PRIVACY POLICY - SYSTEM SETTER
Privacy Policy
Last Updated: December 2025
1. INTRODUCTION
This Privacy Policy explains how System Setter ("we," "us," or "our"), a trading name operated from Ireland, collects, uses, and protects your information when you use our lead capture automation services (the "Services").
By using our Services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.
Our Services: We provide lead capture automation systems for Irish residential home service businesses (tradespeople), built on the GoHighLevel platform. This includes website hosting, AI chatbots, WhatsApp integration, CRM systems, review management, and local SEO services.
Data Controller: System Setter acts as a Data Controller for the personal data of our business clients. Our clients act as Data Controllers for the personal data of their end customers (leads) captured through our systems.
Legal Basis: This Privacy Policy complies with:
EU General Data Protection Regulation (GDPR)
Irish Data Protection Act 2018
ePrivacy Directive (as implemented in Ireland)
Supervisory Authority: Irish Data Protection Commission (DPC), 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland.
2. INFORMATION WE COLLECT
2.1 Business Client Information (Our Customers)
When you sign up for System Setter services, we collect:
Account Information:
Business name and trading name
Primary contact name and role
Business address and service areas
Phone number (mobile)
Email address
Business registration number (if applicable)
VAT number (if applicable)
Business Details:
Trade/industry type (plumber, electrician, etc.)
Services offered
Service areas covered
Business hours
Company description and branding materials
Business logo and photos
Website content you provide
Billing Information:
Payment is processed through Stripe (www.stripe.com)
We do NOT store credit card details on our servers
We store: billing name, billing address, payment history, invoice records
Stripe processes and securely stores all card information per PCI-DSS standards
2.2 End Customer Data (Your Leads - Processed on Your Behalf)
Through our systems, your end customers' information is captured and stored:
Lead Information:
Name
Phone number (mobile)
Email address
Service requested
Message/inquiry details
Preferred contact time
Source of inquiry (website form, chat, phone call)
Communication Records:
WhatsApp message history
Email correspondence
Call logs (missed calls, connected calls)
AI chatbot conversation transcripts
Review & Feedback Data:
Customer satisfaction ratings
Google reviews (public)
Private feedback submissions
Testimonials
IMPORTANT: For end customer data, YOU are the Data Controller and System Setter is the Data Processor. You are responsible for ensuring you have a lawful basis to collect and process your customers' personal data, and for providing them with appropriate privacy information.
2.3 Technical & Usage Information
Website Analytics:
IP address
Browser type and version
Device type (mobile, desktop, tablet)
Operating system
Pages visited and time spent
Click behavior and navigation paths
Referral source
Geographic location (country/city level)
We use Google Analytics and GoHighLevel analytics to collect this information.
Cookies: We use cookies for:
Session management (keeping you logged in)
Analytics and performance monitoring
Remembering your preferences
Cookie Consent: By using our Services, you consent to our use of cookies as described. You can disable cookies in your browser settings, though this may limit functionality.
