Privacy Policy

Last updated: January 21, 2025

This Privacy Policy explains how Gerart Limited collects, uses, stores, and protects your personal data when you use our LeadFlow CRM service. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller

The data controller responsible for your personal data is:

Gerart Limited

Company Registration: 16857407

Unit 13, Freeland Park, Wareham Road
Lytchett Matravers, Poole, BH16 6FA
England, United Kingdom

Email: support@gerart.digital

2. Personal Data We Collect

We collect and process the following categories of personal data:

2.1 Account Information

Name (first and last name)

Email address

Password (securely hashed)

Account preferences and settings

2.2 Lead Data

Lead contact information you enter (names, emails, phone numbers, companies)

Notes and tags you add to leads

Lead status and qualification scores

Custom fields you create

2.3 Usage Data

Features used within the application

Browser type, device information, and IP address

Error logs and performance data

2.4 Communication Data

Support requests and correspondence

Feedback you provide

3. Purpose of Processing

We process your personal data for the following purposes:

To provide and maintain the LeadFlow CRM service

To create and manage your account

To store and display your lead data

To respond to your support requests

To send important service updates and notifications

To improve our service based on usage patterns

To ensure security and prevent fraud

To comply with legal obligations

4. Legal Basis for Processing

Under GDPR, we process your data based on the following legal grounds:

Contract Performance (Art. 6(1)(b))

Processing necessary to provide you with the LeadFlow CRM service you signed up for.

Consent (Art. 6(1)(a))

When you have explicitly consented, such as agreeing to our Privacy Policy during registration.

Legal Obligation (Art. 6(1)(c))

Processing necessary to comply with applicable laws, such as tax and accounting regulations.

Legitimate Interest (Art. 6(1)(f))

Processing for security purposes, fraud prevention, and service improvement, balanced against your rights.

5. Data Storage and Security

5.1 Security Measures

We implement appropriate technical and organizational measures to protect your personal data, including:

Encryption of data in transit (TLS/SSL) and at rest

Secure password hashing

Access controls and authentication

Regular security assessments

Secure cloud infrastructure

5.2 Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

Account data: Retained while your account is active, plus 30 days after deletion request

Lead data: Retained while your account is active; deleted after account termination

Usage logs: Retained for up to 12 months for security and analytics

Legal records: Retained as required by applicable law (typically 7 years for financial records)

6. Data Sharing and Third Parties

We do NOT sell your personal data.

We may share your data only with the following categories of service providers, under strict data processing agreements:

Cloud Infrastructure: Secure hosting and database services

Authentication Services: Secure user authentication

Analytics: Anonymized usage analytics (no personal identifiers)

We may also disclose your data when required by law, court order, or to protect our legal rights.

7. Your Rights Under GDPR

Under GDPR, you have the following rights regarding your personal data:

Right of Access (Art. 15)

Request a copy of your personal data we hold.

Right to Rectification (Art. 16)

Request correction of inaccurate personal data.

Right to Erasure (Art. 17)

Request deletion of your personal data ("right to be forgotten").

Right to Portability (Art. 20)

Receive your data in a structured, machine-readable format.

Right to Restriction (Art. 18)

Request restriction of processing in certain circumstances.

Right to Object (Art. 21)

Object to processing based on legitimate interests.

Right to Withdraw Consent (Art. 7)

Withdraw consent at any time when processing is based on consent.

To exercise any of these rights, contact us at support@gerart.digital. We will respond within 30 days as required by GDPR.

You also have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO): ico.org.uk

8. Cookies

LeadFlow CRM uses only essential cookies necessary for the service to function:

Session cookies: To maintain your login state

Preference cookies: To remember your language preference

Security cookies: To protect against cross-site request forgery

We do not use marketing, advertising, or third-party tracking cookies.

9. International Data Transfers

Your data may be processed in countries outside the UK/EEA. When this occurs, we ensure appropriate safeguards, including:

Standard Contractual Clauses (SCCs) approved by the European Commission

UK International Data Transfer Agreement (IDTA)

Adequacy decisions where applicable

10. Children's Privacy

LeadFlow CRM is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or through the service. The "Last Updated" date at the top of this policy indicates when it was last revised.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: