Privacy Statement

We take your privacy seriously and will only use your personal information to administer your account and to provide the products and services you have requested from us. We will never sell, share, or use your personal information other than as described here.

GDPR LOCAL is a GDPR compliance platform that provides Article 27 services and helps users fulfill their GDPR compliance obligations.


This policy sets out how we will use and share the information that you give us or allow us to obtain from third parties. This policy describes your relationship with GDPR Local Ltd in relation to this website and our website. This document in no way represents any agreement between you and GDPR Local Ltd [GDPRLOCAL] other than as described here.


GDPRLOCAL is a trading name of GDPR Local Ltd which is registered in England and as a Data Controller registered with the Information Commissioner’s Office under the Data Protection Act 2018. The Data Protection Officer is: Adam Brogden. You can get in touch with us in any of the following ways:
By email: [email protected]
Call: +44 1772 217800 [office hours]
Through our website:
By post: Adam Brogden, C/O GDPR Local Ltd. The Belfry, Lytham, FY84NW


You can visit our website to contact us to change your preferences at any time. This includes also exercising your rights under GDPR, as follows:

  • ● right to access to your personal data
  • ● right to erasure [‘right to be forgotten]
  • ● right to object to processing of personal data
  • ● right to restrict the processing of personal data
  • ● right of portability [to transfer your data to another platform]
  • ● right to rectification [your data to be corrected]

We take your rights seriously and will always reply promptly and professionally.


We operate in line with the principles of EU GDPR and UK GDPR and follow Data Protection guidelines. We are committed to protecting your personal rights and allow all users to change or withdraw their consent options at any time. We will also advise you on how to complain to the relevant authorities, namely the Information Commissioner's Office.


This policy relates to users/visitors of our websites, users of our services, anyone that contacts us, and all other third parties. Registration may be required and if you are not willing to register you may not be able to use all the services on this site. Processing of your data is required in order to offer you these services. This policy applies to individuals who have registered with GDPRLOCAL as either a customer, affiliate, user, administrator, or in any other capacity.

We respect the rights of all data subjects. We endeavor to act in a compliant manner and will always respond quickly and professionally to any request.


This section describes the lawful basis for processing your data and applies to the information about yourself that you choose to provide us with or that you allow us to collect. We exercise our rights under the consent lawful basis as you are free at any time to register to use this service and consent to receive information from us or at any time to choose to stop using this service and remove your consent. We will always respect your decision to remove consent.
The information we collect and use includes:

As a customer/potential customer:
- information we collect when you visit our sites
- information we collect about you from our third party data providers
- information you provide during the registration process,
- information you provide when you use our services,
- information you provide documents, spreadsheets, or other material
- information we collect about how you use the website,
- information given and stored as part of our ongoing relationship
- information we collect on visits and all other interactions and exchanges.


When you visit our site, we will collect information about you through our data collection forms, cookies and using our connection to visitor tracking and similar products. By visiting our site and choosing to navigate our pages, providing, or submitting your personal data on this site, whether in those fields marked mandatory or otherwise, you are affirming your agreement for such information to be used in accordance with this Privacy Policy. You will be able to withdraw that agreement at any time by the methods described. We respect all your rights under GDPR.

Once we have your details we may contact you by email, social media, and/or phone to sell our products, discuss your requirements and help you use our services. We exercise the right under legitimate interest to process your data and operate under the UK Privacy and Electronic Communication Regulation [PECR] and ePrivacy Directive in order to make calls and send emails, however we respect your rights under all regulations and will always respond to requests to stop, to be forgotten, object to processing, correct your data, and for data portability.

In addition, when you request a call-back – we exercise our right under legitimate interest in order to call you back and send email marketing information as described on the site.

After you have visited and/or once you have decided to use our site and services, we will send you account updates, support information, related offers, and other information necessary for us to provide services under the agreed terms of our contract and adopting the lawful basis of needing to fulfil a contract. We will at all times respect your rights under GDPR and will always respond to the requests you have made, exercising your rights, as provided for in GDPR.

By continuing to use this website you have consented to information being collected from your device by cookies or other technologies, for the purposes described in this Privacy Policy, as part of our lead generation process, and advertising including the display of targeted advertising based on the information provided.


