Try it Out Yourself
Book A Demo

Data Protection Policy

This Data Protection Policy sets out how Zymplify Limited T/A Lead Onion (“the Company”) protects the personal data of employees, customers, suppliers, and other individuals in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy applies to all employees, contractors, and third parties who have access to personal data held by the Company.

1. Data Protection Principles

We are committed to processing data in accordance with our responsibilities under the UK GDPR. Article 5 of the UK GDPR requires personal data to be:

  1. Processed lawfully, fairly and in a transparent manner
  2. Collected for specified, explicit and legitimate purposes
  3. Adequate, relevant and limited to what is necessary
  4. Accurate and kept up to date
  5. Kept only as long as necessary
  6. Processed in a manner that ensures appropriate security
 

2. Legal Basis for Processing

The Company processes personal data based on one or more of the following legal grounds:

  • Consent
  • Contractual necessity
  • Legal obligation
  • Vital interests
  • Public task
  • Legitimate interests
 

3. Data Subject Rights

Individuals have the following rights under data protection law:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure (right to be forgotten)
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling

 

Requests to exercise these rights should be made in writing to the Data Protection Officer (DPO) by email at privacy@leadonion.ai or by post to to FAO: DPO, 27/28 The Promenade, Portstewart, BT557AE.

 

4. Data Security

We implement appropriate technical and organisational measures to ensure data security, including:

  • Access controls
  • Encryption and pseudonymisation
  • Staff training
  • Regular data audits
  • Secure data disposal method
 

5. Data Retention

Personal data is retained only for as long as necessary for the purpose for which it was collected. The Company maintains a data retention schedule in line with legal and business requirements.

 

6. Data Sharing

Personal data will not be shared with third parties unless:

  • There is a legal obligation
  • It is necessary for the performance of a contract
  • The individual has given explicit consent
  • The sharing is in the individual’s vital interests

 

Third parties who process data on our behalf must sign data processing agreements.

 

 

7. Data Breaches

All personal data breaches must be reported immediately to the Data Protection Officer. Serious breaches will be reported to the ICO within 72 hours where required.

 

8. Responsibilities

  • Management is responsible for ensuring compliance with this policy.
  • All staff must understand and adhere to this policy and undertake training as required.
  • The Data Protection Officer is responsible for overseeing data protection strategy and implementation.
 

9. Review

This policy will be reviewed annually or in response to significant regulatory or organisational changes.

Solutions

Roles

Linkedin Facebook Twitter

© 2025 Lead Onion - A Zymplify Group Company