We are Commify UK Limited (“Commify”, “us”, “we”, “our”). Please see the “Sharing your Personal Data” section for more information relating to entities within the Commify group Structure. We are a limited company registered in England and Wales under registration number 04217280 and we have our registered office at 20 Wollaton Street, Nottingham, NG1 5FW. We are registered with the UK supervisory authority, Information Commissioner’s Office (“ICO”), in relation to our processing of Personal Data under registration number Z5483210..

Commify is committed to protecting your data and preserving your privacy. This policy details how we will protect your information.

Commify is a Controller and a Processor of Personal Data; This Privacy Policy only applies to data we control; for example, the data we collect from you to provide you with products and services.

If you are a Californian resident, please review the section of this Privacy Policy for Californian Residents. 

If you are a resident of Australia, please review the section of this Privacy Policy for Australian Residents.

For more information on how We process data (data that You transfer to Us for sending communications), please see this page.

You can change your user subscription preference here.

We are in the business of providing business messaging services. We work with a large portfolio of companies helping them to transform their mobile communications with their customers and staff. We provide SMS, voice, web, IP/OTT, including RCS and WhatsApp, email and intelligent multichannel services both on a self-serve basis and as tailored solutions for more complex needs through our portfolio of messaging brands. 

We are committed to protecting the privacy and security of the Personal Data we process about you.

Unless we notify you otherwise, such as below, we are the controller of the Personal Data we process about you. This means that we decide what Personal Data to collect and how to process it.

Processor

Who this Privacy Policy applies to

What is Personal Data

‘Personal Data’ means any information from which someone can be identified by either directly or indirectly. For example, you can be identified by your name or an online identifier.

The type of Personal Data we collect about you will depend on our relationship with you. 

We collect most of the Personal Data directly from you via our website and your interactions with it. 

However, we may also collect your Personal Data from third parties such as:

Zoominfo (Zoominfo Privacy Policy). Zoominfo will provide Commify with your Personal Data to enable us to contact you about our products and services. You also have the right to obtain copies of the Data Processing Agreement between Us and Zoominfo, available here.

Purposes and lawful bases 

We will only use your Personal Data when the law allows. Most commonly, we will use your Personal Data in the following circumstances:

This section sets out the data We collect from you to provide our products and services. We have divided the types of data into categories of individuals, detailing what Personal Data we process relating to each category and our lawful basis for processing your information.

Please note that where your Personal Data is processed because it is necessary for the performance of a contract to which you are a party, we will be unable to provide our services without the required information.

We may also disclose your information to third parties in connection with other purposes set out in this policy. These third parties may include:

Auth0/Okta- (Auth0/Okta Privacy Policy) Account Data and Usage Data is shared with the supplier for the purpose of securing and authenticating user accounts. 

CrazyEgg – (CrazyEgg Privacy Policy) Account Data and Usage Data is shared with the supplier for the purposes of analysis of the online behaviour and voice of website users (through analysis and feedback tools)

Docusign – ( Docusign Privacy Policy ) Account Data is shared with the supplier for the purpose of executing contractual agreements with Commify 

eTrusted Shops ( eTrusted Privacy Notice) – Account data and transaction data is shared with the supplier for the purpose of receiving customer feedback and reviews of our products and services.

Feefo ( Feefo Privacy Policy) – Account data and transaction data is shared with the supplier for the purpose of receiving customer feedback and reviews of our products and services.

Google Adwords ( Google Services Privacy Policy) – Usage data and elements of Account Data (email address) is shared with the supplier for the purpose of advertisement retargeting based on website traffic data.

Google Analytics ( Google Services Privacy Policy) – Usage data is shared with the supplier for the purpose of providing web analytics of your use of our website.

Google Optimize ( Google Services Privacy Policy) – Usage data is shared with the supplier for the purpose of ensuring relevant content is displayed to the user.

Hubspot ( Hubspot Privacy Policy) – Account Data and Usage Data is shared with the supplier for the purposes of online form hosting, lead nurturing, bulk email, and marketing automation.

Ironscales ( Ironscales Privacy Policy ) When you email us, Account Data and email content will be shared with Ironscales for the purpose of phishing and fraud prevention. The lawful basis for this processing is our legitimate interests, namely to ensure the ongoing security of our systems and data.

LinkedIn Sales Navigator ( LinkedIn Sales Navigator Privacy Policy) – Account Data is shared with the supplier for the purpose of delivering personalised lead recommendations and insights

LiveChat ( LiveChat Privacy Policy) – Account Data is shared with the supplier for the purpose of answering sales and customer support enquiries via our website.

