top of page
Channel Chaser

Privacy Policy

Version: 1.2
Last Updated: 19/11/2025
Operated by: Cairncom Communications Ltd (United Kingdom)
Contactpolicy@cairncoms.co.uk

1. Introduction

Cairncom Communications Ltd (“Channel Chaser”, “we”, “us”, “our”) is committed to protecting the privacy and personal data of our users, customers, and partners.

This Privacy Policy explains:

  • What data we collect

  • How we use it

  • How we share it

  • How we protect it

  • Your rights under applicable privacy laws

This policy is designed to meet:

  • UK GDPR

  • EU GDPR

  • Data Protection Act 2018

  • CCPA/CPRA (Business-to-Business provisions, where applicable)

This Privacy Policy applies to:

  • Users of the Channel Chaser SaaS platform

  • Business contacts stored or processed through CRM integrations

  • Reseller contacts used for workflow automation

  • Visitors to our website

  • Individuals contacting us via email or support tools

This Privacy Policy forms part of our Terms of Service.

2. Who We Are

Cairncom Communications Ltd
Registered in: United Kingdom
Email: policy@cairncoms.co.uk

We act as:

  • Data Processor for customer CRM and reseller contact data processed through the Channel Chaser platform.

  • Data Controller for our website, analytics, and operational data (e.g., account management, billing, marketing).

  • Service Provider under CCPA/CPRA for US-based customers.

For users located in the European Union, this Privacy Policy is governed by the laws of Ireland, consistent with our Terms of Service.

3. Personal Data We Collect

We process business-related personal data only. We do not intentionally process sensitive or special category data.

3.1 User Account Data

  • Name

  • Business email address

  • Job role

  • Authentication data (password hash or OAuth token)

3.2 CRM & Reseller Contact Data

Imported through CRM integrations or spreadsheet uploads, including:

  • Contact name

  • Business email address

  • Reseller organisation details

  • Deal notes & updates

  • Partner communication metadata

Additionally, where reseller updates are submitted via email, we process the email content and body text solely for the purpose of extracting and standardising deal-related information.

Customers must ensure they have lawful authority to upload or sync this data.

3.3 Automatically Collected Metadata

  • IP address

  • Device type

  • Browser version

  • Usage logs

  • API request traces

  • Login attempts

3.4 Communications & Support Data

When you contact us:

  • Emails (processed via Microsoft Office 365 Outlook)

  • Attachments

  • Support messages

  • Notes added by our support team

  • Internal support ticket threads

4. How We Use Personal Data
4.1 Service Provision

  • Operating the Channel Chaser platform

  • Managing user accounts

  • Enabling CRM synchronisation and automated workflows

4.2 Communication

  • Responding to support requests

  • Sending service updates, notices, and transactional emails

  • Troubleshooting and incident follow-up

Microsoft Office 365 is used for email processing and related internal communication.

4.3 Analytics & Product Improvement

  • Understanding usage patterns

  • Improving product features and user experience

  • Identifying technical issues and service performance trends

4.4 Security & Fraud Prevention

  • Monitoring logs for suspicious activity

  • Detecting anomalies and potential abuse

  • Preventing unauthorised access and protecting data integrity

4.5 Marketing (Consent-Based)

  • Sending marketing emails to EU/UK users only when consent is given

  • B2B outreach based on legitimate interests in other regions (where permitted)

5. Legal Bases for Processing (GDPR)
5.1 Contract (Article 6(1)(b))

Necessary to deliver the Channel Chaser service, including setting up accounts, providing access, and maintaining functionality.

5.2 Legitimate Interests (Article 6(1)(f))

We rely on legitimate interests for:

  • Product analytics and platform improvement

  • Security monitoring and fraud prevention

  • B2B communication with existing or prospective customers

  • Internal reporting and service optimisation

5.3 Consent (Article 6(1)(a))

We rely on consent for:

  • Non-essential cookies and similar technologies (in the UK/EU)

  • Marketing emails to EU/UK individuals

6. How We Share Your Data

We share data only with trusted service providers necessary to deliver our service. We do not sell personal data.

