How Rank Me Higher handles personal data

1. Who we are

Rank Me Higher Ltd, trading as Rank Me Higher, is the controller for most personal data collected through this website and through our direct business activities. Our website is https://rankmehigher.co/.

You can contact us about privacy matters at hello@rankmehigher.co or through our contact page.

For some client work, we may act as a processor where we handle personal data on a client's documented instructions. Section 11 explains this in more detail.

2. What this policy covers

This policy covers personal data connected with:

• visits to our website, landing pages, blog posts and product pages;
• contact forms, calls, emails, live chat, consultation bookings and sales enquiries;
• SEO, PPC, content, CRO, design, reporting and related marketing services;
• WooCommerce orders, proposals, invoices, payments and account administration;
• newsletter, remarketing, customer relationship and lead management activity;
• job applications, contractor enquiries and recruitment conversations;
• client-provided data, account access and files needed to deliver services.

Some projects may also be governed by a proposal, statement of work, data processing agreement or other written contract. If there is a conflict between this general policy and a signed agreement, the signed agreement will normally take priority for that project.

3. Personal data we collect

The data we collect depends on how you interact with us. It may include:

• Identity and contact data: name, job title, company, email address, phone number, billing details and business address.
• Enquiry and project data: messages, briefs, website URLs, commercial goals, budgets, target locations, campaign notes and support requests.
• Client account and access data: access to WordPress, Shopify, WooCommerce, Google Analytics, Google Search Console, Google Ads, Google Business Profile, Meta, CRM, email marketing, hosting, call tracking or similar tools where you authorise it.
• Customer, lead and audience data: names, contact details, form submissions, CRM records, order data, call tracking data, advertising audience information or conversion data where you provide it to us for service delivery.
• Technical and usage data: IP address, device type, browser, operating system, referral source, pages viewed, time on site, cookie identifiers and analytics events.
• Payment and order data: product ordered, invoice status, transaction references and payment status. Full card details are normally handled by payment providers rather than stored directly by us.
• Marketing preference data: opt-ins, opt-outs, email engagement and communication preferences.
• Recruitment data: CVs, portfolio links, covering messages, work history and any information you choose to send when applying for a role.

Please do not send us special category data, such as health, biometric, political, religious or trade union information, unless we have specifically asked for it and explained why it is needed.

4. How we collect data

We collect data directly from you when you submit a form, email us, call us, book a consultation, place an order, complete onboarding, give account access, share a file, respond to a campaign or apply for a role.

We also collect some data automatically through cookies, analytics tools, server logs and security tools. We may receive data from third-party platforms you connect to our services, such as Google, Meta, WordPress, Shopify, WooCommerce, CRM, call tracking, payment and reporting platforms.

5. How we use personal data and our lawful bases

Under UK GDPR we need a lawful basis for using personal data. The main bases we rely on are contract, legitimate interests, legal obligation and consent.

Where we rely on legitimate interests, we balance our business need against your rights and expectations. You can object to processing based on legitimate interests, including some forms of direct marketing.

6. Cookies, analytics and advertising

Our website may use cookies and similar technologies for essential site functions, security, analytics, advertising measurement, personalisation and remarketing. Some cookies are necessary for the site to work. Others are optional and are used only where consent is required.

Analytics and advertising tools may help us understand which pages are useful, which campaigns generate enquiries, how visitors move through the site and whether ads are performing. These tools may set identifiers, collect technical information or record conversion events.

You can manage cookies through our cookie banner where available and through your browser settings. Blocking some cookies may affect how the site works. For more detail on cookies and similar technologies, the Information Commissioner's Office provides guidance on cookies and PECR.

7. Direct marketing

We may contact business contacts, existing customers and prospects about services, products, insights or updates that are relevant to them. We will use consent where required and may rely on legitimate interests or the soft opt-in where the law allows.

You can unsubscribe from marketing emails at any time using the unsubscribe link in the email or by contacting hello@rankmehigher.co. Service messages, invoices, support updates and contract communications are not marketing and may still be sent where needed.

We do not sell personal data.

8. Who we share personal data with

We share personal data only where there is a business, service, legal or security reason to do so. Recipients may include:

• hosting, website, WordPress, WooCommerce, form, security and backup providers;
• analytics, reporting, call tracking, CRM, email marketing and project management tools;
• Google, Meta, LinkedIn, Microsoft or other advertising and search platforms where needed for campaigns;
• payment processors, banks, accountants, bookkeepers and tax advisers;
• freelancers, contractors or specialist partners working under confidentiality or service terms;
• professional advisers, insurers, legal advisers, regulators, courts or public authorities where required.

Where we use suppliers to process data for us, we expect them to use it only for the agreed purpose and to keep it secure.

9. International transfers

Some tools and service providers may process data outside the UK. Where this happens, we take steps designed to protect personal data, such as using providers with appropriate safeguards, contractual terms or recognised transfer mechanisms where required.

10. How long we keep data

We keep personal data only for as long as it is needed for the purpose collected, including service delivery, accounting, legal, reporting, security and dispute purposes.

• Enquiry and prospect records are normally kept while the conversation is active and for a reasonable period afterwards.
• Client, invoice, contract and tax records may be kept for up to 6 years, or longer if a legal issue requires it.
• Marketing records are kept until you unsubscribe, object, withdraw consent or the data is no longer useful.
• Recruitment records are normally kept for up to 12 months unless you agree to a longer period.
• Analytics and cookie data is kept according to the settings of the relevant platform and cookie consent tool.

When data is no longer needed, we delete it, anonymise it or securely archive it where appropriate.

11. Client data, account access and processor responsibilities

When clients give us access to websites, analytics, advertising platforms, CRM systems, customer lists, leads, call recordings, order data or email marketing tools, the client is responsible for making sure they have a lawful basis to share that data with us and that their own privacy notices cover the relevant marketing, analytics and service activity.

For some work we act as a processor and use personal data only on the client's documented instructions. For other work, such as our own sales, marketing, billing and account management, we act as a controller. If a project requires a specific data processing agreement, we can put one in place as part of the commercial paperwork.

12. Security

We use reasonable technical and organisational measures to protect personal data, including access controls, secure accounts, reputable providers and internal limits on who can access client data. No website, email system or online platform can be guaranteed to be completely secure, so please take care when sending sensitive information.

13. Your rights

Depending on the circumstances, you may have the right to:

• ask for access to your personal data;
• ask us to correct inaccurate or incomplete data;
• ask us to delete personal data;
• ask us to restrict how we use personal data;
• object to processing based on legitimate interests, including direct marketing;
• ask for a copy of data you provided in a portable format;
• withdraw consent where processing is based on consent.

To exercise your rights, contact hello@rankmehigher.co. We may need to verify your identity before responding. We aim to respond within one month, although complex requests may take longer where the law allows.

You also have the right to complain to the Information Commissioner's Office. The ICO explains how to complain at https://ico.org.uk/make-a-complaint/.

14. Children's data

Our services are aimed at businesses and organisations, not children. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us so we can review and delete it where appropriate.

15. Changes to this policy

We may update this policy from time to time to reflect changes in our services, tools, legal obligations or business practices. The latest version will be published on this page with the updated date shown above.