Privacy Policy

UK GDPR Effective date: October 2025 Outcome Reach®

We respect your privacy and are committed to protecting personal data. This policy explains what we collect, why, how we use it, and your rights under UK data protection laws (UK GDPR & Data Protection Act 2018) and, where relevant, PECR (e-privacy rules for email/SMS marketing).

Who we are
Outcome Reach Ltd (“we”, “us”).
Email

1) Scope & Roles

We act as Controller for personal data collected via our website, social channels, and our own sales/operations, and as a Processor for data we handle on behalf of clients inside GoHighLevel (GHL). Clients are Controllers of their lead/customer data.

2) Data We Collect

A) Website visitors & prospects

  • Identifiers & contact: name, email, phone, company, role
  • Marketing data: form responses, booking details, preferences, source/UTM
  • Technical data: IP, device/browser, pages viewed, cookies/pixels
  • Comms: emails, SMS/WhatsApp replies, call notes

B) Clients & partners

  • Business & billing: company details, contacts, contracts, invoices, Stripe payments
  • Account & access: user accounts, permissions, support tickets

C) Client customer data (processor role)

  • Leads/appointments: contact details, booking info, tags, attribution, message logs in GHL
  • Activity: submissions, calendar bookings, opt-in/opt-out status

We do not intentionally collect special category data unless necessary and agreed. Clinical suitability notes should live in your clinical system, not ours.

3) How We Collect It

  • Directly from you (forms, bookings, email/SMS, calls, contracts)
  • Automatically via our site/tools (cookies, pixels, analytics, CRM events)
  • Third-party sources (business directories, LinkedIn, lead databases) in line with laws

4) Why We Use It (Purposes) & Lawful Bases

Provide & improve services — funnels, ads, CRM automations, support. Contract; Legitimate interests.

Sales & marketing — newsletters, offers, retargeting (where permitted). Consent (where required); Legitimate interests; Soft opt-in under PECR.

Billing & admin — invoicing, accounting, audits. Contract; Legal obligation.

Security & fraud prevention — access logs, abuse monitoring. Legitimate interests; Legal obligation.

Analytics & attribution — site performance, conversion tracking. Consent for non-essential cookies.

Processor activities for clients — lead capture, reminders, rebooking. Acting on Controller instructions.

You can withdraw consent at any time (e.g., cookie preferences, email/SMS opt-outs).

5) Marketing Communications

Email/SMS/WhatsApp: We contact you where permitted (consent or soft opt-in). Every message includes an unsubscribe/STOP option.

Retargeting & pixels: We use pixels (e.g., Meta) to show relevant ads. Manage consent via our cookie banner and your platform settings.

6) Cookies & Tracking

We use essential cookies for site functionality and, with your consent, analytics/advertising cookies (e.g., Meta Pixel, Google tools if enabled).

Manage preferences: Use the cookie banner to accept/reject non-essential cookies.

7) Sharing Your Data (Recipients)

We share data with trusted processors that help us deliver services, including:

  • GoHighLevel (CRM, automations, calendars)
  • Stripe (payments), Jotform (e-sign/forms)
  • Zapier/Make (integrations), hosting/security/analytics
  • Meta (advertising & pixels), email/SMS providers connected to GHL

We require processors to safeguard data and act only on our instructions. We don’t sell personal data.

8) International Transfers

Where providers process data outside the UK (e.g., US), we rely on lawful transfer mechanisms (SCCs with UK addendum) and apply appropriate safeguards.

9) Data Retention

  • Prospect/marketing records: up to 24 months from last interaction (or until you opt out)
  • Client records & invoices: 6–7 years (accounting/legal)
  • Client lead data (processor role): per client instructions or contract

10) Security

We apply technical and organisational measures (access controls, encryption in transit where supported, role-based permissions, auditing, least-privilege). No method is 100% secure; we review and improve safeguards continually.

11) Your Rights (UK GDPR)

You have the right to access, rectify, erase, restrict, object (including to direct marketing), data portability, and to withdraw consent where processing is based on consent.

To exercise rights, email [email protected]. You may also complain to the UK ICO; we’d appreciate the chance to resolve concerns first.

12) Children

Our services are not intended for individuals under 16. We do not knowingly collect data from children.

13) Processor Terms for Clinic Clients

When we process your clinic’s lead/customer data inside GHL and related tools, our Data Processing Addendum (DPA) applies (confidentiality, sub-processors, security, breach notification, deletion/return of data at end of contract).

14) Changes to This Policy

We may update this policy periodically. The latest version will always be posted on this page with an updated “Effective date”.

15) Contact Us

Company
Outcome Reach Ltd (United Kingdom)
Address
3rd Floor, 86–90 Paul Street, London, EC2A 4NE
Email
Phone
+44 7592 842169
Company No.
16367338

© Outcome Reach Ltd. All rights reserved.
Outcome Reach® is a registered trademark in the United Kingdom.