top of page
Channel Chaser

GDPR & CCPA/CPRA Compliance Summary

Last Updated: 19/11/2025
Trading Name: Channel Chaser (Cairncom Communications Ltd)
Legal Contact Emailpolicy@cairncoms.co.uk

1. Introduction

This summary explains Channel Chaser’s compliance with major privacy regulations including the UK General Data Protection Regulation (UK GDPR), the EU GDPR (where applicable), and the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA).

Channel Chaser is designed to process business-to-business (B2B) data for channel and reseller workflow automation. We do not collect or process sensitive data categories or children’s data.

2. Our Role Under GDPR & CCPA/CPRA
2.1 Under GDPR

  • Data Processor: For customer CRM data, reseller contact information, deal records, and workflow data.

  • Data Controller: For platform analytics, website data, and internal operational logs.

2.2 Under CCPA/CPRA

  • Service Provider: Processing personal information on behalf of business customers.

  • We do not “sell” or “share” personal information as defined under CCPA/CPRA.

  • We do not use data for cross-context behavioural advertising.

3. Categories of Data Processed

  • User account details (name, business email, job role)

  • CRM data (contacts, organisation details, deal information)

  • Reseller contact data

  • Technical metadata (IP address, logs, device information)

  • Support data (emails, attachments, communications)

No sensitive personal data (GDPR Art. 9) or children’s data is collected.

4. Lawful Bases for Processing (GDPR)

  • Contract — to provide the Channel Chaser service to customers.

  • Legitimate Interests — to secure, maintain, and improve the platform.

  • Consent — for marketing communications and non-essential UK/EU cookies.

  • Legal Obligation — compliance with regulatory or legal requirements.

5. Data Subject / Consumer Rights
5.1 GDPR Rights

  • Right of access

  • Right to rectification

  • Right to erasure

  • Right to restriction

  • Right to data portability

  • Right to object

  • Right to withdraw consent

5.2 CCPA/CPRA Rights

  • Right to know (categories and specific pieces of personal information)

  • Right to delete

  • Right to correct inaccuracies

  • Right to opt-out of sale/share (not applicable — we do not sell/share data)

  • Right to non-discrimination for exercising rights

Requests may be submitted via the customer (Controller / Business) or directly to: policy@cairncoms.co.uk.

6. Technical & Organisational Measures (TOMs)

Channel Chaser implements security measures aligned with GDPR Art. 32, including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256 or equivalent)

  • Multi-Factor Authentication (MFA) on privileged access

  • Role-Based Access Control (RBAC)

  • Least-privilege principles for all users

  • Security monitoring, logging, and alerting

  • Secure development lifecycle (OWASP-aligned)

  • Annual penetration testing

7. Sub-Processors & Third Parties

We use trusted and security-vetted Sub-Processors to deliver the Channel Chaser service:

  • Wix — platform hosting & infrastructure

  • Microsoft Office 365 — support, email, document handling

  • CRM systems (HubSpot, Zoho) — only when customers connect them

All Sub-Processors are contractually bound by GDPR & CCPA/CPRA-equivalent controls. A full Sub-Processor Register is available upon request.

8. International Data Transfers

Where data is transferred outside the UK/EU, Channel Chaser uses:

  • Standard Contractual Clauses (SCCs)

  • UK Addendum to the SCCs

  • Vendor security certifications

  • Contractual assurances and audit rights

  • Encryption and strict access controls

9. Data Retention

Channel Chaser retains data only for as long as necessary and according to our Data Retention Schedule:

  • Account data → retained for subscription duration + 30 days

  • Backups → retained for 90 days

  • Support communications → retained for up to 24 months

10. Children’s Data

Channel Chaser does not knowingly collect or process the personal data of children under 16 (EU/UK) or under 13 (US). Customers must not upload or process children's data within the platform.

11. Audits, Reviews & Governance

Channel Chaser maintains governance processes including:

  • Annual internal compliance audit

  • Quarterly access & vendor reviews

  • Annual policy reviews & updates

  • Incident Response & BCDR testing

12. Contact

For GDPR/CCPA/CPRA enquiries, please contact:

Data Protection Officer
Cairncom Communications Ltd
Email: policy@cairncoms.co.uk

bottom of page