Privacy Policy (GDPR)

This policy explains how Digital Leads handles personal data across website activity, recruitment, and outsourced communication services. It is written to support transparency for clients, prospects, applicants, and end users whose interactions may be managed through our operations.

1. Scope and Purpose

This Privacy Policy explains in clear and detailed language how Digital Leads collects, uses, stores, shares, secures, and deletes personal data when delivering call center and customer communication services. We designed this policy for transparency and accountability under the UK GDPR, EU GDPR, and related privacy rules that apply to outsourced customer engagement operations. The policy is intended for visitors to our website, potential clients, client representatives, end customers whose interactions are managed by our teams, job applicants, and authorized partners. It also describes how individuals can exercise rights over their personal data and how we respond to requests in a timely and lawful way.

We understand that data used in voice process, chat support, email handling, and lead generation can be sensitive. Because of this, privacy by design and privacy by default are integrated into our operating model. We document the purpose of each processing activity, apply access controls based on roles, and monitor compliance through internal reviews. This policy should be read together with our Terms and Conditions, Cookie Policy, and Data Retention Policy. In the event of a conflict between this policy and a signed client agreement, the applicable legal and contractual requirements will prevail.

2. Who We Are and How Roles Are Assigned

Digital Leads provides outbound and inbound communication programs, including sales support, customer service, technical support, lead qualification, telephonic surveys, chat management, and email queue operations. Depending on context, we may act as a data controller, joint controller, or data processor. When we decide why and how personal data is processed for our own business operations, such as recruitment, vendor onboarding, security monitoring, and website analytics, we act as controller. When we process data only on documented client instructions, such as customer calls and campaign records, we act as processor.

We maintain records of processing activities, assign internal responsibility for privacy governance, and implement contractual controls with clients and vendors. Where required, we support data protection impact assessments, transfer risk reviews, and processor due diligence documentation. If you need clarification on whether we are controller or processor for a specific activity, you may contact us using the details listed in the Contact section of this policy.

3. Categories of Personal Data We Process

We process data that is necessary for service delivery, quality management, legal compliance, and business continuity. Categories may include identity data such as first and last name, title, and customer reference; contact data such as phone numbers, email addresses, and address details; interaction data such as call recordings, call notes, chat transcripts, and email thread history; technical data such as IP address, browser information, and session metadata; campaign and qualification data shared by our clients; billing and commercial data linked to contractual relationships; and recruitment data for career applicants.

In selected campaigns, additional data categories may be processed, including policy details, claim identifiers, financial profile indicators, or health-related context where legally permitted and contractually controlled. In those cases, we apply heightened safeguards, strictly limit access, and process only the minimum data required for the purpose. We do not intentionally collect personal data from children through our website, and if such data is identified, we take corrective action without delay.

4. Sources of Data

Personal data may come directly from individuals, from our clients, from authorized lead providers, from service interactions, from website forms, and from technical systems that support communications infrastructure. For example, a person may submit an inquiry form on our website, contact us by phone, or participate in a customer support interaction managed on behalf of a client. In campaign scenarios, data may also be provided by the client under a lawful basis that is controlled by the client organization.

We assess incoming data sources for quality, legal basis compatibility, and proportionality. Where data source quality appears insufficient, we request clarification before expanding processing activities. We encourage clients to provide clear notice language and lawful basis documentation so all parties can meet privacy obligations consistently.

5. Lawful Bases for Processing

We process personal data only when a valid lawful basis applies. Lawful bases may include performance of a contract, legitimate interests, legal obligations, and consent where required. Contract basis is used when data is required to provide requested services. Legitimate interests may apply to service quality improvement, operational security, and fraud prevention, provided that individual rights are balanced against business needs. Legal obligation basis applies to records retained for tax, employment, regulatory, or compliance needs.

Consent is used where optional activities require clear choice, such as optional marketing preferences or non-essential cookie categories. Where consent applies, individuals can withdraw consent at any time, and withdrawal will not affect the lawfulness of prior processing. We keep records of consent where applicable and ensure that consent language is specific, informed, and easy to understand.

6. How We Use Personal Data

We use personal data to deliver customer communication services effectively and responsibly. Typical uses include handling inbound support requests, placing outbound calls under approved scripts, qualifying leads, scheduling follow-ups, resolving technical issues, conducting telephonic surveys, and managing chat and email channels. We also use data for quality assurance, training calibration, dispute handling, system diagnostics, and service reporting for our clients.

Internally, data may be used to improve operational workflows, analyze service trends, monitor response times, track quality metrics, and refine communication standards. We avoid excessive data use and do not repurpose client-provided data for unrelated objectives. Any secondary use must be compatible with original purpose or supported by an additional lawful basis.

7. Automated Decision-Making and Profiling

We may use rules-based workflows and analytics to route interactions, prioritize queues, and detect quality or fraud signals. These processes help teams handle workload and maintain service consistency. However, we do not rely solely on automated decision-making to make legally significant decisions about individuals without human review where required by law. Human supervisors and quality teams remain involved in escalation and decision pathways.

If a specific campaign introduces advanced profiling logic, relevant notices and controls are implemented in accordance with applicable regulation and client contractual requirements. Individuals may contact us to request additional information about meaningful logic when legally required.

8. Sharing of Personal Data

We share personal data only when necessary for service delivery or legal compliance. Recipients may include our clients, authorized technology providers, secure telephony and CRM platforms, quality monitoring tools, legal advisors, and public authorities where required by law. All sharing arrangements are controlled by contracts, confidentiality duties, and data protection obligations.

