Privacy policy

Cirrus Privacy Policy

Cirrus Response Limited, (“Cirrus”) is committed to protecting the privacy of our customers and ensuring our compliance with data protection legislation and regulations including the General Data Protection Regulation (GDPR), effective 25th May 2018. This privacy policy applies to and the Cirrus contact-centre-as-a-service (CCaaS) applications and related services which are hosted and operated by Cirrus and provided to its customers. This privacy policy describes how Cirrus collects and uses the Personally Identifiable Information (PII) you provide on our website at and our CCaaS applications and related services. It also describes the choices available to you regarding our use of your PII and how you can access and update this information.

Data subject rights

Where we act as a data controller for your business, we will ensure your rights under GDPR regulations to:

  • Request your data is deleted, corrected or brought up to date;
  • Request your PII is transferred to another party; and
  • Make a complaint to our supervisory authority (The Information Commissioner’s Office)

Personal information collection, use and sharing

When you register with website or use the services made available to the public on the website, personal information is needed such as your name, company name, and email address. Cirrus uses and shares personal information for purposes such as processing and fulfilling your request, billing, service improvement, research, marketing, communicating with you and other general purposes. With regard to the use of Cirrus CCaaS solutions purchased by our customers, see the section below entitled Data Collected Through Cirrus Purchased Solutions.

Cirrus will not sell, rent, exchange or share personal information with any third parties without permission or except as described in this privacy policy. Cirrus will share personal information with government authorities and others in order to respond to investigations, court orders, legal process, or to investigate, prevent or take action regarding illegal activities, suspected fraud, or situations involving potential threats to the physical safety of any person, violations of Cirrus’s terms of service, or as otherwise required by law. If Cirrus is involved in a merger, acquisition, or sale of all or substantially all of its assets, you will be notified via email and/or a prominent notice on our website of any such change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

Cirrus may also anonymise and aggregate data collected and use and disclose it for general purposes.

Data security

The security of your personal information is important to us. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and when we store and process it in our data centre. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security and do not take responsibility for any third-party actions when we have endeavoured to follow generally accepted standards. In addition, we do not take responsibility for your systems, the Internet itself or any third-party networks or services used to transmit data which are outside the firewall of the data centre we use to process and store your personal data. If you have any questions about the security on our website or our services, please contact us.

Email marketing choices

You may choose to stop receiving our marketing emails by following the unsubscribe instructions included in these emails or you can contact us. If you purchase a service, you can still opt out of marketing related emails however you cannot opt out of service-related announcements.

If your personal information changes, you may correct, update, amend, delete/remove or deactivate it by contacting us by email or postal mail at the contact information listed below. We will respond to your request within 30 days. Note that different rules apply to personal information processed or stored in our purchased solutions. (See section below entitled Data Collected Through Cirrus Purchased Solutions).


Cirrus uses a technology called “cookies” to store session information. A cookie is a small amount of data, which often includes an anonymous unique identifier, which is sent to your browser from a web site’s computers and stored on your computer’s hard drive. We use both session ID cookies and persistent cookies. A session ID cookie expires when you close your browser. We use Session Cookies to track your Login status. This cookie is only ever transmitted over HTTPS. A persistent cookie remains on your hard drive for an extended period of time. We use Persistent Cookies to determine from where you were referred you to our site, as well as the last user ID that you logged in as. Cirrus may set and access Cirrus cookies on your computer. Cookies are required to use certain services provided on the Cirrus website. You can remove persistent cookies by following directions provided in your Internet browser’s “help” directory. If you reject cookies, you may still use our site, but your ability to use some areas of our site will be limited.

The use of cookies by our partners and affiliates is not covered by our privacy policy. We do not have access or control over these cookies. Our partners and affiliates use session ID and persistent cookies to better gauge our customers’ interest in our products and their products.

As is true of most websites, we gather certain information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data.

We use this information, which does not identify individual users, to analyse trends, to administer the site, to track users’ movements around the site and to gather demographic information about our user base as a whole. We also gather, parse, and retain data related to the provision of our website and related services for internal and service-related purposes.

We do link automatically-collected data to personally identifiable information. IP addresses are tied to personally identifiable information to better gauge our customers’ needs and provide specific information to best serve them.

Third party advertising

We may partner with a third-party ad network to manage our advertising on other sites. Our ad network partner would use cookies and web beacons to collect non-personally identifiable information about your activities on this and other websites to provide you targeted advertising based upon your interests. If you wish to not have this information used for the purpose of serving you targeted ads, you may opt-out by contacting us. When you view or click on an ad a cookie will be set to help better provide advertisements that may be of interest to you on this and other websites. You may opt-out of the use of this cookie by visiting Google’s Advertising and Privacy page:


Our website may offer publicly accessible blogs. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. We may display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, please contact us.

Social media features

Our website may include Social Media Features, such as Widgets, such as the Share This button or interactive mini-programs that run on our site. These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our website. Your interactions with these Features are governed by the privacy policy of the company providing it.

Other websites

Our website includes links to other websites whose privacy practices may differ from those of Cirrus. If you submit PII to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any website you visit.

Updates to the privacy policy

Cirrus may update this Privacy Policy, and will endeavour to notify registered users of significant changes in the way we treat any PII by sending a notice to the primary email address specified in your Cirrus account. We may also place a notice on our website or within our solutions. However, we nevertheless reserve the right to amend our privacy practices and policy from time to time without prior notice. We encourage you to periodically review this page for the latest information on our privacy practices.

Data collected through Cirrus purchased solutions

Cirrus is in the business of providing contact-centre-as-a-service (CCaaS) solutions and associated services and in connection with providing such offerings to its customers. Cirrus collects information (including PII) under the direction of its customers about their business activities, employees, contractors, affiliates, and applicants (“Customer Data”) Cirrus has no direct relationship with the individuals whose personal data it processes and stores for Cirrus customers and Cirrus will process, store and retain Customer Data as per our agreement with our applicable customer (including transferring the Customer Data to the applicable customer). Therefore, if you are an employee/contractor/applicant of one of our customers and would no longer like to be involved with one of our customers that use our solutions or otherwise have issues related to your data that is included in Customer Data (such as to correct, amend, or delete such data), please contact the customer that you interact with directly. For the purposes of the EU GDPR, EU-US Privacy Shield, the Swiss Privacy Shield and other global privacy laws, Cirrus acts as a processor/instruction taker which accesses and processes Customer Data on behalf of its customers, which are the controller/owner of such data.

Service providers and sub processors

Cirrus may transfer PII to companies that help us provide our services. Transfers to subsequent third parties are covered by the provisions in this Policy regarding notice and choice and the service agreements with our customers. Our contracts with sub-processors contain provisions necessary to ensure the right of the data subject under the GDPR.

Data retention, deletion and correction

Cirrus will retain PII from our website and other PII related to marketing to our customers for a reasonable time proportionate to our mutual evaluation of Cirrus as a potential supplier to you, or a provider of industry sector information in which we reasonably infer you may be interested. You may request your data is deleted, corrected or brought up to data at any time and we shall comply with your requests in accordance with our obligations under the GDPR.

Data that we process on behalf of our customers are retained for as long stipulated by our customer agreement. Cirrus will also retain and use this PII as necessary to comply with our legal obligations, including the Data Retention Investigatory Powers Act, 2014 resolve disputes and enforce our agreements.

Contact us

For questions related to this Privacy Policy or to exercise your rights as a Data Subject under the GDPR contact or at:

Compliance Department
Cirrus Response Limited
The Kirkgate, 19-33 Church Street,
Surrey, KT17 4PF

Effective date: 23 May 2018