Privacy Policy
Stannp Privacy and Cookies Policy
This is the Privacy & Cookies Policy (the "Policy") of Stannp Ltd, a company registered in England and Wales with company registration number 9086822 and with registered office at Unit 12 Taw Trade Park, Braunton Road, Barnstaple, Devon, England, EX31 1JZ (hereafter "Stannp", "we" or "us"). This Policy describes the ways in which Stannp collects and uses information about you when you use its website at stannp.com (the "Website") and/or use its service (the "Platform"). Stannp may change this Policy at any time and whilst it will tell you about what it feels are key changes to the Policy, please check it regularly to keep up-to-date. If you do not wish to accept the new Policy you should stop using the Service. If you continue to use the Service after the changes, your continued use of the Service shows us your agreement to be bound by the new Policy. This Policy was last updated 1st September 2025.
1. ICO Registration and EU Representative
For the purposes of data protection legislation, Stannp is a Data Controller in relation to our own business operations, and a Data Processor when handling customer data through our Platform services. We are registered with the Information Commissioner's Office ("ICO") under registration number ZA134992. If you are an EU Data Subject you can contact our EU Representative, Rune Peterson, at eurep@fifthsquare.eu. Our EU Representative complies with our obligations under GDPR Article 27 and is established in the Republic of Ireland. Please note that our EU Representative is a Third Party. They will process your personal data in accordance with this Privacy Policy.
2. Information We Collect and Use as a Data Controller
We collect and process the following information from you via the Platform:
| Category of Data | What information do we collect? | When do we collect this? | How do we use this information? | Our reasons |
|---|---|---|---|---|
Account and Contact Information |
| If you choose to sign up to the Platform and use the Service. | To create your account and allow you to access and use the Service thereafter. | Contractual necessity: We require details of your full name, email address, address and company to create and administer your account, including to send you personalised system notifications, identify you at sign-in, for billing and other account administration purposes. Consent: You may elect to provide us details of your phone number, including if you wish to set up a two-step authentication verified by SMS for your account or if you sign up to our SMS delivery service. You may also elect to provide details of your job title to enable us to send you more personalised notifications, including for us to provide communications adapted to your role in your company. |
Payment Information |
| When you top up your balance on your account or set up a subscription | To collect our fees | Contractual necessity: We require these details to be able to collect our fees in relation to the Service provided to you. |
Marketing and Communication Preferences |
| If you choose to subscribe to marketing communications (whether by email, SMS or post (as applicable)) from Stannp or if we are otherwise permitted to send them to you by law. | To send you marketing communications about our upcoming activities as well as other news and features relating to Stannp, including about services available from Stannp and its affiliates. | Consent: We only send you marketing communications by either email, SMS or post (as you elect) where you have consented to receiving them, or if we are otherwise permitted to send them to you by law (e.g., by virtue of the soft opt-in). You can unsubscribe at any time by clicking the unsubscribe button in any marketing message sent to you or alternatively by toggling off the contact settings in the "how we can contact you" section of your account settings. |
Information from Third Party Sources |
| Information from third party sources. | To send you marketing communications which we believe would be of interest to you. | Legitimate Interest: We will only send marketing communications where we believe we have a legitimate interest such as improving our services, growing our business and informing our marketing strategy. Consent: You can unsubscribe at any time by contacting us here. |
Surveys and Feedback | Any personal data you may provide when answering our surveys. | If you choose to reply to one of our surveys. | To conduct research about our customers' opinion of the current Service or of potential new services that may be offered. | Consent (or in the case of any special category data, explicit consent): You do not have to respond to such surveys. If you do elect to answer a survey, the information is used to allow us to understand better who uses our Platform and Service and assists us in making improvements to our Services. |
Non-essential Cookie Data | The information collected via those cookies/technologies which are not necessary cookies, as set out in paragraph 10 below. | If you choose to allow these cookies (other than necessary cookies) to be placed then Stannp will place those cookies and therefore collect the information provided via them accordingly. | To assess visitor numbers to our Platform and how users interact with our Platform and the Service, as well as for other maintenance and support purposes. | Consent: We only place non-necessary cookies if you consent to these when first visiting our Website or Platform. |
Necessary Cookie Data | Information collected by our use of necessary cookies and similar technologies | When you use our Website or Platform | To carry out administrative tasks and to help us improve the functionalities and features of the Website and Platform. | Legitimate interests: This personal data allows us to provide and improve the services that we offer you. The items of personal data collected are limited to "technical" type data and your rights and freedoms are not outweighed by us collecting this data from you. |
Technical and Usage Information |
| When you visit or use our Website or Platform | To ensure Platform functionality, maintain security, and analyse usage patterns | Legitimate interests: This technical data allows us to provide and improve the Platform services that we offer you. The items of personal data collected are limited to "technical" type data and your rights and freedoms are not outweighed by us collecting this data from you. |
Website Analytics Data |
