Effective Date: 24th May, 2025

This Privacy Policy explains how we collect, use, and share personal data when you visit and interact with our website. We are committed to protecting your privacy and ensuring your personal data is handled in a safe and responsible manner. We comply fully with the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018.

Company Number: 0000004067361

Contact Email: [email protected]

1. ANALYTICS AND DATA COLLECTION OF WEBSITE VISITORS

We collect personal data to help us understand how visitors use our website. This data includes:

- Information about your browser, network, and device.

- Pages you visit and internal links you click.

- Scrolling behaviour and search terms.

- Timestamps of your visits.

We use this data to monitor website performance, improve our services, and enhance your browsing experience.

This data is processed through GoHighLevel’s integrated analytics tools and any connected third-party platforms we use for traffic analysis.

2. COOKIES

Our website uses cookies and similar tracking technologies — small text files placed on your device — to enhance your experience and monitor website activity.

These tools help us to:

- Maintain core website functionality.

- Remember your preferences and settings.

- Analyse how visitors interact with our content.

- Measure the effectiveness of our marketing efforts.

- Continuously improve the user experience.

We use both session cookies (which expire when you close your browser) and persistent cookies (which remain stored until manually deleted or they expire).

You can manage your cookie preferences at any time through your browser settings or via our cookie consent tool available on our website.

We use the following categories of cookies:

Essential cookies: required for the basic operation of our site.

Analytics cookies: collect anonymous data to to help us improve website performance, measure traffic and understand user behaviour.

Marketing cookies: to tailor advertising across platforms (only if consented).

When you first visit our website, you will see a cookie banner allowing you to accept or manage these settings.

For more information about the cookies GoHighLevel may use, please visit GoHighLevel’s platform documentation or contact us directly.

3. DATA COLLECTED BY GOHIGHLEVEL

When you visit our website, GoHighLevel may automatically collect certain data on our behalf, including:

- Device type and browser information.

- IP address and general geographic location.

- Pages visited within the site and time spent.

- Form submissions and lead interactions.

This information helps us improve site functionality and allows our automated systems (like chatbots or lead capture forms) to function correctly.

GoHighLevel processes this data securely and in compliance with data protection standards.

4. HOW WE USE DATA COLLECTED BY GOHIGHLEVEL

The information we collect is used for:

- Website performance monitoring.

- Understanding visitor trends and needs.

- Improving site design, usability, and content.

- Responding to enquiries and booking appointments.

- Marketing and retargeting (with consent).

We do not sell or rent your personal data. We only share it with trusted service providers who support our business operations, and only when necessary.

5. DATA WE COLLECT

In the course of providing our services, we collect and process the following types of personal data:

Data You Provide Directly (Our Clients):

Personal Details: Full name, email address, phone number, job title, and professional background.

Business Details: Company name, registered address, correspondence address, VAT number, and company registration number.

Payment Details: Bank account information and/or credit/debit card details (processed securely via third-party payment providers in compliance with PCI DSS standards).

Communications: Emails, live chat transcripts, contact forms, phone calls, audio/video recordings, video conferences, and meeting notes.

Marketing Preferences: Records of consent (opt-in/opt-out), communication preferences, and timestamps of consent.

Service Usage Information: Products or services purchased, usage behaviour, service feedback, and client support requests.

Social Media Engagement: Public interactions with NEK Media on platforms like Facebook, Instagram, LinkedIn, and others.

Data We Process on Behalf of Our Clients:

For specific services such as review campaigns and referral tools, we may also collect and store limited personal data related to our clients’ customers. This may include:

- Full name.

- Email address.

- Phone number

This data is collected solely for the purpose of delivering our services (e.g. review invitations, referral messages) and is processed in accordance with our data processing agreement with the client. We do not use, sell, or share this data for any other purpose.

All such data is securely stored, handled with strict confidentiality, and deleted after the service is fulfilled or upon client request.

6. HOW WE USE YOUR DATA

We use the personal information we collect for the following purposes:

To deliver our services: Providing digital marketing, SEO, consultancy, and related solutions.

To manage billing and payments: Processing transactions, generating invoices, and maintaining accurate financial records.

To support communication: Responding to enquiries, service requests, and ongoing client support across all contact channels (email, phone, chat, forms).

To send marketing communications: Delivering relevant updates, promotions, or service announcements, where you have provided explicit consent.

To analyse and improve performance: Monitoring website activity, user behaviour, and campaign metrics to enhance user experience and service effectiveness.

To personalise your experience: Tailoring content, offers, and recommendations based on your preferences, location, and previous interactions.

To conduct research and gather feedback: Using surveys, testimonials, and insights to improve our services and client satisfaction.