Once you have given your data and/or implied or explicit consent, you can however still control whether you continue to receive communications or see such advertisements from us. The simplest way to remove amend your preferences and withdraw consent is to contact us directly, however you can also remove consent depending on the channel of communication:

Post: You can withdraw your consent for postal marketing from anyone by adding your details to the Mail Preference Service. For more details, please go to

E-mail or SMS (text message): You can unsubscribe from receiving e-mail or SMS marketing communications from any individual third party by using the instructions in any email communication such a third party sends you (usually an 'unsubscribe' or 'STOP' link).

Telephone calls: To withdraw your consent for live or automated calls from anyone you can add your name to the Telephone Preference Service which is maintained at this website address:

You can also opt out at any time from communications via any of the methods described above by emailing us at: [email protected]

Social media and online: You can configure your advertising preferences on social media by accessing your settings or preference options on the relevant platform. If you no longer want to receive personalised advertising on any website you visit, you can usually opt out directly through the Privacy Policy of the particular website you are accessing. You can also opt out of such advertising by visiting the IAB opt-out platform at Please note that this and other platforms allow you to opt out of interest-based advertising delivered by registered members.


Your account data will be collected, stored, and processed primarily in the UK. When we transfer data outside the UK/EU, we will ensure we take all reasonable administrative and technical precautions to protect that data. Your data will be stored for three years after our last interaction, in order to provide updates and offers that may be of interest to you. We use recognised third parties to provide lead generation services, help with advertising, operate our business, take payment, manage our company accounts, and provide banking services, and other common business functions. We will store transaction, payment, and order data for up to 7 years or for as long as required by UK financial and company regulations. These third parties may operate outside the UK/EU.


We are a data controller in relation to the information that you provide us with. As a result, we are legally responsible for how that information is handled.

We will always endeavor to comply with both the EU GDPR and UK GDPR GDPR [2018], ePrivacy Directiveand PECR in the way we use and share your personal data. Among other things, this means that we will only use your personal data:
- fairly and lawfully,
- as set out in the legislation and this policy,
- to the extent necessary for these purposes.

We will process your personal data ourselves as the data processor. We will take reasonable precautions to safeguard the personal information that you supply.

Where we use data processors or share your data with joint controllers, we will ensure appropriate safeguards and contracts, terms, and data sharing agreements are in place including SCCs.

If you have any requests concerning your personal information or any queries about our privacy policy, website, or service, please contact us using the details given above. We are friendly and professional and will always help.


Sometimes your data will be used for analysis purposes or to build data products. In these instances, the information is aggregated and wherever possible anonymised in line with the Information Commissioner’s code of practice. Again, these products are of a marketing nature.


We do not routinely share your data with any third party, and we never sell data. We use carefully selected third parties to manage/operate our business and develop new business.


We do not buy marketing lists however we do use third parties and online services to help identify potential customers and support our business development activity.

For example:
1. We use tracking software to identify companies that visit our site.
2. We use email verification systems to identify contacts at those companies.
3. We use LinkedIn to contact representatives of those companies and connect with them.
4. We use Mailchimp to send email to those contacts.
5. We store data on our CRM systems such as HubSpot
6. We use information to run our advertising campaigns
7. We use as our marketing partner to identify companies that may be interested in our products and services.

This approach is GDPR and PECR compliant.

Where we use third parties, we ensure these companies comply with all regulations and keep your data safe. This includes ensuring they implement best practice security measures to prevent the loss of, or unauthorised access to your personal information. Where valid, appropriate, verified, and subject to legal obligations, third parties are also expected to complete rectification or erasure requests within 72 hours of receipt.


We will report any breaches or potential breaches to the appropriate authorities within 24 hours, and to anyone affected by a breach within 72 hours. If you have any queries or concerns about the data usage, please contact us.


In some cases, we collect, store, and process your data under the GDPR lawful basis of Legitimate Interest. Where this is the case, we have completed appropriate balancing assessments to protect the rights of the data subjects.


If you have any questions or comments about this Privacy Policy, wish to exercise your information rights in connection with the personal data you have shared with us or wish to complain, please contact The Data Protection Officer at GDPRLOCAL. Where valid, appropriate, verified, and subject to legal obligations, we will complete objection, rectification or erasure requests within 30 days of receipt by us. We will process SARs within 30 days, SAR responses are usually free, but we reserve the right to charge for excessive or unfounded requests. We fully comply with data protection legislation and will assist in any investigation or request made by the appropriate authorities.

This policy may be updated from time to time – where material changes occur, we will contact you on the email address provided. You have the right to remove consent at any time. You also have the right to complain – if you remain dissatisfied you should contact the ICO at: