Our policy
Introduction
Commify UK Limited trading as Esendex (registered number: 04217280) whose registered office is at 20 Wollaton Street, Nottingham, NG1 5FW (“us” “we” “our”) is committed to preserving the privacy of all visitors and service users of www.esendex.com and esendex.co.uk (each referred to as the “Website”). This privacy policy details how Esendex uses and protects the information that You provide to Us.
This policy applies where we are acting as a data controller with respect to the personal data of our website visitors and service users; in other words, where we determine the purposes and means of the processing of that personal data.
**THIS POLICY DOES NOT APPLY TO THE DATA YOU SHARE WITH ESENDEX WHERE YOU ARE DATA CONTROLLER AND WE ARE THE DATA PROCESSOR. FOR INFORMATION ON HOW ESENDEX SECURES YOUR DATA AS A PROCESSOR PLEASE GO TO OUR PRIVACY STATEMENT**
Our website incorporates privacy controls which affect how we will process your personal data. By using the privacy controls, you can change your preference on receiving direct marketing communications from Us and limit other aspects of Our use of Your information. You can access the privacy controls via https://www2.esendex.co.uk/subscription-preferences.
Esendex is committed to protecting your data and preserving your privacy. This policy details how we will protect your information.
Esendex are a Data Controller and a Data Processor; this policy on applies to the data we control; for example, the data we collect from You to provide products and services.
For details on how we process data (the data You transfer to Us for sending communications), please see this page.
You can change your privacy settings within your account at any time using our privacy controls.
Information that we collect from you and how we use it
The General Data Protection Regulation sets out clear expectations on Data controllers to offer transparency around their data processing activities, this section details how we will use your data, how it is categorised and our legal basis for processing it.
Signup data
As part of our signup process we use a third party tool called Sift to assess the legitimacy of the signup information that is submitted by a user. We process a combination of Account data categories and Usage data categories to perform this analysis and make a decision on a user being able to access our platform and services based on the result we receive from Sift. In addition to Account and Usage data, Sift will also process hardware-based identifiers, device identifiers, information and metadata about the device. You can find the full privacy policy for Sift here: https://sift.com/service-privacy
We process this data for the purpose of protecting our services, systems, users and business from fraudulent and improper use. The legal basis for this processing is to take steps to enter into a contract at your request and our legitimate interests, namely to ensure the ongoing security of our website and services.
This section sets out the data that we collect from You to provide Our products and services. We have split the types of data into categories, detailed what we do with each category and our legal basis for processing Your information. The categories are:
Usage Data
When you visit, register or order products and services from our website, we will collect and process data about your use of our website and services will collect and process data about your use of our website and services (Usage Data), this data will include:
- Your IP address
- Your geographical location
- Your browser type and version
- Your computer’s operating system
- The referral source
- The length of your visit
- The website pages you view
- The website navigation paths, as well as details of timing, frequency and pattern of Your use of our service.
- Record Your interactions and engagements with our website, products and services
Usage data is collected using Google Analytics, Google Remarketing, Hotjar & SEMrush. The legal basis for this processing is our legitimate interests, which are monitoring and improving our website and services and the proper administration of Our website and business.
Information that is collected to provide a better experience when you visit our website and to provide Us with insights as to how You use Our website; where you are based; how you got to our website; how long you spend looking at it; what it is your looking at and how often you visit. We will also collect your IP address and browser details (type and version).
Account Data
If you have an Esendex account (including a free trial) We will process your data to manage your account (Account Data). Account data may include you or your employer’s name, respective email address and mobile telephone number. The account data will be sourced from either you or your employer. Account data will be processed for the following purposes:
- To provide our services to you, including free trials of our products
- The operation of our website
- To issue bills and statements for your use of our services
- To communicate with you, including for the purpose lead generation using segmentation criteria to send personalised messages
- To ensure the ongoing security of our website and services
- To maintain back-ups of our databases
The legal basis for this processing is the performance of a contract between you and us and/or to take steps to enter in to a contract at your request.
When You set up an account with Us (including a free trial), we will collect data so we can register You as an account holder for Our products and services. We will collect Your name, business address, email address and phone number. We will use this information to provide products, services (including free trials), operate our website, produce bills and statements to you, to maintain the security of our website and back ups of our databases. We will also use your account data to communicate with you and to generate sales leads, using segmentation Criteria.
Transaction Data
We will process information relating to transactions, including purchases of goods and services, that you enter into with us and/or through our website (Transaction Data). Transaction data may include:
- You or your employer’s contact details
- You or your employer’s card details and details of the transaction.
The transaction data will be processed for the purpose supplying the purchased products and services and for transactional records. The legal basis for this processing is the performance of a contract between you and us and/or to take steps to enter in to a contract at your request and our legitimate interests, namely our interest in the proper administration of our website and business.
We will process data to allow us to supply products and services to You, to process payments for You for Our products and services and keep records of transactions. This data may include You or Your employer’s contact details, which may form part of your Account Data and You or your employer’s payment card details.
Subscription Data
We will process contact information that you provide to us for the purpose of subscribing you to our email notifications and/or newsletters (Subscription Data). Subscription Data will be processed for the purposes of sending you relevant notifications and/or newsletters.
The legal basis for this processing is the performance of a contract between you and us and/or to take steps to enter in to a contract at your request.
We would like to keep you up to date with news at Esendex and will do so by processing your email address to send you newsletters and notifications
Other uses of Your Information
We may process any of the data categories identified in this policy where necessary to establish, exercise or in the defence of legal claims, whether they are in court proceedings or in an administrative or out-of- court process.
The legal basis for this processing is our legitimate interests, which are the protection and assertion of our legal rights, your legal rights and the legal rights of others.
We may process any of the data categories identified in this policy where necessary for the insurance cover purposes (either obtaining or maintaining), to manage risk, or to obtain professional advice.
The legal basis for this processing is our legitimate interests, namely the protection of our business against risks.
In addition to the specific purposes for which we may process any of the data categories set out in this section, we may also process any the data categories if processing is necessary to comply with a legal obligation, to protect your vital interests of you or another natural person.
We may also process any of the data categories in this policy for any aspect of legal claims, whether they are in court, out of court or administrative procedures.
We may process any of the data categories in this policy where necessary to obtain or maintain insurance cover, manage risks or obtain professional advice.
We may also process any the data categories to comply with a legal obligation that we are subject to, or to protect your vital interests or the vital interests of another natural person.
Information that we collect from you and how we use it
Data supplied to us for the purposes in this section should only be submitted by the data subject or with their knowledge and agreement to our processing activities. We are not liable for any harm, damage or infringement of the rights, freedoms and/or vital interests of any natural persons as a result of the necessary permissions not being obtaining before submitting personal data for processing. Please do not supply any other person’s personal data to us without their full understanding of our processing activities.
Any data you share with us is on the basis that You agree to Our processing activities. If you are submitting data on behalf of someone else, they must understand how we are going to use it and agree to our processing activities. We are not liable for any harm or damage caused by permission not being obtained from a data subject.
Information that we receive from other parties and how we use it
We may obtain data about you from other parties, including but not limited to, first and/or last name, business address, business email address, business phone number, employer, business role, professional title, and other similar information.
We process this information for the purpose of providing you with information about our products and services that may be of benefit. The legal basis for this processing is our legitimate interests, namely the marketing of our products and services and the further development of our business.
This information is provided to us by third party organisations such as:
Zoominfo (Zoominfo Privacy Policy). Zoominfo will provide Commify with your personal data to enable us to contact you about our products and services. You also have the right to obtain copies of the Data Processing Agreement between Us and Zoominfo, available here.
Should you wish to have your data removed from our databases, please contact us via our Secure web form
We sometimes obtain your information from third parties that you have either provided information to directly or they have obtained through other parties, and through information that is publicly available. We use this information to contact you about relevant products and services. You can ask us to delete your data processed for this purpose via our Secure web form
Disclosure of your information
The information you provide to us will be held on servers in an access controlled office environment determined by your location or on our servers located within UK data centres and will be shared with the third parties listed in this section.
Some of the third parties Esendex shares your data with are located outside of the EEA.
Esendex does not sell or share your information with third parties for the purpose of Direct Marketing.
Finally, if our business enters into a joint venture with or is sold to or merged with another business entity, your information may be disclosed to our new business partners or owners.
We may disclose your personal data to any member of our group of companies (this means our subsidiaries, sister brands, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.
We will disclose your personal data to our suppliers, for the necessary purposes detailed below and on the legal bases set out in this policy for each data category:
Docusign – ( Docusign Privacy Policy ) Account Data is shared with the supplier for the purpose of executing contractual agreements with Commify
eTrusted Shops ( eTrusted Privacy Notice)- Account data and transaction data is shared with the supplier for the purpose of receiving customer feedback and reviews of our products and services.