We may share your personal data with Happy Leads, one of our data partners, where necessary for service delivery and in accordance with applicable data protection laws. For details on how Happy Leads processes personal data, please review their Privacy Policy at https://happyleads.co.uk/privacy.php.

We prohibit unauthorized selling of personal data and do not disclose personal data for unrelated third-party advertising. Where processors are engaged, we assess their security posture, define processing instructions, and monitor contractual commitments. Access is limited to the minimum required for assigned tasks.

9. International Transfers

Digital Leads supports multi-region service models, which may involve cross-border data flows. When personal data is transferred outside the UK or EEA, we apply recognized safeguards such as approved contractual clauses, transfer assessments, and risk-based supplementary measures where necessary. We evaluate destination risks and enforce internal controls that preserve confidentiality, integrity, and legal rights.

Transfer mechanisms are reviewed periodically to reflect legal developments. If a transfer route becomes invalid or materially risky, we implement remedial controls, alternative mechanisms, or transfer suspension until compliance is restored.

10. Security Measures

We implement layered security controls appropriate to risk. These include role-based access control, strong authentication practices, least-privilege account assignment, endpoint controls, encryption in transit, controlled storage access, and activity logging. Security events are monitored and investigated according to documented procedures.

Staff receive regular privacy and security training, and operational teams follow approved handling practices for sensitive records. We test and review controls periodically and update procedures when risk, law, or technology changes. No system is completely immune to threats, but we maintain active measures to reduce likelihood and impact of unauthorized access.

11. Retention and Deletion

We retain personal data only for as long as necessary to fulfill the purpose for which it was collected, to meet contractual obligations, and to comply with legal requirements. Retention windows vary by data category, campaign terms, and legal obligations. Once data is no longer required, it is securely deleted, anonymized, or archived with strict access control.

Detailed timelines are described in our Data Retention Policy. Where deletion is requested and legally permissible, we coordinate with relevant controllers and processors to complete the request and record the action taken.

12. Accuracy and Data Quality

We take reasonable steps to keep personal data accurate and up to date. Operational processes include validation checks, quality reviews, and correction workflows. If we become aware that data is inaccurate or incomplete, we update records promptly or request correction from the source controller.

Individuals may ask for correction of inaccurate data. We may need verification to prevent unauthorized changes, especially where records involve regulated interactions or campaign evidence.

13. Your Data Protection Rights

Subject to applicable law, individuals may have the right to request access to personal data, request correction, request deletion, request restriction of processing, object to processing, request portability, and withdraw consent where consent is the lawful basis. Rights may vary by jurisdiction and role of the processing party. Where we act as processor, we support our clients in fulfilling rights requests.

To protect privacy, we verify identity before fulfilling requests. We respond within legal timelines and explain any limitations where requests cannot be fully satisfied, such as where legal retention duties apply.

14. Marketing Communications

We may send business communications relevant to our services where permitted by law. Individuals can opt out of non-essential marketing communications at any time. Service-related messages and legally required notices may still be sent when necessary.

We maintain suppression preferences to respect opt-out requests and reduce unwanted contact. Preference changes are processed as quickly as practical.

15. Cookies and Tracking

Our website may use essential and analytics technologies to understand traffic patterns, maintain functionality, and improve experience. Non-essential cookies are managed according to user preferences and applicable consent rules. For detailed information about cookie categories and controls, please review our Cookie Policy.

16. Recruitment Privacy Notice

If you apply for a role with Digital Leads, we process applicant data such as CV details, interview notes, references, and eligibility information to manage hiring activities. Recruitment data is used for assessment, communication, compliance checks, and onboarding preparation where applicable. Access is limited to authorized hiring teams and relevant managers.

Recruitment records are retained for a defined period and then deleted or anonymized unless legal obligations require longer retention. Applicants may contact us to exercise rights over recruitment data where applicable.

17. Incident Response and Breach Management

We maintain documented incident response procedures to detect, investigate, contain, and remediate security incidents. If a personal data breach occurs, we assess risk and notify affected parties, clients, and regulators where legally required and within required timelines. Post-incident reviews are performed to reduce recurrence risk.

18. Vendor and Subprocessor Governance

We engage vendors and subprocessors carefully and only when they can meet required privacy and security standards. Due diligence may include assessment of technical controls, contractual safeguards, regulatory posture, and operational reliability. Subprocessors are bound by confidentiality, security, and lawful processing obligations.

We maintain oversight processes for key vendors and reassess risk based on service changes, legal updates, and incident intelligence.

19. Policy Updates

This Privacy Policy may be updated to reflect changes in legal obligations, technology, service scope, or operational practices. The effective date at the top of this page shows the latest revision cycle. Material changes will be communicated through appropriate channels where required.

20. Contact and Complaints

If you have questions, requests, or concerns about this Privacy Policy or your personal data, contact us at info@digital-leads.in. Please include enough detail for us to locate relevant records and verify your request. We aim to respond promptly and transparently.

If you are not satisfied with our response, you may contact the relevant supervisory authority in your jurisdiction. We encourage you to contact us first so we can investigate and resolve concerns quickly and constructively.

21. Plain Language Summary

In practical terms, our promise is simple: collect only what is needed, use data for clear and lawful reasons, protect it using strong controls, retain it only as long as needed, and honor rights requests with respect and speed. Privacy is part of service quality at Digital Leads, not an afterthought.