Privacy & Data Protection
Marketing And Advertising Compliance
Business And Legal
Contact And Support
Privacy Policy
January 2023
April 2022
February 2021
June 2020
January 2026
January 2026
(Version 1.1)
Privacy Policy
Privacy Policy
About This Policy
This Privacy Policy outlines how GoGorilla Media and Technologies Group Ltd and its affiliates (“GoGorilla”, “we”, “our”, or “us”) collect, use, and protect personal data. We are committed to upholding the highest standards of data protection and transparency in all our operations.
Introduction
GoGorilla.com provides performance marketing services built upon a proprietary financial technology architecture. This policy applies to all individuals whose personal data we process in the course of providing our services and operating our business.
Our Role as a Data Controller and Processor
Our role under data protection law depends on the context of our relationship with you. We act as a data controller when we determine the purposes and means of processing personal data, such as when we process data for our direct clients or manage our investor relations. We act as a data processor when we process personal data on behalf of another entity, for example, when our agency partners use our platform to service their own clients.
Applicability of This Policy
This policy applies to the following categories of individuals:
Direct Clients: Businesses, including founders and their employees, who use our performance marketing and strategic advisory services directly.
Investors: Individuals and entities, such as venture capital and private equity firms, who use our investor portals or engage with our fundraising support services.
Agency Partners: Agencies and freelancers who resell our services to their own clients under a white-label arrangement.
Website Visitors: Individuals who browse our website (gogorilla.com) or otherwise interact with us online.
Personal Data We Collect
We collect personal data necessary to provide our services and operate our business. The table below lists the data categories we collect for each user group.
User Group
Data Category
Examples of Data Collected
Direct Clients
Account & Profile Data
Name, business email, phone number, job title, company details, login credentials.
Financial & Transaction Data
Payment card details, bank account information, transaction history.
Marketing & Communications Data
Marketing preferences, communication records, campaign performance data.
Investors
Investor Portal Data
Name, email address, investment entity details, accreditation status, deal flow data.
Fundraising Support Data
Pitch decks, financial statements, and other business information shared for fundraising purposes.
Agency Partners
Reseller Account Data
Agency name, contact person details, client list (as processed on their behalf).
White-Label Branding Data
Logos and branding assets for customising the platform.
All Users
Technical & Usage Data
IP address, browser type, device information, platform usage analytics, log files.
Legal & Compliance Data
Data required for regulatory reporting, audit records, and data subject rights requests.
How and Why We Use Personal Data
We process personal data for specific, explicit, and legitimate purposes. Every use of data is designed to deliver our services effectively and enhance your experience.
Purpose of Processing
Description
Data Categories Used
Service Delivery
To provide and manage access to our marketing platform, dashboards, and related services.
Account & Profile, Financial & Transaction, Technical & Usage
Financial Service Facilitation
To connect clients with regulated financial services through our authorised third-party partners.
Financial & Transaction, Account & Profile
Performance Analytics
To generate insights that optimise marketing campaign performance and service delivery.
Marketing & Communications, Technical & Usage
Investor Relations
To manage our investor portals, facilitate deal flow, and support fundraising activities.
Investor Portal, Fundraising Support
Customer Support
To provide responsive and helpful support for any service-related inquiries.
Account & Profile, Technical & Usage
Security & Fraud Prevention
To protect accounts and data from unauthorised access and fraudulent activities.
All categories
Legal & Regulatory Compliance
To meet our legal obligations, including regulatory reporting and responding to legal requests.
Legal & Compliance
Our Legal Bases for Processing
We rely on the following legal bases under the UK General Data Protection Regulation (UK GDPR) to process personal data:
Legal Basis
When It Applies
Contract Performance
When processing is necessary to fulfil our contractual obligations to you.
Legitimate Interests
When we have a legitimate business reason to process your data, which does not override your rights and interests.
Legal Obligation
When we are required by law to process your data.
Consent
When you have given us specific, informed, and unambiguous consent to process your data.
Data Sharing And Disclosures
We do not sell personal data. We only share data when necessary to provide our services or when required by law.
Strategic Service Partners: We share data with regulated partners, such as Stripe, to provide secure and compliant payment processing.
