Website Privacy Policy

Privacy Policy

Who we are. Northbrik Systems Ltd is a company registered in England and Wales and is the data controller for personal data processed through this website and the Reachform product. Our registered office is 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom. Contact the controller, Data Protection Manager, and all legal correspondence at legal@northbrik.com. We have not appointed a Data Processing Officer; this position is reviewed annually as our processing profile evolves.

What personal data we collect

• Identity and contact data: name and email address when you create an account (when that feature is available).
• Search session metadata: your search query text and a timestamp, held only in your browser session storage for the active tab session to power the “previous searches” list. This is not uploaded to our servers for storage.
• Business listing data: business name, address, category, and rating accessed in real time from Google Places public listings when you run a search. This data is not stored onReachform servers and is not written to durable logs. Phone numbers may appear in the third-party interface when returned by the directory; we do not store or log phone numbers server-side.
• Communications data: if you email us at the addresses listed on this site.

How we collect it

• Directly when you create an account or contact us;
• Automatically when you use the search tools (queries and timestamps in browser storage only, as described);
• From publicly available business directories via Google Places.

Why we use personal data: legal bases (UK GDPR)

• Providing the service (Art. 6(1)(b) (performance of a contract)). Where you contract with Northbrik Systems Ltd, we process the account and service data needed to operate your subscription.
• Lead discovery via Google Places (Art. 6(1)(f) (legitimate interests)). We process publicly listed business data to identify businesses that may lack web presence so that subscribers can undertake proportionate B2B outreach. You may object; see Individual Rights below.
• Operating and securing the site (Art. 6(1)(f) (legitimate interests)). Security, troubleshooting, aggregated service improvement, without unnecessary profiling.
• Marketing. We only send promotional communications with prior consent. You may opt out in any marketing email; essential service messages are unaffected.

Data sharing

We use processors strictly where necessary, for example OpenAI to generate previews and drafts in the chat product, and Google Places for public business listings. We do not sell personal data and we do not share data with third parties for their own marketing without consent. Agreements require processors to protect data and process only under instruction.

International transfers

We do not transfer your personal data outside the UK.

Security measures

We apply appropriate technical and organisational measures, including HTTPS, access control to production credentials, hashing of passwords where authentication is offered, contractual confidentiality commitments, training for staff who process data, and principles of least privilege. Access is limited to those who genuinely need it.

Retention

• Account data: for the lifetime of your account plus up to six years after closure, consistent with contractual and legal record-keeping obligations.
• Search session metadata (sidebar): held in browser sessionStorage until the browser session ends; it is not a durable historical record stored on Reachform infrastructure.
• Business listing data: not stored server-side; queried and displayed transiently during your session only.
• Subject access correspondence: up to six years from resolution of the request.

Your legal rights (UK GDPR)

You may exercise the following:

• Right to be informed;
• Right of access: submit a Subject Access Request to legal@northbrik.com (we respond within 30 days);
• Right to rectification;
• Right to erasure (“right to be forgotten”);
• Right to restrict processing;
• Right to data portability (limited to structured account data);
• Right to object to processing grounded in legitimate interests;
• Rights concerning automated processing: Reachform does not undertake automated decisions with legal effects;
• Right to lodge a complaint with the Information Commissioner’s Office: ICO: www.ico.org.uk · Helpline 0303 123 1113.

ICO registration

Registration fee paid; confirmation pending publication on the ICO register (status as at April 2025).

Last updated: April 2025 · We may update this policy to reflect lawful changes; check this page periodically.

← Back to home