| When you use our Platform and interact with features | To improve our Platform functionality and user experience | Legitimate interests: We have a legitimate interest in understanding how users interact with our Platform to identify popular features, optimize user journeys, and develop better functionality for all users. |
Customer Support Information |
| When you contact our customer support team | To resolve your technical issues and improve our services based on common problems | Contractual necessity: We require this information to provide customer support as part of our service obligations to you. Legitimate interests: We use anonymized support data to identify common issues and improve our Platform for all users. |
Preferences and Settings |
| When you configure your account settings or provide preferences | To deliver personalized service according to your preferences | Contractual necessity: We require these preferences to deliver services according to your chosen settings. Consent: For marketing preferences and optional customizations that you choose to enable. |
3. Data We Process on Your Instructions (as a Data Processor)
When you use our Platform to send mailings to your recipients, you are the data controller and we act as your data processor. We process the following data solely on your instructions:
| Category of Data | What information do we process? | When do we process this? | How do we use this information? | Legal Basis |
|---|---|---|---|---|
Recipient Data |
| When you upload mailing lists or enter recipient details for campaigns | To fulfil your mailing campaigns by: • Printing and sending physical mail • Sending electronic communications • Address verification and formatting • Generating proofs and previews | Your Instruction: As data processor, we process this data solely on your instruction as the data controller. You are responsible for ensuring you have appropriate legal basis (consent, legitimate interest, etc.) for processing your recipients' data. |
Campaign Content |
| When you create or upload campaign materials | To produce and deliver your mailings: • Merge variable data • Print materials • Apply postage • Track delivery status | Your Instruction: We process this content as directed by you to execute your campaigns. You retain all responsibility for content compliance with applicable laws. |
Customer-Uploaded Databases |
| When you import data files or connect via API | To: • Store for future campaigns • Apply suppressions • Assist with address verification | Your Instruction: Stored and processed per your retention settings. You control deletion and are responsible for data accuracy and lawful basis. |
Campaign Analytics |
| During and after campaign execution | To provide you with: • Delivery reports • Campaign performance metrics | Your Instruction: Analytics generated from your campaign data to help you measure effectiveness. You determine how this data is used for future targeting. |
Important Notes for Customers:
As the data controller, you are responsible for:
Ensuring you have a lawful basis for processing all recipient data
Responding to data subject rights requests from your recipients
Maintaining accuracy of uploaded data
Complying with data protection laws including GDPR, PECR, and the CAP Code
Providing appropriate privacy notices to your recipients
We process this data solely on your instructions and do not use it for our own purposes
You can configure retention periods in your account settings
We act as your data processor under the terms set out in our Terms of Service (Clause 11)
4. Data Processing for Our Customers
When you use our Platform to send mailings to your customers, you are the data controller, and we act as your data processor. In this capacity: • We process personal data solely on your instructions • You are responsible for ensuring you have appropriate legal basis and consent from your recipients • You remain responsible for handling data subject rights requests from your customers • We assist you with compliance obligations as outlined in our Terms of Service
5. Data Services
If you use our optional data services to access third-party data for campaign targeting, this is governed by a separate Data Services Agreement. Key points: • You are the data controller for any data accessed • We act as data processor, providing technical access only • You are responsible for ensuring lawful basis and compliance with GDPR, PECR and the CAP Code • Full terms are in your Data Services Agreement
6. Sharing Your Information with Third Parties
We share data with carefully selected subprocessors as detailed in our subprocessor list, which is updated regularly and available on our website.
with any group companies of ours or affiliates;
with our regulator (the ICO) when required;
-
in anonymised form, we may share information with:
any third party, in relation to the sale of some or all of Stannp's business, or its assets, or as part of any business restructuring or reorganisation. Stannp will take steps with the aim of ensuring that your rights continue to be protected if your personal data is transferred under these circumstances;
data aggregators and platform providers as part of an analysis of user metrics or sales performance; or
law enforcement agencies in compliance with law enforcement.
7. Links to Third Party Websites and Third Party Adverts
Stannp is not responsible for the privacy policies and practices of other sites even if you access them via the Website, Platform and/or as part of your use of the Service. You should check the policy of each site you visit and contact its owner or operator if you have any concerns or questions.
8. Security
Stannp has implemented technology and policies to safeguard your privacy from unauthorised access and improper use. Personal data is secured on computer servers in a controlled, secure environment, protected from unauthorised access, use or disclosure. When personal information (such as a credit card number) is transmitted to other websites, it is protected through the use of encryption, such as Secure Socket Layer (SSL) protocol. We maintain appropriate technical and organisational measures to protect personal data, including: • Encryption of data in transit and at rest • Regular security assessments and penetration testing • Access controls and authentication mechanisms • Staff training on data protection • Incident response procedures Payment Card Security: We do not directly store or process full payment card numbers on our systems. All payment transactions are handled securely by PCI DSS-compliant payment processors. These processors are contractually required to maintain strict safeguards in accordance with the Payment Card Industry Data Security Standard (PCI DSS) to protect your financial information.