Technology Service Providers: We engage providers for services like cloud hosting, data analytics, and security monitoring. All are bound by strict data processing agreements.
Legal and Regulatory Authorities: We may disclose data to law enforcement, regulators, or legal advisors to comply with legal obligations or protect our legitimate interests.
International Data Transfers
To deliver our services, we may transfer your personal data outside the United Kingdom (UK). When we do, we ensure that appropriate safeguards are in place to protect your data in accordance with UK GDPR requirements. This may include adequacy decisions or Standard Contractual Clauses.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process it, and whether we can achieve those purposes through other means.
Your Data Protection Rights
Under UK data protection law, you have several rights concerning your personal data. These include:
The right to be informed: You have the right to be informed about the collection and use of your personal data.
The right of access: You have the right to access your personal data.
The right to rectification: You have the right to have inaccurate personal data rectified or completed if it is incomplete.
The right to erasure: You have the right to have your personal data erased.
The right to restrict processing: You have the right to request the restriction or suppression of your personal data.
The right to data portability: You have the right to obtain and reuse your personal data for your own purposes across different services.
The right to object: You have the right to object to the processing of your personal data in certain circumstances.
Rights in relation to automated decision making and profiling: You have rights regarding automated individual decision-making and profiling.
To exercise any of these rights, please contact our Data Protection Officer at privacy@gogorilla.com.
Automated Decision-Making and Profiling
We use our proprietary GorillaMatrix® platform to analyse marketing performance and provide strategic recommendations. This involves automated processing and profiling to generate insights. However, these processes do not result in legal or similarly significant effects on individuals. You have the right to obtain human intervention, express your point of view, and contest decisions based on automated processing.
Data Security
We have implemented robust technical and organisational measures to protect your personal data from unauthorised access, use, or disclosure. These measures include data encryption, access controls, secure transmission protocols, and regular security assessments.
Cookie Policy
We use cookies and similar technologies to operate and improve our website. For more detailed information, please see our separate Cookie Policy.
Our Position on Financial Regulation
GoGorilla Media and Technologies Group Ltd is not a bank or a financial institution and is not regulated by the Financial Conduct Authority (FCA). Any financial services or products mentioned, such as those related to GorillaCapital, are provided by appropriately regulated third-party partners. We act solely as a facilitator in these arrangements.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on our website and updating the "Last Updated" date.
How to Contact Us
If you have any questions about this Privacy Policy or our data protection practices, please contact us:
Data Protection Officer: privacy@gogorilla.com
General Inquiries: info@gogorilla.com
How to Lodge a Complaint
You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection issues. You can find their contact details at www.ico.org.uk.
This Privacy Policy forms part of GoGorilla's commitment to transparency and data protection.
Last Updated: December 2025
Version: 1.1
Core Services
Clients
Company
Phone
info@gogorilla.com
United Kingdom
!
[1] ‘World’s First’
Claim
has been
independently
verified by a
third-party
legal representative.
Learn
more
Core Services
Clients
Company
Phone
info@gogorilla.com
United Kingdom
[1] ‘World’s First’
Claim
has been
independently
verified by a
third-party
legal representative.
Learn
more
Pricing
Core Services
Sprints
Agency & Talent Solution
FinTech Platform
Clients
Capital
Company
[1] ‘World’s First’
Claim
has been
independently
verified by a
third-party
legal representative.
Learn
more
Phone
info@gogorilla.com
Core Services
United Kingdom
[1] ‘World’s First’
Claim
has been
independently
verified by a
third-party
legal representative.
Learn
more
Pricing
Core Services
Sprints
Agency & Talent Solution
FinTech Platform
Clients
Capital
Company
Phone
info@gogorilla.com
United Kingdom
[1] ‘World’s First’
Claim
has been
independently
verified by a
third-party
legal representative.
Learn
more
Privacy & Data Protection
Marketing And Advertising Compliance
Business And Legal
Contact And Support
Privacy & Data Protection
Marketing And Advertising Compliance
Business And Legal
Contact And Support
Privacy Policy
January 2023
April 2022
February 2021
June 2020
January 2026
January 2026
(Version 1.1)
About This Policy
This Privacy Policy outlines how GoGorilla Media and Technologies Group Ltd and its affiliates (“GoGorilla”, “we”, “our”, or “us”) collect, use, and protect personal data. We are committed to upholding the highest standards of data protection and transparency in all our operations.