Luminance ( Luminance Privacy Policy ) Account Data is shared with the supplier for the purpose of reviewing, analysing and storing contractual agreements with Commify

Pendo ( Pendo Privacy Policy) – Usage data is shared with the supplier for the purpose of providing web analytics of your use of the website, and delivering relevant help content to users.

Salesforce ( Salesforce Privacy Policy) – Account Data and Transaction Data is shared with the supplier for the purposes of account management and support, marketing and analysis.

Sift ( Sift Privacy Policy) Used during our sign up process to assess the legitimacy of the information provided by the user. Account, usage and signup data categories are used to perform this analysis.

SoPro ( SoPro Privacy Policy) A digital marketing agent appointed to conduct marketing activity on our behalf; such activity may result in the compliant processing of personal information.

Sprout Video ( Sprout Video Privacy Policy) – Usage data is shared with the supplier for the purpose of providing analytics on website video interactions.Stripe – (Stripe Privacy Policy)  We will share your transaction data with our payment service provider for the purposes of processing your payments for our goods and services, to process refunds of payments where applicable and to handle complaints and queries relating to any payments and refunds processed.

WhatsApp / Meta (Meta Group Privacy Policy) – We may share your name and contact details with WhatsApp / Meta in order to communicate with you about our products and services. We will also share your account data with WhatsApp if you sign-up to use our WhatsApp messaging products and services, this is for the purpose of creating, managing and administering your WhatsApp for Business account.

YouTube ( Google Services Privacy Policy) – Usage data is shared with the supplier for the purpose of providing analytics on website video interactions hosted on YouTube.

Zapier ( Zapier Privacy Policy) Account data is shared with the supplier for the purpose of allowing us to send Esendex SMS as part of automated workflows from Hubspot.

Zopim ( Zopim Privacy Policy) Account Data is shared with the supplier for the purpose of answering sales and customer support enquiries via our website.

We may also disclose your data for the purposes of insurance, risk management, professional advice or any other aspect of legal claims, whether in court, out of court or in administrative proceedings, where required by law or to protect the vital interests of you or a third party.

We will also share your Personal Data within the Commify Group, this includes Commify Italia SRL, Commify France SASU, Infomotiv SASU, Commify Netherlands Holdings BC, Spryng BV, Commify UK Limited, Esendex Australia Pty Ltd, Commify Iberia SL, Commify Esendex SRL, Commify Germany GmbH, Commify USA Holdings LLC, CDYNE Services LLC, Text Request LLC.

In addition to the specific purposes for which we may process any of the categories of data set out in this section, we may also process any of the categories of data if this is necessary to comply with a legal obligation, or to protect your vital interests or those of another natural person. We may also process your Personal Data where such disclosure is necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

We may disclose your personal data to our insurers and/or professional advisers for the purposes of insurance coverage (whether obtaining or maintaining it), for risk management, to obtain professional advice or in defense of legal claims, whether in legal proceedings. judicial or in administrative or extrajudicial processes.

This section sets out our policy on the retention of your data, this helps to ensure that we comply with our legal obligations for the retention and deletion of personal data.

Personal Data that we process for any purpose or purposes will not be kept for longer than is necessary for that purpose or purposes.

Because we provide an ongoing contract and service to you, it is not possible for us to specify in advance how long we will retain your personal data.

Commify retains the Personal Data we collect only for as long as necessary to comply with essential services, such as complying with legal obligations, resolving disputes, and enforcing our agreements. Please contact us at privacy@commify.com if you would like to know more about a retention period specific to your Personal Data.

Your Personal Data may be processed outside of the UK and EU. This is because some of the organisations we use to provide our service to you are based outside the UK and EU or they use organisations based outside of the UK and EU to support them in providing their services to us. 

We have taken appropriate steps to ensure that the Personal Data processed outside the UK and EU has an essentially equivalent level of protection to that guaranteed in the UK/EU. We do this by ensuring that:

We may transfer or process your data outside of the UK and EU as set out in this section.

• Your Personal Data is only processed in a country which the Secretary of State or European Commission has confirmed has an adequate level of protection (an adequacy regulation or decision), this includes where a company has self-certified to data privacy frameworks, such as the UK Extension to the EU-US Data Privacy Framework, or
• We enter into an International Data Transfer Agreement (“IDTA”) or Standard Contractual Clauses (SCCs) (with the UK Addendum), or solely SCCs where the transfer is made from the EU, with the receiving organisation and adopt supplementary measures, where necessary.

