Privacy Policy | Goodfellow Systems

This policy explains how Goodfellow Systems collects, uses, and protects personal data. We are committed to handling your information responsibly and in compliance with the UK GDPR and the Data Protection Act 2018.

Contents

Who We Are
Data We Collect
How We Use Your Data
Legal Basis for Processing
Data Sharing
Cookies & Tracking
Data Retention
Your Rights
Data Security
Third-Party Links
Changes to This Policy
Contact Us

1. Who We Are

Goodfellow Systems ("we", "us", "our") is a specialist patient acquisition agency serving hair restoration clinics including hair transplant clinics, scalp micropigmentation (SMP) clinics, and PRP hair treatment clinics.

We are the data controller for personal data collected through our website at www.goodfellowsystems.com and through our general business operations.

Where we process data on behalf of our clinic clients as part of delivering our services, we act as a data processor. Each clinic client is the data controller for their own patient data, and separate data processing agreements apply.

2. Data We Collect

We may collect the following categories of personal data:

Contact and identity data — name, email address, phone number, and clinic/business name, collected when you book a discovery call, submit an enquiry, or engage our services
Business data — information about your clinic, including location, treatment types, consultation capacity, and current marketing activity, shared during onboarding and service delivery
Usage data — information about how you interact with our website, including pages visited, time spent, and referring sources, collected via cookies and analytics tools
Communication data — records of correspondence between you and Goodfellow Systems, including emails, call notes, and messages

We do not collect or process patient medical data directly. Any patient data processed as part of campaign delivery is handled under separate data processing agreements with clinic clients.

3. How We Use Your Data

We use the personal data we collect for the following purposes:

To respond to enquiries and facilitate discovery calls with prospective clinic clients
To deliver, manage, and optimise our patient acquisition services for active clients
To communicate updates, performance reports, and service-related information
To improve our website, services, and business processes through analysis of usage data
To comply with legal and regulatory obligations

We do not use your personal data for unsolicited marketing without your consent, and we do not sell your data to third parties.

4. Legal Basis for Processing

We process personal data under the following legal bases as defined by UK GDPR:

Contract — processing necessary to deliver services under a signed service agreement
Legitimate interests — processing necessary for our legitimate business interests, including responding to enquiries and improving our services, where these are not overridden by your rights
Legal obligation — processing required to comply with applicable law
Consent — where you have explicitly consented, such as to receive marketing communications

5. Data Sharing

We may share your personal data with trusted third-party service providers who assist in operating our business, including:

CRM and marketing automation platforms (e.g. GoHighLevel)
Advertising platforms (e.g. Meta, Google) for campaign delivery
Analytics providers for website and campaign performance measurement
Payment processors for fee collection

All third-party providers are contractually required to process your data only as instructed and in accordance with applicable data protection law.

We do not transfer personal data outside of the UK or EEA without ensuring appropriate safeguards are in place.

6. Cookies & Tracking

Our website uses cookies and similar tracking technologies to improve user experience and gather analytics. These include:

Essential cookies — required for the website to function correctly
Analytics cookies — used to understand how visitors interact with the site (e.g. Google Analytics)
Marketing cookies — used to track the effectiveness of paid advertising campaigns

You can manage your cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of our website.

7. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law.

Client contact and business data is retained for the duration of the engagement and for up to 3 years thereafter for legitimate business purposes
Enquiry and discovery call data from prospects who do not become clients is retained for up to 12 months
Website analytics data is retained in accordance with the settings of the relevant analytics platform

When data is no longer required, it is securely deleted or anonymised.

8. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

Right of access — to request a copy of the personal data we hold about you
Right to rectification — to request correction of inaccurate or incomplete data
Right to erasure — to request deletion of your data in certain circumstances
Right to restrict processing — to request that we limit how we use your data
Right to data portability — to receive your data in a structured, machine-readable format
Right to object — to object to processing based on legitimate interests or for direct marketing

To exercise any of these rights, please contact us using the details in Section 12. We will respond within 30 days. If you are dissatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These include access controls, encrypted communications, and regular review of our data handling practices.

While we take reasonable steps to protect your data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but are committed to minimising risk.

10. Third-Party Links

Our website may contain links to third-party websites, including advertising platforms and partner tools. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies independently.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The "last updated" date at the top of this page will be revised accordingly.

We encourage you to review this policy periodically. Continued use of our website or services following any update constitutes acceptance of the revised policy.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Goodfellow Systems
www.goodfellowsystems.com

For data protection enquiries specifically, please include "Data Protection" in the subject line of your communication.