Approvl - Privacy Policy

Introduction

We at Approvl Ltd (“we”, “our” or “us”) are committed to safeguarding the privacy of our clients, website visitors, and users of our platform. This Privacy Policy describes how we process your personal data when you use our services, visit our website, or interact with us. We process all personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

What Personal Data We Collect

We collect and process personal information that you voluntarily provide to us, that we collect automatically through your use of our services, and that we receive from third parties where appropriate. The types of data we collect include:

Business Account Information: When you register for an account, we collect your business name, contact details (such as email and telephone), billing details, and login credentials. This information is necessary to manage your account and provide our services to you.
Customer Feedback Data: Through our platform, we process feedback submitted by your customers, which may include ratings, free-text comments, and any optional contact information they choose to provide. We recommend that you make your customers aware of how you intend to use their feedback.
Technical Data: We automatically collect information such as your IP address, browser type and version, device information, operating system, and platform. We use this data to maintain the security of our systems and improve your user experience.
Cookies and Tracking Technologies: We use cookies and similar tracking technologies to enhance website functionality, analyse traffic patterns, remember user preferences, and improve our marketing efforts. You can manage your cookie preferences through your browser settings. For more details, see our separate Cookies Policy.

Why We Collect Your Data

We collect and process personal data to:

Provide and maintain our platform, enabling you to collect and analyse customer feedback effectively.

Communicate with you about your account, service updates, support enquiries, and important notices.

Ensure the security, integrity, and performance of our website and platform, and to detect and prevent fraud or unauthorised use.

Improve and develop new features and services based on usage trends and feedback.

Comply with our legal and regulatory obligations, including record-keeping and responding to lawful requests.

We always ensure that we have a valid lawful basis for processing your personal data, which may include your consent, the performance of a contract with you, compliance with legal obligations, or our legitimate interests as a business.

How Long We Keep Your Data

We retain personal data only for as long as necessary to fulfil the purposes we collected it for, including to satisfy any legal, accounting, or reporting requirements. Typically, customer feedback is kept in our platform for as long as your account remains active, after which it is securely deleted or anonymised within a reasonable timeframe.

We regularly review our retention periods to ensure we are not keeping data longer than necessary.

How We Share Your Data

We do not sell, rent, or trade your personal information to third parties. We may share your data with trusted service providers who help us deliver our services, such as cloud hosting, analytics, payment processing, and customer support. These third parties are bound by confidentiality and data processing agreements to ensure your information remains secure.

We may also disclose personal information if required to do so by law or in response to valid legal requests by public authorities (e.g. law enforcement or regulatory bodies).

International Data Transfers

Where we transfer personal data outside the UK or European Economic Area (EEA), we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the Information Commissioner’s Office (ICO) or the European Commission. We take all necessary steps to ensure that your data remains protected and that your rights continue to be upheld.

Your Data Protection Rights

You have a number of rights under data protection law, including:

The right to request access to the personal data we hold about you.

The right to request correction of inaccurate or incomplete data.

The right to request erasure of your data where there is no longer a lawful basis for us to hold it.

The right to object to or restrict certain types of processing.

The right to data portability, where applicable.

The right to lodge a complaint with the ICO if you believe your data has been mishandled.

To exercise any of these rights, please contact us using the details below.

How We Protect Your Data

We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction. These measures include secure servers, encryption, access controls, staff training, and regular system monitoring. However, no method of transmission over the internet is entirely secure, so we cannot guarantee absolute security.