Privacy Policy

1. Introduction

Welcome to Vindey CRM ("we," "our," or "us"). We are committed to protecting your privacy and handling your data in an open and transparent manner. This privacy policy explains how we collect, use, share, and protect your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and other applicable data protection laws.

2. Information We Collect

2.1 Personal Information

We collect the following types of personal information:

• Name and contact details
• Business information
• Login credentials
• Payment information
• Usage data and analytics
• Communication preferences

2.2 Customer Data

As a CRM platform, we process customer data on behalf of our users. This data is controlled by our users, and we act as a data processor. Our users are responsible for ensuring they have the appropriate legal basis for processing their customers' personal data.

3. How We Use Your Information

We use your personal information for the following purposes:

• Providing and improving our CRM services
• Processing payments and managing subscriptions
• Sending service updates and marketing communications
• Analyzing usage patterns to improve our platform
• Ensuring platform security and preventing fraud
• Complying with legal obligations

4. Legal Basis for Processing

We process your personal information based on the following legal grounds:

• Performance of a contract when providing our services
• Legal obligations under applicable laws
• Legitimate interests in operating and improving our services
• Consent for specific processing activities where required

5. Data Sharing and Transfers

We may share your personal information with:

• Service providers and subprocessors
• Payment processors
• Analytics providers
• Law enforcement when required by law

Any international transfers of personal data are protected by appropriate safeguards, including Standard Contractual Clauses approved by the UK Information Commissioner's Office.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit and at rest
• Access controls and authentication measures
• Regular security assessments and audits
• Employee training on data protection
• Incident response procedures

7. Your Rights

Under the UK GDPR, you have the following rights:

• Right to access your personal information
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making

8. Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations. When data is no longer needed, it is securely deleted or anonymized.

9. Cookies and Tracking

We use cookies and similar technologies to improve your experience on our platform. You can control cookie preferences through your browser settings. For more information, please see our Cookie Policy.

10. Children's Privacy

Our services are not intended for children under 16. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes through our platform or via email. Your continued use of our services after such notifications constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions about this privacy policy or our data practices, please contact us at:

13. Supervisory Authority

You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. Visit ico.org.uk for more information.