Dotpost Privacy Policy

Last published: November 24th, 2021

CFH Docmail Limited (“we”, “our”, “us”) respect your privacy and are committed to protecting your personal data. This privacy policy (“privacy policy”) will inform you about how we look after your personal data and provide you with details of your privacy rights and how the law protects you.

We care about your privacy and we will always endeavour to comply with the UK GDPR and the Data Protection Act 2018, as amended (“data protection law”). We will keep your personal data secure and will respect the rights you have in relation to your personal data. 

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact the DPO using the details set out below. 

CFH Docmail Limited (Reg. Co. No.: 01716891)

Postal address: CFH Docmail Limited, St Peters Park, Wells Road, Westfield, Radstock, BA3 3UP

Telephone number: 01761 416311

By e-mail: Data.Protection@cfh.com

We are registered with the Information Commissioner’s Office (ICO) under registration number Z5722574.

What is the purpose of this privacy policy and who does it cover?

This privacy policy provides information about how we collect and process personal data when you are the Dotpost end user, and you accept the terms and conditions upon which we will provide the Dotpost services to you.

Dotpost, our website and apps are not intended for children under 18 years old and we do not knowingly collect data relating to such children.

It is important that you read this privacy policy together with any other privacy statements we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your data. This privacy policy deals with the questions below and you can go directly to a specific section by clicking on each heading.

Who is the controller and who is the processor for my personal data and how can I make a complaint?

The answer to this question will depend on your relationship with us.

“You are the Data Controller in respect of the personal data we collect from you as a user of the Dotpost Service.”

“CFH Docmail Limited is the data processor for the personal data we collect as a result of your use of the Dotpost Service”

“The senders of documents to your Dotpost Account may also be data controllers for the personal data contained in those documents.”

“CFH Docmail Limited is the data processor for those senders when storing those documents in your Dotpost account”.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance. 

Delete

What happens if this policy is updated or my personal data changes?

We periodically update this privacy policy. We will post any changes on this page and, if the changes are material, we will provide an update through notification in your Dotpost account.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us by updating your Dotpost account at: (https://www.dotpost.com/profile/account) or contact the Dotpost Support Team using the details set out below:

E: mail: Dotpost@cfh.com 

Telephone: 01761 409701

Delete

What are my rights under data protection law?

As a Dotpost User, you have the following rights under data protection law:

  • Right to be informed – When we collect personal data, we have to tell you what we are going to do with it as set out in this Privacy Policy.
  • Right of access – You have the right to contact us to request details of the information we hold about you.
  • Right of rectification – You have the right to ask us to rectify information that we hold about you if this is inaccurate or incomplete.
  • Right to erasure This is also known as the right to be forgotten and gives you the right to request your information to be removed if there is no compelling reason for its continued processing. We keep a list of people who have asked not to be contacted which is used to ensure that you receive no further marketing information from us. Without this list your personal data could enter our system again from another source and we would have no record of the fact that you asked us not to contact you.
  • Right to restrict processing – this is the alternative to erasure and gives you the right to tell us to stop processing your data but allowing us to keep enough information about you to ensure that you’re wishes are respected in the future.
  • Right to data portability – this gives you the right to ask the holder of your information to transfer that information to another business. This right would be most commonly used if you were switching banks, insurance companies, utility companies or mobile phone companies.
  • Right to object – you have the right to object to the processing of your data for marketing purposes and profiling for marketing purposes. Your rights and freedoms override our interests.
  • Rights related to automated decision-making including profiling – we do not use automated decision-making processes which would have a potentially damaging effect on the information we hold about you. But if we, did you have the right to obtain human intervention, express your point of view and obtain an explanation of the decision and challenge it.
  • Rights to withdraw consent at any time where relevant – you have the right to withdraw your consent to the processing of your information at any time and we must provide you with the information to need to do so at the time we collect your data and each time we contact you.
Delete

What personal data do you collect?

Personal data, or personal information, means any information about an individual from which that individual can be identified. It does not include anonymous data.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes title, first name and surname. This is provided by you when you set up your account. 
  • Contact Data includes your email address and your contact telephone number(s). This is provided by you when you set up your account.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Usage Data includes information about how you use our website, products and services.
  • Marketing Data includes your preferences in receiving marketing from us and our chosen third parties. 
  • We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in English Law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. 
  • The documents you choose to store in your Dotpost account may contain other categories of data such as; special category or financial data. Although this data is not collected by CFH Docmail Limited, by storing these documents for you this constitutes as data processing under the data protection legislation.
Delete

How is personal data collected?

We use different methods to collect personal data from and about you including through the following interactions set out below:

Direct interactions. You give us your Identity, Marketing and Contact data when you create a Dotpost account, by filling in forms or by corresponding with us by post, phone, email or online. This could include personal data you provide when you:

  • request information about our services;
  • accept terms and conditions for the provision of services with us;
  • request marketing to be sent to you;

Automated technologies or interactions. As you interact with our website and our Dotpost application, we may automatically collect Technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.

Third parties. We receive personal data about you from the third parties below:

  • Technical data from analytics providers such as Google;
  • Senders of the documents posted into your Dotpost account.

Third parties. Data is collected about you from the third parties below:

  • Technical data when you use our knowledge base.
Delete

What happens if I provide you with personal data about another individual?

