate our pages, providing or submitting your personal data on this site, whether in those fields marked mandatory or otherwise, you are affirming your agreement for such information to be used in accordance with this Privacy Policy. You will be able to withdraw that agreement at any time by the methods described. We respect all your rights under GDPR.

Once we have your details we may contact you by email, social media, and/or phone to sell our products, discuss your requirements and help you use our services. We exercise the right under legitimate interest to process your data and operate under PECR and similar regulations [ePrivacy] in order to make calls and send emails, however we respect your rights under all regulations and will always respond to requests to stop, to be forgotten, object to processing, correct your data, and for data portability.

In addition, when you request a call-back – we exercise our right under legitimate interest in order to call you back and send email marketing information as described on the site.

After you have visited and/or once you have decided to use our site and services we will send you account updates, support information, related offers, and other information necessary for us to provide services under the agreed terms of our contract and adopting the lawful basis of needing to fulfil a contract. We will at all times respect your rights under GDPR and will always respond to requests to be forgotten, object to processing, correct your data, and for data portability.

By continuing to use this website you have consented to information being collected from your device by cookies or other technologies, for the purposes described in this Privacy Policy, as part of our lead generation process, and advertising including the display of targeted advertising based on the information provided.

CHANGING YOUR PREFERENCES AND OPTING OUT AT A LATER DATE

Once you have given your data and/or implied or explicit consent, you can however still control whether or not you continue to receive communications or see such advertisements from us. The simplest way to remove amend your preferences and withdraw consent is to contact us directly, however you can also remove consent depending on the channel of communication:

Post: You can withdraw your consent for postal marketing from anyone by adding your details to the Mail Preference Service. For more details please go to www.mpsonline.org.uk.

E-mail or SMS (text message): You can unsubscribe from receiving e-mail or SMS marketing communications from any individual third party by using the instructions in any email communication such third party sends you (usually an 'unsubscribe' or 'STOP' link).

Telephone calls: To withdraw your consent for live or automated calls from anyone you can add your name to the Telephone Preference Service which is maintained at this website address: www.tpsonline.org.uk.

You can also opt out at any time from communications via any of the methods described above by e-mailing us at: support@optindigo.com

Social media and online: You can configure your advertising preferences on social media by accessing your settings or preference options on the relevant platform. If you no longer want to receive personalised advertising on any website you visit, you can usually opt out directly through the privacy policy of the particular website you are accessing. You can also opt out of such advertising by visiting the IAB opt-out platform at www.youronlinechoices.com . Please note that this and other platforms allow you to opt out of interest-based advertising delivered by registered members.

HOW WE STORE AND PROCESS YOUR DATA

Your account data will be collected, stored and processed primarily in the EU. Where we transfer data outside the EU we will ensure we take all reasonable administrative and technical precautions to protect that data. Your data will be stored for three years after our last interaction, in order to provide updates and offers that may be of interest to you. We use recognised third parties to provide lead generation services, help with advertising, operate our business, take payment, manage our company accounts, and provide banking services, and other common business functions. We will store transaction, payment, and order data for up to 7 years or for as long as required by UK financial and company regulations. These third parties may operate outside the EU.

OUR OBLIGATIONS

We are a data controller in relation to the information that you provide us with. As a result, we are legally responsible for how that information is handled.

We will always endeavour to comply with the GDPR [2018], ePrivacy [date TBC] and PECR in the way we use and share your personal data. Among other things, this means that we will only use your personal data:
- fairly and lawfully,
- as set out in the legislation and this policy,
- to the extent necessary for these purposes.

We will process your personal data ourselves as the data processor. We will take reasonable precautions to safeguard the personal information that you supply.


Where we use data processors or share your data with joint controllers we will ensure appropriate contracts, terms, and data sharing agreements are in place including SCCs.

If you have any requests concerning your personal information or any queries about our privacy policy, website or service, please contact us using the details given above. We are friendly and professional and will always help.

ANALYSIS AND DERIVATIVE DATA PRODUCTS

Sometimes your data will be used for analysis purposes or to build data products. In these instances, the information is aggregated and wherever possible anonymised in line with the Information Commissioner’s code of practice. Again, these products are of a marketing nature.

THIRD PARTIES

We do not routinely share your data with any third party and we never sell data. We use carefully selected third parties to manage/operate our business and develop new business.

SOURCE OF YOUR DATA

We do not buy marketing lists however we do use third parties and online services to help identify potential customers and support our busines development activity.

For example:
1. We use tracking software to identify companies that visit our site
2. We use email verification systems to identify contacts at those companies
3. We use LinkedIn to contact representative of those companies and connect with them.
4. We use Mailchimp to send email to those contacts.
5. We store data on our CRM systems such as OnePageCRM and HubSpot
6. We use information to run our advertising campaigns
7. We use Sopro.io as our marketing partner to identify companies that may be interested in our products and services.

This approach is GDPR and PECR compliant.

Where we use third parties, we ensure these companies comply with all regulations and keep your data safe. This includes ensuring they implement best practice security measures to prevent the loss of, or unauthorised access to your personal information. Where valid, appropriate, verified, and subject to legal obligations, third parties are also expected to complete rectification or erasure requests within 72 hours of receipt.

SECURITY

We will report any breaches or potential breaches to the appropriate authorities within 24 hours, and to anyone affected by a breach within 72 hours. If you have any queries or concerns about the data usage please contact us.

LEGITIMATE INTERESTS

In some cases we collect, store, and process your data under the GDPR lawful basis of Legitimate Interest. Where this is the case we have completed appropriate balancing assessments to protect the rights of the data subjects.

CONTACTING US, EXERCISING YOUR RIGHTS.

If you have any questions or comments about this Privacy Policy, wish to exercise your information rights in connection with the personal data you have shared with us or wish to complain, please contact The Data Protection Officer at GDPRLOCAL. Where valid, appropriate, verified, and subject to legal obligations, we will complete objection, rectification or erasure requests within 72 hours of receipt by us. We will process SARs within 30 days, SAR responses are usually free but we reserve the right to charge for excessive or unfounded requests. We fully comply with Data Protection legislation and will assist in any investigation or request made by the appropriate authorities.

This policy may be updated from time to time – where material changes occur we will contact you on the email address provided. You have the right to remove consent at anytime. You also have the right to complain – if you remain dissatisfied you should contact the ICO at: ico.org.uk