Privacy Policy

Last updated: 23 June 2026

This privacy policy explains how Subsidium.media Ltd (“we”, “us” or “our”) collects, uses and protects personal information when you visit our website, contact us, book a call, become a client, or interact with one of our review, NFC/QR, photo-upload or Google Business Profile management systems.

We are based in the United Kingdom and handle personal information in line with the UK GDPR, the Data Protection Act 2018 and applicable electronic marketing rules.

If you have any questions about this policy or how we use personal information, contact us at:

Email: [email protected]
Business name: Subsidium.media Ltd
Registered/company address: Lincolnshire, United Kingdom

1. Who this policy applies to

This policy applies to:

visitors to our website;

people who submit enquiries, book calls or request information from us;

current, past and prospective clients;

staff, contractors or representatives of client businesses who use our systems;

customers of our clients who scan a review card, click a review link, or submit information through a photo-upload or review-related form;

business contacts we contact as part of business-to-business outreach.

In some cases, we act as the data controller, which means we decide how and why personal information is used. This usually applies to our own website visitors, prospects, business contacts and clients.

In other cases, we may act as a data processor on behalf of a client. This may apply when we handle information about the client’s customers, staff, completed jobs, photos, review activity or Google Business Profile content as part of providing services to that client. In those cases, the client remains responsible for telling their customers and staff how their personal information is used.

2. Personal information we collect

We may collect and use the following types of personal information.

Website visitors and enquiries

name;

business name;

email address;

phone number;

website address;

business location or service area;

information submitted through forms, messages, emails or call-booking tools;

technical information such as IP address, browser type, device type, pages visited, referral source and approximate location;

cookie and tracking information, where applicable.

Prospective and current clients

contact details for business owners, managers and staff;

business details, including Google Business Profile information, website, service area, opening hours, services and public-facing business content;

payment, billing and contract information;

call notes, email correspondence and onboarding information;

access permissions or account details needed to provide the service, such as Google Business Profile manager access;

performance data, such as review counts, QR/NFC scan data, review link clicks, photo uploads, website clicks, call clicks and report data.

Business-to-business outreach contacts

Where we contact businesses about our services, we may collect and use:

business names;

business addresses;

business phone numbers;

business email addresses;

website URLs;

public social media or directory information;

names of business owners, directors, managers or staff;

job titles or roles;

service areas;

notes about whether our services may be relevant to the business;

contact history, call notes and opt-out preferences.

This information may come from publicly available sources, business websites, Google Business Profiles, online directories, social media, Companies House, third-party business data providers, lead providers or appointed outreach providers.

Client staff and representatives

name and contact details, where provided;

role or relationship to the client business;

form submissions;

photo-upload activity;

usage data linked to QR/NFC systems or internal staff upload processes.

Customers of our clients

Depending on how the client uses our system, we may process limited information about their customers, such as:

name, if submitted through a form;

email address or phone number, if submitted through a form;

review-link activity, such as QR/NFC scans, clicks or redirects;

photos uploaded by the client, their staff or their customers;

job-related information submitted through a form;

any personal information that appears incidentally in uploaded photos, such as faces, house numbers, addresses, vehicle registration plates or other identifying details.

Clients and their staff should avoid uploading unnecessary personal information. Job photos should focus on the completed work and should avoid including people, private documents, full addresses, vehicle registration plates or other identifying details unless necessary and lawful.

3. How we collect personal information

We may collect personal information when:

you visit our website;

you fill in a contact form, booking form or enquiry form;

you email, call or message us;

you book a sales call or consultation;

you sign a contract or become a client;

you give us access to a Google Business Profile or related business account;

you or your staff use our NFC/QR review cards, tracking links or photo-upload forms;

a client’s customer scans a review link, submits a form or interacts with a review request system;

we obtain publicly available business information for business-to-business outreach;

we receive business contact data from third-party business data providers, lead providers or appointed outreach providers;

we receive information through GoHighLevel or other systems used to manage enquiries, clients, forms, tracking, automation and reporting.

Where we receive personal information from a third-party source for business-to-business outreach, we aim to provide access to this privacy policy when reasonably practical, usually at or before our first meaningful contact with the person or business.

4. Business-to-business outreach and lead data

We may use publicly available business information and information supplied by third-party business data providers to contact relevant businesses about our services.

This may include business names, business addresses, websites, public social media pages, business phone numbers, business email addresses, names of business owners, directors, managers or staff, job titles, service areas and other public business information.

We use this information for proportionate business-to-business outreach where we believe our services may be relevant to the recipient’s business. Our lawful basis for this processing is usually legitimate interests, namely promoting our services to relevant businesses and growing our business, balanced against the rights and interests of the individuals contacted.