In order for us to provide our services to you, we may need to process personal data about other individuals. In this situation we will not have direct contact with those individuals and it will not be appropriate for us to provide them with a copy of this privacy policy. 

You are required to ensure that you have satisfied all legal requirements before passing this personal data to us, including providing them with a copy of this privacy policy and you must ensure that we can use any personal data that you pass to us in accordance with this privacy policy and data protection law. 

You must also comply with any data protection provisions set out in the terms of business.

Delete

How do you use my personal data?

We will only use your personal data when the law allows us to. We may process your personal data without your knowledge or consent where this is required or permitted by law. Most commonly, we will use personal data in the following circumstances and for the following purposes:

  • Legal or regulatory obligation – to comply with a legal or regulatory obligation to which we are subject.
  • Legitimate interest – where it is in our legitimate interests or that of another third party. We will always make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process personal data for our legitimate interests. We do not use personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us at data.protection@cfh.com
  • Performance of contract – where it is necessary for us to process personal data for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract; and
  • Consent – we may rely on consent as a legal basis for processing personal data. If we do, you can withdraw your consent at any time by contacting us at dotpost@cfh.com
Delete

What do you use my personal data for and why?

We have set out in the table below, a description of all the ways we use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. We may process personal data for more than one legal basis depending on the specific purpose for which we are using your personal data.

We will only use your personal data for the purposes for which we collected it, unless we consider that we need to use it for another reason and that reason is compatible with the original purpose. 


Individual

Purpose for processing

Data used

Legal basis relied on

Dotpost Users

To take you on as a new Dotpost user and open an account

  • Identity
  • Contact
  • Performance of a contract
  • Legal and regulatory obligation

Dotpost Users

For the collection, storage and organisation of your personal information 

  • Identity
  • Contact
  • Usage 
  • Marketing 
  • Performance of a contract
  • Legal and regulatory obligation

Dotpost Users

To manage our relationship with you including notifying you about changes to our terms or privacy policy.

  • Identity
  • Contact
  • Performance of a contract
  • Legal and regulatory obligation
Dotpost Users To provide a help centre for Dotpost users through a third-party.
  • Technical

  • Legitimate interests - to provide a knowledge base for Dotpost Users

Prospective Dotpost User

To contact you to provide you with information about us and our services which you have requested when you are not a Dotpost User.

  • Identity
  • Contact
  • Legitimate interests – to respond to requests for information from you

All website and Dotpost application visitors

To administer and protect our business, our website and our application including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data which may include the use of cookies

  • Identity
  • Contact
  • Technical
  • Usage 
  • Legal and regulatory obligation
  • Legitimate interests – to run our business, provide administration and IT services, network security and to prevent fraud

All website visitors

To deliver relevant website content to you and measure or understand the effectiveness of our website

  • Usage
  • Technical
  • Legitimate interests – to study how clients and prospective clients use our services, to develop them, to grow our business and to inform our marketing strategy

All website visitors

To use data analytics to improve our website, services, marketing, customer relationships and experiences

  • Usage
  • Technical
  • Reporting 
  • Legitimate interests – to identify individuals for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy
Delete

How do you use my personal data for marketing and how can I opt out?


We use the information provided to us to contact you regarding our products, services and latest offers (we define this as marketing). You will receive marketing communications from us if you have provided your consent. You can change your marketing preference at any time by accessing My Account in Dotpost.

Delete

To whom do you disclose my personal data?

We may have to share personal data with the parties set out below for the purposes set out in the table above:

  • The document sender that has invited you to open a Dotpost account. This is for the purpose of reporting the date that you have activated your Dotpost account;
  • Service providers who provide IT and system administration services and access to platforms we use for operational purposes to run our business;
  • Professional advisers including lawyers, barristers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services;
  • Third parties who require access to the personal data we process for the purposes of the prevention or detection of crime or for the purposes of legal proceedings;
  • HM Revenue & Customs, regulators and other authorities based in the UK who require reporting of processing activities in certain circumstances, for example to ensure we are complying with legal and regulatory obligations;
  • External auditors who provide auditing and similar compliance services to us to ensure we are complying with our legal and regulatory obligations when we provide services to you, process personal data or where we are certified under any relevant schemes or certifications;
Delete

To where do you transfer personal data?

We do not transfer any personal data to any third parties outside of the UK and the EEA.

Delete

How do you safeguard personal data?

We have appropriate security measures in place to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. 

We also have in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Delete

For how long will you use personal data?

We will only retain personal data for as long as necessary to fulfil the purposes for which we collected it. 

  • We will retain unclaimed documents for 33 days from the mailing launch.  
Delete

Third-party links on this website

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share personal data about you. We do not control these third-party websites and are not responsible for their privacy policies. When you leave our website, we encourage you to read the privacy policy of every website you visit.

Delete

What are cookies and how are these used?

Cookies are small files of letters and numbers stored on your browser or device that enable the cookie owner to recognise the device when it visits websites or uses online services. The website you visit may set cookies directly, known as first-party cookies, or may trigger cookies set by other domain names, known as third-party cookies. While we may automatically use some cookies that are strictly necessary to provide the services you request or enable communications, we request your consent for all of our other cookie uses.

Most web browsers allow you to directly block all cookies, or just third-party cookies, through your browser settings. Using your browser settings to block all cookies, including strictly necessary ones, may interfere with proper site operation. 


Delete