Disclaimer of Liability

To the fullest extent permitted by law, Extendy Ltd. disclaims all liability for any loss, damage, cost, or expense incurred by users or third parties arising from the use of, or inability to use, the Extendy website or its services.

Users are responsible for how they use the website and must ensure they do so in a lawful and appropriate manner.

What information we collect, use, and why

We collect or use the following information to provide services and goods, including delivery:

• Names and contact details
• Addresses
• Purchase or account history
• Payment details (such as card or bank information) are processed securely by our third-party payment provider (Stripe). Extendy Ltd does not store or have direct access to full payment card details.
• Account information
• Website user information (including user journeys and cookie tracking)
• Information relating to compliments or complaints

We collect or use the following information for the operation of customer accounts and guarantees:

• Names and contact details
• Addresses
• Payment details (including card or bank information for transfers and direct debits)
• Purchase history
• Account information, including registration details
• Information used for security purposes
• Marketing preferences

We collect or use the following information for service updates or marketing purposes:

• Names and contact details
• Addresses
• Marketing preferences
• Call recordings
• IP addresses
• Website and app user journey information
• Records of consent, where appropriate

We collect or use the following information to comply with legal requirements:

• Name
• Contact information
• Identification documents
• Financial transaction information
• Any other personal information required to comply with legal obligations

We collect or use the following personal information for dealing with queries, complaints or claims:

• Names and contact details
• Address
• Payment details
• Account information
• Purchase or service history
• Call recordings
• Customer or client accounts and records
• Financial transaction information
• Correspondence

Use of Cookies

We use cookies on our websites and apps to enhance user experience, support login functionality, and collect anonymous analytics data.

When you visit our websites for the first time, you will be presented with a clear choice to accept or reject non-essential cookies. Essential cookies necessary for the operation of the site do not require consent.

A cookie is a small text file stored on your device. It helps us recognize your browser and remember your preferences. Each domain can only access its own cookies.

Types of cookies we use include:

• Authentication Cookies – to manage login sessions.
• Analytical Cookies – to collect anonymous data using tools such as Google Analytics.

You can control cookie preferences via your browser settings. Please note that disabling essential cookies may affect your ability to access certain site features.

Lawful bases and data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

• Your right of access - You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. Read more about the right of access
• Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. Read more about the right to rectification
• Your right to erasure - You have the right to ask us to delete your personal information. Read more about the right to erasure.
• Your right to restrict processing - You have the right to ask us to limit how we can use your personal information. Read more about the right to restriction of processing.
• Your right to object to processing - You have the right to object to the processing of your personal data. Read more about the right to object to processing.
• Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. Read more about the right to data portability.
• Your right to withdraw consent - When we use consent as our lawful basis you have the right to withdraw your consent at any time. Read more about the right to withdraw consent.

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

Our lawful bases for the collection and use of your data

Our lawful bases for collecting or using personal information to provide services and goods are:

• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
  • We process certain personal information on the basis of legitimate interest to ensure the smooth and efficient delivery of our IT services. This includes using client contact details to follow up on technical matters, service activations, and ongoing support. Processing this data helps us provide timely assistance, improve service quality, and ensure contractual obligations are met. The benefit to the customer is receiving responsive and tailored support for the services they’ve requested. We believe this use of data is reasonable, relevant, and does not override the individual’s rights or freedoms, as it is directly related to the expected delivery of business-to-business services

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Our lawful bases for collecting or using personal information for the operation of customer accounts and guarantees are:

• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
  • We process personal information on the basis of legitimate interest to effectively manage customer accounts and service guarantees. This includes maintaining accurate records, monitoring account activity, and providing proactive notifications about account status or service changes. This processing supports a smooth customer experience, helps us prevent errors or misuse, and enables faster resolution of any issues. We believe this is necessary and proportionate, and does not override the rights or interests of the individuals involved.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Our lawful bases for collecting or using personal information for service updates or marketing purposes are:

• Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
  • We process personal information under legitimate interest to provide customers with important service-related updates, such as technical changes, planned maintenance, feature improvements, or relevant account notifications. This ensures that our clients are informed and can use our services effectively and without interruption. These updates are part of maintaining the quality, reliability, and security of the services we provide. We believe this processing is necessary and proportionate, and does not override the rights or freedoms of the individuals involved, as it directly relates to services they are actively using.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Our lawful bases for collecting or using personal information for legal requirements are:

• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

Our lawful bases for collecting or using personal information for dealing with queries, complaints or claims are:

• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
  • We process personal information on the basis of legitimate interest to handle queries, complaints, and claims efficiently and fairly. This includes reviewing previous interactions, service history, and relevant account information to investigate and resolve issues effectively. This processing helps us deliver high-quality customer support, identify areas for improvement, and protect our business from potential disputes. We believe this use of data is necessary, proportionate, and aligned with the expectations of individuals who contact us, without compromising their rights or freedoms.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Where we get personal information from

• Directly from you.
• Publicly available sources.
• Third parties:
  • We may receive personal information from our business partners and resellers who use our white-label services. These third parties provide customer contact details and service requirements on behalf of their clients to allow us to deliver technical services under their brand.

How long we keep information

We retain personal information only for as long as necessary to deliver our services and comply with legal and regulatory obligations. Retention periods vary depending on the type of data and purpose of processing. For example:

• Billing and transaction records are kept for up to 6 years to comply with HMRC requirements.
• Customer account and support records are retained for the duration of the service contract and up to 2 years afterward, unless a longer period is required for legal or operational reasons.
• Websites/Apps/Platforms logs and analytics data are retained for 12 months for performance and security analysis.

If you would like more details on our data retention schedule, please contact us using the contact details at the top of this privacy notice.

Who we share information with

Data processors

Stripe Payments Europe (payment, Ireland); Zoho (accounting, USA/India); Tucows (email/domains, Canada); UK/EU cloud hosting providers; email delivery services (global)

This data processor performs the following activities on our behalf:

• Processing payment transactions: Stripe Payments Europe, Ltd. is based in Ireland, a country recognized by the UK as providing adequate protection for personal data under the UK adequacy regulations. Payment data is handled securely through Stripe’s systems, and Extendy Ltd. does not store full card details.
• Providing cloud-based email and domain services, delivering transactional emails, and hosting our website and systems infrastructure.

Others we share personal information with

• Professional or legal advisors
• Relevant regulatory authorities
• Organisations we’re legally obliged to share personal information with
• Suppliers and service providers

Sharing information outside the UK

Where necessary, we will transfer personal information outside of the UK. When doing so, we comply with the UK GDPR, making sure appropriate safeguards are in place. For further information or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact us using the contact information provided above.

• Organisation name: Zoho Corporation (OpenSRS)
  Category of recipient: Cloud-based business and accounting services
  Country the personal information is sent to: United States / India
  How the transfer complies with UK data protection law: Addendum to the EU Standard Contractual Clauses (SCCs).

• Organisation name: Tucows Inc. (OpenSRS)
  Category of recipient: Email hosting and domain registrar services
  Country the personal information is sent to: Canada
  How the transfer complies with UK data protection law: Canada is subject to a UK adequacy decision for commercial organisations under PIPEDA.

How to complain

Extendy LTD is registered with the UK Information Commissioner’s Office (ICO) under registration number ZB915857. You can verify our registration on the ICO website by visiting the following link: https://ico.org.uk/ESDWebPages/Entry/ZB915857

If you have any questions or concerns about how we use your personal information, we encourage you to contact us first using the contact details provided at the top of this notice. We will do our best to resolve your issue promptly and fairly.

If you remain dissatisfied with our response, or believe we are not handling your data in accordance with the law, you can also raise a concern with the ICO.