Introduction
GoGorilla.com provides performance marketing services built upon a proprietary financial technology architecture. This policy applies to all individuals whose personal data we process in the course of providing our services and operating our business.
Our Role as a Data Controller and Processor
Our role under data protection law depends on the context of our relationship with you. We act as a data controller when we determine the purposes and means of processing personal data, such as when we process data for our direct clients or manage our investor relations. We act as a data processor when we process personal data on behalf of another entity, for example, when our agency partners use our platform to service their own clients.
Applicability of This Policy
This policy applies to the following categories of individuals:
Direct Clients: Businesses, including founders and their employees, who use our performance marketing and strategic advisory services directly.
Investors: Individuals and entities, such as venture capital and private equity firms, who use our investor portals or engage with our fundraising support services.
Agency Partners: Agencies and freelancers who resell our services to their own clients under a white-label arrangement.
Website Visitors: Individuals who browse our website (gogorilla.com) or otherwise interact with us online.
Personal Data We Collect
We collect personal data necessary to provide our services and operate our business. The table below lists the data categories we collect for each user group.
User Group
Data Category
Examples of Data Collected
Direct Clients
Account & Profile Data
Name, business email, phone number, job title, company details, login credentials.
Financial & Transaction Data
Payment card details, bank account information, transaction history.
Marketing & Communications Data
Marketing preferences, communication records, campaign performance data.
Investors
Investor Portal Data
Name, email address, investment entity details, accreditation status, deal flow data.
Fundraising Support Data
Pitch decks, financial statements, and other business information shared for fundraising purposes.
Agency Partners
Reseller Account Data
Agency name, contact person details, client list (as processed on their behalf).
White-Label Branding Data
Logos and branding assets for customising the platform.
All Users
Technical & Usage Data
IP address, browser type, device information, platform usage analytics, log files.
Legal & Compliance Data
Data required for regulatory reporting, audit records, and data subject rights requests.
How and Why We Use Personal Data
We process personal data for specific, explicit, and legitimate purposes. Every use of data is designed to deliver our services effectively and enhance your experience.
Purpose of Processing
Description
Data Categories Used
Service Delivery
To provide and manage access to our marketing platform, dashboards, and related services.
Account & Profile, Financial & Transaction, Technical & Usage
Financial Service Facilitation
To connect clients with regulated financial services through our authorised third-party partners.
Financial & Transaction, Account & Profile
Performance Analytics
To generate insights that optimise marketing campaign performance and service delivery.
Marketing & Communications, Technical & Usage
Investor Relations
To manage our investor portals, facilitate deal flow, and support fundraising activities.
Investor Portal, Fundraising Support
Customer Support
To provide responsive and helpful support for any service-related inquiries.
Account & Profile, Technical & Usage
Security & Fraud Prevention
To protect accounts and data from unauthorised access and fraudulent activities.
All categories
Legal & Regulatory Compliance
To meet our legal obligations, including regulatory reporting and responding to legal requests.
Legal & Compliance
Our Legal Bases for Processing
We rely on the following legal bases under the UK General Data Protection Regulation (UK GDPR) to process personal data:
Legal Basis
When It Applies
Contract Performance
When processing is necessary to fulfil our contractual obligations to you.
Legitimate Interests
When we have a legitimate business reason to process your data, which does not override your rights and interests.
Legal Obligation
When we are required by law to process your data.
Consent
When you have given us specific, informed, and unambiguous consent to process your data.
Data Sharing And Disclosures
We do not sell personal data. We only share data when necessary to provide our services or when required by law.
Strategic Service Partners: We share data with regulated partners, such as Stripe, to provide secure and compliant payment processing.
Technology Service Providers: We engage providers for services like cloud hosting, data analytics, and security monitoring. All are bound by strict data processing agreements.
Legal and Regulatory Authorities: We may disclose data to law enforcement, regulators, or legal advisors to comply with legal obligations or protect our legitimate interests.
