Privacy policy
Last modified September 2025
1. Who we are and what we do
Who we are
We are Feefo Holdings Limited (“Feefo”, “us”, “we”, “our”). We are a limited company registered in England and Wales under registration number 07191962 and we have our registered office at Feefo Barn, Heath Farm, Heath Road East, Petersfield, Hants GU31 4HT. We are registered with the UK supervisory authority, Information Commissioner’s Office (“ICO”), in relation to our processing of Personal Data under registration number Z2323576.
What we do
Feefo works with over 6,500 brands worldwide, from household names to local heroes. We send out hundreds of thousands of feedback requests every week and host millions of customer reviews, which we use to provide business and sector insight.
We’re a team of technology specialists, industry experts, and multi-lingual client services champions that operate across various sectors, including travel, retail, automotive, and finance. Feefo’s bespoke artificial intelligence, smart profiling, review software and compliance solutions help increase client sales and reduce churn. As a Google Content Partner, our clients can improve their search and paid conversion rates too.
We are proud to work with companies, large and small, from household names to local heroes.
We are committed to protecting the privacy and security of the Personal Data we process about you.
2. Purpose of this privacy notice
The purpose of this privacy notice is to explain what Personal Data we collect about you and how we process it. This privacy notice also explains your rights, so please read it carefully. If you have any questions, you can contact us using the information provided below under the ‘How to contact us’ section.
3. Who this privacy notice applies to
This privacy notice applies to you if:
- You visit our website
- You leave feedback or a review about us or one of the brands we work with
- You purchase product or services from us
- You enquire about our products and/or services
- You sign up to receive newsletters and/or other promotional communications from us
4. What Personal Data is
‘Personal Data’ means any information from which someone can be identified either directly or indirectly. For example, you can be identified by your name or an online identifier.
5. Personal Data we collect
The type of Personal Data we collect about you will depend on our relationship with you. For the type of Personal Data, we collect see the table below in the section entitled ‘Purposes, lawful bases and retention periods’.
6. How we collect your Personal Data
We obtain your personal data in the following ways:
- From merchants/retailers (although we do so as their data processor);
- Directly from you, for instance where you submit something to our website, communicate with us, or otherwise voluntarily provide personal data to us; and from your accounts on other online services, where you give us permission to do so. For instance, if you use Google, Facebook, Instagram or Twitter to log into our website or grant us access to data they hold, we may obtain some information from those services;
- Google Content/Merchant API – For merchant/retailer users, with your explicit authorisation, Feefo use the Google Content/Merchant API to retrieve product inventory data held in Google’s Merchant Centre to supplement the transactional data you provide directly to Feefo. This data is used to enrich the end user experience when submitting/reading reviews through the display of extended product information and media content; to supplement Feefo’s product rating feed to Google with global identification data and to support analytical segmentation within the Feefo Hub. As part of the authorisation process Feefo will also receive Google user profile information which is used to maintain and manage your connection. Feefo’s access to your profile and product content can be revoked at any point via your Feefo Hub account or by request to the Feefo Support team.
Our relationship to you and your personal data
Our legal status in relation to you and your personal data differs, depending on where you are in the review process, which we explain in this section. You should contact the “controller” of your data, as indicated below.
Emails and/or SMS and/or WhatsApp inviting you to submit a review or survey response, here, we act as data processor, solely on behalf and on the instruction of the merchant/retailer.
Where we email you or send you an SMS or send you a WhatsApp to ask you to submit a review or survey response in respect of a merchant/retailer’s product or service, that merchant/retailer has given us your name and email address and/or mobile telephone number and asked us to send you such email and/or SMS and/or WhatsApp.
We will not use your name, email address or mobile telephone number for any other purpose, unless we already hold it in respect of a review. Even where we already hold your name, email address or mobile telephone number, we will only invite you to submit a review where the merchant/retailer has provided the same name, email address or mobile telephone number.
When you visit our website, and your review itself (and any other data you submit with it)
Here, we act as data controller.
When you visit our website, we will automatically collect certain personal data using cookies and your IP address.
We may also collect personal data contained in any forms you submit to our website, including the details of any review you submit.
Here, we act as data controller.
The purposes for which we use your personal data are set out in the table below.
Please note that the merchant/retailer will also be a data controller of review data, and you may need to contact both us and the merchant/retailer to exercise rights in respect of your personal data.
Automatically when you use our website. For instance:
Like most websites, we use cookies (which are smaller text files sent between your web browser and our services) to provide or improve certain functionality, including authentication, and to track which of our pages you visit (see our the “Cookies” notice for more information); and
Our services automatically collect certain information about your use of our platform, for instance some key settings on your device, what type of device you are using, the operating system on your device, the website from which you came and your IP address.
