Get Demo
Login / Sign-up
Get Demo
Login / Sign-up

Privacy Policy

Your privacy, protected—how CallCloser handles and safeguards your data.

Last Updated: 24 October 2025

Introduction

CallCloser Limited (“Company”, “we”, “us”, or “our”) is a UK-based company headquartered at Unit 4 Cedar Court Tiverton Business Park, Lowman Way, Tiverton, England, EX16 6GT. For the purposes of applicable data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we act as the data controller for personal data collected and processed through our website at https://callcloser.ai (the “Site”).

We collect and process the personal data of individuals interested in our services and their purchase who provide their personal data on the Site or through our contact channels (including by phone at 07700 107735).

This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you interact with our Site and services. It also describes your rights under data protection law and how to exercise them.

1. What categories of personal data do we collect about you?

1.1 The personal data we collect through the Site and our contact channels may include:

  • First name and last name
  • Email address
  • Phone number
  • Company name and role (if provided)
  • Information you include in messages or call scripts when you contact us
  • Technical data such as IP address, device and browser type, pages visited, referring/exit pages, timestamps, and similar analytics data collected via cookies and similar technologies

2. How do we obtain personal data about you?

2.1 We collect personal data:

  • When you complete forms on the Site (for example, contact or demo request forms)
  • When you communicate with us by phone on 07700 107735 or via any email address listed on the Site
  • When you subscribe to updates, marketing communications, or resources
  • Automatically through analytics and cookies when you visit or interact with the Site, subject to your consent where required

3. The lawful bases for processing your personal data

3.1 We process your personal data on one or more of the following lawful bases:

  • Performance of a contract or taking steps at your request prior to entering into a contract (for example, responding to enquiries, preparing proposals)
  • Legitimate interests (for example, improving our services, ensuring Site security, managing business operations, communicating relevant information to prospective customers), balanced against your rights
  • Consent (for example, sending certain marketing communications where consent is required, using non-essential cookies). You may withdraw consent at any time.
  • Compliance with legal obligations (for example, record-keeping, responding to lawful requests)

4. The purposes of processing your personal data

4.1 We use your personal data to:

  • Send notifications and respond to your enquiries
  • Contact you to arrange meetings, demos, or onboarding
  • Request additional details where applicable (for example, to prepare a proposal or contract)
  • Communicate information about CallCloser.ai services, features, and updates
  • Operate, maintain, secure, and improve the Site and our services
  • Perform analytics to understand usage and improve user experience, subject to your preferences
  • Comply with legal or regulatory obligations

4.2 The personal data collected may be subject to the following categories of processing activities: collection, storage, organisation, consultation, analysis, use, transmission, and modification.

5. Disclosure of your personal data

5.1 We may disclose your personal data to trusted third parties such as:

  • Service providers and suppliers who support our operations (for example, hosting, analytics, CRM, communications, technical support)
  • Professional advisers (for example, legal, accounting, audit)
  • Courts, regulatory authorities, public administrations, and law enforcement authorities, in compliance with law
  • Successors or acquirers in connection with a merger, acquisition, or corporate reorganisation, subject to safeguards

5.2 We ensure that any third parties process personal data subject to appropriate contractual obligations, confidentiality, and security measures.

5.3 You may request a list of third-party recipients relevant to your data by contacting us at [email protected] or via 07700 107735.

6. International transfers of personal data

6.1 Your personal data may be transferred to and stored in countries outside the UK (and, where relevant, the European Economic Area) when our service providers are located or host data in third countries, for example, the United States.

6.2 In such cases, we implement appropriate safeguards to protect your personal data, which may include:

  • UK International Data Transfer Agreement (IDTA) or EU/UK Standard Contractual Clauses
  • Additional technical and organisational measures such as encryption and access controls

6.3 Information about specific transfer mechanisms is available on request.

7. How long do we keep your personal data?

7.1 We retain your personal data for as long as necessary to fulfil the purposes described in this policy, including:

  • During the negotiation and onboarding process for a commercial contract
  • For the duration of any active customer relationship
  • To comply with legal obligations
  • To establish, exercise, or defend legal claims

7.2 After the expiration of the relevant period, we will retain personal data for a further period of up to three years, unless a longer period is required by law or necessary in connection with legal proceedings.

8. What level of security do we provide for your personal data?

8.1 We use a range of appropriate technical and organisational security measures designed to protect personal data against unauthorised access, unlawful processing, accidental loss, destruction, damage, or alteration, in accordance with UK GDPR and applicable law.

8.2 Where we disclose personal data to external providers, we do so under written agreements that require confidentiality and suitable security measures.

9. Your rights under data protection law

9.1 Depending on the circumstances, you have the following rights:

  • Right of access to request information about how we process your personal data and to receive a copy of it
  • Right to rectification to request correction of inaccurate or incomplete personal data
  • Right to erasure to request deletion of personal data in certain circumstances
  • Right to restriction to request restriction of processing in certain circumstances
  • Right to object to processing based on legitimate interests and to direct marketing at any time
  • Right to data portability to receive personal data you have provided to us in a structured, commonly used, and machine-readable format and to have it transmitted to another controller where technically feasible
  • Right to withdraw consent where processing is based on consent, without affecting the lawfulness of processing before withdrawal

9.2 If you wish to exercise your rights, please contact us via [email protected] or call 07700 107735. We may require proof of identity. We will respond within one month, or within the timeframe permitted by law.

9.3 Complaints: You have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) if you believe your data protection rights have been violated. Contact details are available at ico.org.uk, telephone 0303 123 1113, or by writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. We would appreciate the chance to address your concerns before you approach the ICO, so please contact us first.

10. What happens if you do not provide personal data?

10.1 If you choose not to provide personal data or object to certain processing, we will respect your choice as required by law. However, this may mean we cannot perform actions necessary to fulfil the purposes described above, for example, respond to enquiries, prepare proposals, or deliver services.

10.2 We may be required or entitled to retain certain data to comply with legal or regulatory obligations and to protect or exercise our legal rights and interests.

11. Data Protection Officer or privacy contact

11.1 If you have questions or requests regarding the processing of your personal data or need additional information, contact our privacy lead at [email protected] or call 07700 107735.

12. Marketing communications and preferences

12.1 Where permitted by law, we may send you marketing communications about our services. We will obtain your consent where required by the Privacy and Electronic Communications Regulations (PECR).

12.2 You may opt out at any time by using unsubscribe links in emails or contacting [email protected]. Opting out will not affect service-related communications.

13. Cookies and similar technologies

13.1 We use cookies and similar technologies to operate and improve the Site, perform analytics, and remember preferences. Where required, we will request your consent before placing non-essential cookies.

13.2 For details, please see our Cookie Policy if available or contact [email protected].

14. Automated decision-making and profiling

14.1 We do not conduct automated decision-making that produces legal effects or similarly significant effects on you without appropriate safeguards. Where any profiling is used, for example for analytics or marketing segmentation, it will be limited and subject to your rights under UK GDPR.

15. Changes to this Privacy Policy

15.1 We may update this Privacy Policy from time to time. Material changes will be communicated via the Site or by direct notice where appropriate. The “Last updated” date at the top indicates when the most recent changes were made.

16. Contact details

Data Processing Addendum (DPA)

This Data Processing Addendum (the “DPA”) forms part of and is subject to the agreement, order form, or subscription governing the provision of services (the “Agreement”) between the customer entity identified in the Agreement (the “Controller”, “you”, “your”) and CallCloser Limited, trading as “CallCloser”, with a principal place of business at Unit 4 Cedar Court Tiverton Business Park, Lowman Way, Tiverton, England, EX16 6GT (“Processor”, “we”, “us”, “our”). The website for our services is https://callcloser.ai.

1. Definitions

  • Applicable Data Protection Law means all laws and regulations relating to data protection, privacy, and the Processing of Personal Data applicable to the parties, including the UK GDPR, the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 (PECR), and where relevant, the EU GDPR.
  • Terms such as Controller, Processor, Personal Data, Processing, Personal Data Breach, Supervisory Authority, and Data Subject have the meanings given in Applicable Data Protection Law.
  • Sub-processor means any third party engaged by or on behalf of Processor to Process Personal Data for the purpose of providing the Services.
  • UK IDTA/SCCs means the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses, and/or the EU Standard Contractual Clauses (as applicable) to legitimise international data transfers.