2.4 Information We Do NOT Collect
We do not collect precise real-time geolocation data
We do not collect sensitive personal data (health, religion, political views, etc.) unless you voluntarily provide it
We do not record phone calls without consent
We do not monitor or track activity outside our Services
3. HOW WE USE YOUR INFORMATION
3.1 Business Client Data (Our Customers)
We use your information to:
Service Delivery:
Set up and configure your System Setter account
Build and host your multi-page website
Configure AI chatbot, WhatsApp integration, and CRM
Provide technical support and troubleshooting
Process your subscription payments
Send service updates and system notifications
Account Management:
Communicate with you about your account
Respond to your inquiries and support requests
Provide training and onboarding
Send renewal reminders and billing notices
Service Improvement:
Analye usage patterns to improve our Services
Develop new features and functionality
Conduct internal testing and quality assurance
Legal Compliance:
Comply with Irish and EU legal obligations
Respond to lawful requests from authorities
Enforce our Terms of Service
Protect against fraud and abuse
Legal Basis (GDPR Article 6):
Performance of contract (providing Services you've subscribed to)
Legitimate interests (improving Services, fraud prevention)
Legal obligation (tax records, responding to authorities)
Consent (where explicitly obtained, e.g., marketing communications)
3.2 End Customer Data (Processed on Your Behalf)
As a Data Processor for your end customer data, we:
Process Data Per Your Instructions:
Store leads in your CRM
Send automated WhatsApp messages
Facilitate communication via email and WhatsApp
Generate and distribute review requests
Track lead pipeline stages
Execute repeat business campaigns
Do NOT:
Use your customer data for our own purposes
Share your customer data with third parties (except as outlined in Section 4)
Make decisions about your customers without your instruction
Your Responsibilities as Data Controller:
You must:
Have a lawful basis to collect and process customer data
Provide customers with your own privacy notice
Obtain consent where required (e.g., marketing communications)
Handle subject access requests from your customers
Report data breaches involving your customer data
Ensure compliance with GDPR for your customer relationships
4. HOW WE SHARE YOUR INFORMATION
4.1 Service Providers (Sub-Processors)
We share information with trusted third-party providers who help deliver our Services:
GoHighLevel (GHL):
Platform provider for CRM, websites, automation
Servers located in USA (GDPR-compliant with Standard Contractual Clauses)
Privacy policy: https://www.gohighlevel.com/privacy-policy
Stripe:
Payment processing
We do not store card details; Stripe handles all payment data
Privacy policy: https://stripe.com/privacy
Meta/WhatsApp Business API:
WhatsApp messaging integration
Processes message content and phone numbers
Privacy policy: https://www.whatsapp.com/legal/privacy-policy
Google Services:
Google Analytics (website analytics)
Google Business Profile (review management and local SEO)
Google Cloud (some data storage)
Privacy policy: https://policies.google.com/privacy
SEO/Listings Service:
Third-party service for directory submissions (60+ platforms)
Shares: business name, address, phone, website URL
No end customer data shared
ALL sub-processors:
Are contractually bound to protect your data
Process data only per our instructions
Comply with GDPR requirements
Use appropriate technical and organizational security measures
4.2 Legal Disclosures
We may disclose your information when:
Required by Irish or EU law
Responding to valid legal process (court order, warrant, subpoena)
Investigating fraud, security threats, or illegal activity
Protecting our rights, property, or safety
Protecting the rights, property, or safety of our users
We will notify you of legal requests for your data unless prohibited by law.
4.3 Business Transfers
If System Setter is acquired, merged, or sells assets, your information may be transferred to the new owner. You will be notified via email and prominent website notice at least 30 days before any such transfer. The new owner will be bound by this Privacy Policy until amended.
4.4 We Do NOT:
Sell your personal data to third parties
Rent your data to marketers or advertisers
Use your business name or logo in our marketing without your express consent
Share your customer data with other System Setter clients
Provide your data to competitors
5. INTERNATIONAL DATA TRANSFERS
Primary Data Location: Ireland/EU (where possible)
Third-Party Services: Some of our sub-processors (e.g., GoHighLevel, Stripe) store data on servers located in the United States and other countries outside the EU/EEA.
Transfer Safeguards:
When we transfer data outside the EU/EEA, we ensure adequate protection through:
Standard Contractual Clauses (SCCs) approved by the European Commission
Verification that the recipient has adequate data protection measures
Data Processing Agreements with all sub-processors
You have the right to request copies of the safeguards we have in place for international transfers.
6. DATA SECURITY
We implement appropriate technical and organizational measures to protect your data:
Technical Measures:
Encryption in transit (TLS/SSL) and at rest
Secure authentication and access controls
Regular security audits and vulnerability testing
Automated backup systems
Firewall and intrusion detection systems
Secure API connections
Organisational Measures:
Access to data is restricted to authorized personnel only
Staff are trained on data protection obligations
Confidentiality agreements with all personnel
Incident response procedures
Regular review of security practices
Your Responsibilities:
Keep your login credentials confidential
Use strong, unique passwords
Log out after using shared devices
Notify us immediately of suspected unauthorized access
Ensure your team members only access data they need
Limitation: No security system is 100% secure. While we use industry-standard measures, we cannot guarantee absolute security. You use our Services at your own risk.
7. DATA RETENTION
7.1 Business Client Data (Our Customers)
We retain your data for:
Active Accounts:
Retained for the duration of your subscription plus 12 months after cancellation
Necessary for: contract performance, support, legal compliance, dispute resolution
Billing Records:
Retained for 6 years after your last payment (Irish tax law requirement)
Support Communications:
Retained for 3 years for quality assurance and dispute resolution
7.2 End Customer Data (Your Leads)
Active Data:
Retained in your CRM for as long as your account is active
YOU control retention - you can delete leads anytime via the CRM
After Account Cancellation:
If you cancel your System Setter subscription, your customer data is deleted within 30 days
You can export your data before cancellation
Backups may retain data for up to 90 days for disaster recovery purposes, then permanently deleted
Exception: We may retain anonymized, aggregated data indefinitely for analytics (no personal identifiers).
7.3 Legal Hold
If data is subject to legal proceedings, investigation, or dispute, we may retain it beyond normal retention periods until resolved.
8. YOUR RIGHTS UNDER GDPR
As an EU/Irish resident, you have the following rights regarding your personal data:
8.1 Right of Access
Request a copy of the personal data we hold about you.
8.2 Right to Rectification
Request correction of inaccurate or incomplete data.
8.3 Right to Erasure ("Right to be Forgotten")
Request deletion of your data where:
It's no longer necessary for the purpose collected
You withdraw consent (where consent was the legal basis)
You object to processing and there are no overriding legitimate grounds
The data was unlawfully processed
Required for legal compliance
Exceptions: We may refuse erasure if needed for legal compliance, legal claims, or fulfilling contractual obligations.
8.4 Right to Restriction of Processing
Request we limit how we use your data while we verify accuracy or assess your objection to processing.
8.5 Right to Data Portability
Receive your data in a structured, commonly used, machine-readable format (e.g., CSV, JSON) and transmit it to another controller.
8.6 Right to Object
Object to processing based on legitimate interests, including profiling.
8.7 Right to Withdraw Consent
Where processing is based on consent, you may withdraw it at any time (this does not affect prior processing).
8.8 Right to Lodge a Complaint
If you believe we've violated your data protection rights, you may complain to:
Irish Data Protection Commission (DPC) 21 Fitzwilliam Square South Dublin 2, D02 RD28 Ireland Phone: +353 57 868 4800 / +353 (0)761 104 800 Email: [email protected] Website: www.dataprotection.ie
8.9 How to Exercise Your Rights
To exercise any of these rights, contact us at:
Email: [email protected]
WhatsApp: 00353 87 185 8207
Response Time: We will respond within 30 days (may be extended by 2 months for complex requests).
Verification: We may ask for proof of identity to prevent unauthorized access.
No Fee: Exercising your rights is free unless requests are manifestly unfounded or excessive.
9. SPECIAL PROVISIONS FOR END CUSTOMERS
If you are a customer/lead of a System Setter client (e.g., you contacted a plumber using our system):
The tradesperson/business is the Data Controller of your information
System Setter is the Data Processor acting on their behalf
To exercise your rights or make inquiries about your data, contact the business directly
If the business cannot resolve your concern, you may contact us at [email protected] and we will assist
Their Obligations to You:
The business should provide you with:
Their own privacy notice
Information about how they use your data
Your rights regarding your data
How to contact them with privacy concerns
10. CHILDREN'S PRIVACY
Our Services are intended for business use only. We do not knowingly collect personal data from individuals under 18 years of age.
