The Local Harvest
Back to Home

Privacy Policy

How we protect and handle your data

Last updated:17 December 2025

Introduction

CDM Marketing Ltd, trading as The Local Harvest (“we”, “our”, or “us”) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.thelocalharvest.co.uk and use our services.

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. CDM Marketing Ltd is registered with the Information Commissioner’s Office (ICO). This policy applies to all data processing activities carried out by CDM Marketing Ltd in relation to The Local Harvest concept.This policy was last reviewed on 17 December 2025.

Data Controller

CDM Marketing Ltd is the data controller for the personal information we collect about you. The Local Harvest is a concept being developed by CDM Marketing Ltd. You can contact us at:

CDM Marketing Ltd

Trading as: The Local Harvest (concept development)

Email: privacy@thelocalharvest.co.uk

Data Protection Officer: privacy@thelocalharvest.co.uk

ICO Registration: CDM Marketing Ltd is registered with the Information Commissioner’s Office (ICO)

Information We Collect

Personal Information You Provide

When you create an account or register your business, we collect:

  • Name: To personalize your profile and communications
  • Email address: For account verification and important notifications
  • Business information: Name, description, category, and practices
  • Address details: Street, city, county, postcode for location services
  • Contact information: Phone number (visibility controlled by you), website
  • Payment information: Processed securely through Stripe for subscriptions
  • Preferences: Tier selection, phone visibility settings, notification preferences

Automatically Collected Information

  • Usage data: How you interact with our website and features
  • Device information: Browser type, operating system, IP address
  • Analytics data: Via Google Analytics and Microsoft Clarity (with your consent)
  • Cookies: For website functionality, preferences, and analytics
  • Session recordings: Via Microsoft Clarity to improve user experience (with consent)

How We Use Your Information

Platform Services (Legal basis: Contract Performance)

  • Create and manage your business profile
  • Process tier subscriptions and billing
  • Provide location-based search functionality
  • Manage seat reservations for limited-access tiers
  • Enable customer discovery and communication

Marketing Communications (Legal basis: Consent)

  • Send tier upgrade notifications and promotional offers
  • Share platform updates and new features
  • Provide customer success and onboarding support
  • Trial period reminders and billing notifications

Analytics & Improvement (Legal basis: Legitimate Interest)

  • Understand platform usage patterns and optimize performance
  • Improve user experience and interface design
  • Monitor system security and prevent fraud
  • Generate anonymized reports on platform usage

Privacy Features

  • Phone Number Visibility: Hidden by default - you control if it appears publicly
  • Stripe Customer Portal: Secure access to manage your billing and subscriptions
  • Seat Locking: Fair access to limited premium tier seats (100 Founding Producer, 150 Front-Runner)
  • Trial Periods: 12-month trial for Founding Producer, 3-month for Front-Runner

Your Rights Under GDPR

Right of Access

Request a copy of your personal data

Right to Rectification

Correct inaccurate personal data

Right to Erasure

Request deletion of your data

Right to Withdraw Consent

Unsubscribe or change preferences at any time

Right to Data Portability

Export your data in a readable format

Right to Object

Object to certain processing activities

To exercise your rights: Email us at privacy@thelocalharvest.co.uk with your request. We’ll respond within 30 days.

International Data Transfers

Third-Party Services

Some of our services process data outside the UK/EEA:

  • Stripe (Payment Processing): Data processed in the US under Stripe’s adequacy arrangements
  • Supabase (Database): Data stored in EU regions with GDPR compliance
  • Google Analytics: Data may be processed in the US under Google’s adequacy arrangements
  • Microsoft Clarity: Data may be processed in the US under Microsoft’s Standard Contractual Clauses
  • Crisp (Live Chat): Chat conversations stored in EU data centers (only with consent)
  • Resend (Email Service): Data processed with appropriate safeguards

Your consent covers these transfers. You can withdraw consent at any time via your account settings or cookie preferences.

Live Chat Support (Crisp)

We use Crisp (crisp.chat) to provide live chat support on The Local Harvest. The chat widget only loads after you give consent to “Chat / Support” cookies.

When you use the chat while logged in, we share:

  • Your email address and name - So our support team can identify you
  • Your account type (business, customer, or admin) - To provide relevant assistance
  • Your The Local Harvest user ID - For our internal reference and better support
  • For business accounts: Your business name and website - To understand your business needs

Why we share this information:

This helps our support team provide better, more personalised assistance. Instead of asking who you are every time, we can immediately see your account details and help you faster.

Data storage and privacy:

Your chat conversations are stored by Crisp in accordance with their privacy policy. Crisp is GDPR-compliant and stores data in EU data centers. View Crisp’s Privacy Policy

Important: You can withdraw consent at any time by clicking “Cookie Settings” in the footer and disabling “Chat / Support” cookies. This will remove the chat widget and stop data sharing with Crisp.

Data Security & Retention

Security Measures

  • Strong password requirements (minimum 12 characters, zxcvbn strength validation)
  • Encrypted data transmission (HTTPS/TLS) and secure database storage
  • Stripe PCI DSS Level 1 compliance for payment processing
  • Multi-factor authentication options and session management
  • Regular security audits and vulnerability assessments
  • Role-based access controls and admin action logging

Data Retention

  • Active accounts: Data retained while your account is active and for legitimate business purposes
  • Cancelled subscriptions: Business profile may remain visible but subscription data is archived
  • Account deletion: Personal data removed within 30 days of confirmed deletion request
  • Analytics data: Anonymized analytics retained for 26 months as per Google Analytics settings
  • Transaction records: Retained for 7 years for tax and accounting purposes (legal requirement)

Cookies & Tracking

Our website uses cookies to enhance your experience and provide analytics. You can control these through our cookie consent banner or your browser settings.

Essential Cookies

Required for website functionality, user authentication, and security

Analytics Cookies

Google Analytics & Microsoft Clarity (with your explicit consent only)

  • Session recordings may capture your interactions
  • Heatmaps show aggregated click patterns
  • No sensitive data like passwords is recorded
  • Helps us improve user experience and identify issues

Chat / Support Cookies

Used to enable our Crisp live chat so you can message us directly.

  • Not essential for the website to run
  • Only used if you consent
  • When logged in, we share your email, name, and account type with Crisp

Marketing Cookies

Currently not used on this website

Data Breach Procedures

Our Commitment

  • We will notify the ICO within 72 hours of becoming aware of any data breach
  • If the breach poses a high risk to your rights, we will notify you without undue delay
  • We maintain incident response procedures and regular security assessments
  • All admin actions are logged and monitored for suspicious activity
  • Regular staff training on data protection and security best practices

Questions or Concerns?

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

📧 privacy@thelocalharvest.co.uk

🛡️ privacy@thelocalharvest.co.uk (Data Protection Officer)

🏢 CDM Marketing Ltd (Data Controller)

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data protection rights have been breached.