1. Purpose of This Notice

This Privacy & Data Protection Notice explains how GoDigital2Achieve Ltd (‘GoDitach’, ‘we’, ‘our’, ‘us’) processes personal data across all websites, platforms, products, services, and subdomains operated by GoDitach. This scope includes all current and future domains, service pages, and GoDitach-branded solutions such as automation, communication, review management, and CRM-related systems. 

By accessing or using any of these services, you acknowledge and accept the data processing practices described in this Notice. This document is prepared in accordance with the UK Data Protection Act, GDPR, CCPA, and applicable requirements under the Turkish KVKK.

GoDitach is a UK-registered company, and the English version of this Notice is the legally binding version.

2. Roles in Data Processing (Controller vs Processor)

GoDitach acts as a data processor.

The business or organisation that purchases and uses GoDitach services is the data controller.

This means:

We process personal data only upon the controller’s documented instructions.

The controller (your business) decides which data is collected, uploaded, used, or sent through the system.

GoDitach does not use, sell, analyse, or exploit customer data for its own purposes.

All legal responsibility relating to message content, customer consent, and marketing permissions belongs to the controller.

3. Technical Infrastructure & Hosting Environment

GoDitach services may, when necessary, integrate with a third-party professional software infrastructure providing hosting, automation, communication, and CRM-related technical capabilities.

This infrastructure operates globally and ensures availability, performance, and secure data handling.

It is not directly operated by GoDitach, but is used as part of delivering the service.

Personal data may be processed within the hosting environment solely as a technical requirement of operating the service.

This processing does not constitute data trading, sharing, brokerage, or intentional transfer.

4. Categories of Personal Data Processed

Depending on the controller’s use of the system, the following data may be processed:

Name, surname

Email address

Phone number

Customer interaction history

Appointment, booking, or communication records

Business and account information

Customer lists provided by the controller

Data submitted through forms, automations, or integrations

GoDitach does not require or intentionally process special category (sensitive) personal data.

5. Sources of Data

Data processed by GoDitach originates from:

The business (controller) uploading its customer data

The controller’s CRM system (via API, if the controller activates such connection)

Users submitting information through forms, chat widgets, or automations

Communication channels configured by the controller

GoDitach never acquires data independently.

6. Purposes of Processing

We process data strictly and exclusively for:

Operating the platform and providing technical functionality

Executing automations configured by the controller

Sending emails, SMS, WhatsApp messages or notifications on behalf of the controller

Maintaining account functionality

Enabling integrations (Meta, Google, WhatsApp Cloud, SMS providers, payment gateways)

Ensuring platform security, monitoring misuse, and preventing abuse

GoDitach does not create additional purposes beyond the controller’s instructions.

7. Legal Basis for Processing

GoDitach processes data under:

The service agreement between the controller and GoDitach

The controller’s instructions (Article 28 GDPR processor obligations)

Legitimate technical necessity to operate the platform

Applicable laws in the controller’s jurisdiction

For Turkish users, certain KVKK obligations apply, which will be documented in the Turkish version

8. Use of Third-Party Infrastructure (Critical Legal Clause)

GoDitach may use a third-party professional software infrastructure to provide hosting, automation and communication functionality.

This infrastructure may store or process data as part of normal platform operations.

This is:

Not a commercial transfer

Not a sale or sharing of data

Not a brokered or agent-like activity

Only a technical hosting requirement essential for service delivery

Data remains fully under the controller’s control and instruction.

9. International Technical Processing

Due to the global nature of the underlying infrastructure, certain data may be processed on servers located in the United States.

This does not represent intentional foreign data transfer by GoDitach.

It is a direct result of the infrastructure’s hosting location and is required for the technical functioning of the service.

No data is shared, exported, or disclosed to third parties for independent use.

10. Automated Communications Performed on Behalf of Controllers

GoDitach may install, configure, and operate automations for the controller, including:

Email sequences

SMS campaigns

WhatsApp messaging

Appointment notifications

Chatbot interactions

Customer follow-up flows

All responsibility for content, sending frequency, legal compliance, consent, and permissions remains with the controller.

GoDitach’s role is strictly technical.

This clause protects GoDitach from all liability related to marketing laws, KVKK consent requirements, spam violations, or communication misuse.

11. Retention & Deletion

Data is retained only for the duration of the service.

Temporary processing for automation execution is not stored permanently.

The controller may request deletion of all data at any time.

Upon termination of service, all associated data may be deleted in accordance with retention rules.

12. Security Measures

We apply industry-standard measures including:

Encryption

Multi-layer access control

Secure hosting environments

Activity logging

Restricted personnel access

API-level security

Misuse detection systems

13. Rights of Individuals

Depending on the applicable law (GDPR, UK DPA, CCPA, KVKK), individuals may have rights such as:

Access to their data

Correction

Deletion

Data portability

Objection

Restriction of processing

Withdrawal of consent (in Written)

Requests submitted to GoDitach will be forwarded to the relevant controller, since the controller—not GoDitach—has the legal duty to respond.

14. Responsibilities of Controllers

The controller is fully responsible for:

Obtaining correct explicit consent

Ensuring compliance with local marketing laws

Ensuring KVKK requirements (Turkish translation will detail this)

Uploading accurate customer data

Message content legality

Sending frequency, content, targeting

Compliance with SMS/Email/WhatsApp communication rules

GoDitach acts strictly as a processor and cannot be held liable for the controller’s misuse.

15. Updates

This Notice may be updated periodically.

Continued use of the services constitutes acceptance of updates.

16. Contact Information

GoDigital2Achieve Ltd

London, United Kingdom

[email protected]