GDPR Compliance
Happy Leads Ltd is committed to ensuring that all personal data is handled in a lawful, fair, and transparent manner. We recognise the importance of protecting individual privacy and maintaining trust when processing personal information as part of our marketing and lead generation services.
We operate in full compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR). These frameworks govern how personal data must be collected, processed, stored, and shared, and we have implemented internal policies and procedures to ensure that our operations meet these standards at all times.
Happy Leads Ltd primarily acts as a Data Controller, meaning we determine how and why personal data is processed. In certain campaigns or partnerships, we may act as a Joint Controller alongside other organisations where data is collected through shared platforms or co-branded marketing activity.
As part of our services, we collect or receive personal data in order to assess consumer interest in various products and services and, where appropriate, connect individuals with relevant third-party providers. We ensure that all processing activities are conducted in accordance with applicable legal requirements and industry standards.
We process personal data only where a valid lawful basis exists under UK GDPR. This may include situations where individuals have provided clear and informed consent, particularly in relation to marketing communications and the sharing of data with partner organisations.
In certain circumstances, we may rely on legitimate interests as a lawful basis for processing. This applies where processing is necessary for our business operations, such as lead generation and marketing, and where such processing does not override the rights and freedoms of the individual. We conduct internal assessments to ensure that our use of legitimate interest is appropriate, proportionate, and transparent.
We also process personal data where necessary to comply with legal or regulatory obligations, including obligations relating to fraud prevention, financial regulation, and consumer protection.
We collect personal data directly from individuals through online forms, surveys, landing pages, and communication channels such as telephone and email. In addition, we may receive personal data from trusted third-party partners, including affiliate networks, co-registration platforms, and data providers.
Where data is obtained from third parties, we require assurances that the data has been collected lawfully, that individuals have been provided with appropriate information at the point of collection, and that there is a valid lawful basis for sharing the data with us. We maintain records of data sources and ensure that appropriate due diligence is carried out on our partners.
We are committed to transparency in how personal data is used. Individuals are provided with clear information about how their data will be processed, the purposes for which it will be used, and the types of organisations with whom it may be shared.
Where personal data is obtained indirectly, we take steps to inform individuals within a reasonable timeframe about the source of their data and how it will be used. This ensures compliance with GDPR transparency obligations and supports informed decision-making by individuals.
As part of our lead generation services, we may share personal data with carefully selected third-party organisations that operate within relevant industry sectors. These may include financial services, claims management, debt solutions, utilities, automotive services, and other consumer-focused industries.
In particular, where individuals express interest in claims-related services, such as mis-sold vehicle finance claims, their data may be shared with authorised and regulated firms, including partners such as MR Consumer Services Limited, trading as Mis-sold Expert, which is authorised and regulated by the Financial Conduct Authority (FRN: 838452). These organisations may contact individuals directly to assess eligibility and progress potential claims.
All partner organisations are required to process personal data in accordance with applicable data protection laws and are subject to contractual obligations to ensure confidentiality, security, and lawful use of data.
We implement appropriate technical and organisational measures to protect personal data from unauthorised access, loss, misuse, or disclosure. These measures include secure systems, controlled access to data, encryption where appropriate, and regular monitoring of our infrastructure.
Access to personal data is restricted to authorised personnel who require it for legitimate business purposes, and all staff are trained in data protection principles and confidentiality obligations. We continuously review and update our security practices to ensure ongoing compliance and protection.
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal and regulatory requirements. Retention periods are determined based on the nature of the data, the purpose of processing, and applicable legal obligations.
Where data is no longer required, it is securely deleted or anonymised to prevent further use.
Under UK GDPR, individuals have a number of rights in relation to their personal data. These include the right to access the data we hold about them, the right to request correction of inaccurate data, and the right to request deletion of their data where appropriate.
Individuals also have the right to object to the processing of their data, particularly in relation to direct marketing, and the right to restrict processing in certain circumstances. Where applicable, individuals may request that their data be transferred to another organisation in a structured format.
We have processes in place to respond to such requests in a timely manner and in accordance with legal requirements.
We ensure that all marketing communications are conducted in compliance with PECR and GDPR requirements. Where required, consent is obtained before sending electronic marketing communications, and individuals are provided with clear options to opt out or manage their preferences.
We respect all opt-out requests and maintain suppression lists to ensure that individuals who have withdrawn consent or objected to marketing are not contacted further.
Where personal data is transferred outside the United Kingdom, we ensure that appropriate safeguards are in place to protect the data. This may include the use of standard contractual clauses or other approved mechanisms to ensure that the data receives an equivalent level of protection.
If you have concerns about how your personal data is handled, you have the right to raise a complaint with the relevant supervisory authority. In the United Kingdom, this is the Information Commissioner's Office.
We encourage individuals to contact us directly in the first instance so that we can address any concerns promptly and effectively.
We regularly review our data protection practices to ensure ongoing compliance with legal requirements and industry standards. This includes reviewing our data processing activities, updating our policies, and conducting internal audits where necessary.
We are committed to maintaining high standards of data protection and continuously improving our processes to ensure that personal data is handled responsibly and securely.
If you have any questions about this GDPR Compliance Statement or how your personal data is handled, please contact us:
Happy Leads Ltd
Email: happyleadsuk@gmail.com
Telephone: 0113 460 1957