GDPR Compliance

Last updated: 20 March 2026

Our Commitment

ClientWise is a UK-based company fully committed to GDPR compliance. As a data operations provider that works directly with CRM data, we understand the importance of data protection and have built our processes around it from the ground up.

Data Controller vs. Data Processor

When you use our website, we act as the data controller for the personal data we collect (e.g. contact form submissions). When we process CRM data on your behalf as part of our services, we act as a data processor under a Data Processing Agreement (DPA).

Data Processing Agreements

For every client engagement involving CRM data, we execute a Data Processing Agreement that specifies:

  • The categories of data being processed.
  • The purpose and duration of processing.
  • Security measures in place.
  • Sub-processor details, if applicable.
  • Data breach notification procedures.
  • Data return and deletion upon contract end.

Security Measures

We implement appropriate technical and organisational measures including:

  • Encryption of data in transit and at rest.
  • Access controls and role-based permissions.
  • Regular security reviews of our processes and tools.
  • Staff training on data protection best practices.
  • Secure deletion procedures when data is no longer needed.

Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — request correction of inaccurate or incomplete data.
  • Right to erasure — request deletion of your personal data where there is no compelling reason to continue processing.
  • Right to restrict processing — request that we limit how we use your data.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interests or direct marketing.

International Transfers

We primarily process data within the UK and EEA. Where data is transferred outside these regions, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions.

Data Breach Procedures

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours where feasible, and affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms.

Contact Our Data Protection Lead

For GDPR-related enquiries, data subject requests, or to request a copy of our Data Processing Agreement template, contact us at:

ClientWise
Email: sales@clientwise.agency

You can also lodge a complaint with the UK's Information Commissioner's Office (ICO) at ico.org.uk.