Privacy Policy for Scallably (a trading name of MTS Media Group Ltd.)
Effective Date: February 5, 2026
1. Introduction
Welcome to Scallably (a trading name of MTS Media Group Ltd.). This Privacy Policy describes how Scallably, a trading name of MTS Media Group Ltd ("we", "us", or "our"), collects, uses, and discloses your Personal Data when you use our website and services (the "Services").
Our Company Details:
Company Name: MTS Media Group Ltd.
Company Number: 14438825
Registered Address:124 City Road, London, EC1V 2NX, United Kingdom d services (collectively, the "Services").
We are committed to protecting your privacy and processing your data in accordance with the EU General Data Protection Regulation (GDPR) and the UK General Data Protection Regulation (UK GDPR), as amended by the Data (Use and Access) Act 2025 (DUAA).
This policy applies to:
Visitors to our website (scallably.com)
Users of our platform and Services
Individuals whose data we process on behalf of our customers
2. Data Controller
For the purposes of GDPR, the data controller is:
Scallably (a trading name of MTS Media Group Ltd.) Ltd 124 City Road, London, EC1V 2NX, United Kingdom
Data Protection Officer (DPO):
Email: [email protected]
3. Personal Data We Collect
We collect Personal Data in the following ways:
| Category of Data | Examples | Source |
|---|---|---|
| Identity & Contact Data | Name, email address, phone number, company name | Provided by you during sign-up or contact |
| Financial Data | Payment card details (processed by our payment provider) | Provided by you during purchase |
| Technical Data | IP address, browser type, device information, usage data | Collected automatically when you use our Services |
| Customer Data | Data you upload or connect to our platform, such as customer lists, conversations, reviews, and booking information. This may include Personal Data of your own customers. | Provided by you or collected via our Services on your behalf |
| AI & Voice Data | Recordings of phone calls processed by our Voice AI, transcripts of conversations, content generated by our AI tools. | Collected via our Services on your behalf |
Our Services are not intended for children under the age of 16, and we do not knowingly collect data relating to children.
4. How and Why We Use Your Personal Data (Legal Basis)
We use your Personal Data based on the following legal grounds under GDPR:
| Purpose of Processing | Type of Data | Legal Basis |
|---|---|---|
| To provide and manage our Services | Identity, Contact, Financial, Technical, Customer Data | Performance of a contract with you |
| To communicate with you | Identity, Contact | Legitimate Interest (to respond to inquiries and provide support) |
| To improve our Services | Technical, Usage Data | Legitimate Interest (to improve our platform and user experience) |
| For marketing and promotions | Identity, Contact | Consent (where required) or Legitimate Interest (to market our services to existing customers) |
| To ensure security and prevent fraud | Technical, Identity | Legitimate Interest (to protect our platform and users) |
| For specific purposes in the UK | All relevant data | Recognised Legitimate Interests (under UK GDPR, for purposes such as crime prevention or safeguarding) |
| To comply with legal obligations | All relevant data | Compliance with a legal obligation |
When we process Customer Data on your behalf (including data from your customers), we act as a Data Processor. You, our customer, are the Data Controller. Our processing is governed by the Data Processing Agreement (DPA) between us.
5. Data Sharing and Disclosure
Our platform is built on the infrastructure of GoHighLevel Inc. This means that when you use our Services, your data is processed on the GoHighLevel platform. We may also share your Personal Data with other service providers:
Service Providers & Sub-processors: We use third-party companies to help us provide our Services, such as cloud hosting (e.g., AWS, Google Cloud), payment processing (e.g., Stripe), and communication tools. A list of our sub-processors is available in our Data Processing Agreement.
AI Technology Providers: Our AI features (Voice AI, Content AI, etc.) are powered by leading third-party AI models. We only share data necessary to provide these features and have strict contractual agreements in place to protect your data.
Third-Party Integrations: When you connect third-party services (e.g., Calendly, your CRM) to your Scallably (a trading name of MTS Media Group Ltd.) account, we will share data with them as directed by you.
Legal Authorities: If required by law, we may disclose your data to public authorities.
6. International Data Transfers
Your Personal Data may be transferred to, and processed in, countries outside of the UK and the European Economic Area (EEA), including the United States, where our servers or our sub-processors are located.
