Privacy Policy — LeadTrace

The short version: we collect personal data only when there's a clear lawful basis, we minimise what we keep, we tell you what we do with it, and we honour every right UK GDPR gives you including the right to ask us to stop. If anything below isn't clear, email hello@leadtrace.uk and a human will reply.

1. Who we are

LeadTrace Ltd ("LeadTrace", "we", "us", "our") is a company registered in England and Wales (Company No. 17232860, registered office: 66 Paul Street, London, EC2A 4NA). We are the data controller for the personal data described in this policy.

For UK GDPR enquiries, contact hello@leadtrace.uk.

2. What this policy covers

This policy applies to personal data we collect through:

The leadtrace.uk website (you, visiting us)
Sales and marketing outreach we conduct (B2B prospects we contact)
Services we provide to our clients (where we process data on their behalf as a joint controller or processor — separate agreement governs)
Direct correspondence and meetings (email, calls, calendar bookings)

3. Personal data we collect about website visitors

When you visit leadtrace.uk we collect minimal data:

Technical data — IP address, browser type, device type, pages visited, referrer URL. Used for site analytics and security.
Voluntary data — name, email, company, role, any free-text — only if you submit a form, book a discovery call, or email us.

We use Cloudflare for hosting and DDoS protection. Cloudflare may process your IP address; their privacy notice is here.

4. Personal data we collect for B2B sales outreach

For our own sales outreach and (separately) for client engagements, we obtain B2B contact data from compliant third-party providers including Acquisity.ai, Apollo.io, and LinkedIn Sales Navigator. Data captured per prospect typically includes name, job title, company, business email address, LinkedIn URL, company size, sector, and publicly available signals (recent posts, funding rounds).

We log the source of every record, the date we obtained it, the lawful basis for contact, and the opt-out status. This audit trail is available to you on request (see Your rights below).

5. Lawful bases for processing

UK GDPR Article 6 requires a lawful basis for every processing activity. Ours:

For website visitors

Legitimate interest (Art 6(1)(f)) for analytics and security; consent (Art 6(1)(a)) for any optional cookies or marketing communications you opt into.

For B2B sales outreach

Legitimate interest (Art 6(1)(f)) — we have assessed this in a documented Legitimate Interests Assessment, available on request. The interest is establishing commercial relationships with businesses that could benefit from our services. We balance this against your reasonable expectations as a senior contact at a business and your fundamental rights.

You can opt out at any time and we will stop contacting you within 24 hours.

For service delivery to clients

Governed by a separate Data Processing Agreement / joint-controller agreement signed with each client. Lawful basis is typically the same — legitimate interest of the client, balanced against the prospects' rights, with full opt-out compliance.

6. How we use personal data

To send sales communications to business contacts (email, LinkedIn, phone) about LeadTrace services
To deliver agreed services to our clients (running outbound campaigns on their behalf)
To respond to enquiries, book meetings, and provide proposals
To comply with legal, regulatory, and tax obligations
To improve our website and services through aggregated analytics

We do not sell personal data to third parties. We do not use personal data for automated decision-making that produces legal or significant effects.

7. Sharing personal data

We share personal data only with sub-processors necessary to deliver our services. Current sub-processors include:

Google Workspace — email and document storage
Stripe / GoCardless — payment processing
Smartlead.ai — cold email sending infrastructure
Cloudflare — hosting, DNS, DDoS protection
Calendly — meeting booking
HMRC and Companies House — statutory reporting

All sub-processors are bound by data processing agreements requiring UK GDPR-equivalent protections.

8. International transfers

Some of our sub-processors are based outside the UK. Where personal data is transferred outside the UK we rely on the UK International Data Transfer Addendum / Standard Contractual Clauses, as published by the ICO.

9. How long we keep data

Website analytics — 26 months
Sales prospect data — 24 months from last contact, then deleted (or sooner on request)
Client correspondence — for the duration of the engagement + 6 years (UK statutory tax record-keeping)
Financial records — 6 years (HMRC requirement)
Opt-out records — indefinitely, as required to honour opt-out requests

10. Your rights under UK GDPR

You have the right to:

Access the personal data we hold about you
Rectify inaccurate data
Erase your data ("right to be forgotten") subject to our legal obligations
Restrict our processing
Object to processing based on legitimate interest, including direct marketing — we will stop immediately
Data portability — receive your data in a portable format
Complain to the ICO at ico.org.uk or 0303 123 1113

Email hello@leadtrace.uk to exercise any right. We respond within 30 days as required by UK GDPR.

11. Cookies

Our website uses minimal cookies — essential cookies for site function only by default. We do not use third-party advertising cookies. If we add analytics cookies we will request your consent first via a cookie banner.

12. Changes to this policy

We may update this policy. Material changes will be communicated via the website and (for active clients) by email. The "Last updated" date at the top reflects the most recent version.

13. Contact and complaints

For any privacy enquiry: hello@leadtrace.uk. You can also complain to the UK ICO at ico.org.uk.

Note on this document: this policy is a template. Before going live with paying clients we will engage a UK data-protection solicitor to review and bind it to actual sub-processor contracts.