OmniCRM Privacy Policy

Effective Date: 16 May 2026
Last Updated: 01 May 2026

OmniCRM UK Ltd (“OmniCRM”, “we”, “our”, or “us”) respects your privacy and is committed to protecting personal data. This Privacy Policy explains how we collect, use, store, process and protect personal data when you: Use the OmniCRM platform, visit our website, interact with our services, or communicate with us.

This policy is designed to comply with the requirements of the UK General Data Protection Regulation (UK GDPR) and guidance issued by the Information Commissioner's Office.

1. COMPANY INFORMATION

Legal Entity: OmniCRM UK Ltd
Company Number: 09618887
Registered Address:
Unit 102, Aviation Park West, Target Road, East Parley, Christchurch, BH23 6NW, United Kingdom

Trading Name: OmniCRM

Contact Email: [email protected]

2. SCOPE OF THIS PRIVACY POLICY

This Privacy Policy applies to: Visitors to the OmniCRM website, businesses using the OmniCRM platform, individuals whose personal data may be processed through the OmniCRM platform.

It also explains how we handle personal data processed on behalf of our customers.

3. ROLE UNDER UK GDPR

Under UK GDPR, OmniCRM operates in two possible roles depending on the context.

3.1 When You Visit Our Website

OmniCRM acts as a Data Controller for information collected through: Website forms, analytics tools, marketing tracking technologies, communications with our team.

3.2 When Customers Use the OmniCRM Platform

When customers use OmniCRM software to manage their own contacts or clients:

The Customer acts as the Data Controller

OmniCRM acts as a Data Processor

This means our customers determine: What personal data is collected, the purpose of processing, how long data is retained.

OmniCRM processes this data only in accordance with customer instructions and contractual agreements.

4. CATEGORIES OF DATA WE MAY PROCESS

Depending on how the platform is used, OmniCRM may process the following categories of personal data.

4.1 Basic Contact Information

Examples include: Name, email address, phone number, company name, postal address.

4.2 Communication Records

Including: Emails, SMS messages, call logs, voicemail recordings, appointment booking information, conversation notes.

4.3 Customer Relationship Data

Information stored within customer CRM systems including: Enquiry forms, service notes, sales records, marketing preferences, support interactions.

4.4 Special Category Data

Certain customers may use OmniCRM within regulated industries including healthcare, legal & finance.

Where a customer chooses to store such information, this may include: Medical history, treatment notes, appointment records, legal documents, sensitive client information.

Under UK GDPR this is considered Special Category Data and must be handled with enhanced protections. OmniCRM processes such information only on behalf of the customer acting as Data Controller.

4.5 Identification Documents

Customers may store verification documents including: ID documents, passport scans.

Customers are responsible for implementing appropriate data retention policies to ensure these documents are not stored longer than necessary.

4.6 Technical Data

When using our website or services we may collect: IP address, browser type, device information, session information, website interaction data.

5. PAYMENT DATA

OmniCRM does not store payment card information.

Payment processing is handled by third-party payment processors such as: Stripe, Paypal, Xero, Quickbooks.

Payment details are stored and processed directly by the payment provider in accordance with their own privacy policies and PCI compliance obligations.

6. HOW WE USE PERSONAL DATA

OmniCRM processes personal data for the following purposes:

Platform Operation

To provide access to the CRM platform and its functionality.

Customer Support

To assist customers with configuration, troubleshooting and account support.

Managed Service Support

Customers on managed service plans may receive assistance from assigned account managers for: Automation setup, workflow management, system configuration, platform optimisation.

Platform Maintenance

To monitor system performance and maintain platform security.

Legal Compliance

To comply with legal obligations.

7. PLATFORM INFRASTRUCTURE AND DATA STORAGE

OmniCRM operates using cloud infrastructure provided by: Amazon Web Services

All CRM data and platform infrastructure are hosted on AWS servers. Due to the distributed architecture of the platform, data is primarily stored on AWS infrastructure located in the United States & Europe.