Our outreach may include live telephone calls, emails or other business communications where permitted by law.

Before carrying out live marketing calls, we or our appointed calling provider may screen numbers against applicable preference services, including the Telephone Preference Service and Corporate Telephone Preference Service, where required.

We will maintain suppression records where a person or business asks us not to contact them again. Suppression records are kept so we can respect opt-out requests and avoid contacting people who have asked not to be contacted.

Where we use a third-party data supplier, lead provider, calling provider, CRM provider or other service provider for outreach, we expect them to handle personal information lawfully and to provide appropriate contractual safeguards.

You can ask us to stop contacting you for marketing purposes at any time by contacting us at [email protected].

5. How we use personal information

We use personal information to:

respond to enquiries;

book and manage calls;

provide quotes, proposals and information about our services;

carry out business-to-business outreach where lawful;

assess whether our services may be relevant to a business;

maintain suppression lists and opt-out records;

onboard new clients;

provide Google Business Profile management services;

create and manage NFC/QR review systems;

set up review links, redirect links, tracking pages, forms and reports;

help clients collect genuine customer reviews;

upload or schedule Google Business Profile posts and photos;

reply to reviews where agreed with the client;

produce monthly performance reports;

manage billing, subscriptions, payments and contracts;

provide customer support;

improve our website, systems and services;

keep records for tax, accounting, legal and compliance purposes;

protect our business, website, systems and users from misuse, fraud or security issues.

We do not sell personal information.

We do not use client customer data to send unrelated marketing for our own services.

6. Lawful bases for using personal information

Under UK data protection law, we must have a lawful basis for using personal information. Depending on the situation, we may rely on the following lawful bases.

Contract

We use this when processing is necessary to provide our services to a client, take steps before entering into a contract, manage payments, provide support or fulfil our agreement.

Legitimate interests

We may use personal information where it is reasonably necessary for our business interests, provided those interests are not overridden by the rights and freedoms of the individual.

This may include responding to business enquiries, improving our services, managing client relationships, tracking performance, preventing fraud, maintaining security, keeping appropriate business records and carrying out proportionate business-to-business outreach.

Consent

We use consent where required, such as for certain cookies, optional marketing communications or where a person chooses to submit information through a form.

Legal obligation

We may use personal information where necessary to comply with legal obligations, such as tax, accounting, company law, data protection law or responding to lawful requests from authorities.

7. Google reviews, Google Business Profiles and third-party platforms

Our services may involve helping clients collect genuine Google reviews and manage their Google Business Profile.

When a customer clicks or scans a review link, they may be redirected to Google or another third-party service. Once they are on Google or another third-party platform, that platform’s own terms and privacy policy apply.

We cannot control how Google or other third-party platforms process personal information. We only control the systems, links, forms and data handling that we operate ourselves.

We do not post fake reviews, buy reviews, pressure customers to leave dishonest reviews, or knowingly help clients breach Google’s policies.

8. Photo uploads and job information

Our service may allow clients, their staff or customers to upload photos of completed work so those images can be reviewed, stored, used in reports, or uploaded to a Google Business Profile.

Uploaded photos may sometimes contain personal information. The person uploading the image is responsible for making sure they have the right to upload and use it.

Clients should make sure that:

customers are aware when photos of work at their property may be used;

unnecessary personal details are not included in photos;

photos do not show people, private documents, sensitive information, full addresses or vehicle registration plates unless there is a valid reason and appropriate permission;

they comply with their own privacy obligations to their customers and staff.

We may remove, reject or avoid using images if we believe they contain unnecessary or inappropriate personal information.

9. Client examples, case studies and portfolio use

We may use general, anonymised or aggregated examples of our work to explain, improve or promote our services. This may include describing workflows, systems, processes, results, performance improvements or types of work carried out, provided the information does not reasonably identify a client, their staff or their customers.

We will not publish a client’s name, logo, identifiable screenshots, Google Business Profile details, customer reviews, customer information, job photos, addresses or other identifiable client material as a testimonial, case study or portfolio example without appropriate permission.

Where we use examples of work, we will take reasonable steps to avoid including unnecessary personal information, confidential business information or information that could identify a client’s customers.

10. Cookies, analytics and tracking

Our website and systems may use cookies, pixels, tags, scripts or similar technologies.

These may be used to:

make the website work properly;

remember preferences;

understand how visitors use the website;

measure marketing performance;

track form submissions, page visits, QR/NFC scans, link clicks or redirects;

improve our website and services.