If you believe we have inadvertently collected data from a minor, please contact us immediately at [email protected] and we will delete it promptly.
11. MARKETING COMMUNICATIONS
Business Clients:
We may send you service updates, product announcements, tips, and promotional offers
You can opt out anytime by clicking "unsubscribe" in any email or contacting us
Opt-out does not apply to essential service communications (billing, security alerts, system updates)
End Customers:
Marketing communications sent via our system (WhatsApp, email) are controlled by our business clients
To opt out of their marketing, contact the business directly or reply "STOP" to their messages
We provide unsubscribe mechanisms in all automated campaigns
Legal Basis: Consent (explicitly obtained) or Legitimate Interest (existing customer relationships).
12. COOKIES & TRACKING TECHNOLOGIES
What We Use:
Essential Cookies (Required for functionality):
Session cookies (keep you logged in)
Authentication tokens
Load balancing
Analytics Cookies (Optional but recommended):
Google Analytics (website traffic, user behavior)
GoHighLevel analytics (system usage, feature adoption)
How to Manage Cookies:
Browser settings: Most browsers allow you to refuse or delete cookies
Opt-out links: Google Analytics: https://tools.google.com/dlpage/gaoptout General opt-out: https://www.youronlinechoices.eu/
Impact of Disabling: Some features may not work properly if you disable cookies.
13. THIRD-PARTY LINKS
Our Services may contain links to third-party websites (e.g., Google Business Profile, social media, client websites). We are not responsible for the privacy practices of these sites. Please review their privacy policies independently.
14. DATA BREACH NOTIFICATION
In the event of a data breach that poses a risk to your rights and freedoms:
Our Response:
Notify the Irish DPC within 72 hours
Notify affected individuals without undue delay
Provide details: nature of breach, data affected, likely consequences, measures taken
Your Responsibilities (Business Clients):
If you become aware of a breach involving your customer data through our system, notify us immediately
You must also notify the DPC and affected individuals per GDPR Article 33-34
15. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy to reflect changes in:
Our Services
Legal requirements
Industry best practices
Notification:
Material changes: Email notification to your registered address + prominent website notice 30 days before changes take effect
Minor changes: Updated "Last Updated" date at top of policy
Your continued use after changes constitute acceptance
Your Options:
If you disagree with changes, you may cancel your account before they take effect
We will facilitate data export upon request
16. CONTACT US
For any questions, concerns, or requests regarding this Privacy Policy or your personal data:
System Setter Email: [email protected] WhatsApp: 00353 87 185 8207
Phone: 00353 87 185 8207
Response Time: We aim to respond within 5 business days for general inquiries, 30 days for GDPR rights requests.
17. DATA PROCESSING AGREEMENT (DPA)
For Business Clients:
By using our Services, you agree to our Data Processing Agreement, which governs how we process your end customer data on your behalf. Key terms:
Your Role: Data Controller
Our Role: Data Processor
Your Instructions: Via system settings, CRM actions, and support requests
Our Obligations: Process data only per your instructions, implement security measures, assist with GDPR compliance, notify you of breaches
Sub-Processors: We may use approved sub-processors (listed in Section 4.1)
Audits: You may request audit information to verify compliance
A full copy of our DPA is available upon request.
18. LEGITIMATE INTERESTS ASSESSMENT
Where we rely on "legitimate interests" as our legal basis for processing, we have assessed that:
Our interests are legitimate (operating a business, improving Services, preventing fraud)
Processing is necessary to achieve those interests
Your interests and rights do not override our legitimate interests
We've implemented safeguards to protect your data
You may request details of our legitimate interests assessment at any time.
19. AUTOMATED DECISION-MAKING
We do not use fully automated decision-making or profiling that produces legal or similarly significant effects on you.
AI Chatbot: Our AI chat assistant is used for customer service automation, but all significant decisions (accepting/rejecting jobs, pricing) are made by humans (you or your customers).
END OF PRIVACY POLICY