International Data Transfers
To deliver our services, we may transfer your personal data outside the United Kingdom (UK). When we do, we ensure that appropriate safeguards are in place to protect your data in accordance with UK GDPR requirements. This may include adequacy decisions or Standard Contractual Clauses.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process it, and whether we can achieve those purposes through other means.
Your Data Protection Rights
Under UK data protection law, you have several rights concerning your personal data. These include:
The right to be informed: You have the right to be informed about the collection and use of your personal data.
The right of access: You have the right to access your personal data.
The right to rectification: You have the right to have inaccurate personal data rectified or completed if it is incomplete.
The right to erasure: You have the right to have your personal data erased.
The right to restrict processing: You have the right to request the restriction or suppression of your personal data.
The right to data portability: You have the right to obtain and reuse your personal data for your own purposes across different services.
The right to object: You have the right to object to the processing of your personal data in certain circumstances.
Rights in relation to automated decision making and profiling: You have rights regarding automated individual decision-making and profiling.
To exercise any of these rights, please contact our Data Protection Officer at privacy@gogorilla.com.
Automated Decision-Making and Profiling
We use our proprietary GorillaMatrix® platform to analyse marketing performance and provide strategic recommendations. This involves automated processing and profiling to generate insights. However, these processes do not result in legal or similarly significant effects on individuals. You have the right to obtain human intervention, express your point of view, and contest decisions based on automated processing.
Data Security
We have implemented robust technical and organisational measures to protect your personal data from unauthorised access, use, or disclosure. These measures include data encryption, access controls, secure transmission protocols, and regular security assessments.
Cookie Policy
We use cookies and similar technologies to operate and improve our website. For more detailed information, please see our separate Cookie Policy.
Our Position on Financial Regulation
GoGorilla Media and Technologies Group Ltd is not a bank or a financial institution and is not regulated by the Financial Conduct Authority (FCA). Any financial services or products mentioned, such as those related to GorillaCapital, are provided by appropriately regulated third-party partners. We act solely as a facilitator in these arrangements.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on our website and updating the "Last Updated" date.
How to Contact Us
If you have any questions about this Privacy Policy or our data protection practices, please contact us:
Data Protection Officer: privacy@gogorilla.com
General Inquiries: info@gogorilla.com
How to Lodge a Complaint
You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection issues. You can find their contact details at www.ico.org.uk.
This Privacy Policy forms part of GoGorilla's commitment to transparency and data protection.
Last Updated: December 2025
Version: 1.1
Privacy & Data Protection
Marketing And Advertising Compliance
Business And Legal
Contact And Support
Privacy & Data Protection
Marketing And Advertising Compliance
Business And Legal
Contact And Support
Privacy Policy
January 2023
April 2022
February 2021
June 2020
January 2026
January 2026
(Version 1.1)
Privacy Policy
Privacy Policy
About This Policy
This Privacy Policy outlines how GoGorilla Media and Technologies Group Ltd and its affiliates (“GoGorilla”, “we”, “our”, or “us”) collect, use, and protect personal data. We are committed to upholding the highest standards of data protection and transparency in all our operations.
Introduction
GoGorilla.com provides performance marketing services built upon a proprietary financial technology architecture. This policy applies to all individuals whose personal data we process in the course of providing our services and operating our business.
Our Role as a Data Controller and Processor
Our role under data protection law depends on the context of our relationship with you. We act as a data controller when we determine the purposes and means of processing personal data, such as when we process data for our direct clients or manage our investor relations. We act as a data processor when we process personal data on behalf of another entity, for example, when our agency partners use our platform to service their own clients.
Applicability of This Policy
This policy applies to the following categories of individuals:
Direct Clients: Businesses, including founders and their employees, who use our performance marketing and strategic advisory services directly.
Investors: Individuals and entities, such as venture capital and private equity firms, who use our investor portals or engage with our fundraising support services.
Agency Partners: Agencies and freelancers who resell our services to their own clients under a white-label arrangement.
Website Visitors: Individuals who browse our website (gogorilla.com) or otherwise interact with us online.
