GDPR Explained

For Clients Using Local Growth

Short version:

LocalGrowth helps you collect customer feedback and manage reviews in a GDPR-compliant way, acting only on your instructions.

Who’s Who Under GDPR

You (the business) = Data Controller
- You decide why and when customers are contacted.

LocalGrowth = Data Processor
- We process customer data only to collect feedback and manage reviews on your behalf.

What Customer Data Is Used

Only basic customer information:

- Name

- Email address

- Phone number

- Feedback or review content

No sensitive or medical data.
No selling or reuse for marketing.

Why Customers Are Contacted

Customers are contacted after a recent service to:

- Ask for feedback

- Improve customer experience

- Invite satisfied customers to leave a public review (e.g. on Google Reviews)

How Feedback Is Handled

Positive feedback
→ Customer may be invited to leave a public review

Negative or private feedback
→ Sent directly to you so it can be addressed privately

We do not block or prevent reviews — we simply manage feedback responsibly.

Lawful Basis (Why This Is Allowed)

Feedback requests are sent under Legitimate Interest:

- The customer recently used your service

- Feedback is relevant and expected

- Customers can opt out at any time

This is standard and widely accepted under GDPR.

How Customers Are Contacted

- Email

- SMS

- WhatsApp (1-to-1 messages only)

Every message includes:

- Your business name

- Clear purpose

- Easy opt-out

Privacy & Transparency

Your Privacy Policy should mention:

- Customer feedback requests

- Review invitations

- Use of a third-party reputation management provider

(LocalGrowth provides ready-made wording for this.)

Data Security & Retention

- Data is stored securely

- Access is restricted

- Customer lists are not kept longer than necessary

- Public reviews may be reused for your website or social media (first name only)

Customer Rights

Customers can:

- Opt out of feedback messages

- Request access to their data

- Request deletion of their data

LocalGrowth will assist you in handling these requests promptly.

What You Need To Do (Checklist)

✅ Only upload customers you’ve recently served
✅ Ensure your Privacy Policy mentions feedback & reviews
✅ Don’t upload bought or cold contact lists
✅ Let LocalGrowth manage opt-outs for you

DPA (Data Processing Agreement)

A Data Processing Agreement (DPA) is a standard GDPR document that explains how customer data is handled safely when a third-party service is involved. Find out more information here.

Resources

Terms

Privacy

GDPR Explained

Clients' Privacy Policy Wording

Privacy | Terms | Login | Support

The Tara Building, Tara Street, Dublin 2, D02 RY83, Ireland

[email protected]