Privacy Policy

1. Introduction

This Privacy Policy explains how MV Test Solutions Ltd (trading as "MissedLeads"), a company registered in England and Wales (Company Number: 11803350), with its registered office at First Floor, 10 College Road, Harrow, United Kingdom, HA1 1BE (referred to as "we", "us", "our", or the "Company"), collects, uses, stores, discloses, and protects your personal data when you access or use the MissedLeads platform, website, APIs, and any related services (collectively, the "Service").

We are registered with the Information Commissioner's Office (ICO) as a data controller. Our ICO registration number is displayed in the footer of our website.

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 (PECR), and the Data (Use and Access) Act 2025, as applicable.

By accessing or using our Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, you must not use the Service.

2. Data Controller

The data controller responsible for your personal data is:

3. What Data We Collect

We may collect and process the following categories of personal data:

3.1 Data You Provide Directly

• Account Information: Your name, email address, telephone number, business name, and business address when you register for an account.
• Payment Information: Billing details processed securely through our third-party payment processor (Stripe). We do not store full payment card details on our servers.
• Communications: Any correspondence, support tickets, feedback, or enquiries you send us.
• Business Listing Data: Google Business Profile names, addresses, phone numbers, website URLs, and other publicly available listing details that you submit to us for monitoring purposes.

3.2 Data We Collect Automatically

• Usage Data: Information about how you interact with our Service, including pages visited, features used, timestamps, and session duration.
• Device and Technical Data: IP address, browser type and version, operating system, device identifiers, screen resolution, and referring URL.
• Cookies and Similar Technologies: See Section 9 below.

3.3 Data from Third-Party Sources

• Publicly Available Business Listing Data: We collect publicly accessible information about your Google Business Profile(s) from publicly available search results and third-party data signal providers. This data includes business names, addresses, phone numbers, opening hours, business status, categories, website URLs, and other publicly displayed information.
• Google Business Profile API Data: Where you grant us permission, we may access data via the official Google Business Profile API.

Important: MissedLeads is not affiliated with, endorsed by, or an official partner of Google LLC. We use third-party data signals and publicly available information as part of our monitoring service. We refer to this as "External Signal Monitoring" and "Public View Verification."

4. Legal Basis for Processing

Under the UK GDPR and the Data (Use and Access) Act 2025, we process your personal data on the following legal bases:

• Performance of a Contract (Article 6(1)(b)): Processing necessary to provide the Service to you, including monitoring your business listings and sending you alerts.
• Legitimate Interests (Article 6(1)(f)): Processing necessary for the purposes of our legitimate interests, including security monitoring, fraud prevention, service improvement, and the detection of unauthorised changes to publicly available business listing data. We have conducted a Legitimate Interest Assessment (LIA) and determined that these interests are not overridden by your rights and freedoms.
• Consent (Article 6(1)(a)): Where you have given clear consent for us to process your personal data for specific purposes, such as receiving marketing communications.
• Legal Obligation (Article 6(1)(c)): Processing necessary to comply with a legal obligation to which we are subject.
• Security Monitoring (Data (Use and Access) Act 2025): The monitoring of publicly available data for the purpose of detecting potential unauthorised changes to business listings constitutes a recognised legitimate interest under the data protection framework established by the Data (Use and Access) Act 2025.

5. How We Use Your Data

We use your personal data for the following purposes:

• To create, maintain, and secure your account.
• To provide the monitoring service, including scanning publicly available data for potential unauthorised changes to your business listings.
• To send you alerts and notifications about detected changes to your monitored listings.
• To process payments and manage your subscription.
• To communicate with you regarding your account, the Service, support requests, and important notices.
• To analyse usage patterns and improve the Service.
• To prevent fraud, abuse, and security threats.
• To comply with legal obligations and enforce our Terms of Service.
• To send you marketing communications where you have opted in (you may withdraw consent at any time).

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your data with the following categories of recipients:

• Service Providers: Third-party providers who assist us in operating the Service, including hosting providers (cloud infrastructure), payment processors (Stripe), email delivery services, analytics providers, and third-party data signal APIs used for public view verification. These providers process data on our behalf under data processing agreements.
• Professional Advisors: Lawyers, accountants, and auditors where necessary for our business operations.
• Law Enforcement and Regulatory Bodies: Where we are required to do so by law, regulation, or legal process, or where we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers: In connection with any merger, acquisition, reorganisation, sale of assets, or bankruptcy, your data may be transferred as part of the business assets.

All third-party service providers are contractually obligated to protect your data and to use it only for the purposes for which it was disclosed.

7. International Data Transfers

Some of our service providers may be based outside the United Kingdom. Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place in accordance with UK GDPR, including:

• Transfers to countries with an adequacy decision from the UK Secretary of State.
• Standard Contractual Clauses (SCCs) approved by the ICO.
• The International Data Transfer Agreement (IDTA) or UK Addendum to EU SCCs.
• Binding Corporate Rules where applicable.

You may request further details of the safeguards in place by contacting us.

8. Data Retention

We retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

• Account Data: Retained for the duration of your account and for up to 12 months after account closure, unless we are required to retain it longer for legal or regulatory purposes.
• Monitoring and Alert Data: Retained for up to 24 months from the date of generation, or for the duration of your subscription, whichever is longer.
• Payment Records: Retained for up to 7 years in accordance with HMRC requirements.
• Communication Records: Retained for up to 24 months after the last communication.
• Technical and Usage Data: Retained for up to 12 months.

When data is no longer required, it is securely deleted or anonymised.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience. The types of cookies we use include:

• Strictly Necessary Cookies: Required for the Service to function (e.g., session authentication). These cannot be disabled.
• Functional Cookies: Used to remember your preferences and settings.
• Analytics Cookies: Used to understand how visitors interact with our website, helping us improve the Service. These are only set with your consent.

You can manage your cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service.

For more information about cookies, visit www.allaboutcookies.org.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS/SSL) and at rest.
• Access controls and authentication mechanisms.
• Regular security assessments and vulnerability testing.
• Secure development practices.
• Staff training on data protection and security awareness.
• Incident response procedures.

While we take all reasonable precautions, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your data.

11. Your Rights Under UK GDPR

Under the UK GDPR and the Data Protection Act 2018, you have the following rights:

• Right of Access (Article 15): You have the right to request a copy of the personal data we hold about you (a "Subject Access Request").
• Right to Rectification (Article 16): You have the right to request that we correct any inaccurate or incomplete personal data.
• Right to Erasure (Article 17): You have the right to request that we delete your personal data in certain circumstances (the "right to be forgotten").
• Right to Restriction of Processing (Article 18): You have the right to request that we restrict the processing of your data in certain circumstances.
• Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Object (Article 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes.
• Rights Related to Automated Decision-Making (Article 22): You have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

To exercise any of these rights, please contact us at contact@rota123.com. We will respond to your request within one calendar month, as required by law. In complex cases, this may be extended by a further two months, and we will inform you of any such extension.

There is no fee for exercising your rights, unless your request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act on the request.

12. Children's Data

Our Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate parental consent, we will take steps to delete that data promptly.

13. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those third parties. We encourage you to read the privacy policies of any third-party websites you visit.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated Privacy Policy on our website with a revised "Last updated" date.
• Sending you an email notification if the changes are significant.

Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

15. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first at contact@rota123.com.

16. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: