Claim Verification
January 2025
January 2025
(Version 1.1)
World's First Performance Marketing Company Built on a FinTech Platform™
GoGorilla.com® is publicly described as the world's first performance marketing company built on a FinTech platform™. This page provides transparent evidence and explanation to substantiate that claim. We recognise the importance of accuracy for our investors and partners and have undertaken a detailed verification process to validate our unique position in the market.
Below, we outline what this claim means, how we validated its uniqueness, and the steps we are taking to ensure its integrity.
¹ GoGorilla's claim is supported by collected evidence and independent review, as detailed on this page.
Our Unique Model: The Fusion of Performance Marketing and Financial Technology
In the context of GoGorilla, this means that our performance marketing services are fundamentally underpinned by a proprietary financial technology engine called GorillaMatrix. This is not an off-the-shelf tool. It is the custom-built, operational, and financial core of our business model.
GorillaMatrix® algorithmically ties our team's financial incentives directly to our clients' business outcomes. When a client succeeds, our platform automatically distributes rewards to the team members who contributed the most. Conversely, if targets are missed, the platform adjusts incentives accordingly. This creates an unprecedented alignment of interests where our team quite literally only wins when the client wins.
Traditional performance marketing agencies focus on measurable results, but GoGorilla takes it a step further by integrating financial technology into the very fabric of our service delivery. Our technology combines performance marketing with embedded financial tools to create a truly aligned, "win-win" growth model.
Prevention Measures
Our Respective Roles
Role
Responsibilities
Key Activities
You as Data Controller
Decision making, legal basis determination, data subject rights, compliance oversight
Decide what data to collect, determine legal basis, respond to data subject requests, ensure overall compliance
Us as Data Processor
Following instructions, security implementation, assistance provision, compliance support
Process data per instructions, implement security measures, help meet obligations, ensure processing compliance
Article 28 Compliance Framework
Legal Foundation
Our Data Processing Agreements fully comply with Article 28 of the UK GDPR, which means:
• Clear Roles: Defined responsibilities for both parties.
• Written Agreement: Comprehensive written terms covering all requirements.
• Security Obligations: Appropriate technical and organisational measures.
• Sub-Processor Rules: Clear framework for any sub-processors we use.
Key Protections
Every agreement includes:
• Processing Limitations: Clear boundaries on what we can and can't do with the data.
• Security Requirements: Specific security measures we must implement.
• Confidentiality: Binding confidentiality obligations for all our staff.
• Audit Rights: Your right to audit our compliance with the agreement.
Processing Instructions and Limitations
Processing Purposes
Purpose Category
Description
Examples
Service Delivery
Processing limited to what is necessary for our services
Platform operations, customer support, analytics
Email Marketing
Processing contact data for email campaigns
Contact management, campaign delivery, engagement tracking
Analytics
Processing usage data for performance insights
Usage analytics, performance metrics, optimisation insights
Customer Support
Processing data to provide support services
Support ticket management, issue resolution, communication
Security Governance
Security is a top priority at the highest levels of our organisation.
Data Categories We May Process
Contact Information
Business Information
Usage Data
Communication Data
Data Subject Categories
Your Customers
Your Employees
Your Prospects
Your Partners
Geographic and Processing Limitations
Geographic Restrictions
• Processing Locations: Clear specification of where processing may occur.
• Transfer Limitations: Any restrictions on international data transfers.
• Storage Locations: Defined locations for data storage.
• Access Controls: Geographic restrictions on data access.
Retention and Deletion
• Retention Periods: Clear specification of how long we keep data.
• Automatic Deletion: Automated deletion when retention periods expire.
• On-Demand Deletion: Deletion upon your request.
• Secure Deletion: Secure deletion methods ensuring data cannot be recovered.
Security and Confidentiality Obligations
Technical Safeguards
Security Area
Implementation
Standards
Encryption
TLS 1.3 for data in transit, AES-256 for data at rest
Industry-leading encryption standards
Access Controls
Role-based access, multi-factor authentication
Principle of least privilege
Monitoring
24/7 monitoring, threat detection, incident response
Continuous security monitoring
Key Management
Secure encryption-key management practices
Hardware security modules
Organisational Measures
Staff Training
• Comprehensive Training: All staff trained on data protection requirements
• Specialised Training: Additional training for staff handling sensitive data
• Regular Updates: Ongoing training on new requirements and best practices.
• Competency Assessment: Regular assessment of staff data protection knowledge.
Confidentiality
• Binding Obligations: All staff bound by confidentiality agreements.
• Employment Contracts: Data protection obligations in employment contracts.
• Contractor Agreements: Confidentiality requirements for all contractors.
• Ongoing Monitoring: Regular monitoring of confidentiality compliance.
Sub-Processor Management
When We Use Sub-Processors
Sub-Processor Scenarios
• Cloud Infrastructure: Cloud service providers for data storage and processing.
• Specialised Services: Specialised service providers for specific functions.
• Technology Partners: Technology partners providing platform capabilities.
• Support Services: Service providers supporting our operations.
Authorisation Process
Process Step
Requirements
Documentation
Prior Authorisation
Written approval before engaging sub-processors
Service description, data categories, processing activities
Due Diligence
Comprehensive assessment of sub-processor capabilities
Security assessment, compliance review, reference checks
Contractual Protection
Equivalent data-protection obligations
Same security standards, confidentiality, compliance monitoring
Liability Chain
Full liability for sub-processor performance
Direct recourse, insurance coverage, remediation rights
Data Subject Rights Support
Technical Assistance
System Capabilities
• Data Retrieval
• Data Portability
• Data Correction
• Data Deletion
Response Support
• Data Provision
• Technical Guidance
• System Access
• Documentation
Response Coordination
Timely Responses
• Rapid Processing: Quick processing of rights request support.
• Coordination: Close coordination with you to ensure timely responses.
• Status Updates: Regular updates on the status of rights request processing.
• Escalation: Clear escalation procedures for complex requests.
Quality Assurance
• Accuracy Verification: Verification of data accuracy before provision.
• Completeness Checks: Ensuring complete responses to rights requests.
• Format Compliance: Providing data in appropriate formats.
• Documentation: Comprehensive documentation of response activities.
Breach Notification and Incident Response
Rapid Detection
Standard/
Certification
Scope
Response Time
24/7 Monitoring
Continuous monitoring for potential data breaches
Real-time detection
Automated Alerts
Automated alerting systems for security incidents
Immediate notification
Threat Intelligence
Advanced threat intelligence and detection capabilities
Proactive identification
Regular Scanning
Regular vulnerability scanning and assessment
Certified
Rapid Detection
Immediate Notification
• 24-Hour Notification: Notification to you within 24 hours of breach discovery.
• Comprehensive Information: Detailed information about the nature and scope of the breach.
• Impact Assessment: Assessment of likely consequences and risks.
• Recommended Actions: Recommendations for response and mitigation measures.
Remediation Support
Technical Support
• Breach Containment: Technical support for containing and stopping breaches.
• System Recovery: Support for system recovery and restoration.
• Security Enhancement: Implementation of additional security measures.
• Monitoring Enhancement: Enhanced monitoring to prevent recurrence.
Regulatory Support
• Notification Assistance: Support for regulatory notification requirements.
• Documentation: Comprehensive documentation for regulatory reporting.
• Investigation Support: Support for regulatory investigations.
• Compliance Verification: Verification of ongoing compliance post-breach.
Contact Us About Data Processing
Data Processing Questions
Email:
privacy@gogorilla.com
Subject:
Data Processing Agreement
Response Time:
Within 48 hours
Agreement Requests
Email:
legal@gogorilla.com
For:
New data processing agreement requests, agreement modifications
Compliance Support
Email:
compliance@gogorilla.com
For:
Compliance questions, audit support, incident reporting
Technical Support
Email:
support@gogorilla.com
For:
Technical questions about data processing capabilities
When we process data on your behalf, we take that responsibility seriously. Our comprehensive Data Processing Agreement framework ensures that we meet the highest standards of data protection while enabling you to deliver great services to your customers.
Last Updated: January 2025
Version: 1.1
