This privacy notice tells you what to expect us to do with the information we collect when you use our service.

Groupsend provides online forms, reports and processes to organisations with a high level of personal service. Our Client Support Team is backed by a team of developers so our product can be adapted to fit our clients needs more precisely.

If you are a client who is commissioning us to create online forms, reports and processes for you, we are your Data Processor and consider you as the Data Controller within the GDPR regulations.

If you are a person completing a form, you should refer to the organisation who sent you the form for details of their privacy policies and how they use your personal data. This Privacy Notice explains what we will do. The organisation of the person who sent you the form will have access to your data and may have different policies.

Our limits as a Data Processor

We follow instructions from our clients regarding the processing of personal data. This means:

  • We are told what data to collect by our clients
  • We do not decide to collect personal data from individuals.
  • We do not decide what personal data should be collected from individuals.
  • We do not decide the lawful basis for the use of that data.
  • We do not decide what purpose or purposes the data will be used for.
  • We do not decide whether to disclose the data, or to whom.
  • We do not decide how long to retain the data.
  • We may make some decisions on how data is processed, but implement these decisions under a contract with someone else.
  • We are not interested in the end result of the processing.

For details regarding any of the above, please refer to the organisation who sent you the form to complete.

We will not share your information with any third parties for the purposes of direct marketing. We only use your data to provide you a service with your consent. The details and limits of this are set out in this notice and our terms and conditions.

If you wish to contact our Data Protection Officer, please email [email protected]

The people we work with

Our service is used by two types or people; our clients who commission us to create forms and those that complete forms for our clients using our services.

A client can be a single individual or several people in an organisation who have access to completed forms. They ask us to create forms which they use within their organisation or send out to others for completion.

The information we hold

Our primary purpose is to securely collect and store information that organisations want to collect using our online forms. That information includes; form templates, the contents of draft or completed forms, historical versions of draft or completed forms, additional information added by our clients to completed forms. We also securely store files of data and images added (uploaded) to forms. For clients, we will also store logos and other information related to their organisation.

As is common practice we also hold data necessary to make our systems work. Such necessary data includes email addresses and passwords set by clients and other users. We collect and store functional information that is needed to make certain features work and personal information (for example preferred language, timezone, and other preferences) to help people customise our service. We also gather analytics data including anonymised information that allows us to see how people use our website, services and content. For more information, please see “Use of your data” below.

We do not hold data for the purposes of giving to third parties for marketing.

Who can see what

Our clients have the responsibility to work within their policies to determine who can see your data. They have the ability within our systems to nominate some people to be able to view or change the data should it be required. When data is changed, we will notify the person named as completing the form that changes have been made on their behalf. Notifications will be sent via email to the email address we have been given.

We may need to see your data when providing support to you if you request it. Any changes we make will be detailed in an email to you.

Managing your data

It is possible to edit the data held in forms at any time. In most cases, you can change an existing form or withdraw an old form and submit a new one.

Information contained within withdrawn forms are still visible by looking at its audit trail. The main contents will not be visible in any reports when viewing forms in the normal way.

Deleting your account

As a client, when you delete your account, the form data and templates will remain for others in your organisation to view and work with. Records of your history will remain in the audit trail so that others have details of what has been changed and by whom.

As a person who has completed a form, we will delete your personalisation details but your forms and history will remain. If you want that data deleted, you will need to contact the organisation(s) that sent you forms to complete. They may have regulatory restrictions that mean they need to retain certain information. We will provide you with a list of all the organisations for whom you have completed forms and, where possible, an email contact. As a Data Processor we do not have responsibility for deleting your personal data.

Deleting a form template

Clients can request that we delete form templates. The original forms and their audit trail will remain in place unless we receive a verified request to remove them.

How we get your information

Aside from the data collected in forms, we collect information from you when you sign-up to our service, contact us in some way or enter information into our website service.

We use cookies or similar technologies that store information about you, to keep track of your sign-in details, which marketing emails, web pages or blogs you have visited that are owned by us.

Children’s information

We do not offer our products or services for use by children. If you are under 18, you may not use this service or provide any information to the service without involvement of a parent or a guardian. Information about children must be provided by an adult with the authority to do so.