Personal Data We Collect
We collect personal data necessary to provide our services and operate our business. The table below lists the data categories we collect for each user group.
User Group
Data Category
Examples of Data Collected
Direct Clients
Account & Profile Data
Name, business email, phone number, job title, company details, login credentials.
Financial & Transaction Data
Payment card details, bank account information, transaction history.
Marketing & Communications Data
Marketing preferences, communication records, campaign performance data.
Investors
Investor Portal Data
Name, email address, investment entity details, accreditation status, deal flow data.
Fundraising Support Data
Pitch decks, financial statements, and other business information shared for fundraising purposes.
Agency Partners
Reseller Account Data
Agency name, contact person details, client list (as processed on their behalf).
White-Label Branding Data
Logos and branding assets for customising the platform.
All Users
Technical & Usage Data
IP address, browser type, device information, platform usage analytics, log files.
Legal & Compliance Data
Data required for regulatory reporting, audit records, and data subject rights requests.
How and Why We Use Personal Data
We process personal data for specific, explicit, and legitimate purposes. Every use of data is designed to deliver our services effectively and enhance your experience.
Purpose of Processing
Description
Data Categories Used
Service Delivery
To provide and manage access to our marketing platform, dashboards, and related services.
Account & Profile, Financial & Transaction, Technical & Usage
Financial Service Facilitation
To connect clients with regulated financial services through our authorised third-party partners.
Financial & Transaction, Account & Profile
Performance Analytics
To generate insights that optimise marketing campaign performance and service delivery.
Marketing & Communications, Technical & Usage
Investor Relations
To manage our investor portals, facilitate deal flow, and support fundraising activities.
Investor Portal, Fundraising Support
Customer Support
To provide responsive and helpful support for any service-related inquiries.
Account & Profile, Technical & Usage
Security & Fraud Prevention
To protect accounts and data from unauthorised access and fraudulent activities.
All categories
Legal & Regulatory Compliance
To meet our legal obligations, including regulatory reporting and responding to legal requests.
Legal & Compliance
Our Legal Bases for Processing
We rely on the following legal bases under the UK General Data Protection Regulation (UK GDPR) to process personal data:
Legal Basis
When It Applies
Contract Performance
When processing is necessary to fulfil our contractual obligations to you.
Legitimate Interests
When we have a legitimate business reason to process your data, which does not override your rights and interests.
Legal Obligation
When we are required by law to process your data.
Consent
When you have given us specific, informed, and unambiguous consent to process your data.
Data Sharing And Disclosures
We do not sell personal data. We only share data when necessary to provide our services or when required by law.
Strategic Service Partners: We share data with regulated partners, such as Stripe, to provide secure and compliant payment processing.
Technology Service Providers: We engage providers for services like cloud hosting, data analytics, and security monitoring. All are bound by strict data processing agreements.
Legal and Regulatory Authorities: We may disclose data to law enforcement, regulators, or legal advisors to comply with legal obligations or protect our legitimate interests.
International Data Transfers
To deliver our services, we may transfer your personal data outside the United Kingdom (UK). When we do, we ensure that appropriate safeguards are in place to protect your data in accordance with UK GDPR requirements. This may include adequacy decisions or Standard Contractual Clauses.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process it, and whether we can achieve those purposes through other means.
Your Data Protection Rights
Under UK data protection law, you have several rights concerning your personal data. These include:
The right to be informed: You have the right to be informed about the collection and use of your personal data.
The right of access: You have the right to access your personal data.
The right to rectification: You have the right to have inaccurate personal data rectified or completed if it is incomplete.
The right to erasure: You have the right to have your personal data erased.
The right to restrict processing: You have the right to request the restriction or suppression of your personal data.
The right to data portability: You have the right to obtain and reuse your personal data for your own purposes across different services.
The right to object: You have the right to object to the processing of your personal data in certain circumstances.
Rights in relation to automated decision making and profiling: You have rights regarding automated individual decision-making and profiling.
To exercise any of these rights, please contact our Data Protection Officer at privacy@gogorilla.com.