8. INTERNATIONAL DATA TRANSFERS

Because platform infrastructure operates on occasion using US-based servers, personal data may be transferred outside the UK or EEA.

Where such transfers occur, safeguards are implemented through recognised legal mechanisms including frameworks associated with: The EU-US Data Privacy Framework, Standard Contractual Clauses where required.

These safeguards ensure that personal data remains protected in accordance with UK GDPR.

9. SECURITY MEASURES

OmniCRM implements multiple security measures to protect data processed through the platform. These include:

Encryption

AES-256 encryption for data at rest

TLS 1.2 or TLS 1.3 encryption for data in transit

9. SECURITY MEASURES

OmniCRM implements multiple security measures to protect data processed through the platform. These include:

Encryption

AES-256 encryption for data at rest

TLS 1.2 or TLS 1.3 encryption for data in transit

Access Controls

Role-based access permissions

Account authentication monitoring

Administrative access logging

Multi-Factor Authentication

OmniCRM enforces Multi-Factor Authentication (MFA) for all internal staff accounts.

Data Isolation

The platform uses a multi-tenant architecture where each customer account is logically isolated using unique identifiers. This prevents data exposure between client environments.

Audit Logs

System activity logs record user actions to detect unauthorised access or misuse.

Infrastructure Security

Infrastructure security and redundancy are managed by AWS through automated backup and resilience systems.

10. ACCESS TO CUSTOMER DATA

OmniCRM staff may access customer accounts only when necessary for: Platform support, system maintenance, managed service assistance, troubleshooting.

Access is restricted to authorised personnel and is governed by strict confidentiality obligations. All staff are subject to contractual non-disclosure agreements.

11. COMMUNICATIONS SERVICES

The platform allows customers to communicate with their contacts through: SMS, phone calls, voicemail messages, automated communications.

These services may rely on telecommunications providers such as: Twilio

Customers are responsible for ensuring their communications comply with all applicable marketing and telecommunications laws.

12. USE OF ARTIFICIAL INTELLIGENCE

OmniCRM does not use artificial intelligence systems to analyse or process stored client CRM records by default. Certain platform features may include AI-assisted functionality.

These features are activated only if explicitly enabled by the customer.

Customers remain responsible for how they use such functionality and what data they submit to those tools.

13. DATA RETENTION

Retention periods depend on the relationship with the customer.

Customer Platform Data

If a customer cancels their subscription: Customers have 30 days to export their data after this period, data is permanently deleted from active systems.

Website Enquiries

Data submitted via contact forms may be retained for customer service, relevant marketing and business record purposes.

14. DATA BREACH NOTIFICATION

If OmniCRM becomes aware of a personal data breach affecting customer data, we will notify the affected customer within 48 hours of discovery.

Customers remain responsible for determining whether regulatory reporting is required under UK GDPR.

15. COOKIES AND TRACKING TECHNOLOGIES

Our website uses tracking technologies including: Google Analytics, Meta Pixel, CRM tracking scripts.

These technologies help us understand website usage and improve marketing performance.

Users may control cookie preferences through browser settings or cookie consent tools where implemented.

16. YOUR RIGHTS UNDER UK GDPR

Individuals located in the UK may have rights including:

Right to access personal data

Right to rectification

Right to erasure

Right to restrict processing

Right to data portability

Right to object to processing

Requests can be submitted by contacting: [email protected]

Where OmniCRM acts as a Data Processor, requests may be forwarded to the relevant Data Controller.

17. AGE RESTRICTIONS

The OmniCRM platform is intended for use by individuals aged 18 years or older.

18. THIRD-PARTY SERVICES AND INTEGRATIONS

Customers may connect third-party applications to the platform through integrations.

OmniCRM does not control how those third-party services process data.

Customers are responsible for reviewing the privacy policies of those providers.

19. CHANGES TO THIS PRIVACY POLICY

OmniCRM may update this Privacy Policy periodically to reflect: Legal changes, platform updates, security improvements.

The most up to date version will be published on our website.