Legal
Outcome Reach Privacy Policy
This policy explains how Outcome Reach Ltd collects, uses, shares, retains, and protects personal data across its website, client services, advertising systems, CRM workflows, automation, and reporting.
Quick Summary: Outcome Reach Ltd collects and uses personal data to operate its website, communicate with prospects and clients, deliver the Outcome Reach Growth Engine, and support advertising, landing pages, CRM systems, automation, and reporting. We may act as both a Controller and a Processor, depending on the context explained below.
1. Scope & Roles
Outcome Reach Ltd may act as a Controller when we collect and use personal data for our own website, enquiries, sales, onboarding, contracts, billing, operations, and marketing.
We may act as a Processor when we handle personal data on behalf of clinic clients inside systems such as GoHighLevel, forms, automation workflows, and connected tools. In those cases, our client is typically the Controller of that lead or customer data.
2. Data We Collect
A. Website visitors, prospects, and enquiries
- Name, email address, phone number, company name, and job title
- Booking and enquiry details submitted through forms, calendars, or calls
- Marketing attribution data such as UTM parameters, referral source, and campaign source
- Technical data such as IP address, browser type, device information, pages viewed, and cookie-related data
- Communication records such as emails, SMS, WhatsApp messages, and call notes
B. Clients, suppliers, and partners
- Business contact information
- Contracts, invoices, payment records, and billing details
- Support, onboarding, and account access information
C. Client lead and customer data handled in a processor capacity
- Lead contact details
- Form submissions and booking information
- Tags, notes, pipeline status, and attribution data
- Message logs, reminder activity, and opt-in or opt-out status
We do not intentionally collect special category personal data unless necessary and appropriately authorised. Clinical records and treatment suitability data should generally remain inside the clinic’s own clinical systems rather than Outcome Reach systems unless specifically agreed.
3. How We Collect Data
- Directly from you through forms, calendars, calls, email, SMS, contracts, and onboarding submissions
- Automatically through cookies, pixels, analytics tools, CRM activity, and website tracking technologies
- From third-party sources such as connected software tools, advertising platforms, directories, or business networking platforms where lawful
4. How We Use Data & Legal Bases
Service delivery
We use personal data to provide services, build funnels, configure CRM systems, run automations, manage ads, support onboarding, and deliver reporting.
Legal basis: Contract and legitimate interests.
Sales and communication
We use data to respond to enquiries, schedule calls, send proposals, and manage client communication.
Legal basis: Legitimate interests and contract.
Marketing
We may send newsletters, updates, retargeting audiences, or promotional communications where permitted.
Legal basis: Consent where required, legitimate interests, and soft opt-in where applicable.
Billing and administration
We use data for invoicing, payments, record keeping, and financial administration.
Legal basis: Contract and legal obligation.
Security and fraud prevention
We use data to maintain platform security, detect abuse, and protect our systems and users.
Legal basis: Legitimate interests and legal obligation.
Processor activities for clients
Where we process clinic lead or customer data on behalf of a client, we do so in line with that client’s instructions and service arrangement.
Where processing is based on consent, you may withdraw consent at any time.
5. Marketing Communications
We may contact you by email, SMS, or similar channels where permitted by law. Where required, we will rely on consent. Where allowed, we may rely on legitimate interests or soft opt-in rules.
Marketing messages should include a way to unsubscribe or opt out. You can also contact us directly at [email protected].
6. Cookies & Tracking
We may use essential cookies for site functionality and, where consent is given, analytics and advertising cookies such as Meta Pixel and other measurement tools.
Non-essential cookies should only be used where appropriate consent has been obtained. You can manage your preferences through the site’s cookie controls where available.
7. Sharing Your Data
We may share data with trusted service providers and software tools that help us deliver services, including:
- GoHighLevel
- Stripe
- Jotform
- Zapier or Make
- Meta and related advertising tools
- Email, hosting, domain, analytics, and communications providers
We do not sell personal data. We expect service providers to process data securely and only as required for their services.
8. International Transfers
Some service providers may process data outside the United Kingdom. Where this happens, we aim to rely on lawful transfer mechanisms and appropriate safeguards, such as contractual protections, where required.
9. Data Retention
- Prospect and enquiry records may be kept for a reasonable period, including up to 24 months from the last meaningful interaction, unless longer retention is justified
- Client, contract, and billing records may be retained for 6 to 7 years for accounting, legal, and compliance purposes
- Client lead and customer data processed on behalf of clinics is retained according to client instructions, contract terms, or system settings
10. Security
We use reasonable technical and organisational measures to help protect personal data, including access controls, permissions management, and secure service providers where supported. No system is completely secure, and we continually review and improve our safeguards where appropriate.
11. Your Rights
Subject to applicable law, you may have rights including access, rectification, erasure, restriction, objection, portability, and withdrawal of consent where consent is the legal basis.
To exercise your rights, contact [email protected]. You may also contact the UK Information Commissioner’s Office if you have concerns.
12. Children
Our services are not intended for children, and we do not knowingly collect personal data from children for our own business purposes.
13. Processor Services for Clients
When we process clinic lead or customer data on behalf of clients inside GoHighLevel and related tools, we do so as a processor or service provider where applicable. The relevant client remains responsible for the lawful basis, transparency, and instructions relating to that data unless otherwise agreed in writing.
14. Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will be posted on this page with an updated effective date.
15. Contact Us
If you have any questions about this Privacy Policy, please contact:
- Company
- Outcome Reach Ltd
- Address
- 66 Paul Street, London, EC2A 4NA, United Kingdom
- [email protected]
- Phone
- +44 7592 842169
- Company No.
- 16367338