Feefo ( Feefo Privacy Policy) – Account data and transaction data is shared with the supplier for the purpose of receiving customer feedback and reviews of our products and services.
Google Adwords ( Google Services Privacy Policy) – Usage data and elements of Account Data (email address) is shared with the supplier for the purpose of advertisement retargeting based on website traffic data.
Google Analytics ( Google Services Privacy Policy) – Usage data is shared with the supplier for the purpose of providing web analytics of your use of our website.
Google Optimize ( Google Services Privacy Policy) – Usage data is shared with the supplier for the purpose of ensuring relevant content is displayed to the user.
Hotjar ( Hotjar Privacy Policy) – Account Data and Usage Data is shared with the supplier for the purposes of analysis of the online behaviour and voice of website users (through analysis and feedback tools)
Hubspot ( Hubspot Privacy Policy) – Account Data and Usage Data is shared with the supplier for the purposes of online form hosting, lead nurturing, bulk email, and marketing automation.
Ironscales ( Ironscales Privacy Policy ) When you email us, Account Data and email content will be shared with Ironscales for the purpose of phishing and fraud prevention. The legal basis for this processing is our legitimate interests, namely to ensure the ongoing security of our systems and data.
LinkedIn Sales Navigator ( LinkedIn Sales Navigator Privacy Policy) – Account Data is shared with the supplier for the purpose of delivering personalised lead recommendations and insights
LiveChat ( LiveChat Privacy Policy) – Account Data is shared with the supplier for the purpose of answering sales and customer support enquiries via our website.
Luminance ( Luminance Privacy Policy ) Account Data is shared with the supplier for the purpose of reviewing, analysing and storing contractual agreements with Commify
Pendo( Pendo Privacy Policy) – Usage data is shared with the supplier for the purpose of providing web analytics of your use of the website, and delivering relevant help content to users.
Salesforce ( Salesforce Privacy Policy) – Account Data and Transaction Data is shared with the supplier for the purposes of account management and support, marketing and analysis.
Sift ( Sift Privacy Policy) Used during our sign up process to assess the legitimacy of the information provided by the user. Account, usage and signup data categories are used to perform this analysis.
SoPro ( SoPro Privacy Policy) A digital marketing agent appointed to conduct marketing activity on our behalf; such activity may result in the compliant processing of personal information.
Sprout Video ( Sprout Video Privacy Policy) – Usage data is shared with the supplier for the purpose of providing analytics on Website video interactions.
WhatsApp / Meta (Meta Group Privacy Policy) – We may share your name and contact details with WhatsApp / Meta in order to communicate with you about our products and services. We will also share your account data with WhatsApp if you sign-up to use our WhatsApp messaging products and services, this is for the purpose of creating, managing and administering your WhatsApp for Business account.
YouTube ( Google Services Privacy Policy) – Usage data is shared with the supplier for the purpose of providing analytics on Website video interactions hosted on YouTube.
Zapier ( Zapier Privacy Policy) Account data is shared with the supplier for the purpose of allowing us to send Esendex SMS as part of automated workflows from Hubspot.
Zopim ( Zopim Privacy Policy) Account Data is shared with the supplier for the purpose of answering sales and customer support enquiries via our website.
We store your information in the UK and share your information with the third parties listed in this section. Some of our suppliers are based outside the EEA. We do not sell or share your information to any third parties for marketing purposes.
If we are merged or sold, your information may be shared with our new partners and we may also share your information with our group of companies if it is necessary for any of the purposes in this policy.
Payments
Financial transactions made on our website for our services are processed by our payment services providers . We will share your transaction data with our payment service providers for the purposes of processing your payments for our goods and services, to process refunds of payments where applicable and to handle complaints and queries relating to any payments and refunds processed. You can find the payment services providers’ privacy policies here: https://www.worldpay.com/uk/privacy-policy and https://www.sagepay.co.uk/policies/privacy-policy
Esendex use Payment Service Providers to process your payments for our goods and services and refunds where necessary. Transaction Data is shared with Payment Service Providers, you can find their privacy policies here: https://www.worldpay.com/uk/privacy-policy and https://www.sagepay.co.uk/policies/privacy-policy
Other disclosures We may make
In addition to the specific purposes for which we may process any of the data categories set out in this Section, we may also process any the data categories if processing is necessary for compliance with a legal obligation, or in order to protect the vital interests of you or another natural person. We may also disclose your personal data where such disclosure is necessary to establish, exercise or in the defence of legal claims, whether they are in court proceedings or in an administrative or out-of- court procedure.
