GoSucceed® CRM
GDPR Compliance Statement
How GoSucceed CRM meets its obligations under UK GDPR and the Data Protection Act 2018
Version 1.1 | Effective Date: 1 May 2026 | Last Updated: April 2026
Entity Salters & Monroe Ltd trading as GoSucceed®
Company Number 13476747
Registered Office Kingfisher House, Hurstwood Grange, Hurstwood Lane, Haywards Heath, West Sussex, RH17 7QX
Data Protection Contact [email protected]
1. Our Commitment
GoSucceed CRM, operated by Salters & Monroe Ltd trading as GoSucceed®, is fully committed to compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR). Data protection is central to how we build and operate our platform.
2. Roles — Controller and Processor
Understanding the distinction between Controller and Processor is important for your own compliance:
You (the CRM client) Data Controller — you decide why and how your clients’ personal data is collected and processed. You are responsible for having a lawful basis for processing and for fulfilling your own GDPR obligations to your clients.
GoSucceed Data Processor — we process your clients’ personal data only on your instructions, as set out in our Terms of Service and Data Processing Addendum (DPA).
AllClients LLC (White Label CRM) Sub-processor — the underlying platform infrastructure provider, processing data on GoSucceed’s behalf under a formal DPA.
GoSucceed also acts as Data Controller for your own account and billing data. This is covered separately in our Privacy Policy at gosucceedcrm.com/privacy.
3. The Seven Principles of UK GDPR
GoSucceed CRM is designed to support your compliance with the seven core principles of UK GDPR:
Lawfulness, Fairness & Transparency The platform provides clear consent capture on forms and landing pages to help you establish a lawful basis for processing.
Purpose Limitation Data entered into GoSucceed CRM is used only for the purposes you define. GoSucceed does not use your clients’ data for any other purpose.
Data Minimisation The platform allows you to capture only the data fields relevant to your business. We encourage you to collect only what you need.
Accuracy GoSucceed CRM provides tools to update, correct, and manage contact records to help you maintain accurate data.
Storage Limitation You control how long data is held. GoSucceed will delete or export your data within 30 days of account termination on request.
Integrity & Confidentiality We implement AES-256 encryption at rest, TLS 1.2+ in transit, MFA (being implemented May 2026), role-based access controls, and daily backups.
Accountability GoSucceed maintains a formal DPA, sub-processor agreements, a Transfer Risk Assessment, and UK Addendum to EU SCCs to demonstrate compliance.
4. Data Processing and Hosting
GoSucceed CRM operates on the White Label CRM platform provided by AllClients LLC. We have a formal Data Processing Agreement (DPA) and UK Addendum to the EU Standard Contractual Clauses in place with AllClients LLC as our sub-processor, ensuring all processing meets UK GDPR standards.
The full sub-processor list for GoSucceed CRM is as follows:
Sub-processor Country Service Transfer Mechanism
AllClients LLC (White Label CRM) USA CRM Platform Provider UK Addendum to EU SCCs (Module 2)
Rackspace USA Cloud Infrastructure & Hosting UK Addendum to EU SCCs (via AllClients)
SendGrid USA Email Delivery UK-US Data Bridge (DPF)
Mailgun USA Email Delivery UK-US Data Bridge (DPF)
Zapier USA Integration Services UK-US Data Bridge (DPF)
Make.com (Celonis Inc) USA Integration & Automation UK-US Data Bridge (DPF) + ISO 27001:2022
5. International Data Transfers
All sub-processors listed above are based in the United States. GoSucceed ensures UK personal data transferred to these providers is protected by appropriate transfer mechanisms:
– AllClients LLC and Rackspace — covered by the UK Addendum to the EU Standard Contractual Clauses (Module 2, Controller to Processor), executed between Salters & Monroe Ltd and AllClients LLC. A Transfer Risk Assessment (TRA) has been completed and is held on file.
– SendGrid, Mailgun, Zapier, and Make.com (Celonis Inc) — covered by the UK Extension to the EU-US Data Privacy Framework (UK-US Data Bridge). All four are active certified participants on the DPF List.
6. Security Measures
GoSucceed CRM implements the following technical and organisational security measures:
Encryption in transit TLS 1.2+ on all data in transit
Encryption at rest AES-256 on all stored data
Multi-factor authentication Being implemented across all accounts — expected May 2026
Access controls Role-based permissions and user management
Backups Daily backups with 30-day rolling retention stored offsite at Rackspace
Audit logging Login and activity logs retained for 90 days
Hosting infrastructure Rackspace — ISO 27001 and SOC 2 Type II certified
Make.com ISO 27001:2022 and ISO 27701:2019 certified (valid to March 2027)
—————————– ————————————————————————-
7. Your Rights Under UK GDPR
As a Data Controller using GoSucceed CRM, you have rights in relation to your own account data under our Privacy Policy. In addition, GoSucceed will assist you in fulfilling your obligations to your own clients’ data subject rights requests, including:
– Right of access — we can export contact data on request
– Right to erasure — we can delete specific contact records on your instruction
– Right to rectification — data can be corrected within the platform at any time
– Right to data portability — full data export is available via CSV
To make any data subject rights request contact [email protected]. We will respond within one calendar month.
8. Breach Notification
In the event of a personal data breach affecting your data, GoSucceed will notify you without undue delay and provide all information necessary to support your obligations to report to the ICO within 72 hours where required under UK GDPR Article 33.
9. Frequently Asked Questions
Is GoSucceed CRM a Data Controller or Data Processor?
GoSucceed acts as Data Processor for your clients’ data that you store in the CRM, and as Data Controller for your own account and billing data. You are the Data Controller for your clients’ data.
Where is my data stored?
Your data is stored on servers managed by AllClients LLC (White Label CRM) and hosted by Rackspace in the United States. All transfers are protected by the UK Addendum to the EU Standard Contractual Clauses.
Do I need my own Data Processing Agreement with GoSucceed?
Yes — our Terms of Service includes a Data Processing Addendum (DPA) which covers this. By accepting our Terms of Service you enter into the DPA. If you require a countersigned copy please contact [email protected].
What happens if there is a data breach?
GoSucceed will notify you without undue delay and provide full details to help you meet your own ICO notification obligations. We will take all reasonable steps to mitigate the breach.
Can I request deletion of my data?
Yes. You can request deletion of your account data or your clients’ data at any time by contacting [email protected]. We will action deletion within 30 days except where retention is required by law.
Does GoSucceed CRM help me comply with PECR?
Yes — the platform includes built-in opt-in management, unsubscribe links on all marketing emails, and consent capture on forms. You remain responsible for ensuring you have a lawful basis for all communications sent through the platform.
Who do I contact if I have a complaint?
Contact [email protected] in the first instance. If unresolved you may complain to the ICO at ico.org.uk/make-a-complaint or by calling 0303 123 1113.
10. Contact
Data Protection Contact [email protected]
Post Salters & Monroe Ltd, Kingfisher House, Hurstwood Grange, Hurstwood Lane, Haywards Heath, West Sussex, RH17 7QX
ICO ico.org.uk | 0303 123 1113