We may update this policy from time to time by posting a new version on our website.

You should check this page occasionally to ensure that you are happy with any changes to this policy.

We may notify you of changes to this policy by email or by notification through our web application.

Policy Last Updated February 2025

You have certain rights in relation to the processing of your Personal Data, including to:

• Right to be informed

You have the right to know what Personal Data we collect about you, how we use it, for what purpose and in accordance with which lawful basis, who we share it with and how long we keep it. We use our Privacy Policy to explain this.

• Right of access (commonly known as a “Subject Access Request”)

You have the right to receive a copy of the Personal Data we hold about you.

• Right to rectification 

You have the right to have any incomplete or inaccurate information we hold about you corrected.

• Right to erasure (commonly known as the right to be forgotten)

You have the right to ask us to delete your Personal Data.

• Right to object to processing

You have the right to object to us processing your Personal Data. If you object to us using your Personal Data for marketing purposes, we will stop sending you marketing material. 

• Right to restrict processing

You have the right to restrict our use of your Personal Data. 

• Right to portability

You have the right to ask us to transfer your Personal Data to another party.

• Automated decision-making. You have the right not to be subject to a decision based solely on automated processing which will significantly affect you. We do not use automated decision-making.  
• Right to withdraw consent

If you have provided your consent for us to process your Personal Data for a specific purpose, you have the right to withdraw your consent at any time. If you do withdraw your consent, we will no longer process your information for the purpose(s) you originally agreed to, unless we are permitted by law to do so.

• Right to lodge a complaint

You have the right to lodge a complaint with the relevant supervisory authority, if you are concerned about the way in which we are handling your Personal Data. The supervisory authority in the UK is the Information Commissioner’s Office who can be contacted online at:

Contact us | ICO or by telephone on 0303 123 1113

For supervisory authorities in other countries within the EU, visit: https://edpb.europa.eu/about-edpb/about-edpb/members_en

How to exercise your rights

You will not usually need to pay a fee to exercise any of the above rights. However, we may charge a reasonable fee if your request is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. 

If you wish to exercise your rights, you may contact us using the details set out below within the section titled ‘How to contact us’. We may need to request specific information from you to confirm your identity before we can process your request. Once in receipt of this, we will process your request without undue delay and within one month. In some cases, such as with complex requests, it may take us longer than this and, if so, we will keep you updated.  

Consent

You have the right to withdraw your consent at any time to the extent that this is the lawful basis for us processing your personal information. The withdrawal of your consent will not affect the legality of the previous processing.

You may exercise any of your rights in relation to your personal data by notifying us in writing via our  secure web form.

As some of the information you submit to us will be classified as Personal Data, you have certain rights under the GDPR and UK GDPR, which we summarise in this section. Please note that as we are a provider of business-to-business communications, some of the rights in this section may not apply to your Data. 

Your rights are:

You have the right to know whether we hold your personal data and any additional information related to it.

Requests for this information can be made via our secure web form. The first copy of this information will be free, a reasonable fee will be charged for additional copies.

You can view Your Account Data and Transaction Data at:  app.esendex.co.uk  and by logging into Your account.

Any inaccurate or incomplete data we hold can be rectified either through your account at:  http://app.esendex.co.uk/  and logging in, or by contacting us at privacy@commify.com 

Under the GDPR and UK GDPR, you have the right to request that Your data be deleted, for example:

• We no longer need the data for the reason we collected it;
• Withdraw consent;
• You do not want us to process Your data;
• We are using Your data for direct marketing;
• We have unlawfully processed Your personal data.

Exceptions to this right are also detailed in the GDPR and UK GDPR, this means that we do not have to delete your data if the processing is necessary for the exercise of the rights of freedom of expression and information, so we can comply with a legal obligation and for other aspects of any type of legal claim.

You have the right to restrict the processing of your personal data if:

• The data is inaccurate
• Processing is unlawful but you don’t want us to erase it;
• We no longer need the personal data, but you need it for any aspect of a legal claim
• You have objected to data processing and we are verifying Your objection.

In cases where processing has been restricted, we may continue to store your personal data, but we will only process it in these cases:

• With your consent;
• For any aspect of a legal claim
• For reasons of important public interest

You may object to us processing your data on grounds relating to your own circumstances, but only if the lawful basis for the processing is:

• to perform a task that is carried out in the public interest or to exercise any official authority we have;
• for the purposes of our legitimate interests or the legitimate interest of a third party.

