Data Protection / Privacy Policy

Last updated: 03/02/2026

Affiliate CRM is committed to protecting your privacy and ensuring that your personal data is handled securely and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy explains how we collect, use, store, and protect personal data when you use our services.

1. Data Controller

Affiliate CRM is the data controller for the purposes of UK GDPR.

Affiliate CRM
United Kingdom
Email: [email protected]

If you have any questions about this policy or how your data is handled, please contact us using the details above.

2. Lawful Basis for Processing Personal Data

We only process personal data where we have a lawful basis to do so. These include:

  • Performance of a contract – to provide and administer our CRM and related services
  • Legal obligation – including accounting, tax, and regulatory compliance
  • Legitimate interests – to operate, secure, improve, and support our services
  • Consent – for marketing communications, where you have explicitly opted in

3. How We Collect Personal Data

We collect personal data when you:

  • Create an account with Affiliate CRM
  • Purchase or use our services
  • Complete forms on our website
  • Contact us by phone, email, or other communication channels

If you ask us to provide services that involve uploading or processing personal data relating to your own clients or contacts, you confirm that you have obtained all necessary permissions and lawful authority to share that data with Affiliate CRM and our suppliers.

4. Automatically Collected Information

When you use our services, we may automatically collect certain technical information, including but not limited to:

  • IP addresses
  • Device and browser information
  • Software and operating system details
  • Web server, mail server, and access logs
  • Connectivity and diagnostic data
  • Approximate location data derived from IP addresses

This information is used for security, system administration, monitoring service performance, and fraud prevention.

5. Types of Personal Data We Collect

The personal data we may collect includes:

  • Name
  • Business or postal address
  • Email address
  • Telephone number
  • Billing and payment information
  • IP addresses
  • Account login and usage information

We also retain records of correspondence when you contact us or when we contact you, and logs relating to your use of our websites and services.

6. How We Use Your Personal Data

We use your personal data for the following purposes:

  • To create and manage your Affiliate CRM account
  • To provide, administer, and support our services
  • To process orders, payments, and billing
  • To communicate with you about your account or services
  • To provide service-related reports (e.g. usage statistics or system notifications)
  • To comply with legal and contractual obligations
  • To improve, develop, and secure our services
  • To detect and prevent fraud or unauthorised access
  • To notify you of changes to our services, pricing, or terms
  • To provide marketing communications where you have consented

We will not send marketing communications unless you have opted in, and you can change your preferences at any time via your account or by contacting us.

7. Data Retention

We retain personal data only for as long as necessary.

  • Personal data is retained for the duration of your customer relationship with Affiliate CRM
  • After account closure, data may be retained for up to 7 years to meet legal, regulatory, and accounting obligations

Where data is no longer required, it will be securely deleted or anonymised.

8. Who Has Access to Your Data

Access to personal data is restricted to:

  • Authorised Affiliate CRM staff, where necessary for service provision and administration
  • Trusted third-party suppliers, where required to deliver or support our services

All third parties are required to handle data securely and in accordance with applicable data protection laws.

We do not sell personal data to third parties for marketing or advertising purposes.

9. Business Transfers & Legal Disclosure

Your data may be transferred if Affiliate CRM is acquired by, or merges with, another business. Any such transfer will be subject to confidentiality and data protection safeguards.

We may disclose personal data where required to comply with legal obligations or to protect the rights, property, or safety of Affiliate CRM, our customers, or others. This may include fraud prevention, dispute resolution, or law enforcement requests.

10. International Data Transfers

Where personal data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place. This may include the use of approved contractual safeguards such as Standard Contractual Clauses or the UK International Data Transfer Addendum, where required.

11. Your Data Protection Rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate or incomplete data
  • Request deletion of your data where there is no lawful reason for retention
  • Object to certain types of processing
  • Restrict processing in certain circumstances
  • Withdraw consent for marketing communications

Please note that the right to erasure (“right to be forgotten”) is not absolute, and we may need to retain certain data to comply with legal or contractual obligations.

Requests can be made by emailing [email protected].

12. Viewing and Updating Your Data

You can view, update, or manage much of your personal data through your Affiliate CRM control panel. You are responsible for ensuring your information remains accurate and up to date.

13. Use of Cookies

Our websites use session cookies to enable core functionality, such as maintaining logged-in sessions and remembering user actions during a browser session.

Session cookies are temporary and expire when your browser is closed. These are considered low-intrusion and are permitted under applicable regulations.

Further information about our use of cookies can be found in our Cookie Policy.

14. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Secure servers hosted in the United Kingdom
  • Encryption of sensitive data, including passwords
  • Access controls and authentication measures
  • Regular system monitoring and security practices

While we take all reasonable steps to protect data, transmission over the internet is not completely secure. Any data transmitted to us is done at your own risk.

15. Password Security

Where you create or are issued a password, you are responsible for keeping it confidential, secure, and not reused elsewhere.

Do not share your password with anyone. We may reset or change passwords where necessary to protect your account.

16. Data Breaches

In the event of a personal data breach, we will meet or exceed our obligations under UK data protection law. Where required, we will notify affected individuals and the Information Commissioner’s Office without undue delay.

17. Complaints

If you are unhappy with how we handle your personal data, you have the right to complain to the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113
Website: https://ico.org.uk/make-a-complaint/