We ensure that such transfers are lawful and that your data is protected by implementing appropriate safeguards, such as:
UK and EU Adequacy Decisions (or "Data Protection Test" in the UK): Transferring data to countries deemed to provide an adequate level of data protection.
Standard Contractual Clauses (SCCs): Using the UK's International Data Transfer Agreement (IDTA) or Addendum and the EU's Standard Contractual Clauses for transfers to other countries.
Data Privacy Framework: For transfers to certified US companies.
7. Automated Decision-Making and AI (Article 22 GDPR)
Our Services include AI-powered features that may involve automated processing of your data. This section explains how we use these technologies and your rights in relation to them.
7.1. AI Features We Use
Our platform includes the following AI-powered features:
| AI Feature | Purpose | Data Processed | Human Oversight |
|---|---|---|---|
| Voice AI | Automated phone calls and conversations | Voice recordings, transcripts | Calls can be transferred to humans; users can opt-out |
| Content AI | Generate marketing content, emails, social media posts | User prompts, business information | All content is reviewed before publication |
| Review Response AI | Suggest responses to customer reviews | Review text, business context | Suggestions require user approval |
| Lead Scoring | Prioritise leads based on engagement | Interaction data, behavioural signals | Scores are advisory; final decisions made by users |
7.2. Automated Decision-Making
We do not use fully automated decision-making that produces legal effects or similarly significantly affects you without human involvement. Our AI features are designed to assist and augment human decision-making, not replace it.
However, some features involve profiling (automated processing to evaluate certain personal aspects). For example:
Lead Scoring: We analyse engagement patterns to help you prioritise leads. This does not produce legal effects but may influence how you allocate your time.
Content Recommendations: We may suggest content based on your usage patterns.
7.3. Logic Involved
Our AI systems use machine learning models trained on large datasets. The logic involves:
Pattern Recognition: Identifying patterns in data to make predictions or generate content.
Natural Language Processing: Understanding and generating human language.
Statistical Analysis: Calculating probabilities and scores based on historical data.
We use third-party AI models (such as those from OpenAI) to power some features. These models process data according to our instructions and contractual agreements.
7.4. Significance and Consequences
The use of AI in our Services may result in:
Efficiency Gains: Faster response times and automated workflows.
Content Generation: AI-generated content that may require review for accuracy.
Prioritisation: Leads or tasks may be ranked based on AI analysis.
Important: AI systems, including ours, may occasionally produce inaccurate or inappropriate outputs ("hallucinations"). You are responsible for reviewing and approving any AI-generated content before use.
7.5. Your Rights Regarding Automated Processing
You have the right to:
Request Human Intervention: Ask for a human to review any automated decision.
Express Your Point of View: Provide additional context that may affect the outcome.
Contest the Decision: Challenge any automated output you believe is incorrect.
Opt-Out: Disable certain AI features in your account settings.
To exercise these rights, contact us at [email protected].
8. Data Security
We have implemented appropriate technical and organizational security measures to protect your Personal Data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include encryption, access controls, and regular security assessments.
9. Data Retention
We will retain your Personal Data only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Account Data: Retained for the duration of your subscription and for a reasonable period thereafter.
Customer Data: Processed and retained according to the instructions in our Data Processing Agreement.
10. Your Data Protection Rights (UK & EEA)
Under GDPR, you have the following rights:
Right of Access: To request a copy of your Personal Data.
Right to Rectification: To correct inaccurate or incomplete data.
Right to Erasure (‘Right to be Forgotten’): To request the deletion of your data.
Right to Restrict Processing: To limit how we use your data.
Right to Data Portability: To receive your data in a structured, machine-readable format.
Right to Object: To object to our processing of your data (e.g., for direct marketing).
Right to Complain (UK): Under the UK's Data (Use and Access) Act, you have the right to lodge a complaint directly with us about how we handle your data. We will acknowledge your complaint within 30 days and respond without undue delay. You can submit a complaint using our DSAR form.
To exercise these rights, please contact our DPO at [email protected] or use our DSAR form.
You also have the right to lodge a complaint with a supervisory authority, such as the UK's Information Commissioner's Office (ICO).
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by email or through our platform. The latest version will always be available on our website.
12. Contact Us
If you have any questions about this Privacy Policy or our data protection practices, please contact us at:
MTS Media Group Ltd. ,124 City Road, London, EC1V 2NX, United Kingdom
Company number: 14438825 e-mail:[email protected]