7. Purposes, lawful bases and retention periods
We will only use your Personal Data when the law allows. Most commonly, we will use your Personal Data in the following circumstances:
Type of data |
Purpose |
Legal basis for the processing |
How long we keep it |
Your name, email address and/or mobile telephone number. The product or service you bought.
|
To invite you to submit a review or survey response in respect of a product or service, on the instruction of a merchant/retailer. To inform you, on the instruction of a merchant/retailer, that they intend to use Feefo and would like to move a review you had previously left for them with another review platform to Feefo.
|
As a data processor, we are not responsible for establishing a legal basis.
The merchant/ retailer, as data controller, must have a legal basis. |
Until the earlier of:
In some cases, we may keep it for longer, for instance where we are required to by law or need it to bring or defend a legal claim. |
Review data, including the product or service you bought where you mention this in your review, your name and location (if you provide them), email address, a customer service star rating, a product star rating and any free text you enter as part of your review.
|
To publish your review on our website.
Note: where you have asked us to keep your review anonymous, we won’t publish identifying information about you. |
Necessary for our legitimate interest of publishing reviews submitted in respect of our merchant/retailer clients.
|
We keep your data for the length of the contract we have with our customer as this is used for statistical purposes. Following contract termination, all personal data will be permanently anonymised in accordance with recognised standards, ensuring that no individual can be identified. Anonymised data is not subject to data protection laws and may be used for analytical, statistical, or reporting purposes. |
To supply the relevant merchant/retailer a feed of reviews.
Note: where you have asked us to keep your review anonymous, we won’t provide your name publicly but it will be available to the merchant/retailer who asked us to reach out to you for your feedback.
|
Necessary for our legitimate interest of fulfilling our contract with the merchant/retailer.
Necessary for the merchant/retailer’s legitimate interest in (a) carrying out market research to improve its customer experience, products and/or services; and (b) promoting its products and services with authentic customer reviews. |
Legitimate interests |
6 years |
For the merchant/retailer to publish your review on its website, marketing collateral and social media profiles.
Note: where you have asked us to keep your review anonymous, neither us nor the merchant/retailer will publish your name. |
Necessary for the merchant/retailer’s legitimate interest in (a) carrying out market research to improve its customer experience, products and/or services; and (b) promoting its products and services with authentic customer reviews.
|
Legitimate Interests |
6 years Please note that following contract termination, all personal data will be permanently anonymised in accordance with recognised standards, ensuring that no individual can be identified. Anonymised data is not subject to data protection laws and may be used for analytical, statistical, or reporting purposes. |
Potentially all personal data we hold about you, depending on the nature of the dispute |
To bring or defend legal claims.
|
Our legitimate interest of bringing and/or defending legal claims.
|
6 years |
Your IP address, the web site from which you visit us, the Feefo web pages you actually visit and the date and length of your visit. |
To understand how visitors use our website. |
Necessary for our legitimate interest of optimising and improving our website. |
We keep your data for the length of the contract we have with our customer as this is used for statistical purposes or for a maximum of 6 years. We will anonymise your data after a maximum of 6 years. |
To help us secure and manage the performance of our websites. |
Necessary for our legitimate interest of securing and managing the performance of our websites. |
Legitimate interests |
6 years |
Your name and email address as a product tester or potential product tester. |
To send you emails in relation to products you or may wish to test/review. |
Your opt-in consent or because it is necessary for our legitimate interest of keeping you informed about our business and services. |
Until you withdraw your consent and/or notify us that you no longer wish to receive our related emails. |
Your name and email address in a B2B capacity. |
We never market to consumers; however, we do process and reach out to B2B leads and our existing merchant customers. |
Legitimate Interests |
Until the earlier of:
|
Where Personal Data is processed because it is necessary for the performance of a contract to which you are a party, we will be unable to provide our services without the required information.
8. Sharing your Personal Data
All review data is shared with the retailer/merchant in respect of which you submitted a review.
In general, Feefo’s internal access to your personal data will be restricted to those who have a need to access it in order to carry out their duties (for example our customer services team).
However, we will also share your personal data with the following external third parties in some circumstances:
- fraud prevention agencies or other third parties that assist us in preventing fraud or other forms of risk;
- regulators such as the ICO, and government authorities such as HMRC or the police, if we are required to do so by law or if the regulator or authority requests it and we regard that request as reasonable or are required to comply by law;
- our insurers, legal advisers or other third parties who need access to it in the context of managing, investigating or defending claims or complaints;
- other businesses in connection with re-organisations, mergers and acquisitions of all or part of our business;
- organisations that process your data on our behalf who are not allowed to use your data for any other purpose, for instance our cloud computing partners;
- other companies within our group, for instance where they provide us services; and
- where you have consented to us doing so.
- Where we share your personal data with our service providers, we have contracts with those service providers setting out how they must handle your personal data, including not to use your personal data other than in accordance with our instructions.
- Where we have been able to fully anonymise personal data, we may share that anonymised data with third parties, for instance our merchants/retailers to share market trends or consumer sentiment, or in PR material that we publish.
