This website and the services described on it are operated by ReachSoft OÜ (trading as “Outreachly”), an Estonian company (Reg. No. 17027954). Registered office: Järvevana tee 9, Tallinn, 11314, Estonia.
This Policy explains how we handle personal data in line with UK GDPR, EU GDPR, and the UK Data Protection Act 2018.
This Policy covers personal data we process when you:
When we provide Outreachly services to a business customer, we generally act as that customer’s processor for personal data they upload to the platform. Processing in that context is governed by our Data Processing Agreement (DPA) and Supply of Service Terms, not this Policy.
a) Data you provide directly
b) Data we obtain from others
c) Data collected automatically (website & services)
d) Special category data
We do not intentionally collect special category data (e.g. health, race, religion). Please do not submit it. If there is a lawful need, we will request explicit consent or rely on another valid basis and apply additional safeguards.
We process personal data only where a lawful basis applies:
Purpose | Examples | Legal basis |
Provide and operate our services | Account setup, authentication, support, service notices | Contract (UK/EU GDPR Art. 6(1)(b)) |
Improve and secure services | Debugging, analytics, fraud/security monitoring | Legitimate interests (6(1)(f)) |
Sales & pre‑contract steps | Respond to enquiries, demos, proposals | Legitimate interests / pre‑contract steps |
Marketing | Newsletters, product updates, event invites | Consent (6(1)(a)) or Legitimate interests incl. soft opt‑in (PECR) |
Compliance & record‑keeping | Tax, accounting, legal claims | Legal obligation (6(1)(c)) / Legitimate interests |
Recruitment | CVs, interviews, references | Legitimate interests / pre‑contract steps / consent where required |
Marketing & soft opt‑in (PECR): we may send electronic marketing to existing customers (or individuals in the course of a sale) about similar products/services, provided we offer a clear opt‑out at the point of data collection and in every message. Otherwise, we rely on consent.
You can opt out of marketing at any time via the unsubscribe link or by emailing [email protected].
We do not sell your personal data. We may share it with:
If we are involved in a merger, acquisition, or reorganisation, personal data may be transferred to the relevant party, subject to safeguards and notice.
Your data may be processed outside the UK/EEA (e.g. by cloud providers). Where we transfer personal data internationally, we implement appropriate safeguards, such as:
7.1 What we use
We (and approved third parties) use cookies, pixels and similar tech to:
7.2 Categories
7.3 Third‑party cookies
Some cookies are set by third parties. We do not control their technologies. Please review their privacy notices for details on how they process your data.
7.4 Managing cookies
On your first visit (and periodically), we display a cookie banner. You can accept, reject, or customise non‑essential cookies. You can change your choices any time via Cookie Settings (link in footer) or your browser controls. Blocking some cookies may affect site functionality.
7.5 Cookie duration
Session cookies expire when you close your browser. Persistent cookies remain for a defined period (typically 6–24 months) unless deleted sooner.
We retain personal data only as long as necessary for the purposes above and to meet legal obligations:
We may retain limited data where necessary to establish, exercise or defend legal claims.
We implement appropriate technical and organisational measures (encryption in transit, access controls, segregation, least‑privilege, monitoring, backups, staff training). No system is completely secure; you use the internet at your own risk. If we reasonably believe a breach has occurred, we will act in line with our incident response procedures and applicable notification duties.
Subject to legal limits, you have the right to:
To exercise rights, email [email protected]. We may need to verify your identity. We aim to respond within one month.
We do not make decisions based solely on automated processing that produce legal or similarly significant effects. We may use profiling (e.g. scoring engagement for marketing segmentation) to tailor communications. You can object to profiling used for direct marketing at any time.
Our services are not directed to children under 18. We do not knowingly collect children’s data. If you believe we hold such data, contact [email protected] and we will delete it.
Our website may link to third‑party sites and services. We are not responsible for their content or privacy practices. Please review their policies.
Please contact us first at [email protected] and we’ll try to resolve your concern.
You also have the right to complain to a supervisory authority:
We may update this Policy from time to time. The latest version will always be available at https://outreachly.ai/privacy-policy/. For material changes, we will provide prominent notice (e.g. email or banner) and, where required, re‑seek consent.
Questions, requests, or complaints: [email protected].
Postal: ReachSoft OÜ (Outreachly), Järvevana tee 9, Tallinn, 11314, Estonia.