Privacy Policy

OMNISURGE DIGITAL

Effective Date

April 2026

Business

OmniSurge Digital

Data Controller

OmniSurge Digital

Contact

[email protected]

Governed by

UK GDPR and Data Protection Act 2018

This privacy policy explains how OmniSurge Digital collects, uses, stores, and protects your personal data. We are committed to handling your data responsibly and transparently in accordance with UK data protection law.

1. Introduction

OmniSurge Digital is committed to protecting your personal data and respecting your privacy. This policy explains what data we collect, why we collect it, how we use it, and your rights under UK data protection law including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

OmniSurge Digital is the data controller for all personal data collected through our website, services, and communications.

2. What Data We Collect

We may collect the following personal data from you:

• Contact information including your name, email address, phone number, and business address.

• Business information including your business name, type, services, service area, and target customers.

• Payment information processed securely through Stripe. We do not store your card details directly — these are handled entirely by Stripe in accordance with their own privacy policy and PCI DSS compliance standards.

• Communications including emails, WhatsApp messages, and any other correspondence you send us.

• Website usage data including pages visited, time spent on pages, and device information collected through cookies and analytics tools.

• Google Business Profile access credentials where you have granted us manager access to your profile.

• Social media account access where you have granted us admin or editor access to manage your accounts.

3. How We Use Your Data

We use your personal data for the following purposes:

• To deliver the services you have purchased from us including lead generation, content creation, Google Business optimisation, and related services.

• To communicate with you about your services, send performance reports, and respond to your enquiries.

• To process payments and manage your billing through Stripe.

• To send you service-related emails including payment confirmations, onboarding information, and monthly reports.

• To improve our services and understand how clients use our offerings.

• To comply with our legal obligations under UK law.

• We will only use your data for the purposes listed above. We will never sell your data to third parties.

4. Legal Basis for Processing

We process your personal data on the following legal bases under UK GDPR:

• Contract: processing is necessary to deliver the services you have purchased from us.

• Legitimate interests: processing is necessary for our legitimate business interests including improving our services and communicating with prospective clients, provided these interests are not overridden by your rights.

• Legal obligation: processing is necessary to comply with our legal and regulatory obligations.

• Consent: where we rely on consent such as for marketing emails, you have the right to withdraw that consent at any time.

5. Data Sharing

We share your personal data only with the following third parties where necessary to deliver our services:

• Stripe: for payment processing. Stripe's privacy policy is available at stripe.com/gb/privacy.

• GoHighLevel: our CRM and marketing platform used to manage client relationships, automate communications, and schedule content. GoHighLevel's privacy policy is available at gohighlevel.com.

• Google: where we access and manage your Google Business Profile on your behalf. Google's privacy policy is available at policies.google.com/privacy.

• Meta: where we access and manage your Facebook or Instagram accounts on your behalf. Meta's privacy policy is available at facebook.com/privacy/policy.

• Loom: where we record and share screen capture videos with you as part of your service delivery. Loom's privacy policy is available at loom.com/privacy-policy.

• Notion: where we maintain your client workspace and service documentation. Notion's privacy policy is available at notion.so/privacy.

• All third parties are required to handle your data securely and in accordance with UK data protection law.

6. Data Retention

We retain your personal data for as long as necessary to deliver your services and for a period of 6 years after the end of our working relationship in order to comply with UK tax and legal requirements.

Payment records are retained for 6 years in accordance with HMRC requirements.

After the retention period your data will be securely deleted or anonymised.

7. Your Rights

Under UK GDPR you have the following rights regarding your personal data:

• The right to access: you can request a copy of the personal data we hold about you at any time.

• The right to rectification: you can ask us to correct any inaccurate or incomplete data we hold about you.

• The right to erasure: you can ask us to delete your personal data in certain circumstances.

• The right to restrict processing: you can ask us to limit how we use your data in certain circumstances.

• The right to data portability: you can ask us to provide your data in a portable format.

• The right to object: you can object to our processing of your data where we rely on legitimate interests as our legal basis.

• The right to withdraw consent: where we rely on consent you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

• To exercise any of these rights please contact us at [email protected]. We will respond within 30 days.

8. Cookies

Our website may use cookies to improve your browsing experience and collect anonymous usage data. You can control cookie settings through your browser settings at any time.

• Essential cookies: necessary for the website to function correctly.

• Analytics cookies: used to understand how visitors use our website so we can improve it.

• You can opt out of analytics cookies at any time by adjusting your browser settings or using a cookie management tool.

9. Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. These measures include secure password management, encrypted communication channels, and restricted access to client data.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms we will notify you and the Information Commissioner's Office (ICO) without undue delay and within 72 hours of becoming aware of the breach.

10. International Data Transfers

Some of our third party service providers may process your data outside the United Kingdom. Where this occurs we ensure appropriate safeguards are in place in accordance with UK GDPR requirements including standard contractual clauses or adequacy decisions.

11. Children's Data

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected data from a minor please contact us immediately and we will delete it.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the updated policy on our website and where appropriate by email. The effective date at the top of this policy will be updated accordingly.

13. Complaints

If you have concerns about how we handle your personal data you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

We would however appreciate the opportunity to address your concerns directly before you contact the ICO. Please email us at [email protected] in the first instance.

14. Contact

• OmniSurge Digital

• [email protected]

• omnisurge.co.uk

OmniSurge Digital — omnisurgedigital.co.uk

Book Discovery Call

Contact Us

[email protected]