9. International Transfers
Your Personal Data may be processed outside of the UK. This is because some of the organisations we use to provide our service to you are based outside the UK.
We have taken appropriate steps to ensure that the Personal Data processed outside the UK has an essentially equivalent level of protection to that guaranteed in the UK. We do this by ensuring that:
- Your Personal Data is only processed in a country which the Secretary of State has confirmed has an adequate level of protection (an adequacy regulation), or
- We enter into an International Data Transfer Agreement (“IDTA”) with the receiving organisation and adopt supplementary measures, where necessary. (A copy of the IDTA can be found here international-data-transfer-agreement.pdf (ico.org.uk)).
10. Your rights and how to complain
You have certain rights in relation to the processing of your Personal Data, including to:
- Right to be informed
You have the right to know what personal data we collect about you, how we use it, for what purpose and in accordance with which lawful basis, who we share it with and how long we keep it. We use our privacy notice to explain this.
- Right of access (commonly known as a “Subject Access Request”)
You have the right to receive a copy of the Personal Data we hold about you.
- Right to rectification
You have the right to have any incomplete or inaccurate information we hold about you corrected.
- Right to erasure (commonly known as the right to be forgotten)
You have the right to ask us to delete your Personal Data.
- Right to object to processing
You have the right to object to us processing your Personal Data. If you object to us using your Personal Data for marketing purposes, we will stop sending you marketing material.
- Right to restrict processing
You have the right to restrict our use of your Personal Data.
- Right to portability
You have the right to ask us to transfer your Personal Data to another party.
- Automated decision-making.
You have the right not to be subject to a decision based solely on automated processing which will significantly affect you. We do not use automated decision-making. - Right to withdraw consent
If you have provided your consent for us to process your Personal Data for a specific purpose, you have the right to withdraw your consent at any time. If you do withdraw your consent, we will no longer process your information for the purpose(s) you originally agreed to, unless we are permitted by law to do so.
- Right to lodge a complaint
You have the right to lodge a complaint with the relevant supervisory authority, if you are concerned about the way in which we are handling your Personal Data. The supervisory authority in the UK is the Information Commissioner’s Office who can be contacted online at:
Contact us | ICO
Or by telephone on 0303 123 1113
11. Objecting to our legitimate interests processing
- Where we process your personal data on the basis of our legitimate interests for direct marketing purposes, you always have the right to object to that processing. To object to direct marketing either follow the instructions for withdrawing marketing consent in the section above or contact us using the details at the top of this policy.
- You have the right to object to other processing on the basis of our legitimate interests, but we might not have to cease processing where you do so if either:
-
- we are able to demonstrate compelling legitimate grounds for the processing which override your interests; or
- where that legitimate interest is the establishment, exercise or defence of legal claims.
To object to legitimate interests processing, please contact us using the details at the top of this policy.
How to exercise your rights
You will not usually need to pay a fee to exercise any of the above rights. However, we may charge a reasonable fee if your request is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
If you wish to exercise your rights, you may contact us using the details set out below within the section called ‘How to contact us and our Data Protection Officer’. We may need to request specific information from you to confirm your identity before we can process your request. Once in receipt of this, we will process your request without undue delay and within one month. In some cases, such as with complex requests, it may take us longer than this and, if so, we will keep you updated.
12. Children’s Privacy
We do not offer our products and services to children, and we do not knowingly collect Personal Data of children without parental consent, unless permitted by law. If you are a child, you must have your parent’s permission to use our services. If you learn that a child has provided us with their Personal Data without parental consent, you may contact us, as described below, and if appropriate, we will securely and permanently delete it, in accordance with applicable law.
13. How to contact us and our Data Protection Officer
If you wish to contact us in relation to this privacy notice or if you wish to exercise any of your rights outlined above, please contact us as follows:
a/ email on gdprcompliance@feefo.com
b/ telephone on 0203 362 4209; or
c/ post using the address above
We have also appointed a Data protection Officer (“DPO”). Our DPO is Evalian and can be contacted as follows:
dpo@evalian.co.uk
West Lodge, Colden Common, Leylands Business Park, Hampshire SO21 1TH
Please mark your communications FAO the ‘Data Protection Officer’.
14. Our EU / UK Representative
We are based outside the European Union (EU) and under the EU General Data Protection Regulation (EU GDPR), we are required to appoint an EU representative. The purpose of an EU representative is to make it easy for people in the EU to contact us should they wish to exercise their rights or make a complaint or enquiry in relation to how we are processing their Personal Data. It is also a contact point for the supervisory authorities located in the EU.
Our EU representative is Ametros Ltd who can be contacted as follows:
Ametros Ltd, Commerce House, Washington Street West, Cork, Ireland.
email: gdpr@ametrosgroup.com
15. Changes to this privacy notice
We may update this notice (and any supplemental privacy notice), from time to time as shown below. We will notify you of the changes where required by applicable law to do so.