Privacy Policy

We understand that your privacy is important to you and that you care about how your personal data is used and shared. We respect and value the privacy of everyone who uses our services and will only process information in ways that are consistent with your rights, and our obligations under the law. 

Our privacy notice exists to provide you with key information about:  

  • The data we process and why
  • What happens to your data
  • Sharing and transfers of data
  • How your data is kept secure
  • Your data protection rights
  • How to contact us
  • How to make a complaint

If you do not understand or accept the privacy notice, you must stop using our services immediately. Please contact us if you need assistance. 

About us

Smarter Data Protection Ltd (SDP) is a limited company registered in England and Wales under company number 11024613. Our Data Protection Lead is responsible for handling compliance with data protection law, and for effectively handling all queries from data subjects about their personal data. 

OnTrack GDPR c/o Smarter Data Protection Ltd 
Unit 15, Riverside Industrial Estate 
South Street 
Essex, SS4 1BS 
Tel: 01702 866826 

The data we process and why

To comply with the GDPR, we are required to have a lawful basis for processing all personal data. The table below lists the different reasons why we collect and process your personal data, and our lawful basis for doing so.

We do not collect any data about you from third parties.

Processing purpose

Personal data processed

Lawful basis

Managing enquiries and providing OnTrack GDPR demonstrations.


Contact details

Article 6 (b) Contract

To deliver our paid products and services including

-          Setting up and providing access to an OnTrack GDPR account

-          Setting up and delivering a custom GDPR training portal for your team

-          providing customer support via email and telephone (Helpdesk)

-          processing billing information, invoices and payments


Contact details

Team/users names and email addresses

Billing and payment info

Article 6 (b) Contract

To enhance our products and services by soliciting your feedback and/or asking you to take part in market research


Contact details

Article 6 (f) Legitimate interests

Publishing your feedback or testimonial


Article 6 (b) Consent

To manage your data protection rights


Contact details


Article 6 (c) Legal obligation

What happens to your data

Managing enquiries

When you contact us to find out more about our products and services, we will add your personal data to our customer relationship management system (CRM). We will only use it to respond to your enquiry or request in a timely fashion.

If you do not take up any of our products and services, we will delete your details from our CRM 6 months after we deem the enquiry closed. If you would like your data deleted before then, please just let us know.

To deliver products and services

When you become a customer, we will keep your account, communications, and support information in our CRM. It helps us to make sure we provide a high level of customer service to you. We will also keep key account information in our secure cloud-based filing.

If we open an OnTrack Account on your behalf you should also look at the Software Terms, and Privacy Notice here

If and when you choose to leave us, we will retain the information for at least 6 years for taxation and legal purposes.

Soliciting feedback and research

We solicit feedback from our customers so that we may continually improve our services. We view this as a legitimate business interest. If you do not wish to be contacted for such purposes you can opt-out or unsubscribe at any time by clicking the relevant link in the email, or by contacting us directly.

We will retain this information for as long as you remain a customer, or until you opt-out.


If we want to publish your testimonial or feedback, we will ask for your consent to do so in writing. You can revoke your consent at any time by contacting us. We will seek to remove the published information as soon as is reasonably possible.

We will retain this information for as long as you remain a customer or until you revoke consent and ask for it to be deleted.

Managing your data protection rights

We have a duty to uphold your data protection rights. To do this, we may need to process and store some limited information about you.

For example, if you submit a subject access request, we will need to keep a log of your request, and the steps we have taken to respond to you. We will retain records of this nature for a period of at least 6 years and maybe longer if we need to retain the data for legal purposes.


We only use cookies and other tracking technologies where it is necessary to the efficient operation and security of our App or where they do not involve the processing of your personal data.

Sharing and transfers of data

We will never share or sell your data to any other company for commercial gain. We only ever “share” or transfer your data as part of our core processing activities. So, for example, by using a card payment processing provider to take payment for goods or services. These third parties are “data processors”.

Our current list of data processors includes:

  • Shopify
  • Office 365
  • Azure
  • Stripe
  • Sendgrid
  • Cloudflare
  • Hubspot
  • Your Office & PA
  • Teachable

We require all data processors to respect the security of your personal data and to treat it in accordance with the law. Data processors are not allowed to use your personal data for their own purposes; we only permit them to process your personal data for specified purposes and in accordance with our instructions.

We also ensure that any international transfers of data are done with the required safeguards in place. When processing takes place in the US, we ensure the Processor participates in, and has certified their compliance, with the EU-US Privacy Shield Framework.

How your data is kept secure

  • Putting appropriate security measures in place, to prevent your personal data from being accidentally lost, used, altered, disclosed or accessed in an unauthorised way.
  • Limiting access to your personal data on a ‘need to know’ only basis.
  • Ensuring our staff are trusted and trained in data protection compliance and confidentiality.
  • Following due process to deal with any suspected personal data breach.
  • Only transferring your data outside of the European Economic Area (EEA) with the required safeguards and guarantees in place
  • Only retaining your personal data for as long as necessary to fulfil the purpose we collected it for.

Your data protection rights

We fully support your rights and will always seek to uphold them. If you ever feel this is not the case, please contact us. At any point you can exercise your:

  • Right of access – contact us for a copy of the data we hold about you.
  • Right of rectification – let us know if the data we hold is out of date or inaccurate and we’ll update it.
  • Right to be forgotten – if you no longer want to use our services, please contact us and we’ll delete the data we’re able to. We may need to retain certain information for legal and taxation purposes.
  • Right to restrict processing – we only ever collect data we need and actively ensure we’re never collecting anything over and above need.
  • Right of portability – we will support reasonable requests to transfer your data to another organisation should you require it.
  • Right to object to automated decision making and profiling

If you are unhappy with the way we’re processing your data, please contact us. If we ever refuse to uphold your rights, we will provide you with a reason why. You will then have the right to complain to your data protection authority as detailed below.

How to contact us

To exercise all relevant rights, queries or complaints in relation to this Privacy Notice please contact our Data Protection Lead:

Smarter Data Protection Ltd

Unit 15, Riverside Industrial Estate

South Street


Essex, SS4 1BS

Tel: 01702 866826 


How to make a complaint

If this does not resolve your issue to your satisfaction, you have the right to lodge a complaint with the UK’s Supervisory Authority, the Information Commissioner’s Office.

Information Commissioner’s Office

Wycliffe House

Water Lane


Cheshire SK9 5AF

Tel: 0303 123 1113