2. Role of the Parties

  • Controller instructs Processor to Process Personal Data as necessary to provide the services described in the Agreement (the “Services”).
  • Unless otherwise stated, Controller is the Controller of Personal Data and CallCloser Limited (trading as CallCloser) is the Processor. Where CallCloser acts as a Sub-processor, Controller warrants it is itself a Processor with authority and documented instructions from the relevant Controller.

3. Subject Matter and Duration

  • Subject matter: Processor’s provision of the Services involving the Processing of Personal Data.
  • Duration: This DPA remains in force for the term of the Agreement and until deletion or return of Personal Data under Section 12.

4. Nature and Purpose of Processing

  • Nature: Storage, hosting, transmission, AI-enabled call handling, optional call recording and transcription (if enabled by Controller), analytics, troubleshooting, and customer support necessary to operate and secure the Services.
  • Purpose: To perform the Services under the Agreement and as otherwise documented in Controller’s written instructions and configurations.

5. Types of Personal Data and Categories of Data Subjects

  • Types of Personal Data: Contact and account data (name, email, phone), call metadata, content of communications (scripts, recordings, transcripts) where enabled, CRM-related data provided by Controller or integrations, usage and technical identifiers (IP address, device/browser).
  • Special Categories: Not intended to be Processed. Controller shall not submit Special Category Data unless expressly agreed in writing with appropriate safeguards.
  • Data Subjects: Controller’s prospects, customers, leads, employees/contractors, and other end-users whose Personal Data is submitted by Controller.

6. Controller Instructions

  • Processor will Process Personal Data only on documented instructions from Controller, including as set out in the Agreement, this DPA, and Controller’s configuration and use of the Services.
  • If required by law to Process beyond Controller’s instructions, Processor will inform Controller unless prohibited by law.
  • Processor will notify Controller if, in its opinion, an instruction infringes Applicable Data Protection Law, without providing legal advice.

7. Security

  • Processor shall implement appropriate technical and organisational measures designed to protect Personal Data against unauthorised or unlawful Processing and against accidental loss, destruction, or damage, appropriate to the risk.
  • Measures may include encryption in transit and at rest, access controls and role-based access, secure development practices, logging and monitoring, vulnerability management, backups, and staff confidentiality and training.

8. Confidentiality

Processor shall ensure that persons authorised to Process Personal Data are subject to confidentiality obligations and Process Personal Data only on Controller’s instructions.

9. Sub-processors

  • Controller authorises Processor to engage Sub-processors to support the Services. A current list of material Sub-processors is available on request via [email protected].
  • Processor shall impose on Sub-processors data protection obligations no less protective than those in this DPA and remains liable for their performance.
  • Changes: Processor will notify Controller of intended changes to Sub-processors by email or in-product notice. Controller may object on reasonable data protection grounds within 10 days. If unresolved, Controller may terminate the affected Services with a pro-rata refund of pre-paid, unused fees for the terminated portion.

10. Assistance

  • Data Subject requests: Taking into account the nature of Processing, Processor will assist Controller by appropriate technical and organisational measures, insofar as possible, to respond to Data Subject requests under Applicable Data Protection Law.
  • Compliance: Processor will provide reasonable assistance for data protection impact assessments and consultations with Supervisory Authorities, to the extent required by law and related to Processor’s Processing of Personal Data.

11. Personal Data Breach

  • Processor shall notify Controller without undue delay after becoming aware of a Personal Data Breach affecting Personal Data Processed under this DPA.
  • Notification will include information reasonably available to assist Controller in meeting its breach notification obligations.
  • Processor will take reasonable steps to contain, investigate, and mitigate the Breach and will reasonably cooperate with Controller.

12. Return and Deletion

  • Upon termination or expiry of the Agreement, Processor will, at Controller’s choice and subject to legal retention requirements, delete or return Personal Data and delete existing copies within a reasonable period, unless storage is required by law.
  • If Controller does not select return, Processor will securely delete Personal Data in accordance with its standard retention and deletion schedules.