We may disclose your personal data to our insurers and/or professional advisers for insurance cover purposes (either obtaining or maintaining), to manage risk, to obtain professional advice, or in defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
We may also disclose your data for insurance purposes, risk management, professional advice or any aspect of legal claims, whether they are in court, out of court or administrative procedures, where we are required to by law or to protect the vital interests of You or someone else.
Retaining and deleting personal data
This Section sets out our policy on the retention of Your data, this helps to ensure that we are compliant with our legal obligations for the retention and deletion of personal data.
Personal data that we process for any purpose or purposes will not be kept for longer than is necessary for that purpose or those purposes.
Due to the nature of Us performing an ongoing contract and service to You, it is not possible for us to specify in advance how long we will retain your personal data. As such, the period of retention will be determined based on the following criteria:
Account Data retention periods will be determined based on the continued performance of a contract between you and us. Free trial data will be deleted after 25 months.
Subscription Data retention periods will be determined based on the continued performance of a contract between you and us.
Transaction Data retention periods will be determined based on our legitimate interest in the proper administration of our website and business.
Usage Data retention periods will be determined based on our continued legitimate interest in the proper administration of our website and business and monitoring and improving our website and services.
Notwithstanding the other provisions of this section, we may retain your personal data where retention is necessary for compliance with a legal obligation to which we are subject, or to protect the vital interests of you or another natural person.
Esendex will only retain your data for as long as we need it. This is determined by the ongoing relationship between You and Us. Because the length of retention is dependent on how long You have a contract with Us, we cannot give pre-defined retention periods for Your data. Our retention will be based on the performance of a contract between You and Us, our Legitimate Interests in the proper administration of our website and business and monitoring and improving our website.
We may also retain your data where we have a legal obligation to do so or to protect the vital interests of You or someone else.
Amendments
We may update this policy from time to time by publishing a new version on our website.
You should check this page occasionally to ensure you are happy with any changes to this policy.
We may notify you of changes to this policy by email or through notification via our web application (Echo).
Updates to this policy will be published on this page, we may also notify you via Echo.
Your rights
In this Section, we provide a summary the rights that you have under data protection law. Not all of the details have been included here and if you need further clarity, you should seek guidance from the regulatory bodies for full information on these rights. Esendex provides products and services to business customers exclusively, therefore some of the rights listed below may not be applicable to the data we hold
Your principal rights under data protection law are:
As some of the information You submit to Us will be classified as Personal Data, you have certain rights under the GDPR, which we will summarise in this section. Please note that as we are a business to business communications provider, some of the rights in this section may not apply to Your data. For further information on Your rights, please read the GDPR guidance issued by the ICO or seek legal advice.
Your rights are:
The right to access
You have the right to request confirmation from us as to whether we process your personal data and if we do, you may request access to your data, together with applicable additional information related to it. The additional information will include details of the processing purpose(s), personal data categories that we process and any recipients of the your personal data. As long as the rights and freedoms of others are not affected, we will provide a copy of your personal data to you.
The first copy will be provided free of charge, subsequent copies may be subject to a reasonable fee. You can access your Account and Transaction Data by visiting https://login.esendex.com/ and logging into Your Account.
You have the right to know if we hold your personal data and any additional information relating We hold that relates to it.
Requests for this information can be made via our secure web form, the first copy of this information will be free of charge, a reasonable fee will be charged for further copies.
You can view Your Account Data and Transaction Data by visiting: https://login.esendex.com/ and logging in to Your account.
The right to rectification
This provides the right to have any inaccurate personal data about you rectified and, subject to the consideration of the purposes of processing, to have any incomplete personal data about we hold about you completed.
Any inaccurate or incomplete data We hold can be rectified either via your account by visiting: https://login.esendex.com/ and logging in to your account, or can be raised with your account manager.
The right to erasure
In certain circumstances you will have the right to request the erasure of your personal data. Those circumstances include:
- The personal data we hold is no longer necessary to the purposes for which it was collected or processed;
- You want to withdraw consent to any consent-based processing;
- You object to the processing of your data under applicable rules of data protection law;
- The processing is for direct marketing;
- The personal data that we hold has been processed unlawfully.