If you object to the processing, we will suspend our processing activities, unless it is considered that legitimate reasons for the processing override your interests, rights and freedoms, or that the processing is for any aspect of a legal claim.

You can object to our use of your personal data for direct marketing and profiling for direct marketing.

You can unsubscribe from direct marketing using the following link to unsubscribe from our commercial emails, or by visiting  https://www2.esendex.co.uk/subscription-preferences/   and selecting ‘Unsubscribe’.

If the lawful basis for the processing of your data is consent or the performance of a contract between you and us, including taking steps to conclude it and this processing is automated, you have the right to receive your personal data from us in a commonly used, machine-readable and structured format. This right does not apply when it affects the rights and freedoms of third parties.

You may withdraw your consent at any time where we use it as the lawful basis for processing Your data. Processing before consent is withdrawn will remain lawful.

You can withdraw your consent or make any other request related to your rights by completing our  secure web form .

How to contact us

If you wish to contact us in relation to this Privacy Policy or if you wish to exercise any of your rights outlined above, please contact us as follows:

20 Wollaton St, Nottingham, NG1 5FW

privacy@commify.com 

We have also appointed a Data Protection Officer (“DPO”). For UK, France and Spain data subjects, our DPO is Evalian Limited and can be contacted as follows: 

dpo@evalian.co.uk

Evalian Limited , West Lodge, Leylands Farm, 1 Nobs Crook, Colden Common, Winchester 

For Germany data subjects, our DPO is Steve Vetter, Vetter Consulting, Oschatzer Str. 46, 01127 Dresden

For Italy data subjects, our DPO is Chiara Corniani, contactable at dpo-italy@commify.com.

Privacy policy for Californian residents

Introduction and scope Commify offers business communication services to business customers.  This Privacy Policy describes Commify’s policies and procedures regarding the collection, use, and disclosure of information when you use our websites or when you register to use our services. By visiting this website, you agree to the collection and use of information in accordance with this Privacy Policy.

Information we collect We collect various types of information from individuals who visit this website (“Website Visitors”) and individuals who register to use our services (“Customers”), including:

– Personal Information: When expressing an interest in obtaining additional information about Commify’s services or registering to use those services, we request personal contact information, such as your name, employer/organisation name, address, phone number, and email address.

– Billing-Related Information: When purchasing our services, Commify requires you to provide financial qualification and billing information, such as your name and billing address, credit card number, and the number of employees within your organisation that will be using the services. We may also ask you to provide other information, such as the annual revenue of your organisation, number of employees, and/or the industry in which your organisation operates.

– Usage-Related Data: information related to your use of this website as well as your internet browsing history and website-related preferences (such as your language preference).

– Cookies and Tracking Technologies: As you navigate our websites, we may also collect information using website technology software and tools, which is standard practice for most websites. For example, the software tracks the action you take on this website (such as the web pages you viewed and the links you clicked). Information might also be collected through cookies and other internet tracking technologies. For more information, please see our Cookie Policy.

How we use personal information and non-personal Information 

We use personal and non-personal (non-identifiable) information to:
– operate this website, improve website content and provide our services. For example, if you fill out a “Contact Me” form on this website, we will use the information you provided to contact you about your interest in our services.
– communicate with you.
– process transactions (Commify uses credit card information solely to check the financial qualifications of prospective customers and to collect payment for the services).
– personalize your website experience.
– market our services to you or others. For example, we may use information you provide to contact you to further discuss your interest in our services or to send you information regarding Commify and/or its partners, such as information about promotions or events.
– protect this website and our computing systems from external cybersecurity threats.

Website navigational information 

As explained above in the Information we collect section, Commify may also collect information using website technology software, which is standard practice for most websites. These tools, which include cookies, web beacons and pixels collect information as you navigate a website. For example, when you visit this website, our servers send a cookie to your computer. Cookies can make interactions with this website easier and more relevant to you. For more information, please see our Cookie Policy.

We also use website navigational information to operate and improve this website. We might use website navigational information alone, or in combination with personal information, to provide personalized information to customers and prospective customers.

Sharing and disclosure of information
Service Providers Commify might share personal information about our customers – which might include personal information about employees or agents of our customers – with third parties such as service providers.
We share personal information with our service providers for these purposes:

a. so the service providers can assist us in operating our services.

b. so the service providers can contact our customers and website visitors who have provided their contact information.

