SaleCycle is a Data Processor that processes personal data on behalf of our clients as part of the services that we offer. We take our obligations to protect your privacy seriously. This privacy notice applies to the processing of information that we do on behalf of our clients. For any processing that relates to us as a Data Controller, e.g. via our website then please see our Website Privacy Notice.
This privacy notice explains what information we collect, how we use it, and how you can control your privacy settings.
We use data centres and cloud-based data storage based within the EU and the UK and ensure we have appropriate contractual controls in place with our suppliers and conduct due diligence upon their security controls. In addition, we maintain our own security controls in accordance with ISO/IEC 27001:2013 security standards.
The information we collect varies from client to client depending on the setup of our services. Therefore, at the request of our clients we may capture additional information. To understand this fully, we recommend you get in touch with the Data Controller directly.
It is also possible that through our services we may be able to determine additional personal data, including special category data, however this is rare and where identified we work with our clients to implement additional safeguards.
We may also receive your data directly from our clients in order to manage our services, for example unsubscribe records.
We use your information to:
Please note that we do not use the personal information collected for our own purposes. We only use it as instructed by our clients to provide our services. Our clients are the “Data Controllers” in relation to the personal information collected and used via our service. Please see the privacy notice of our clients whose websites you have visited to find more information about how they will use your personal information.
We may use aggregated anonymous non-personal (statistical) information for reporting purposes to demonstrate the value of our services, to monitor and present the effectiveness of our services and to detect anomalies in the data we receive from our clients’ websites.
We do not sell or otherwise disclose personal data collected, except as described. You can find a list of our sub-processors that we use to deliver our services here. We require all sub-processors to have sufficient technical and organisation measures to ensure the security of all information they process on our behalf.
We may transfer your personal data outside of the European Union to our sub-processors, but where we do so, we ensure this is done in compliance with GDPR restrictions and with a sufficient level of protection.
We have in place appropriate policies, rules, and technical and organisational measures to protect your personal data from unauthorised or unlawful processing, and against accidental loss, destruction or damage.
We also have procedures in place to deal with any data security breach. We will notify our clients and any applicable regulator of a data security breach where we are legally required to do so. Our clients, as Data Controllers, are responsible for notifying you of any breaches.
Your personal data will be kept as long as necessary, as defined by our clients in our contractual agreements with them.
Our clients are contractually bound to ensure that they obtain a sufficient lawful basis for the processing of your personal data.
SaleCycle operates on the lawful basis they determine as Data Controller. Where SaleCycle as a Data Processor identifies any potential breach of legislation or regulation in relation to lawful basis, we are obliged to inform the Data Controller of such breaches.
You can withdraw your consent for the processing of the information referred to above by activating the settings on your browser that allow you to refuse the setting of all or some cookies or similar technologies.
Our clients may control the setting of cookies upon your device through their own cookie management platforms. However, if you use your browser settings to block all cookies or similar technologies (including essential cookies) you may not be able to access all or parts of our client’s website.
You can also choose to opt-out from receiving the types of communications referred to above, by following the ‘unsubscribe’ link in each such communication.
Should you wish to exercise your rights under GDPR then you should contact our client as Data Controller and under our obligations to our client, we will implement appropriate processes to assist our clients in the response to your rights request.
If you wish to raise a complaint in respect of the personal data that we process on behalf of our client then again this should be raised with our client as the Data Controller and under our obligations to them we will assist our client in respect of any complaint or query raised.
For information, our HQ is in the United Kingdom and our independent data regulator is the Information Commissioners Office. We also have an office in Paris, France where the independent data regulator is CNIL.
If you have any questions or concerns about this privacy notice, please contact us at:
Registered Company Number: 07148309
Registered Office Address: Office 2.01, PROTO Building, Baltic Business Quarter, Abbotts Hill, Gateshead, Tyne and Wear, NE8 3DF
For more information, please contact [email protected].
This Service Privacy Notice was last updated on 30 November 2023