Legal
Latch & Loop Ltd (Company Number: 17190766) is a private limited company registered in England and Wales. We provide AI-driven lead generation, database reactivation, and marketing automation services to UK businesses.
Latch & Loop Ltd is the data controller for the personal data described in this policy. We are registered with the Information Commissioner's Office (ICO). Our ICO registration number is [INSERT ONCE REGISTERED].
For any questions about how we handle your data, contact us at [email protected].
We collect and process the following categories of personal data.
When you submit an enquiry or book a demonstration through our website, we collect:
When we deliver AI automation services to you as a client, we process personal data contained in the databases and contact lists you provide to us. This typically includes the names, phone numbers, and email addresses of your contacts and leads. We process this data strictly on your instructions, acting as a data processor on your behalf. You remain the data controller for this data.
The terms governing this processing relationship are set out in our Data Processing Agreement, which clients sign before we begin service delivery.
We do not use your contacts' data for any purpose other than delivering the agreed service. We do not sell, share, or transfer this data to any third party for their own purposes.
Our website is hosted and managed through GoHighLevel (GHL), a third-party platform. GHL collects basic analytics data about how visitors use our website, including pages visited, time on site, and referring source. This data is collected through cookies and tracking technologies operated by GHL.
We do not operate a separate analytics platform. Because GHL's analytics cookies are not strictly necessary for the website to function, we will ask for your consent before they are placed. See Section 6 (Cookies) for detail.
We process personal data only where we have a valid lawful basis under UK GDPR Article 6. The basis varies by purpose.
We use the personal data we collect for the following purposes.
We will not use your data for any purpose incompatible with the purpose for which it was originally collected without informing you first.
We do not sell your personal data. We do not share personal data with third parties for their own marketing purposes.
We use the following third-party platforms to operate our business. Each acts as a data processor on our behalf and is contractually required to handle data only on our instructions and in accordance with UK GDPR.
| Processor | Purpose | Location |
|---|---|---|
| GoHighLevel (GHL) | Website hosting, CRM, marketing automation, analytics | United States — transfers covered by the UK Extension to the EU-U.S. Data Privacy Framework (DPF). Privacy policy |
| Monzo Business | Business banking and payment processing | United Kingdom — FCA authorised |
We may also disclose personal data where required by law, court order, or regulatory authority.
Cookies are small text files placed on your device when you visit a website. Our website uses the following categories.
When you first visit our website, you will see a cookie consent banner. You can accept or decline non-essential cookies at that point. You can withdraw consent at any time by clearing your browser cookies and revisiting the site.
We use GoHighLevel (GHL), a US-based platform, to host our website, manage client data, and deliver our automation services. Where this involves transferring personal data outside the UK, we ensure an appropriate transfer mechanism is in place in accordance with UK GDPR. For transfers to the US via GoHighLevel, we rely on the UK Extension to the EU-U.S. Data Privacy Framework (DPF), under which GoHighLevel has certified compliance with the DPF Principles.
We do not transfer personal data to any other country outside the UK.
We retain personal data only for as long as necessary for the purpose for which it was collected.
Under UK GDPR, you have the following rights in relation to your personal data.
Access
Request a copy of the personal data we hold about you.
Rectification
Ask us to correct inaccurate or incomplete data.
Erasure
Ask us to delete your data where there is no longer a lawful basis for holding it.
Restriction
Ask us to pause processing of your data in certain circumstances.
Portability
Request your data in a structured, machine-readable format.
Object
Object to processing based on legitimate interests. We will cease unless we can show compelling grounds.
Withdraw consent
Withdraw at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at [email protected]. We will respond within one calendar month and may ask you to verify your identity first.
If you are not satisfied with our response, you have the right to lodge a complaint with the ICO at ico.org.uk or by calling 0303 123 1113.
We comply with the Privacy and Electronic Communications Regulations 2003 (PECR). We will only send you marketing emails or SMS messages if you have given us prior, specific, and informed consent to do so.
You can withdraw consent at any time by replying STOP to any SMS, clicking the unsubscribe link in any email, or contacting us at [INSERT CONTACT EMAIL].
We do not share, sell, or transfer your contact details to any third party for their own marketing purposes.
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or disclosure. These include access controls, encrypted communications, and secure cloud-based storage through our third-party platforms.
In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware, and will notify affected individuals without undue delay where required.
Our services are directed exclusively at businesses and their representatives. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected such data, contact us at [email protected], and we will delete it promptly.
We may update this policy from time to time to reflect changes in our practices or in applicable law. When we do, we will update the date at the top of this page. Material changes will be communicated to active clients directly.