# Privacy Policy

Your Social Builder

Last Updated: April 2026

---

## 1. Introduction and Who We Are

Your Social Builder ("we", "us", "our") is a digital marketing and business growth company operating in Ireland. We provide a range of services to small and medium-sized businesses including website design and management, logo and brand identity design, Google Business Profile optimisation, local SEO, automated SMS follow-up systems, missed call text back, one-click SMS marketing campaigns, 5 Star Google Review systems, social media marketing, dedicated business phone numbers, AI-powered communication tools, and ongoing customer success support.

We are committed to protecting and respecting your privacy. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, how we protect it, and what your rights are in relation to it.

This policy applies to:

- Visitors to our website

- Prospective clients who contact us, book a call, or attend any meeting with us

- Existing clients who use our services

- End customers of our clients who interact with systems we operate on their behalf

By using our website or services in any capacity, you confirm that you have read, understood, and agree to this Privacy Policy. If you do not agree, you must not use our website or services.

This Privacy Policy should be read alongside our Terms of Service, which together govern your relationship with Your Social Builder.

---

## 2. Our Role Under Data Protection Law

For the purposes of the General Data Protection Regulation (GDPR) and the Data Protection Acts 1988–2018:

- Your Social Builder is the Data Controller in respect of personal data we collect directly from website visitors, prospective clients, and existing clients.

- Your Social Builder acts as a Data Processor where we process personal data belonging to our clients' customers solely for the purpose of delivering agreed services — such as running SMS campaigns, review request sequences, automated follow-up systems, or any other client-directed communication activity. In these cases, our clients are the Data Controllers and are responsible for ensuring they hold a valid legal basis for that processing.

Our clients' obligations as Data Controllers are set out in full in our Terms of Service.

---

## 3. Personal Data We Collect

### 3.1 Data You Provide Directly

We collect personal data that you voluntarily provide when you:

- Visit or use our website

- Complete an enquiry, contact, or quote form

- Book or attend a call or video meeting with us

- Purchase or subscribe to any of our services

- Complete an onboarding form or account setup process

- Correspond with us by phone, email, SMS, live chat, or social media

- Attend a mandatory Cancellation Exit Call and complete the associated feedback form

- Provide feedback, testimonials, or participate in any review process

This may include your full name, business name, email address, phone number, billing and postal address, payment information, business details, social media account information, and any other information you choose to share with us.

### 3.2 Data Collected Automatically

When you visit our website, certain technical data is collected automatically including your IP address, browser type and version, device type and operating system, pages visited, time and date of your visit, session duration, referral source, and user behaviour on the site. This data is collected through cookies and similar tracking technologies as described in Section 11 of this policy.

### 3.3 Data Collected During Calls and Video Meetings

All telephone calls and video meetings with Your Social Builder are recorded. This applies to all call types without exception, including initial enquiry calls, sales and demo calls, onboarding calls, launch calls, customer success check-in calls, technical support calls, cancellation exit calls, and any other communication conducted by phone or video conferencing platform.

By booking, joining, or participating in any call or video meeting with Your Social Builder, you expressly and irrevocably consent to that interaction being recorded in audio and/or video format. This includes the mandatory Cancellation Exit Call required under our Terms of Service.

Where technically possible, a recording notification will be provided at the start of every call. The absence of such a notification does not invalidate your consent, which is given by the act of joining the call. This consent clause is also reflected in our Terms of Service, which all clients and prospective clients agree to by engaging with us.

Recordings are used for:

- Quality assurance and staff training

- Accurate documentation of agreed services, instructions, and commitments

- Dispute resolution

- Internal review and service improvement

Recordings are stored securely and retained for up to 24 months unless a longer period is required for legal, contractual, or dispute resolution purposes.

### 3.4 Payment and Billing Data

We collect billing and payment information when you purchase our services. Payment card details are processed securely by our third-party payment processor and are not stored directly by us. We retain billing records including transaction references, amounts, dates, and invoices for legal and accounting purposes in accordance with Irish statutory requirements.

### 3.5 Client Customer Data

As part of delivering certain services, our clients may provide us with personal data relating to their own customers — including names, phone numbers, email addresses, and other contact information — for the purpose of running SMS campaigns, automated follow-up sequences, review request systems, missed call text back, and related communication activities.

Where we process this data we do so strictly as a Data Processor, acting solely on the instructions of our clients. Our clients, as Data Controllers, are solely responsible for:

- Holding a valid legal basis under GDPR for sending communications to their customers

- Ensuring all necessary consents have been obtained prior to sharing data with us

- Ensuring their customers are informed of how their data is used

- Maintaining a current and compliant privacy policy on their own platforms

- Handling opt-out and data deletion requests from their own customers promptly

We do not use client customer data for any purpose other than delivering the agreed services. We do not sell, share, or transfer client customer data to any third party. Full details of client responsibilities are set out in our Terms of Service.