Automated Decision-Making and Profiling
We use our proprietary GorillaMatrix® platform to analyse marketing performance and provide strategic recommendations. This involves automated processing and profiling to generate insights. However, these processes do not result in legal or similarly significant effects on individuals. You have the right to obtain human intervention, express your point of view, and contest decisions based on automated processing.
Data Security
We have implemented robust technical and organisational measures to protect your personal data from unauthorised access, use, or disclosure. These measures include data encryption, access controls, secure transmission protocols, and regular security assessments.
Cookie Policy
We use cookies and similar technologies to operate and improve our website. For more detailed information, please see our separate Cookie Policy.
Our Position on Financial Regulation
GoGorilla Media and Technologies Group Ltd is not a bank or a financial institution and is not regulated by the Financial Conduct Authority (FCA). Any financial services or products mentioned, such as those related to GorillaCapital, are provided by appropriately regulated third-party partners. We act solely as a facilitator in these arrangements.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on our website and updating the "Last Updated" date.
How to Contact Us
If you have any questions about this Privacy Policy or our data protection practices, please contact us:
Data Protection Officer: privacy@gogorilla.com
General Inquiries: info@gogorilla.com
How to Lodge a Complaint
You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection issues. You can find their contact details at www.ico.org.uk.
This Privacy Policy forms part of GoGorilla's commitment to transparency and data protection.
Last Updated: December 2025
Version: 1.1
Privacy & Data Protection
Marketing And Advertising Compliance
Business And Legal
Contact And Support
Privacy & Data Protection
Marketing And Advertising Compliance
Business And Legal
Contact And Support
Privacy Policy
January 2023
April 2022
February 2021
June 2020
January 2026
January 2026
(Version 1.1)
Privacy Policy
Privacy Policy
About This Policy
This Privacy Policy outlines how GoGorilla Media and Technologies Group Ltd and its affiliates (“GoGorilla”, “we”, “our”, or “us”) collect, use, and protect personal data. We are committed to upholding the highest standards of data protection and transparency in all our operations.
Introduction
GoGorilla.com provides performance marketing services built upon a proprietary financial technology architecture. This policy applies to all individuals whose personal data we process in the course of providing our services and operating our business.
Our Role as a Data Controller and Processor
Our role under data protection law depends on the context of our relationship with you. We act as a data controller when we determine the purposes and means of processing personal data, such as when we process data for our direct clients or manage our investor relations. We act as a data processor when we process personal data on behalf of another entity, for example, when our agency partners use our platform to service their own clients.
Applicability of This Policy
This policy applies to the following categories of individuals:
Direct Clients: Businesses, including founders and their employees, who use our performance marketing and strategic advisory services directly.
Investors: Individuals and entities, such as venture capital and private equity firms, who use our investor portals or engage with our fundraising support services.
Agency Partners: Agencies and freelancers who resell our services to their own clients under a white-label arrangement.
Website Visitors: Individuals who browse our website (gogorilla.com) or otherwise interact with us online.
Personal Data We Collect
We collect personal data necessary to provide our services and operate our business. The table below lists the data categories we collect for each user group.
User Group
Data Category
Examples of Data Collected
Direct Clients
Account & Profile Data
Name, business email, phone number, job title, company details, login credentials.
Financial & Transaction Data
Payment card details, bank account information, transaction history.
Marketing & Communications Data
Marketing preferences, communication records, campaign performance data.
Investors
Investor Portal Data
Name, email address, investment entity details, accreditation status, deal flow data.
Fundraising Support Data
Pitch decks, financial statements, and other business information shared for fundraising purposes.
Agency Partners
Reseller Account Data
Agency name, contact person details, client list (as processed on their behalf).
White-Label Branding Data
Logos and branding assets for customising the platform.
All Users
Technical & Usage Data
IP address, browser type, device information, platform usage analytics, log files.
Legal & Compliance Data
Data required for regulatory reporting, audit records, and data subject rights requests.
How and Why We Use Personal Data
We process personal data for specific, explicit, and legitimate purposes. Every use of data is designed to deliver our services effectively and enhance your experience.
Purpose of Processing
Description
Data Categories Used
Service Delivery
To provide and manage access to our marketing platform, dashboards, and related services.
