Privacy Policy

How we collect, use, and protect your personal data when you use the DocFlow website.

Last updated: 1 April 2026

1. Introduction

This Privacy Policy explains how Mastercopy Limited, trading as DocFlow ("we", "us", "our"), collects and processes personal data through our website at docflow.co.uk ("Website"). We are committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy covers only the information we collect through the Website — for example, when you complete a contact or demo-request form, or otherwise enquire about our services. It does not cover the data that our customers store within the DocFlow platform itself. Where we process data on behalf of a customer using the DocFlow platform, we act as a data processor and that processing is governed by the relevant customer agreement and Data Processing Agreement (DPA), not by this policy.

For the purposes of the personal data described in this policy, Mastercopy Limited (trading as DocFlow) is the data controller. This policy should be read alongside our Cookie Policy.

2. What Information We Collect

2.1 Information You Give Us

When you contact us through our contact form, request a demo, or get in touch by email or telephone, we may collect the following personal data:

  • Name — so we know who we are dealing with.
  • Company or organisation — to understand the context of your enquiry.
  • Email address — to respond to your enquiry.
  • Telephone number — to respond to your enquiry where you have provided one.
  • Your message — any details, questions, or requirements you choose to share with us.

2.2 Technical Data

When you visit our Website, we automatically collect certain technical data through our server logs and, where you have given consent, through analytics tools:

  • IP address — collected via server logs for security and to maintain the proper operation of the Website.
  • Browser and device information — such as browser type, operating system, and referring pages.
  • Usage data — collected only with your consent via analytics, to help us understand how visitors use the Website.

For full details of the cookies and similar technologies we use, including optional analytics and marketing providers, please see our Cookie Policy.

3. How We Use Your Information and Our Lawful Bases

We only process your personal data where we have a lawful basis to do so under the UK GDPR. The bases we rely on are:

  • Legitimate interests — to respond to your enquiries, provide the information you have requested, and manage our relationship with you. We consider this processing necessary for the legitimate interests of running and growing our business, and we balance these interests against your rights and freedoms.
  • Consent — for optional analytics, cookies, and any marketing communications. Where we rely on consent, you may withdraw it at any time.
  • Contract — where applicable, to take steps at your request before entering into a contract, or to perform a contract with you or your organisation.
  • Legal obligation — where we are required to retain or process data to comply with the law.

4. Sharing Your Information

We do not sell your personal data, and we do not share it with third parties for their own marketing purposes.

We may share your personal data with trusted third-party service providers who process data on our behalf (data processors), strictly to enable us to operate the Website and respond to you. These include:

  • Hosting providers — who host the Website and store server logs.
  • Email providers — who handle the delivery of email correspondence.

All such providers are bound by contract to process personal data only on our instructions and to keep it secure. Any optional analytics or marketing providers are listed in our Cookie Policy, and we only engage them where you have given the relevant consent. We may also disclose personal data where required to do so by law or to protect our legal rights.

5. International Transfers

Our Website and the personal data collected through it are hosted in the United Kingdom by default. Where any transfer of personal data outside the UK is necessary — for example, through a third-party processor — we will ensure that appropriate safeguards are in place, such as an adequacy decision recognised under UK law or the use of International Data Transfer Agreements (or equivalent Standard Contractual Clauses), so that your data continues to receive an essentially equivalent level of protection.

6. Data Retention

We keep your personal data only for as long as is necessary for the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements.

Enquiry data submitted through our contact and demo-request forms is typically retained for a reasonable period to allow us to respond to and follow up on your enquiry, after which it is securely deleted unless we have an ongoing relationship with you or a legal reason to retain it. Server logs are retained for a limited period for security and operational purposes.

7. Your Rights Under UK GDPR

Under the UK GDPR, you have the following rights in relation to your personal data:

  • Right of access — to request a copy of the personal data we hold about you.
  • Right to rectification — to request correction of inaccurate or incomplete personal data.
  • Right to erasure — to request deletion of your personal data in certain circumstances.
  • Right to restriction — to request that we restrict the processing of your personal data.
  • Right to object — to object to processing based on our legitimate interests.
  • Right to data portability — to receive your personal data in a structured, commonly used, machine-readable format.
  • Right to withdraw consent — to withdraw your consent at any time where processing is based on consent.

To exercise any of these rights, please contact us using the details below. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you are unhappy with how we have handled your personal data.

8. Data Security

We take the security of your personal data seriously and maintain appropriate technical and organisational measures to protect it. As an organisation, we hold ISO 27001 (Information Security Management) and ISO 9001 (Quality Management) certification, reflecting our commitment to robust information security and quality practices.

Our measures include encryption of data in transit, strict access controls so that personal data is only accessible to authorised personnel, and ongoing monitoring of our systems. While no method of transmission over the internet is completely secure, we work to protect your personal data and to respond promptly to any security incidents.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically to stay informed about how we protect your personal data.

10. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or have any concerns about how we handle your personal data, please contact us:

  • Company: Mastercopy Limited (trading as DocFlow)
  • Address: Mastercopy, Thornaby, Stockton-on-Tees
  • Phone: 01642 750404
  • Email: sales@mastercopy.co.uk

Have Questions About Our Policies?

We take data protection seriously. Get in touch if you need more information.

Contact Us 01642 750404