Privacy Policy | Sendora
Legal

Privacy & Cookie Policy

Last updated: Applies to: sendoralab.com
Effective from 17 May 2025
Contents
  1. Who We Are
  2. What Data We Collect
  3. How We Use Your Data
  4. Legal Basis for Processing (GDPR)
  5. Cookies & Tracking Technologies
  6. How We Share Your Data
  7. Data Retention
  8. Your Rights
  9. CCPA Rights (California)
  10. Data Security
  11. International Transfers
  12. Third-Party Links
  13. Children’s Privacy
  14. Changes to This Policy
  15. Contact Us
Plain English Summary Sendora is a digital marketing agency. We collect information you give us directly (like your name and email when you enquire), data about how you use our website (via analytics), and marketing data if you opt in to our communications. We don’t sell your data. We use it to run our business, improve our services, and communicate with you where you’ve asked us to. You can ask us to delete your data at any time.

1 Who We Are

Sendora (“we,” “us,” or “our”) is a digital marketing agency specialising in email marketing, Meta advertising, Shopify marketing, and e-commerce growth services. Our website is sendoralab.com.

We are the data controller for personal data collected through this website. This means we decide why and how your personal data is processed. If you have any questions about how we handle your data, please contact us at the details provided in Section 15.

2 What Data We Collect

Data You Provide Directly

When you interact with us — by filling in a contact form, booking a consultation, or emailing us — we may collect:

  • Full name
  • Email address
  • Phone number (if provided)
  • Company name and website URL
  • Details of your enquiry, project, or service requirements
  • Any other information you voluntarily share with us

Data Collected Automatically

When you visit sendoralab.com, we automatically collect certain technical data including:

  • IP address (anonymised where possible)
  • Browser type and version
  • Operating system and device type
  • Pages visited, time spent, and navigation path
  • Referring website or source (how you found us)
  • UTM parameters from marketing campaigns
  • Date and time of visits

Marketing Data

If you opt in to receive email updates or marketing communications from us, we collect your email address and any preferences you share. You can unsubscribe from marketing emails at any time using the link in our emails.

Data from Third Parties

We may receive information about you from third-party sources such as LinkedIn (if you contact us through that platform), referral partners, or industry directories. We only use such data where we have a legitimate interest or your consent to do so.

3 How We Use Your Data

We use the data we collect for the following purposes:

  • Responding to enquiries: To reply to your questions, requests, or service enquiries
  • Delivering services: To provide email marketing, Meta ads, Shopify, and e-commerce services you engage us for
  • Sending proposals and contracts: To prepare and deliver service agreements and project proposals
  • Marketing communications: To send you newsletters, blog updates, or service announcements — only where you have opted in
  • Website analytics: To understand how visitors use our website and improve user experience
  • Compliance and legal obligations: To comply with applicable laws, regulations, and legal processes
  • Business improvements: To analyse service performance and identify ways to serve clients better
We Do Not Sell Your Data Sendora does not sell, rent, or trade your personal data to third parties for their own marketing purposes. Ever.

4 Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction with GDPR-equivalent law, we process your personal data under the following legal bases:

  • Contractual necessity: Processing required to fulfil a contract with you or take pre-contractual steps at your request (e.g. delivering services, sending proposals)
  • Legitimate interests: Processing necessary for our legitimate business interests, such as improving our website, responding to enquiries, and protecting against fraud — where those interests are not overridden by your rights
  • Consent: Where you have given us explicit consent — such as signing up for marketing emails. You can withdraw consent at any time
  • Legal obligation: Where we are required to process data to comply with applicable law (e.g. tax records, legal disputes)

5 Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies to improve your experience and help us understand how the site is used.

What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help websites remember preferences, track sessions, and gather analytical data.

Types of Cookies We Use

  • Essential cookies: Required for the website to function correctly. These cannot be disabled
  • Analytics cookies: Used to collect anonymised information about how visitors use our site (e.g. Google Analytics, where IP addresses are anonymised)
  • Marketing cookies: Used to track the effectiveness of our marketing campaigns and deliver relevant content (e.g. Meta Pixel, where applicable and with your consent)
  • Preference cookies: Remember your settings and preferences for a better experience on return visits

Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse cookies or delete them at any time. Disabling certain cookies may affect website functionality. You can also use our cookie consent tool (if displayed) to manage your preferences when you first visit the site.

For more information on how to manage cookies, visit allaboutcookies.org.