13. Audit and Compliance Information

  • Processor will make available information reasonably necessary to demonstrate compliance with this DPA (for example, summaries of policies, third-party audit reports where available, responses to security questionnaires).
  • On reasonable prior written notice, no more than once annually (unless required by a Supervisory Authority or following a proven Personal Data Breach), Controller may audit Processor’s compliance. Audits shall be confined to facilities, systems, and documentation relevant to Processing under this DPA, occur during normal business hours, avoid undue disruption, preserve confidentiality, and may be satisfied by third-party certifications or questionnaires.
  • If an on-site audit is necessary, it will be conducted by a mutually agreed independent auditor at Controller’s expense.

14. International Transfers

  • Processor may transfer Personal Data outside the UK (and, where relevant, the EEA) where necessary to provide the Services, including to Sub-processors.
  • Processor shall ensure such transfers comply with Applicable Data Protection Law and are subject to appropriate safeguards, which may include execution of the UK IDTA, the UK Addendum to the EU SCCs with the EU SCCs, and additional technical and organisational measures.
  • Copies or a description of the relevant transfer mechanism may be provided upon request, subject to redactions for confidentiality.

15. Records

Processor shall maintain records of Processing activities carried out on behalf of Controller as required by Applicable Data Protection Law and make them available to Supervisory Authorities upon request.

16. Liability

Each party’s liability under this DPA is subject to the limitations and exclusions of liability set out in the Agreement, except where such limitation is not permitted by law. Nothing in this DPA excludes or limits liability where prohibited by law.

17. Order of Precedence

  • If there is a conflict between this DPA and the Agreement, this DPA prevails regarding data protection matters.
  • If there is a conflict between this DPA and the UK IDTA/EU SCCs (where applicable), the UK IDTA/EU SCCs shall prevail to the extent of the conflict.

18. Miscellaneous

  • Notices under this DPA should be sent to [email protected] and to Controller’s designated contact.
  • This DPA is governed by and construed in accordance with the laws of England and Wales. The parties submit to the exclusive jurisdiction of the English courts, without prejudice to mandatory rights of Data Subjects or Supervisory Authorities.

Annex A: Details of Processing

  • Controller: The customer entity identified in the Agreement.
  • Processor: CallCloser Limited (trading as “CallCloser”), Unit 4 Cedar Court Tiverton Business Park, Lowman Way, Tiverton, England, EX16 6GT; [email protected]; 07700 107735; website: https://callcloser.ai.
  • Subject matter and duration: As described in Sections 3 and 4 of this DPA and the Agreement.
  • Nature and purpose: Hosting, storage, transmission, AI call handling, optional recordings/transcriptions (if enabled), analytics, and support.
  • Types of Personal Data: Contact details, communication content (if enabled), CRM-related data, identifiers, usage and technical data.
  • Special Categories: Not intended; prohibited unless expressly agreed in writing with safeguards.
  • Data Subjects: Controller’s prospects, customers, leads, staff, and other end-users.

Annex B: Technical and Organisational Measures

  • Access control: Role-based access, least privilege, multi-factor authentication for administrative access.
  • Encryption: TLS in transit; encryption at rest for storage systems where feasible.
  • Secure development: Code reviews, dependency management, vulnerability scanning.
  • Logging and monitoring: Centralised logging, anomaly detection, incident response procedures.
  • Business continuity: Regular backups, tested recovery, redundancy for critical components.
  • Supplier management: Security review of key Sub-processors; contractual DPAs in place.
  • Staff measures: Confidentiality agreements; data protection and security training.

Annex C: Sub-processors

A current list of material Sub-processors is available on request by contacting [email protected]. Typical categories include cloud infrastructure providers, managed databases, analytics, email/SMS and telephony providers, CRM/automation platforms, and customer support tools. Where international transfers occur, appropriate safeguards such as the UK IDTA or EU SCCs with the UK Addendum and additional measures will be applied.

CallCloser.ai - AI-Powered Call Centre Solutions
Login / Sign-up
Get Demo
  • Industries