Third Parties/Partners Commify does not share, sell, or rent any personal information with third parties for their own independent promotional purposes. But from time to time, Commify might partner with other companies to jointly offer products or services. If you purchase or specifically express interest in a jointly offered product or service, Commify might share your personal information (as described above) and other information about your purchase or expression of interest with our joint promotion partner(s). 

Commify does not control our business partners’ use of the information we collect, and their use of the information will be in accordance with their own privacy policies. If you do not wish for your information to be shared in this manner, you may opt not to purchase or specifically express interest in a jointly offered product or service.
Commify uses a third-party service provider to manage credit card processing in a PCI DSS compliant manner. This service provider is not permitted to store, retain, or use billing information except for the sole purpose of credit card processing on our behalf.

Disclosure required by law or to protect the company  Commify reserves the right to use or disclose personal and other information, if required by law or if we reasonably believe disclosing such information is necessary to protect our legal rights, our property, our employees or our assets. We might also use and disclose information to comply with a judicial proceeding, court order, or other legal process.

Security We use appropriate administrative, technical, and physical security measures to protect customer data. 

Your privacy-related rights If you are a consumer who has provided your personal information via this website, you might have the following rights, depending on where you reside:
– Right to Know: You can request information about the personal information we have collected about you.
– Right to Correct or Update: You can make changes to the personal information that we have collected from you or about you.
– Right to Delete: You can request that we delete your personal information.
– Right to Opt-Out: You can opt-out of the sale of your personal information under applicable privacy law – however, please be aware that Commify does not sell any personal information that its website visitors might submit. You can also manage your receipt of marketing communications by clicking on the “unsubscribe” link located at the bottom of Commify marketing emails.
Please note that our customers cannot opt out of receiving transactional emails related to their account or the services they have purchased.
– Right to Non-Discrimination: You will not be discriminated against for exercising any of these rights.

How to exercise your privacy-related rights To exercise your rights, please contact us at privacy@commify.com or in writing to Commify Group, 20 Wollaton Street, Nottingham, UK, NG1 5FW. You will be required to verify your identity by providing proof of your identity. We will respond to your request within 30 days.

Changes to this privacy policy
We may update this Privacy Policy from time to time. We will notify you of any material changes to this Privacy Policy and provide the opportunity to opt-out of having our personal information used for new purposes.

Commify is committed to providing quality services to you and this policy outlines our ongoing obligations to you in respect of how we manage your Personal Information.

We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information.

A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at https://www.oaic.gov.au/.

What is Personal Information and why do we collect it?

Personal Information is information or an opinion that identifies an individual. Examples of Personal Information we collect includes names, addresses, email addresses, phone and facsimile numbers.

This Personal Information is obtained in many ways including correspondence, by telephone and facsimile, by email, from your website, from media and publications, from other publicly available sources, from cookies and from third parties. We don’t guarantee website links or policy of authorised third parties.

We collect your Personal Information for the primary purpose of providing our services to you, providing information to our clients and marketing. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure. You may unsubscribe from our mailing/marketing lists at any time by contacting us in writing.

When we collect Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.

Sensitive Information

Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.

Sensitive information will be used by us only:

•       For the primary purpose for which it was obtained

•       For a secondary purpose that is directly related to the primary purpose

•       With your consent; or where required or authorised by law.

Third Parties

Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.

Disclosure of Personal Information

Your Personal Information may be disclosed in a number of circumstances including the following:

•       Third parties where you consent to the use or disclosure; and

•       Where required or authorised by law.

Security of Personal Information

Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure.

When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information. However, most of the Personal Information is or will be stored in client files which will be kept by us for a minimum of 7 years.

Access to your Personal Information

You may access the Personal Information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing.

Commify will not charge any fee for your access request, but may charge an administrative fee for providing a copy of your Personal Information.

In order to protect your Personal Information we may require identification from you before releasing the requested information.

Maintaining the Quality of your Personal Information

It is important to us that your Personal Information is up to date. We  will  take reasonable steps to make sure that your Personal Information is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.

Policy Updates

This Policy may change from time to time and is available on our website.

Privacy Policy Complaints and Enquiries

If you have any queries or complaints about our Privacy Policy please contact us at:

privacy@commify.com 

or in writing to: Commify Group, 20 Wollaton Street, Nottingham, UK, NG1 5FW. 

You will be required to verify your identity by providing proof of your identity. We will respond to your request within 30 days. 

Policy last updated February 2025.