Use of your data

We will not share your information with any third parties for the purposes of direct marketing.

We do use your data for the following reasons:

  • create and maintain your account and to control access to it.
  • to provide you with information regarding usage and status of the emails you send through us.
  • to answer requests from you for support or questions about our service.
  • to communicate with you about our services, for example about changes or any technical issues or planned work.
  • for billing and subscription purposes.
  • for the investigation and prevention of fraud and breaches of the terms of service.
  • to enable third parties to provide services to us.
  • to comply with applicable laws to which we are subject.

Members of our team have access to your account to provide support and answer queries. They will not have access to your credit card or other payment method details. All team members have agreed in writing to conform to strict standards of privacy and confidentiality.

We use your data to improve what we do

By monitoring how our service is used and what problems and issues people have, we use your data to:

  • improve our service to ensure that content is presented in the most effective manner.
  • administer the service and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
  • allow you to participate in features of our service when you choose to do so.

We also monitor various aspects of how you use our service as part of our efforts to keep our service safe and secure.

Sharing your data with third parties

Except for circumstances we described in this document or in our terms of service, we do not share your personal data with third parties. When we need to provide your personal data to third parties, we will only share it to the extent necessary to provide you with our services. We may also share your personal data as required or permitted by law and as described below.

We use third-party services embedded into our website. These include Optimizely, Google Analytics, Cookiehub and anonymised tracking services to allow us to assess how people interact with our pages and forms.

We use Stripe to process subscription payments and therefore provide them with the personal data required to charge your credit card.

We use mailing services such as Mailchimp, SendGrid and Mailgun along with software running on our own servers. Each of these will temporarily store the emails you send in queues until they are processed. Logs containing details of who has been emailed what, including time information and some status details, may be stored for up to 90 days.

We use third party services for customer engagement, customer chat, product feedback and customer support ticketing.

Additionally, we will provide information to a third party in the event of any reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).

When we are obliged to share data

In some circumstances we are legally obliged to share information. For example under a court order or where we cooperate with other supervisory authorities in handling complaints or investigations. We might also share information with other regulatory bodies in order to further their, or our, objectives. In any scenario, we will satisfy ourselves that we have a lawful basis on which to share the information and will document our decision making.

Where is your data stored

Our marketing website, the website you see before you sign-in, is hosted and operated using third party services from data centres throughout the United States and Europe.

Our core service, the part you access after signing in, is hosted in Europe along with our databases.

Our 3rd party service providers may store limited information in, or transfer limited information via, other territories such as the United States.

How we protect your data

The security of your personal information is important to us. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. Groupsend infrastructure is located in top-tier data centres. All Groupsend employees undergo thorough background checks and sign non-disclosure agreements at the time of hire. If you have any questions about the security of your personal information, you can contact our Data Protection Officer (details can be found at the top and bottom of this privacy notice).

Remember though, that some parts of the services are public and that email, by its nature, is not a reliably private means of communication. If you voluntarily provide personal data in a public area of the website, unrelated parties online will be able to view it and collect it. If you don’t want to make this information publicly available, you shouldn’t post it.

Your rights

Reviewing, correcting and removing your data

If you are resident in the UK, a European Union member state, or a European Economic Area country, you have certain privacy rights granted by law.

Amongst these rights:

  • You have the right to obtain a copy of all the data we hold.
  • You have the right to correct any data we hold most of which you will be able to do online via our service.
  • You have the right to have your data deleted.

In large part, these rights must be requested through the organisations who contract us to provide online forms, these are the people who sent the forms to you for completion. Contact our Data Protection Officer for further information. Details can be found at the top and bottom of this privacy notice.

Changes to this notice

Any changes we may make to our Privacy Notice in the future will be posted on this page and, where appropriate, notified to you by e­mail. Please check back frequently to see any updates or changes to our Privacy Notice.

Contacting our Data Protection Officer

If you wish to contact our Data Protection Officer, please email suppor[email protected]

Include in your email the details of your question or complaint so we can investigate it and fulfil our duties in full.

When we receive a question or complaint from you, we will set up a case file. This normally includes your contact details and any other information you have given us about the other parties. We may need to share this information with the client who sent you the form to complete, the person who completed the form, or appropriate regulatory bodies.