top of page
Channel Chaser

Data Handling Policy

Last Updated: 19/1102025
Trading Name: Channel Chaser, operated by Cairncom Communications Ltd
Registered Address: Clyde Offices, 2nd Floor, 48 West George Street, Glasgow, G2 1BP, United Kingdom
Legal Contact Emailpolicy@cairncoms.co.uk

1. Introduction

This Data Handling Policy describes how Cairncom Communications Ltd (“Channel Chaser”, “we”, “us”, “our”) collects, uses, stores, shares, and protects personal data when providing the Channel Chaser SaaS platform. It should be read alongside our Privacy Policy and Data Processing Agreement (DPA).

This policy is designed to comply with:

  • UK General Data Protection Regulation (“UK GDPR”)

  • EU General Data Protection Regulation (“EU GDPR”), where applicable

  • Data Protection Act 2018

  • CCPA / CPRA (California), where applicable

It applies to all users of the Channel Chaser platform, employees of customers, reseller and partner contacts processed via supported CRM integrations, and any individual whose personal data is processed through or uploaded into Channel Chaser.

2. Scope of Processing

Channel Chaser processes business-related personal data for the following purposes:

  • Automating deal and opportunity updates

  • Synchronising CRM data between systems

  • Supporting reseller and channel workflows

  • Providing analytics and usage reporting

  • Delivering customer support

  • Maintaining and improving platform performance and security

We do not intentionally process special category data (e.g. health, religion, biometrics), children’s data, or financial cardholder data within the Channel Chaser platform. Customers are contractually prohibited from uploading such data.

3. Types of Data We Process
3.1 User Account Data

To create and manage user accounts, we process:

  • Name

  • Business email address

  • Job title or role

  • Authentication data (such as hashed passwords or OAuth tokens)

3.2 CRM & Reseller Contact Data

When you connect supported CRM platforms (such as HubSpot or Zoho) or upload spreadsheets, we process:

  • Contact and reseller names

  • Business email addresses

  • Organisation or reseller details

  • Deal and opportunity details (values, stages, statuses, timestamps)

  • Deal notes and comments relating to partner activities

3.3 Automatically Collected Metadata

The platform generates and logs technical metadata, including:

  • IP address

  • Browser and device information

  • Usage and activity logs

  • API request metadata

  • Authentication, access, and error logs

3.4 Support & Communication Data

When you contact us for support or general enquiries, we process:

  • Emails and message content

  • Attachments, screenshots, or files you choose to provide

  • Internal support notes relating to your requests

These communications are handled primarily through Microsoft Office 365 (Outlook, OneDrive, SharePoint) and internal tooling.

4. Data Sources

We receive personal data from the following sources:

  • Directly from users – account creation, configuration, and data entry.

  • From CRM integrations – when you authorise Channel Chaser to connect to your CRM.

  • From spreadsheets and uploads – file imports you perform into the platform.

  • From support channels – email, web forms, and other communications.

  • Automatically – via system logs and analytics.

5. Purposes of Processing

We process personal data for the following purposes:

  • To provision, operate, and maintain the Channel Chaser platform

  • To deliver reseller and CRM automation workflows

  • To integrate with CRM systems as configured by customers

  • To monitor platform performance and ensure security

  • To provide technical support and respond to enquiries

  • To analyse product usage and improve our services (on an aggregated or pseudonymised basis where possible)

  • To communicate with existing customers for business-related updates

We do not use your data for automated decision-making that produces legal or similarly significant effects, and we do not use your data to train general-purpose AI models.

6. Legal Bases for Processing (GDPR)

Depending on the context in which data is processed, we rely on the following legal bases:

  • Contract – where processing is necessary to provide the Channel Chaser service you subscribe to.

  • Legitimate Interests – such as improving our services, ensuring security, and communicating with existing business customers.

  • Consent – for certain marketing communications and non-essential cookies in the UK/EU.

  • Legal Obligations – where we are required to retain or disclose data under applicable law.

7. Data Sharing & Third Parties

Channel Chaser does not sell personal data. We only share personal data with trusted third parties where necessary to deliver the service or where you explicitly authorise the sharing via configured integrations.

7.1 Sub-Processors

We use carefully selected Sub-Processors, including:

  • Wix – primary hosting and infrastructure provider for the Channel Chaser application.

  • Microsoft Office 365 – email (Outlook) and document storage/collaboration (OneDrive/SharePoint), used for customer support, internal collaboration, and handling customer attachments.

  • CRM Platforms (e.g. HubSpot, Zoho) – only when you choose to connect your CRM account.

A complete and current list of Sub-Processors is available in our Sub-Processor Register and can be provided on request.

7.2 Customer-Authorised Integrations

Data may be shared with other systems only when you explicitly configure an integration. You remain in control of:

  • Which integrations are enabled

  • Which data flows into and out of Channel Chaser

  • The configuration and permissions of your connected CRM systems

8. International Data Transfers

Some of our Sub-Processors may process personal data outside the UK or EU, for example in the United States. Where such transfers occur, we ensure appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs)

  • UK Addendum to the SCCs, where applicable

  • Vendor Data Processing Agreements and security certifications

  • Technical protections such as encryption and access controls

9. Security Measures

We implement appropriate technical and organisational measures to protect personal data from unauthorised access, loss, misuse, or alteration, including:

  • Encryption in transit (TLS 1.2+)

  • Encryption at rest (AES-256 or equivalent)

  • Role-Based Access Control and least-privilege access

  • MFA on administrative and privileged accounts

  • Logging and monitoring of key systems and activities

  • Secure development lifecycle practices aligned with OWASP

  • Documented Incident Response and Business Continuity plans

10. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy or as required by law. In general:

  • User and account data is retained for the duration of the subscription plus a short period (e.g. 30 days) after termination.

  • CRM and reseller data is retained only while relevant to the use of the platform and configured integrations.

  • Backups containing personal data are retained for up to 90 days before being securely overwritten.

  • Support communications may be retained for up to 24 months for audit, training, and dispute resolution.

Additional detail is available in our Data Retention & Destruction Schedule.

11. Customer Responsibilities

In most cases, you are the Data Controller for the personal data you upload or sync into Channel Chaser. As Controller, you are responsible for:

  • Ensuring you have a lawful basis for processing personal data in your CRM and within Channel Chaser.

  • Providing appropriate privacy notices to your contacts and resellers.

  • Not uploading special category or children’s data into Channel Chaser.

  • Managing user access and permissions within your organisation.

12. Data Subject Rights

We support our customers in responding to data subject requests, including:

  • Access to personal data

  • Correction of inaccurate information

  • Deletion of personal data (where applicable)

  • Restriction or objection to certain processing

  • Data portability

If you are an end user or contact of one of our customers, please contact them directly in the first instance. If you contact us, we may forward your request to the relevant customer (Controller) where appropriate.

13. Data Breaches & Incident Response

If we become aware of a personal data breach affecting data processed on your behalf, we will notify you without undue delay and provide information to help you meet any legal obligations you may have (for example, under GDPR or CCPA/CPRA).

Our Incident Response Plan covers detection, containment, investigation, remediation, communication, and post-incident review, including coordination with Sub-Processors such as Wix and Microsoft Office 365 where required.

14. Policy Updates

We may update this Data Handling Policy from time to time to reflect changes in our services, legal requirements, or industry best practices. When we make material changes, we will notify customers via the platform or by email and update the “Last Updated” date at the top of this page.

15. Contact

If you have any questions about this Data Handling Policy or how we process personal data, please contact:

Data Protection Officer
Cairncom Communications Ltd
Email: policy@cairncoms.co.uk

bottom of page