Last updated: 03/02/2026
Affiliate CRM is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We design our systems and services with data protection in mind. Personal data is processed lawfully, fairly, and transparently, and only for legitimate business purposes.
All core Affiliate CRM systems and databases are hosted on secure servers located within the United Kingdom.
Where third-party suppliers are used, data is only shared where necessary to deliver our services and appropriate safeguards are applied.
For personal data relating to your own organisation and staff, Affiliate CRM acts as the data controller.
When you upload or manage personal data relating to your own customers, contacts, or end users, Affiliate CRM acts as a data processor, and you remain the data controller.
We may use carefully selected third-party service providers (sub-processors) to support the operation of our services, such as hosting, email delivery, or system maintenance.
All sub-processors are subject to contractual obligations to protect personal data and comply with applicable data protection laws.
Individuals have rights under UK GDPR, including the right to access, correct, or request deletion of their personal data.
Requests can be made by contacting us at [email protected].
We implement appropriate technical and organisational measures to protect personal data, including access controls, encryption, and regular security monitoring.
In the unlikely event of a personal data breach, we will assess the impact and notify affected parties and the Information Commissioner’s Office where required by law.
For more detailed information about how we process personal data, please see our Privacy Policy and Cookie Policy.