### 3.6 Testimonials and Case Studies

Where you provide a testimonial, review, or participate in a case study, we may use your name, business name, and the content of your feedback in our marketing materials, website, and social media channels. We will always seek your permission before doing so.

---

## 4. How We Use Your Personal Data

We process your personal data for the following purposes and on the following legal bases:

| Purpose | Legal Basis |

|---|---|

| To deliver and manage our services | Performance of a contract |

| To process payments and manage billing and invoicing | Performance of a contract / Legal obligation |

| To communicate with you regarding your account and services | Performance of a contract |

| To conduct, record, and use recordings of calls and video meetings | Legitimate interests / Consent (via Terms of Service agreement) |

| To conduct the mandatory Cancellation Exit Call and process your feedback form | Legitimate interests / Performance of a contract |

| To use cancellation feedback to improve our services and processes | Legitimate interests |

| To respond to enquiries, support requests, and complaints | Legitimate interests |

| To send service-related notifications, updates, and reminders | Performance of a contract |

| To send marketing communications where you have opted in | Consent |

| To analyse and improve our website, systems, and services | Legitimate interests |

| To comply with legal, regulatory, and tax obligations | Legal obligation |

| To prevent fraud, enforce our terms, and resolve disputes | Legitimate interests / Legal obligation |

| To operate SMS, review, follow-up, and communication systems on behalf of clients | Performance of a contract (as Data Processor) |

| To display testimonials and case studies with permission | Consent |

---

## 5. Marketing Communications

We may send you marketing communications about our services where you have opted in to receive them. You can withdraw your consent and opt out of marketing communications at any time by:

- Clicking the unsubscribe link in any marketing email

- Replying STOP to any marketing SMS

- Contacting us directly using the details in Section 15

Withdrawing consent does not affect the lawfulness of any processing carried out prior to withdrawal. We may continue to send you service-related communications that are necessary for the delivery of your services regardless of marketing preferences.

---

## 6. SMS and Text-Based Communication Systems

Where Your Social Builder operates SMS marketing, automated follow-up, missed call text back, review request, or any other text-based communication system on behalf of a client and directed at that client's customers:

- Messages are sent on behalf of and under the instructions of our client

- Our client is solely responsible for ensuring valid legal consents are in place

- All messages include opt-out functionality — recipients may reply STOP at any time

- Opt-out requests are processed promptly and the recipient will not be contacted further

- Irish regulatory requirements regarding SMS sending numbers and commercial communications are complied with at all times

- We do not use any recipient data obtained through these systems for any purpose outside of the agreed service

---

## 7. Google Business Profile and Social Media Account Access

Where we access and manage a client's Google Business Profile, Facebook page, Instagram account, or any other third-party platform as part of our services:

- We act strictly on the client's instructions and within the scope of the agreed services

- Access credentials and authorisation tokens are stored securely and never shared with any third party

- We do not use client account access for any purpose outside the agreed services

- Access is revoked promptly upon termination of the client relationship

- We are not responsible for any changes made to these platforms by the platform providers themselves

---

## 8. Sharing Your Personal Data

We do not sell your personal data to third parties under any circumstances.

We may share your personal data in the following limited circumstances:

8.1 Service Providers and Subprocessors

We work with trusted third-party technology and service providers to deliver our services. These may include CRM and automation platforms, SMS delivery providers, website hosting and security providers, email delivery services, video conferencing tools, payment processors, and analytics providers. All subprocessors are contractually bound to process data only on our instructions, to implement appropriate security measures, and to comply with applicable data protection law.

8.2 Legal and Regulatory Requirements

We may disclose personal data where required to do so by law, court order, or regulatory authority, including the Data Protection Commission, Revenue Commissioners, or An Garda Síochána, or where we reasonably believe disclosure is necessary to protect our legal rights or the safety of any person.

8.3 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of all or part of our business, personal data held by us may be transferred to the relevant acquiring party as part of that transaction. Affected individuals will be notified in advance and their rights under GDPR will be fully respected.

8.4 Dispute Resolution

Where a dispute arises between us and a client or any third party, we may share relevant data — including call and video recordings — with legal advisors, mediators, or courts as necessary to resolve that dispute.

---

## 9. International Data Transfers

Where we use third-party service providers who process data outside of the European Economic Area (EEA), we ensure that appropriate safeguards are in place in accordance with GDPR requirements — including standard contractual clauses, adequacy decisions, or other lawful transfer mechanisms. We do not transfer personal data internationally without ensuring such safeguards are in place.