9. Storage and Data Retention
We store personal data of our UK and EEA-based customers within the EEA. We do not currently transfer such data outside the EEA. We retain your data for no longer than is reasonable in line with the purposes for which it was originally collected. If you have an active account on our Platform, you can configure a retention policy yourself. If you do not configure it the default retention period for sensitive assets will be 3 years unless you fail to use your account at least once in any 12 month period in which case we will delete your account and associated data after such 12 months of non-use. Where we transfer personal data outside the UK or EEA, we will ensure appropriate safeguards are in place, including: • reliance on an adequacy decision (where the recipient country is recognised as providing an adequate level of protection); • use of the EU Commission's Standard Contractual Clauses; and/or • use of the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs. Any user with an account can request their personal data to be removed at any time, however please note that • if the user account was a previous customer of Stannp, data may be anonymised rather than fully removed; and • any personal data appearing on sales invoices will be retained by Stannp for at least 7 years for legal compliance.
10. Cookies and Similar Technologies
10.1 What are Cookies?
Cookies are small text files that are placed on your device when you use the Website or Platform. Session cookies enable you to move from page to page within the Website and Platform and any information you enter will be remembered but is deleted when you close the page or after a short time. Persistent cookies allow us to remember your preferences and settings when you use the Website or Platform in the future.
10.2 Types of Cookies We Use
| Cookie Type | Purpose | Examples |
|---|---|---|
Strictly Necessary Cookies | • Authentication tokens to keep you logged in • Dashboard configuration preferences • Security and fraud prevention • Load balancing and platform functionality | Essential for Platform operation |
Analytics Cookies<br>(with your consent) | • Understanding how visitors use our site • Tracking if advertising or referral links were effective • Analyzing user behavior to improve Platform functionality | • Google Analytics • Referrer tracking • User behavior tracking |
Marketing Cookies<br>(with your consent) | • Advertising optimization • Marketing campaign effectiveness • Showing relevant advertisements | • Google Adwords • Hubspot • Retargeting cookies |
10.3 Managing Your Cookie Preferences
You can control cookie settings through our cookie consent banner when you first visit our website, your account settings if you're a logged-in user, or directly through your browser settings. If you do not want cookies to be served on your device, you can disable them through these settings; however, please note that disabling necessary cookies may prevent you from accessing some Platform features.
10.4 Third Party Cookies
Third party advertisers may place or read cookies on your browser when you use our website or Platform. This Policy applies only to Stannp's use of cookies and does not cover third party cookies. For more information about managing cookies, visit www.aboutcookies.org or www.allaboutcookies.org.
11. Your Rights
Under data protection law, you have several rights regarding your personal data:
Access: You can request a copy of the personal data we hold about you.
Rectification: You can ask us to correct any inaccurate or incomplete personal data.
Erasure: You can request deletion of your personal data in certain circumstances.
Restriction: You can ask us to restrict processing of your personal data in certain situations.
Portability: Where technically feasible and legally required, you can request your data in a portable format.
Objection: You can object to processing based on legitimate interests or for direct marketing.
Automated Decision-Making: We do not currently use automated decision-making or profiling that produces legal or similarly significant effects.
Withdrawing Consent: Where we process data based on consent, you can withdraw this at any time.
You can exercise any of the rights listed above by contacting us here. If you have an account, you may also be able to update or delete some of your information directly through your account settings. We will respond to your request without undue delay and in any event within one month of receiving it. Where a request is complex or numerous, we may extend this period by up to a further two months. If this is necessary, we will notify you within the first month and explain why the extension is needed. We may need to request specific information from you to help us confirm your identity before we can process your request. This is a security measure to ensure that personal data is not disclosed to anyone who has no right to receive it. Exercising your rights is free of charge. However, if your request is manifestly unfounded, excessive or repetitive, we may charge a reasonable fee or refuse to act on the request.
12. Children's Privacy
Our services are intended for business use and we do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete it promptly. If you believe we have collected data from a child, please contact us immediately.
13. Data Breach Notification
In the event of a personal data breach affecting data we process on your behalf as data controller, we will notify you without undue delay and within 72 hours of becoming aware of the breach. We will provide: - • Description of the nature of the breach • Categories and approximate numbers of data subjects affected • Likely consequences of the breach • Measures taken or proposed to address the breach
14. Contact Information
If at any time you would like to contact Stannp about your views on this Policy or any enquiry relating to your personal information, you can do so by: Email: GDPR@stannp.com Post: Unit 12, Taw Trade Park, Braunton Road, Barnstaple, Devon, EX31 1JZ You also have the right to make a complaint to the ICO by contacting them at any time.