6 How We Share Your Data

We do not sell your data. We may share your data with the following categories of third parties only where necessary:

  • Service providers: Trusted vendors who help us operate our business — such as email platforms (e.g. Klaviyo), hosting providers, project management tools, and payment processors. They process data only on our instructions and under appropriate data processing agreements
  • Analytics providers: Google Analytics and similar tools that help us understand website traffic. Data is anonymised or aggregated where possible
  • Legal and regulatory bodies: Where required by law, a court order, or regulatory authority
  • Business transfers: If Sendora is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction — with appropriate safeguards in place

All third-party processors are required to process your data securely and in accordance with applicable data protection law. We do not permit them to use your data for their own marketing purposes.

7 Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy, or as required by applicable law. Our retention periods are guided by the following principles:

  • Enquiries and contact data: Retained for up to 2 years from the date of last contact, unless you become a client
  • Client data: Retained for the duration of the client relationship plus 6 years to meet tax and legal record-keeping obligations
  • Marketing data: Retained until you unsubscribe or withdraw consent. We may occasionally re-confirm active consent for inactive contacts
  • Website analytics: Anonymised data retained in accordance with our analytics provider’s standard retention periods

When data is no longer needed, we securely delete or anonymise it.

8 Your Rights

Under GDPR (and equivalent legislation), you have the following rights regarding your personal data. You can exercise any of these rights by contacting us at the details in Section 15.

Right of Access
Request a copy of the personal data we hold about you (a Subject Access Request).
Right to Rectification
Ask us to correct inaccurate or incomplete personal data we hold about you.
Right to Erasure
Request that we delete your personal data where there is no longer a lawful basis to hold it (“right to be forgotten”).
Right to Restrict Processing
Ask us to limit how we use your data — for example, while a dispute is being resolved.
Right to Data Portability
Request your data in a structured, machine-readable format to transfer to another service provider.
Right to Object
Object to processing based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent
Withdraw consent at any time where processing is based on your consent — this won’t affect the lawfulness of prior processing.
Right to Lodge a Complaint
Lodge a complaint with your local data protection authority if you believe we have mishandled your data.

We will respond to rights requests within 30 days. We will not charge a fee for reasonable requests. We may ask you to verify your identity before processing a request.

UK & EU Supervisory Authorities UK residents can complain to the Information Commissioner’s Office (ICO) at ico.org.uk. EU residents should contact their local national data protection authority.

9 CCPA Rights (California Residents)

If you are a resident of California, the California Consumer Privacy Act (CCPA) gives you additional rights regarding your personal information:

  • Right to Know: You may request information about the categories and specific pieces of personal information we have collected about you in the past 12 months
  • Right to Delete: You may request that we delete personal information we have collected from you, subject to certain exceptions
  • Right to Opt-Out: You have the right to opt out of the “sale” of your personal information. Sendora does not sell personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights

To exercise your CCPA rights, please contact us using the details in Section 15 and include “CCPA Rights Request” in your message. We will respond within 45 days.

10 Data Security

We take data security seriously and implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. These measures include:

  • Encrypted data transmission via HTTPS / TLS across our website
  • Access controls limiting data access to authorised team members only
  • Regular security reviews of our systems and third-party providers
  • Secure deletion of data when it is no longer required
  • Data processing agreements with all third-party service providers

No method of transmission over the internet is 100% secure. While we do everything we can to protect your data, we cannot guarantee absolute security. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by law.

11 International Data Transfers

Some of our third-party service providers are based outside the UK or EEA. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, including:

  • Transfers to countries with an adequacy decision from the UK ICO or European Commission
  • Use of Standard Contractual Clauses (SCCs) approved by the European Commission or UK ICO
  • Contractual data protection obligations binding on the recipient

You may request information about the specific safeguards we apply to international transfers by contacting us at the details in Section 15.

12 Third-Party Links

Our website may contain links to third-party websites, including Klaviyo documentation, partner platforms, and reference resources. We are not responsible for the privacy practices of these external sites. We encourage you to read the privacy policy of any website you visit through a link from sendoralab.com.

13 Children’s Privacy

Sendora’s website and services are not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it promptly.

14 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the “Last updated” date at the top of this page.

We encourage you to review this policy periodically. Continued use of our website after changes are posted constitutes acceptance of the updated policy. For significant changes, we may also notify you by email where we hold your contact details.

15 Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or want to make a complaint about how we handle your data, please contact us:

Sendora — Data Enquiries
Company Sendora
Website sendoralab.com
Email privacy@sendoralab.com
Contact sendoralab.com/contact

We aim to respond to all data-related enquiries within 30 days. For rights requests, we may ask you to verify your identity before processing your request.

Scroll to Top