To manage our business relationship: Fulfilling contracts, delivering services, and maintaining records of your interactions with our team.

To comply with legal obligations: Meeting requirements related to tax, accounting, anti-fraud, and applicable business regulations.

7. DATA PROTECTION AND SECURITY

We take the security of your personal data seriously and have partnered with GoHighLevel (GHL) — a leading CRM and automation platform — to ensure that all information is stored and processed securely.

GoHighLevel employs industry-standard security measures, including:

- Encryption of all sensitive data, both in transit and at rest (using TLS and AES-256).

- Role-based access controls and support for multi-factor authentication.

- Regular security assessments and vulnerability testing.

- Cloud infrastructure provided by trusted platforms such as Google Cloud Platform and Amazon Web Services.

- Automated backups and disaster recovery protocols to ensure data continuity.

- Defined incident response procedures to quickly manage and mitigate risks.

- Ongoing software and infrastructure updates to address emerging threats.

Data is stored securely on GHL's cloud servers, which are subject to stringent security controls. While primary data storage is based in the United States, GHL is certified under the EU-U.S. Data Privacy Framework, aligning its practices with UK and EU GDPR standards.

Access to personal data is strictly limited to authorised personnel and only granted on a need-to-know basis. We monitor access and follow best practices to ensure your data remains protected at all times.

8. SHARING YOUR INFORMATION

We do not sell, rent, or trade your personal data under any circumstances. However, we may share information with trusted third parties when necessary for the delivery of our services or to meet legal and regulatory requirements.

This includes, but is not limited to:

- Authorised service providers that support our operations, such as payment processors, IT support, CRM platforms, hosting providers, legal advisors, and cloud infrastructure partners.

- SEO specialists and subcontracted agents, where limited data may be shared strictly for the execution of your SEO strategy (e.g., website logins, business details).

- Professional advisors, including accountants, auditors, and insurers, for compliance and business continuity purposes.

- Business partners or integration partners, where needed to deliver bundled or connected services — always under appropriate data processing agreements.

- Regulatory bodies or legal authorities, when required to comply with applicable laws, court orders, or legal obligations.

- Successors or acquirers, in the event of a merger, acquisition, or sale of the business, with all necessary confidentiality protections in place.

All third parties receiving data from us are contractually obligated to keep it confidential and to process it only for the specified purpose, in line with applicable data protection laws (including UK GDPR).

9. YOUR RIGHTS (UK / GDPR)

Under the UK General Data Protection Regulation (UK GDPR), you are entitled to the following rights regarding your personal data:

Right of Access: You have the right to request a copy of the personal data we hold about you.

Right to Rectification: You can ask us to correct or complete any inaccurate or incomplete personal information.

Right to Erasure: You may request the deletion of your personal data in specific circumstances, such as when it is no longer necessary for the purpose it was collected.

Right to Restrict Processing: You can request that we limit the way we use your data in certain cases, such as while a correction request is being reviewed.

Right to Data Portability: You can request to receive your personal data in a structured, commonly used, and machine-readable format, or have it transferred to another provider.

Right to Object: You have the right to object to the processing of your data for certain purposes, including direct marketing.

Rights in Relation to Automated Decision-Making: You have the right not to be subject to decisions made solely by automated means, including profiling, where such decisions may significantly affect you.

We are committed to responding to all valid requests within one calendar month. If your request is complex or involves multiple data sets, we may extend this period in accordance with the law and will notify you accordingly.

10. DATA RETENTION

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to comply with legal, regulatory, and contractual obligations. Retention periods may vary depending on the type of data and the context in which it is processed. Specifically:

- Client data is retained for the duration of our business relationship and for a reasonable period thereafter.

- Financial records are retained for a minimum of seven (7) years to comply with tax, accounting, and audit requirements.

- Marketing data is retained until you withdraw your consent or unsubscribe from communications.

- Other legal or regulatory requirements may require extended retention in specific cases.

Once data is no longer required, we take appropriate steps to securely delete or anonymise it in accordance with industry best practices and applicable data protection laws.

11. CHILDREN'S PRIVACY

Our services are intended for use by individuals aged 18 and over. We do not knowingly collect or process personal data from anyone under the age of 18. If we become aware that personal information has been inadvertently collected from a child, we will take immediate steps to delete the data securely and in accordance with applicable laws.

If you believe a child has provided us with personal information, please contact us at

[email protected] so we can take appropriate action.

12. UPDATES TO THIS POLICY

We may update this Privacy Policy from time to time to reflect changes in technology, legislation, or our practices. We encourage you to review this page periodically. The “Effective Date” will show the most recent revision.

13. CONTACT US

If you have any questions about this Privacy Policy or how your information is handled, please get in touch at: [email protected]