6.1 Sub-Processors (Service Providers)

Your data may be processed by the following types of providers:

  • Wix – platform hosting, infrastructure, and database storage

  • HubSpot – optional CRM integration (when connected by the customer)

  • Zoho – optional CRM integration (when connected by the customer)

  • Microsoft Office 365 – email, document storage, and support-related communication

  • Analytics & monitoring tools – where applicable and, for non-essential analytics, only with appropriate consent

Personal data shared with Microsoft Office 365 may include user emails, names, summary information from CRM integrations included in customer email threads, and support files voluntarily provided.

A current list of key Sub-Processors is maintained in our public Sub-Processor Register.

7. International Data Transfers

Where we or our Sub-Processors transfer data outside the UK/EU (for example, to the US), we rely on appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs)

  • UK International Data Transfer Addendum

  • Transfer Impact Assessments

  • Vendor-specific data protection addenda and security certifications

Microsoft Office 365 and other key providers comply with GDPR through comprehensive data protection agreements.

8. Data Security

We implement industry-standard technical and organisational security measures, including:

8.1 Technical Controls

  • Encryption in transit (TLS 1.2+)

  • Encryption at rest (e.g., AES-256)

  • Role-based access control and least-privilege permissions

  • Multi-factor authentication (MFA) on admin accounts

  • Audit logging of key security events

  • API rate limiting and access monitoring

8.2 Organisational Controls

  • Staff training on data protection and information security

  • Access control policies and periodic access reviews

  • Vendor due diligence and contract reviews

  • Annual policy reviews and risk assessments

  • Incident Response Plan and documented escalation procedures

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy, or as required by law.

General retention rules include:

  • User account data: for the duration of the subscription and a short period thereafter.

  • CRM data: as long as the integration and customer account remain active.

  • Backups: typically a 90-day lifecycle.

  • Support emails (Office 365): up to 24 months, unless longer retention is required for legal reasons.

  • Logs and technical metadata: around 90 days, unless needed for security or investigations.

More detailed retention information may be set out in internal schedules and can be provided on request, where appropriate.

10. Your Privacy Rights

Your rights depend on your jurisdiction. They may include:

10.1 GDPR / UK GDPR Rights

  • Right of access – to know whether we process your data and obtain a copy.

  • Right to rectification – to correct inaccurate or incomplete data.

  • Right to erasure – to request deletion in certain circumstances.

  • Right to restriction of processing – to limit how we use your data in certain cases.

  • Right to data portability – to receive your data in a structured, commonly used, machine-readable format.

  • Right to object – to certain processing based on legitimate interests or direct marketing.

  • Right to withdraw consent – where processing is based on consent.

10.2 CCPA/CPRA Rights (for California Residents)

  • Right to know what categories of personal information we collect and how we use it.

  • Right to request deletion of personal information, subject to exceptions.

  • Right to correct inaccurate personal information.

  • Right to opt-out of sale or sharing of personal information (we do not sell personal information).

  • Right to non-discrimination for exercising privacy rights.

Requests can be submitted to: policy@cairncoms.co.uk

11. Data Breach Notifications

We will notify affected customers without undue delay if we become aware of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals.

Where applicable, we will also notify relevant Sub-Processors and work with customers to support regulatory reporting. As Controller, the customer remains responsible for notifying affected individuals unless otherwise agreed.

12. Children’s Data

Channel Chaser does not knowingly collect or process data of children under:

  • 16 years of age in the EU/UK; or

  • 13 years of age in the United States.

Customers should not upload or sync data relating to children into the Channel Chaser platform.

13. Cookies & Tracking Technologies

Our use of cookies and similar technologies is described in detail in our Cookie Policy.

In summary, we use:

  • Strictly necessary cookies for security, login, and core functionality.

  • Functional cookies to remember preferences (where applicable).

  • Analytics cookies to understand usage and improve the platform (consent-based where required).

  • Marketing cookies only if and when campaigns or integrations require them, and only with appropriate consent.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Channel Chaser service.

When updates are material, we will notify customers via email or prominent notice on our website. The “Last Updated” date at the top of this page indicates when the Policy was last revised.

15. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, you can contact:

Data Protection Officer
Cairncom Communications Ltd
Email: policy@cairncoms.co.uk

bottom of page