Global2Outsource Ltd (“G2O”, “we”, “us”, “our”) provides B2B contact data services: building, enriching, verifying and refreshing business contact lists for our clients. Handling personal data carefully is central to what we do, not an afterthought. This notice explains what personal data we hold, how and why we use it, who we share it with, how long we keep it, and the rights you have.
We handle personal data in line with UK data protection law: the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003 (PECR), as amended by the Data (Use and Access) Act 2025.
Who we are
Global2Outsource Ltd is the data controller for the personal data described in this notice, except where we act as a processor on behalf of a client (see “The two roles we play” below).
- Company: Global2Outsource Ltd, registered in England and Wales, company number 10834243.
- Registered office: Suite 4, Second Floor, Honeycomb, 7-15 Edmund Street, Liverpool, L3 9NG.
- ICO registration number: ZA730577
- Data protection contact: privacy@global2outsource.com
If you have any question about this notice or about how we handle your data, please use the contact above.
The two roles we play
Data protection law separates the “controller” (who decides why and how personal data is used) from the “processor” (who handles it on a controller’s instructions). Because of the work we do, G2O acts in both roles:
- As a controller, when we compile or source business contact data ourselves to build or supplement a list, and when we handle information about visitors to this website and people who contact us.
- As a processor, when a client sends us their own contact data to enrich, verify or refresh. In that case the client is the controller, we work only on their documented instructions under a data processing agreement, and questions about that data should go to the client. If you contact us about it, we will pass your request on to them.
This notice mainly covers the personal data for which we are the controller.
The personal data we handle
People who contact us or use this website. When you complete a form or email us, we collect your name, the company you work for, your work email address and anything you tell us about your enquiry. When you visit the site we may collect limited technical data through cookies and similar technologies (see “Cookies” below).
Business contacts in the data we compile. When we build or supplement a contact list, we process business contact information about individuals in their professional roles. This typically includes name, job title, employer, business email address, business phone number, professional profiles such as LinkedIn, and other publicly available professional detail. We do not set out to collect special category data (such as health, race or political views), and we ask clients not to send it to us.
Where this data comes from. We often collect business contact data from sources other than the individual it relates to. UK GDPR requires us to be open about that. We obtain it from sources such as publicly available company and professional websites, public business directories, professional networking profiles, event and conference materials, and licensed third-party data providers. [Confirm and adjust this list so it matches the sources you actually use.]
Client data we process on instruction. Where a client gives us a list to work on, that data belongs to the client. We process it only to carry out the agreed work and under the terms of our agreement with them.
Why we use it, and our lawful basis
| What we do | Lawful basis |
|---|---|
| Respond to your enquiry and prepare a quote or scope | Legitimate interests, or taking steps to enter into a contract |
| Provide our data services to clients (building, enriching, verifying and refreshing business contact lists) | Legitimate interests |
| Run, secure and improve this website | Legitimate interests, and consent for any non-essential cookies |
| Meet our legal, accounting and regulatory obligations | Legal obligation |
Where we rely on legitimate interests for our data services, we have weighed our interest in running our business, and our clients’ interest in lawful B2B outreach, against the interests and rights of the individuals concerned, who are processed in their professional rather than personal capacity, and whose data is limited to business contact detail. We keep a record of that assessment and you can ask us about it. You can object to this processing at any time (see “Your rights”).
We rely on the ordinary legitimate interests basis under Article 6(1)(f), not the narrower “recognised legitimate interests” introduced by the Data (Use and Access) Act 2025, which is reserved for specific public-interest purposes that do not apply to our work.
Who we share it with
We use carefully chosen service providers to deliver and support our work. These fall into categories such as:
- contact data and email-finding providers,
- email and data verification services,
- web data and research tools,
- cloud hosting and infrastructure,
- website analytics.
[You can list your key providers by name here if you want to be fully transparent.] These providers act as our processors under written contracts that require them to protect the data and use it only for the services they provide to us.
When we build a list for a client, we provide that compiled contact data to that client for their own lawful business use. We do not otherwise sell, rent or trade personal data. We may disclose data where the law requires it, for example to comply with a court order or a regulator.
Sending data outside the UK
Some of our providers operate outside the UK, including in the United States. Where we transfer personal data abroad, we rely on a safeguard approved under UK law, such as UK adequacy regulations, the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, or the UK-US data bridge where the provider is certified under it. You can ask us for more detail on the safeguards that apply to a particular transfer.
How long we keep it
We keep personal data only as long as we need it for the purpose we collected it for.
- Enquiry data: kept for up to [24 months] after our last contact with you, then deleted. [Confirm the period.]
- Client project data: kept for the life of the project and for [a set period] afterwards as agreed with the client, then deleted or returned. [Confirm.]
- Compiled contact data: reviewed and refreshed on a regular cycle, and removed when it is no longer accurate or needed. [Confirm your approach.]
Your rights
Under UK data protection law you have the right to:
- be informed about how your data is used (this notice),
- ask for a copy of the personal data we hold about you,
- have inaccurate data corrected,
- ask us to erase your data in certain circumstances,
- ask us to restrict how we use your data,
- object to us using your data where we rely on legitimate interests, including an absolute right to object to direct marketing,
- ask us to transfer your data in certain circumstances,
- rights relating to automated decision-making and profiling.
We do not make decisions about you by automated means alone that produce a legal or similarly significant effect.
To exercise any of these rights, contact us at privacy@global2outsource.com. We will respond within one month, and will tell you if we need longer because a request is complex. There is normally no charge. Where we are acting as a processor for a client, we will forward your request to that client, who is responsible for answering it.
If you think we hold data about you
If you believe we may hold business contact data about you, and you want to see it, correct it, or ask us to stop using it, please contact us at privacy@global2outsource.com. We will find any records we hold and deal with your request. If you object to us processing your data for our B2B contact services, we will stop unless we can show compelling legitimate grounds that override your interests, or we need to keep it to establish or defend a legal claim.
Cookies
This website uses cookies and similar technologies. Strictly necessary cookies keep the site working and do not need your consent. We will ask for your consent before setting any non-essential cookies, such as analytics. You can change your choice at any time through [your cookie settings link or banner]. [If you add analytics or any non-essential cookies, this site needs a consent banner to comply with PECR.]
Complaints
If you have a concern about how we have handled your personal data, please contact us first at privacy@global2outsource.com so we can try to put it right. You have the right to complain directly to us, and we will acknowledge your complaint, look into it, and tell you the outcome.
You also have the right to complain to the Information Commissioner’s Office (ICO), the UK’s data protection regulator, which is in the process of becoming the Information Commission. You can reach the ICO at ico.org.uk or on 0303 123 1113. We would, though, appreciate the chance to address your concern before you approach the regulator.
Changes to this notice
We may update this notice from time to time to reflect changes in our practices or in the law. The current version is always the one published on this page.
Last updated: 3 June 2026