Account & Profile, Financial & Transaction, Technical & Usage
Financial Service Facilitation
To connect clients with regulated financial services through our authorised third-party partners.
Financial & Transaction, Account & Profile
Performance Analytics
To generate insights that optimise marketing campaign performance and service delivery.
Marketing & Communications, Technical & Usage
Investor Relations
To manage our investor portals, facilitate deal flow, and support fundraising activities.
Investor Portal, Fundraising Support
Customer Support
To provide responsive and helpful support for any service-related inquiries.
Account & Profile, Technical & Usage
Security & Fraud Prevention
To protect accounts and data from unauthorised access and fraudulent activities.
All categories
Legal & Regulatory Compliance
To meet our legal obligations, including regulatory reporting and responding to legal requests.
Legal & Compliance
Our Legal Bases for Processing
We rely on the following legal bases under the UK General Data Protection Regulation (UK GDPR) to process personal data:
Legal Basis
When It Applies
Contract Performance
When processing is necessary to fulfil our contractual obligations to you.
Legitimate Interests
When we have a legitimate business reason to process your data, which does not override your rights and interests.
Legal Obligation
When we are required by law to process your data.
Consent
When you have given us specific, informed, and unambiguous consent to process your data.
Data Sharing And Disclosures
We do not sell personal data. We only share data when necessary to provide our services or when required by law.
Strategic Service Partners: We share data with regulated partners, such as Stripe, to provide secure and compliant payment processing.
Technology Service Providers: We engage providers for services like cloud hosting, data analytics, and security monitoring. All are bound by strict data processing agreements.
Legal and Regulatory Authorities: We may disclose data to law enforcement, regulators, or legal advisors to comply with legal obligations or protect our legitimate interests.
International Data Transfers
To deliver our services, we may transfer your personal data outside the United Kingdom (UK). When we do, we ensure that appropriate safeguards are in place to protect your data in accordance with UK GDPR requirements. This may include adequacy decisions or Standard Contractual Clauses.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process it, and whether we can achieve those purposes through other means.
Your Data Protection Rights
Under UK data protection law, you have several rights concerning your personal data. These include:
The right to be informed: You have the right to be informed about the collection and use of your personal data.
The right of access: You have the right to access your personal data.
The right to rectification: You have the right to have inaccurate personal data rectified or completed if it is incomplete.
The right to erasure: You have the right to have your personal data erased.
The right to restrict processing: You have the right to request the restriction or suppression of your personal data.
The right to data portability: You have the right to obtain and reuse your personal data for your own purposes across different services.
The right to object: You have the right to object to the processing of your personal data in certain circumstances.
Rights in relation to automated decision making and profiling: You have rights regarding automated individual decision-making and profiling.
To exercise any of these rights, please contact our Data Protection Officer at privacy@gogorilla.com.
Automated Decision-Making and Profiling
We use our proprietary GorillaMatrix® platform to analyse marketing performance and provide strategic recommendations. This involves automated processing and profiling to generate insights. However, these processes do not result in legal or similarly significant effects on individuals. You have the right to obtain human intervention, express your point of view, and contest decisions based on automated processing.
Data Security
We have implemented robust technical and organisational measures to protect your personal data from unauthorised access, use, or disclosure. These measures include data encryption, access controls, secure transmission protocols, and regular security assessments.
Cookie Policy
We use cookies and similar technologies to operate and improve our website. For more detailed information, please see our separate Cookie Policy.
Our Position on Financial Regulation
GoGorilla Media and Technologies Group Ltd is not a bank or a financial institution and is not regulated by the Financial Conduct Authority (FCA). Any financial services or products mentioned, such as those related to GorillaCapital, are provided by appropriately regulated third-party partners. We act solely as a facilitator in these arrangements.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on our website and updating the "Last Updated" date.
How to Contact Us
If you have any questions about this Privacy Policy or our data protection practices, please contact us:
Data Protection Officer: privacy@gogorilla.com
General Inquiries: info@gogorilla.com
How to Lodge a Complaint
You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection issues. You can find their contact details at www.ico.org.uk.
This Privacy Policy forms part of GoGorilla's commitment to transparency and data protection.
Last Updated: December 2025
Version: 1.1