Data Privacy & GDPR

Data Privacy & GDPR Compliance

Last Updated: March 2025

At LeadLegend Ltd, located in London, UK, we take data privacy seriously. As a CRM and automation platform, we are fully committed to maintaining compliance with the UK GDPR, EU GDPR, and other global data protection standards.

1. Roles Under GDPR

- LeadLegend Ltd is a data processor, handling data only under your instructions.

- You (our client) are the data controller, responsible for determining the purpose and means of data processing.

- We rely on the infrastructure of GoHighLevel Inc. and LeadConnector LLC as subprocessors, who are certified under the EU-U.S. and UK-U.S. Data Privacy Framework and operate under Standard Contractual Clauses (SCCs).

We do not access, use, or process any of your customers' data unless explicitly authorized for support or technical troubleshooting.

2. Personal Data We Process

On your behalf, we process:

- Customer contact information (e.g. name, email, phone)

- Appointment bookings and history

- Notes and communication logs

- Funnel and marketing interactions

We do not sell, profile, or repurpose this data.

3. Legal Basis for Processing

As the data controller, you must determine the lawful basis for processing under GDPR Article 6, such as:

- Consent

- Contractual necessity

- Legal obligation

- Legitimate interest

LeadLegend Ltd only processes data as instructed by you, the controller.

4. Rights of Data Subjects

We support your compliance with subject rights under GDPR. Your end users can:

- Access their data

- Request correction or deletion

- Object to processing

- Request data portability

We’ll assist you in responding to these requests within legal timeframes, upon your instruction.

5. International Data Transfers

Your data is stored and processed on infrastructure provided by:

- GoHighLevel Inc. (USA)

- LeadConnector LLC (USA)

These providers are certified under the EU-U.S. Data Privacy Framework and utilize Standard Contractual Clauses to ensure lawful transfers outside the UK/EU.

Details:

- GHL Privacy Policy https://www.gohighlevel.com/privacy-policy

- GHL Subprocessors https://www.gohighlevel.com/sub-processors

- Privacy & Security Overview https://www.gohighlevel.com/privacy-and-security

6. Data Security Measures

We apply technical and organizational measures, including:

- AES-256 encryption at rest and TLS encryption in transit

- Role-based access control and logging

- Automated backups and disaster recovery protocols

- Subprocessor agreements and risk assessments

7. Data Retention & Deletion

We retain data:

- Only for as long as necessary to fulfill services

- Or until you (the controller) request deletion

Data may be anonymized or fully erased upon project termination or customer instruction.

8. Breach Response

In the event of a security breach:

- We notify affected clients without undue delay

- Share incident details and next steps

- Cooperate with all investigations or regulatory reporting

9. Controller Responsibilities

You are responsible for:

- Obtaining valid user consent

- Providing transparent privacy notices

- Managing opt-outs and user preferences

- Responding to subject access and deletion requests

We act solely on your instructions and are happy to assist with compliance operations.

10. Contact Us

LeadLegend Ltd

63-66 Hatton Garden

London, United Kingdom

Email: [email protected]

DPO Contact: [email protected]

11. Resources & Legal Documentation

- Data Processing Agreement: https://leadlegend.org/dpa

- Subprocessor List: https://www.gohighlevel.com/sub-processors

- Cookie Policy: https://leadlegend.org/cookie-policy

- Submit Account & Data Deletion Request: [email protected]

This page is reviewed regularly and updated to reflect any changes in legal requirements or processing practices.