The Review Pals (“we”, “our”, or “us”) respects your privacy and is committed to protecting the personal data you provide to us. This Privacy Policy explains how we collect, use, disclose, and protect your information in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other relevant UK laws.
1. Who We Are
The Review Pals is a company that provides review generation and reputation management services. Our registered office is at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ. For the purpose of UK data protection laws, we are the "data controller" of the personal data you provide through our website and services.
In some cases, we also act as a "data processor" on behalf of our clients, particularly when processing their customer or patient data. In such instances, the client is the data controller and is responsible for ensuring data subjects' rights and lawful data collection.
2. What Information We Collect
We may collect and process the following personal data:
Contact Information: Full name, phone number, email address, business name.
Client Information: Client testimonials, feedback, CRM data, and analytics associated with review campaigns.
Usage Data: How you interact with our website or services (e.g. pages visited, time spent). Technical Data: IP address, browser type, cookies, device identifiers, location. Marketing Preferences: Your choices around marketing communications.
We do not intentionally collect data from children under the age of 18.
Special Category Data:We do not intentionally collect special category data (e.g. health information). However, if such data is shared with us (e.g. in CRM notes or review content), it must be done with the data subject's explicit consent, and we will handle it with heightened care and confidentiality in accordance with Article 9 of the UK GDPR.
3. How We Collect Your Data
We collect personal data:
When you fill out forms on our website or landing pages.
Through direct communication (e.g. phone, email, WhatsApp).
When you use our services or subscribe to our marketing campaigns.
Via cookies and tracking technologies.
From client-provided databases (with their assurance of legal consent).
Note on Client Data Processing:
In some cases, we process personal data on behalf of our clients (e.g. customer contact information provided to us by clinics). In such cases, the client is the data controller, and The Review Pals acts as a data processor. Clients are responsible for ensuring that appropriate consents have been obtained from data subjects.
4. How We Use Your Data
We process your data to:
Provide and manage our services.
Communicate with you regarding your account or support requests.
Run review campaigns and manage client CRM workflows.
Improve our website and services using usage and analytics data.
Send marketing communications (with consent).Fulfil legal or regulatory obligations.
We rely on the following lawful bases under UK GDPR:
Consent
Contractual necessity
Legal obligation
Legitimate interests (e.g. improving services, marketing to existing clients)
5. How We Share Your Data
We may share your information with:
Service Providers: Third-party platforms like GoHighLevel, Google, Facebook, and Zapier to deliver our services. These parties act as sub-processors under UK GDPR and are bound by contractual safeguards.
Legal or Regulatory Authorities: If required to comply with legal obligations.
Business Transfers: In case of a merger, sale, or acquisition.
We do not sell your personal data to any third parties. We require all sub-processors to adhere to strict confidentiality and data protection standards. Access to your data is restricted to authorised personnel and only where necessary for service delivery.
6. International Data Transfers
Some of our service providers are located outside the UK. When we transfer your data internationally, we ensure safeguards such as:
UK-approved Standard Contractual Clauses (SCCs)
Adequacy decisions from the UK Government
7. How Long We Retain Your Data
We retain your data only as long as necessary for the purposes set out in this policy. Retention periods are based on:
Legal and contractual obligations
Client relationship duration
Legitimate business interests
When no longer required, data is securely deleted or anonymised.
8. Your Rights Under UK GDPR
You have the right to:
Access your personal data
Rectify inaccurate or incomplete data
Request erasure ("right to be forgotten")
Restrict or object to processing
Data portability
Withdraw consent at any time (where applicable)
Lodge a complaint with the Information Commissioner’s Office (ICO)
ICO Contact Details
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, misuse, or disclosure. These include:
Encryption of data in transit and at rest
Role-based access control
Two-factor authentication for internal systems
Secure data storage using trusted third-party providers
Regular access reviews and security audits
10. Policy Updates
We review this Privacy Policy regularly and will post any updates on this page. If changes are significant, we’ll notify you via email or website notice.