There are exclusions on the right to erasure. General exclusions include where processing is necessary for the following purposes:
- To exercise the right of freedom of expression and information;
- For compliance with a legal obligation; or
- To establish, exercise or in defence of legal claims.
You have the right under the GDPR to request that Your data is erased, if for example:
- We no longer need to data for the reason we collected it;
- You withdraw consent;
- You don’t want us to process Your data;
- We are using your data for direct marketing;
- We have unlawfully processed Your personal data.
Exclusions to this right are also detailed in the GDPR, this means that we do not have to erase your data if the processing is necessary for exercising rights of freedom of expression and information, so we can comply with a legal obligation and for all aspects of any type of legal claim.
The right to restrict processing
In certain circumstances you have the right to restrict processing of your personal data. Circumstances that would apply are:
- You dispute the accuracy of the personal data we hold;
- The data has been processed unlawfully, but you do not want us to erase the data;
- We no longer need to process personal data for the purposes that we collected it for, but you require personal data to establish, exercise or in defence of legal claims; and
- You object to processing and we are in the process of verifying that objection.
Where processing has been restricted for one of the above reasons, we may still store your personal data. We will only process it:
- If we have your consent to do so;
- To establish, exercise or in the defence of legal claims
- To the protect of the rights of another natural or legal person
- For reasons of important public interest.
You have the right to restrict the processing of your personal data if:
- Data is inaccurate
- Processing is unlawful but you don’t want us to erase it;
- We no longer need the personal data for processing, but you require it for any aspect of a legal claims
- You have objected to processing, and we are verifying Your objection.
Where processing has been restricted, we may continue to store your personal data, but we will only otherwise process it:
- With your consent;
- For any aspect of a legal claim
- For reasons of important public interest
The right to object to processing
You have the right to object to us processing your personal data on grounds that relate to your situation, however this is limited to the extent that legal basis for the processing is necessary for:
- the performance of a task carried out in public interests or in the exercise of any official authority vested in us; or
- the purposes of the legitimate interests, either ours us or by a third party.
If you do object to our processing, we will cease our processing activities of your personal information, unless we are able to demonstrate compelling legitimate reasons for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes).
You can unsubscribe from direct marketing by clicking the unsubscribe link in Our marketing emails, or by visiting https://www2.esendex.co.uk/subscription-preferences and selecting ‘Unsubscribe’ from all’.
You may object to us processing your data on grounds related to your own circumstances, but only if the legal basis for the processing is:
- to perform a task which is carried out in public interest or to exercise any official authority we have;
- for the purpose of either our legitimate interests or the legitimate interest of a third party.
If you do object to processing, we will stop our processing activities, unless legitimate reasons for processing are deemed to override your interests, rights and freedoms, or the processing is for any aspect of a legal claim.
You can object to us using your personal data for direct marketing and profiling for direct marketing.
You can unsubscribe from direct marketing via the unsubscribe link in our marketing emails, or by visiting https://www2.esendex.co.uk/subscription-preferences and selecting ‘Unsubscribe from all’.
The right to data portability
To the extent that the legal basis for our processing of your personal data is:
- consent; or
- that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract
and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
If the legal basis for us processing your data is either consent or the performance of a contract between you and us, including taking steps to enter into one and this processing is automated, you have the right to receive your personal data from us in a format that is commonly used, machine readable and structured. This right does not apply where it would affect the rights and freedoms of others.
The right to complain to a supervisory authority
If you believe our processing of your personal information constitutes an infringement of data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in either the EU member state of your residence, your place of work or the place of the alleged infringement.
Esendex is headquartered in the United Kingdom, the data protection authority responsible for the United Kingdom is:
Information Commissioner’s Office (ICO):
www.ico.org.uk
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113
Fax: 01625 524 510
If you have a complaint about the way we have processed your data, you may contact the Data Protection Authority either in your own country, or the country where the processing was undertaken
Esendex processes your data in the United Kingdom, the responsible data protection authority is the Information Commissioner’s Office (ICO): www.ico.org.uk
Consent
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
You may exercise any of your rights in relation to your personal data by written notice to us using our Secure web form.
Where we use consent as our lawful basis for processing Your data, you may withdraw it at any time. Processing before consent is withdrawn will remain lawful.
You can withdraw consent or make any other request related to your rights by filling in our Secure web form