Some cookies or tracking technologies are essential. Others, such as analytics or advertising cookies, may require consent. Where required, we will ask for consent before placing non-essential cookies or similar technologies on your device.

You can usually control cookies through your browser settings. If we use a cookie banner or cookie management tool, you can also use that to manage your choices.

Tools we use or may use include GoHighLevel for CRM, forms, automation, tracking, messaging and reporting; Google services, including Google Business Profile and related tools; Stripe for payments; email providers; website hosting providers; analytics tools; call-booking tools; telephone and calling tools; reporting tools; cloud storage providers; and other operational tools we reasonably need to provide and improve our services.

11. Marketing communications

We may send marketing communications to business contacts where permitted by law. This may include calls, emails or messages about our services where we believe they may be relevant to the recipient’s business.

We may contact businesses using publicly available business information, information submitted directly to us, or information supplied by third-party business data providers.

You can ask us to stop sending marketing communications at any time by contacting us at [email protected] or by using the unsubscribe option where provided.

We do not use client customer data for our own unrelated marketing.

12. Who we share personal information with

We may share personal information with trusted third parties where necessary to operate our business and provide our services. These may include:

website hosting providers;

GoHighLevel and other CRM, form and marketing automation providers;

payment processors, such as Stripe;

email and communication providers;

call-booking and video-call tools;

telephone, dialler, call-handling and cold-calling providers;

business data suppliers, lead providers and outreach providers;

TPS/CTPS screening providers or other suppression-checking services;

Google services, including Google Business Profile and related tools;

automation platforms;

analytics and reporting tools;

cloud storage providers;

subcontractors, freelancers, virtual assistants or team members who help us provide the service;

accountants, legal advisers, insurers or professional advisers;

regulators, authorities or other parties where required by law.

We only share personal information where there is a valid reason and appropriate safeguards are in place.

13. International transfers

Some of the tools and service providers we use may process personal information outside the UK. This may include providers based in, or using servers in, the United States or other countries.

Where personal information is transferred outside the UK, we will take reasonable steps to make sure appropriate safeguards are in place, such as UK-approved transfer mechanisms, contractual protections or adequacy regulations where applicable.

14. How long we keep personal information

We only keep personal information for as long as reasonably necessary for the purposes described in this policy.

Our standard retention periods are:

enquiry and prospect information: up to 24 months after the last meaningful contact;

business-to-business outreach data: up to 24 months after collection or last meaningful contact, unless a longer period is needed for suppression, legal, compliance or record-keeping purposes;

client account, contract and billing records: up to 6 years after the end of the client relationship for tax, accounting and legal purposes;

service delivery records, reports, form submissions and project files: for the length of the client relationship and up to 24 months afterwards;

QR/NFC scan data, link tracking data and report data: for the length of the client relationship and up to 24 months afterwards;

uploaded job photos: for the length of the client relationship and up to 12 months afterwards, unless a different period is agreed with the client or a longer period is needed for legal, dispute, reporting or service reasons;

marketing suppression records: for as long as needed to make sure we do not contact someone who has opted out;

cookies and analytics data: according to the settings of the relevant tool.

We may keep information for longer if required by law, to resolve disputes, enforce agreements, maintain suppression records or protect our legal rights.

15. How we protect personal information

We take reasonable technical and organisational steps to protect personal information from loss, misuse, unauthorised access, disclosure, alteration or destruction.

These steps may include access controls, password protection, two-factor authentication where available, restricted access to client accounts, secure cloud tools and limiting access to people who need the information to perform their role.

No website, system or online transmission is completely secure, so we cannot guarantee absolute security.

16. Your rights

Depending on the circumstances, individuals may have the right to:

ask for a copy of their personal information;

ask us to correct inaccurate or incomplete information;

ask us to delete personal information;

ask us to restrict how we use personal information;

object to certain uses of personal information, including direct marketing;

withdraw consent where processing is based on consent;

ask for personal information to be transferred to another provider where applicable;

complain to the UK Information Commissioner’s Office.

To exercise your rights, contact us at [email protected].

If the request relates to information we process on behalf of one of our clients, we may need to refer the request to that client because they may be the data controller.

17. Complaints

Please contact us first if you have any concerns about how we use personal information, so we can try to resolve the issue.

You also have the right to complain to the UK Information Commissioner’s Office:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113
Website: ico.org.uk

18. Children’s data

Our website and services are intended for businesses and are not aimed at children. We do not knowingly collect personal information from children.

19. Changes to this policy

We may update this privacy policy from time to time. The latest version will be posted on this page with the updated date shown at the top.