2. What we do
We provide a CRM platform that lets you store and manage data on your supporters securely in the cloud. We're based in the United Kingdom, and all of our staff work in the United Kingdom.
Contact details are available for us at the bottom of this policy.
3. How we protect your personal data
We understand the importance of the data we collect on our customers, and the sensitivity of what our customers may want to use our platform for. We therefore take full precautions and provide full transparency of how we do this. See our security page at beaconcrm.co.uk/trust for information on how we safeguard your data.
4. What we do with your data
Website visitors and Cookies
When you visit our website, we’ll place tracking cookies on your device for a number of reasons. Please see which cookies we place and why at beaconcrm.co.uk/cookies.
If you have expressed an interest in our products or platform, or you have signed up for an account, we may use the contact information you provided to better understand how we can tailor the service to you and better inform our sales and marketing teams.
Your contact information may be shared with 3rd party services for the purpose finding additional public data about you to aid our sales team or to provide a more tailored service. These 3rd parties act as data processors and will only be allowed to process this data based on our instructions for the purposes stated above.
If you create an account with us, we may need extra personal data to ensure the security of your account. You may be asked to create a password which will not be viewable by us or provide an access token which won't be usable by us.
We may use your phone number or your email address to send direct or marketing emails in order to contact you about the use of the service or to promote services that we feel you will be interested in.
Phone calls may be recorded for staff training or sales quality purposes.
The lawful basis for processing the personal data of Beacon users is for the legitimate interest of our business. We will only process personal data in ways that our customers would expect of us in order to provide the service they’ve expressed interest in.
If you do not continue to become a customer of ours, then we will delete your data 1 year after signing up or expressing interest with us.
If you’re a customer and have a contract with us or are potentially going to become one, in addition to using your data in the ways mentioned above as a Beacon user, we’ll need to collect data to process payments, provide support and monitor your usage of our services.
This is to ensure you're receiving the level of service you expect, to help us develop our platform even further or to do what's necessary for you to become a customer of ours.
3rd party services may be used to aid this, such as customer support services like Intercom, payment services like Stripe or analytics services like Amplitude to learn how you use our services.
Whilst using our services, you may transfer personal data into our platform so that you can take advantage of our API integrations with third party tools. In order to do this, we’re likely to require authentication data like usernames, passwords, access tokens tokens. Authorised support staff are only able to view and use this data, with your permission, to provide support to your service.
The lawful basis for processing the personal data of Beacon customers is for the performance of the contract we have in place, or in order to enter into a contract.
Most personal data will be deleted 1 month after you end your contract with us. However other non-sensitive personal data may be stored for up to 1 year after you end your contract with us. Data required for legal purposes, such as accounting data, will be stored for as long as legally required.
Sharing of data with 3rd parties
Like many companies, we use a number of 3rd party services to help us provide the service you expect. Whilst these services may require your personal data, we only allow these services to use it under strict conditions and we perform adequate due diligence on these companies and the countries they operate in.
We share certain information with companies that may be considered our "sub-processors" under GDPR. This information is limited to the following:
- We use Amazon Web Services and Google Cloud Platform to securely store and process your data, hosted in the cloud. For more information on our security practices see this article.
- We use Intercom as a help desk software to communicate with our customers. Sometimes these communications include the personal information of your supporters' information.
- We use Postcodes.io for our UK customers to lookup additional public data about postcodes to allow you to filter supporters based on their address.
- We use Mapbox for displaying maps and geocoding addresses.
- We use Sendgrid and Postmark to send emails both to you and to your supporters.
Below is a full list of our sub-processors:
|Service||Description||URL for Privacy Notes||Data hosting location|
|Amazon Web Services||Cloud infrastructure||https://aws.amazon.com/privacy/||UK|
|Google Cloud Platform||Cloud infrastructure||https://cloud.google.com/security/privacy/||UK|
|Postcodes.io||UK postcode enrichment||https://ideal-postcodes.co.uk/privacy_policy||UK|
|Mapbox||Geolocation and maps||https://www.mapbox.com/legal/privacy/||Worldwide (details)|
|Sendgrid||Email service provider||https://sendgrid.com/policies/privacy/||US|
|Postmark||Email service provider||https://postmarkapp.com/eu-privacy#security-and-privacy||US|
6. What rights you have over your personal data
As the owner of your personal data, you have the right to:
Review, update, and delete data stored on contacts and other related records in your account
Export contacts and other related records via a direct export or an API integration export
View, restrict the processing or update any personal data we hold about you. A lot of this data can be viewed, updated and exported if you login at app.beaconproducts.co.uk. For any additional data, please contact us.
Erase any personal data that is not required for a legal or contractual reason.
Remove yourself from marketing by clicking the opt-out link at the bottom of any marketing email.
The data controller is Beacon Apps Ltd, Crowmeole Farm, Shrewsbury, SY3 8AY, United Kingdom.
Should you wish to file a complaint regarding our use of your personal data, the supervisory authority for the UK is the Information Commissioner’s Office and can be reached at https://ico.org.uk.
This policy will be kept up-to-date inline with our processes. Minor amendments may be added to this policy without notice, whereas we will inform our customers of any significant changes. It was last updated on 15 October 2018.