---

## 10. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by applicable law. Our standard retention periods are as follows:

| Data Type | Retention Period |

|---|---|

| Client account and service data | Duration of contract plus 5 years |

| Call and video recordings (including Cancellation Exit Calls) | Up to 24 months from date of recording |

| Cancellation feedback form responses | Up to 3 years from date of submission |

| Financial, billing, and invoice records | 7 years (statutory requirement under Irish law) |

| Website enquiry and contact form data | 2 years from date of submission |

| SMS campaign logs and communication records | Duration of contract plus 2 years |

| Marketing consent and opt-in records | Duration of consent plus 3 years |

| Client customer data processed as Data Processor | As instructed by the client, or deleted upon termination |

| Testimonials and case study content | Until withdrawal of consent |

Upon expiry of the applicable retention period, personal data is securely deleted or irreversibly anonymised. Where deletion is not immediately possible due to technical constraints, the data will be isolated and protected until secure deletion can be completed.

---

## 11. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to improve your experience, analyse traffic, and support our marketing activities.

What are cookies?

Cookies are small text files placed on your device when you visit a website. They allow the website to remember information about your visit and preferences. Session cookies expire when you close your browser. Persistent cookies remain on your device until they expire or you delete them.

Types of cookies we use:

| Cookie Type | Purpose |

|---|---|

| Necessary cookies | Essential for the website to function correctly. Cannot be disabled and do not require consent. |

| Functionality cookies | Remember your preferences and settings to improve your experience on return visits. |

| Analytical cookies | Collect anonymised, aggregated data on how visitors use our website to help us understand and improve performance. No personally identifiable information is collected via these cookies. |

| Marketing and remarketing cookies | Track visitor behaviour across our website and third-party platforms to allow us to deliver relevant advertising. |

| Social media cookies | Set by social media platforms such as Facebook and Instagram to enable content sharing and event tracking. These cookies operate in accordance with those platforms' own privacy policies. |

Your cookie choices:

Where required by law, we will obtain your consent before placing non-essential cookies on your device. You may withdraw consent or manage your cookie preferences at any time through your browser settings or our cookie consent tool. Disabling certain cookies may affect the functionality of our website. For more information about managing cookies, visit internetcookies.org.

---

## 12. Your Rights Under GDPR

As a data subject under GDPR and Irish data protection law, you have the following rights in relation to your personal data:

| Right | What It Means |

|---|---|

| Right of Access | You may request a copy of the personal data we hold about you |

| Right to Rectification | You may request that we correct any inaccurate or incomplete data we hold |

| Right to Erasure | You may request deletion of your personal data in certain circumstances |

| Right to Restriction | You may request that we limit how we use your data in certain circumstances |

| Right to Data Portability | You may request your data in a structured, machine-readable format |

| Right to Object | You may object to processing based on legitimate interests or for direct marketing |

| Right to Withdraw Consent | Where processing is based on consent, you may withdraw it at any time |

| Right not to be subject to automated decision-making | You have the right not to be subject to solely automated decisions that significantly affect you |

To exercise any of these rights, please contact us using the details in Section 15. We will acknowledge your request promptly and respond within one calendar month. We may need to verify your identity before processing your request. This service is provided free of charge unless your request is manifestly unfounded or excessive.

If you are not satisfied with how we have handled your data or your rights request, you have the right to lodge a complaint with the Data Protection Commission (DPC) at:

Data Protection Commission

21 Fitzwilliam Square South, Dublin 2, D02 RD28

Website: www.dataprotection.ie

Phone: +353 57 868 4800

---

## 13. Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, destruction, alteration, or disclosure. Our security measures include:

- Encrypted data storage and transmission using SSL/TLS protocols

- Role-based access controls and multi-factor authentication

- Secure credential management and regular access reviews

- Regular security assessments and vulnerability monitoring

- Staff training on data protection responsibilities and secure data handling

- Incident response procedures for data breaches

While we take all reasonable and appropriate steps to protect your personal data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Data Protection Commission within 72 hours and, where required, notify affected individuals without undue delay.

---

## 14. Changes to This Policy

We reserve the right to update this Privacy Policy at any time to reflect changes in our services, legal obligations, or data processing practices. The most current version will always be published on this page with an updated revision date at the top. Where changes are material, we will take reasonable steps to notify existing clients directly. Your continued use of our website or services following any update constitutes your acceptance of the revised policy.

---

## 15. Contact Us and Data Protection Enquiries

If you have any questions, concerns, or requests in relation to this Privacy Policy or how we handle your personal data, please contact us at:

Your Social Builder

Email: [your email address]

Phone: [your phone number]

Address: [your business address]

We aim to respond to all data protection enquiries within five business days and to resolve all substantive requests within one calendar month.

---

This Privacy Policy is governed by the laws of Ireland and is designed to comply with the General Data Protection Regulation (EU) 2016/679, the Data Protection Acts 1988–2018, the ePrivacy Regulations, and all other applicable Irish and European Union data protection legislation. Where this policy conflicts with any applicable law, the applicable law will prevail.