TCM-Doc-004 1st July, 2024

Introduction

TomCRM Limited ("TomCRM") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy outlines our policies and procedures for collecting, using, and disclosing your information and describes the measures we have put in place to protect it. By using our services, you consent to the collection, transfer, processing, storage, disclosure, and other uses of your information as described in this Privacy Policy.

1. Information We Collect

1.1 Personal Information When you express interest in our services or register to use them, we collect personal contact information such as your name, company name, address, phone number, and email address ("Personal Contact Information"). When purchasing our services, we also collect financial and billing information such as billing name, address, and credit card number ("Billing Information").

1.2 Data, Diagnostic & Login Information Using TomCRM’s services, you can create, upload, store, and share information such as company descriptions, email IDs, logos, photos, custom emails, and user email IDs ("Data"). This information is stored on TomCRM’s web servers. If you encounter technical issues, we may request your permission to obtain diagnostic information documenting the error ("Diagnostic Information"). Additionally, certain login information is maintained in a cookie stored locally on your computer to streamline the login process ("Login Information").

1.3 Analytics Information As you navigate our website and use our services, we may collect information through cookies and web beacons ("Website Navigational Information"). This includes standard information from your web browser (such as browser type and language), your IP address, and actions taken on our website (such as pages viewed and links clicked).

2. How We Use Your Information

2.1 Personal Contact Information We use your Personal Contact Information to administer our services, provide updates, and make product announcements. With your consent, we may also use this information for marketing purposes.2.2 Billing Information We use a third-party payment provider, Stripe (www.stripe.com), to store and process all payment-related transactions. We do not store any Billing Information on our servers.2.3 Data, Diagnostic Information, and Login Information We use this information solely to administer and improve our services to you.2.4 Analytics Information We use Analytics Information to monitor and analyze the use of our services, administer technical aspects, enhance functionality and user-friendliness, and verify users’ authorization to process their requests.

3. Sharing & Disclosure of Information

3.1 Third-Party Applications You may link your TomCRM data to third-party sites such as Facebook, Twitter, and LinkedIn. This linking is at your discretion, and TomCRM is not responsible for how these third-party sites use such links.

3.2 Marketing and Publicity With your consent, we may identify you as a customer and use your name and/or logo in our marketing materials.

3.3 Service Providers and Business Partners We may use trusted third-party companies and individuals to help us provide, analyze, and improve our services. These third parties may have access to your information strictly for these tasks and are bound by similar confidentiality obligations.

3.4 Legal Requirements and Protection We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

3.5 Non-Private or Non-Personal Information We may disclose non-private, aggregated, or otherwise non-personal information, such as usage statistics of our services, at our discretion.

4. Data Protection and GDPR Compliance

4.1 GDPR Principles TomCRM processes Personal Data lawfully, fairly, and transparently. Personal Data collected is limited to what is necessary for our services and is kept accurate and up-to-date. Data subjects have rights to access, rectify, and erase their Personal Data.

4.2 Controller and Processor Roles As a user, you act as the controller of the data you upload to TomCRM, deciding how and why it is processed. TomCRM acts as a processor, handling the data based on your instructions.

4.3 Legal Basis for Processing Personal data is collected and processed only if there is a legal basis for doing so, as defined in the GDPR. It is your responsibility as the controller to select the appropriate legal basis.

4.4 Data Subject Rights Data subjects have rights relating to their Personal Data, including access, correction, and deletion. TomCRM supports these requests through our systems.

4.5 Data Security Our software provider, Go High Level, implements security measures to protect Personal Data, including encryption, regular backups, and vulnerability testing. Data is backed up daily to local region servers on Google/AWS. Go High Level complies with GDPR regulations. For more details, see Go High Level's GDPR compliance at https://www.gohighlevel.com/gdpr.

4.6 Data Transfers TomCRM does not transfer Personal Data outside the EEA or the UK. If this changes, we will ensure compliance with GDPR requirements.

4.7 Retention and Deletion of Data We retain your information for as long as your account is active or as needed to provide you with our services. Upon termination of your account, we will delete your data within 90 days unless retention is required by law or for legitimate business purposes.

5. Your Rights You have the following rights regarding your Personal Data:

Access: Request access to your Personal Data.

Rectification: Correct any inaccuracies in your Personal Data.

Erasure: Request the deletion of your Personal Data.

Restriction: Request the restriction of processing your Personal Data.

Portability: Request the transfer of your Personal Data to another service provider.

To exercise these rights, please contact us at [email protected].

6. Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by email or through our website. Your continued use of our services after such notification constitutes your acceptance of the updated terms.

7. Contact Information

If you have any questions or concerns about this Privacy Policy or our data protection practices, please contact our Data Protection Officer, Thomas Findlay, at [email protected].