Privacy Policy

1. About Us

TopSalesCloud Ltd ("we", "us", "our") is a private limited company registered in England and Wales with company number 16884584. Our registered office is Suite 40, Milton Keynes Business Centre, Foxhunter Drive, Linford Wood, Milton Keynes, MK14 6GD, United Kingdom. We operate the public website https://topsalescloud.co.uk and the TopSalesCloud CRM platform (the "Services"). We are committed to protecting Personal Data and complying with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Definitions

For the purposes of this Privacy Policy:

• "Personal Data" means information relating to an identified or identifiable individual;
• "Processing" means any operation performed on Personal Data, including collection, storage, use, disclosure, or erasure;
• "Data Controller" means the entity that determines the purposes and means of Processing Personal Data;
• "Data Processor" means the entity that Processes Personal Data on behalf of the Data Controller;
• "Services" means our public website and the TopSalesCloud CRM platform.

3. Scope of This Privacy Policy

This Privacy Policy explains how we collect, use, store, process and protect Personal Data when you visit or use our public website, use the TopSalesCloud CRM platform, or interact with us for support, onboarding or billing.

This Policy does not apply to employees or job applicants, who are subject to separate internal notices.

4. Our Roles Under UK GDPR

We act as a Data Controller when we determine the purposes and means of processing Personal Data, for example for website analytics, customer relationship management, account administration and marketing communications.

When our customers store Personal Data about their own contacts inside TopSalesCloud CRM, they act as the Data Controller, and we act as the Data Processor. Customers remain the owners and controllers of the Personal Data they upload into the TopSalesCloud CRM platform, and we process such data only on their documented instructions. These processor activities are governed by our Data Processing Agreement (DPA). Our Data Processing Agreement is available to customers upon request or as part of their customer contract documentation.

5. Personal Data We Collect

We may collect the following categories of Personal Data:

• Information you provide directly (names, job titles, company details, email addresses, phone numbers, billing details, login credentials and support correspondence);
• Information collected automatically (IP address, device type, operating system, browser type, pages visited, navigation paths and cookie identifiers);
• Information from third parties (such as publicly available business sources, for example LinkedIn, and from partners or resellers).

6. Data Minimisation

We only collect Personal Data that is relevant and necessary for the purposes described in this Privacy Policy. We aim to limit the amount of Personal Data collected to what is adequate and proportionate for providing and improving our Services, complying with legal obligations, and supporting our legitimate business needs.

7. How We Use Personal Data

We process Personal Data for the following purposes:

• Service delivery – providing access to and administering accounts, subscriptions and billing;
• Customer support – responding to enquiries, troubleshooting and providing onboarding and training;
• Marketing and communications – sending newsletters, product updates and promotional offers where permitted by applicable law, based on consent or our legitimate interests;
• Analytics and improvement – monitoring usage and performance to improve the Services;
• Legal and compliance – complying with legal obligations, preventing misuse or fraud.

You may opt out of marketing communications at any time by clicking the "Unsubscribe" link in marketing emails or by contacting us.

8. Legal Bases for Processing

We rely on one or more of the following legal bases under UK GDPR when processing Personal Data:

• Contractual necessity – where processing is required to deliver the Services;
• Consent – for example for marketing communications;
• Legitimate interests – improving and securing our Services, balanced against your rights;
• Legal obligations – complying with applicable UK law.

9. Cookies and Similar Technologies

We use cookies and similar technologies on our website to enable core functionality, analyse performance and support marketing where consent is provided. Users can manage preferences through our cookie banner or browser settings. For more details, please refer to our separate Cookie Policy.

10. Data Sharing and Sub-Processors

We may share Personal Data with trusted third parties (sub-processors) where this is necessary for the purposes of operating, supporting and improving our Services, including:

• hosting and infrastructure providers;
• analytics, monitoring and communication tools;
• professional advisers (lawyers, accountants, auditors);
• regulators and law enforcement where required by law.

When we act as a Data Processor on behalf of a customer, we only engage sub-processors as permitted under our Data Processing Agreement (DPA) and remain responsible for ensuring they meet applicable data protection obligations.

We do not sell Personal Data to third parties.

11. International Data Transfers

The TopSalesCloud CRM platform is hosted in Microsoft Azure UK West region. Some service providers may process Personal Data outside the UK or EEA. Where this occurs, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs), International Data Transfer Addendums (IDTA) or adequacy regulations.

12. Data Retention

We retain Personal Data only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal, regulatory and contractual obligations. Typical retention periods include:

• Customer account data: for the duration of the contract and normally up to six years after closure;
• Enquiries and support records: up to 24 months after resolution, unless incorporated into a customer account;
• Marketing data: until you withdraw consent or unsubscribe. We may retain basic suppression information to ensure we respect your preferences;
• Analytics and technical logs: normally up to 26 months, after which the data is deleted or anonymised;
• Security and access logs: normally retained for up to 12 months for security and audit purposes;
• Legal and financial records: six years in accordance with UK tax and accounting laws.

13. Security Measures

We implement appropriate technical and organisational measures appropriate to the risk to protect Personal Data, including secure hosting, TLS encryption, access controls, authentication mechanisms, monitoring and regular security reviews. We maintain internal procedures designed to detect, investigate and respond to potential Personal Data security incidents. However, no method of electronic transmission or storage is entirely secure, and we cannot guarantee absolute security.

14. External Links

Our website may contain links to external websites or services. We are not responsible for the privacy practices, content, or security of those third-party websites. We encourage you to review their privacy policies before providing any Personal Data.

15. Automated Decision-Making and Profiling

We do not use Personal Data for automated decision-making or profiling that produces legal or similarly significant effects.

16. Children's Data

Our Services are not intended for children under 16 years old, and we do not knowingly collect Personal Data relating to children under this age. If we become aware that Personal Data relating to a child has been collected, we will take steps to delete it.

17. Your Rights

Under UK GDPR, you have a number of rights in relation to your Personal Data, subject to certain legal limitations and conditions. These include the right to:

• request access to the Personal Data we hold about you;
• request correction of inaccurate or incomplete Personal Data;
• request erasure of your Personal Data in certain circumstances;
• request restriction of our processing of your Personal Data;
• object to our processing of your Personal Data where processing is based on legitimate interests;
• request transfer of your Personal Data to another service provider, where technically feasible (data portability);
• withdraw consent at any time where processing is based on your consent.

To exercise any of your rights, please contact us using the details in the Contact Us section below. We may need to verify your identity before responding to your request.

We normally respond to valid requests within one month, as required by UK GDPR. In certain cases, where requests are complex or numerous, we may extend this period as permitted by law.

18. Complaints

If you have concerns about how we handle your Personal Data, please contact us first so we can attempt to resolve the issue. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO). Further information is available on the ICO website.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or other operational reasons. When we make material changes, we will post the updated Policy on this page and update the 'Last Updated' date at the top of the document.

20. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or the way we handle your Personal Data, you can contact us at: