Privacy Policy

Dotpost ( is a secure online document hub provided by CFH Docmail Limited enabling users to store and organise documents important to individuals on any devices. Dotpost works with organisations sending appointment letters, bills, statements and more to help them switch from printing and posting documents to delivering electronic documents to a user’s Dotpost inbox.

Dotpost Privacy Notice

CFH Docmail Limited (“we”, “our”, “us”) respects the rights that individuals (“you”) have in relation to their personal data. This privacy notice (“privacy notice”) will inform you about how we look after personal data, provide details of your privacy rights and how the law protects you.

We care about your privacy and we will always endeavour to comply with the General Data Protection Regulation ((EU) 2016/679) and the Data Protection Act 2018, as amended (“data protection law”) and we will never pass your personal data to third parties except where we are required to do so by law. We will keep personal data secure and will respect the rights you have in relation to your personal data.

If you have any questions regarding our processing of personal data, you can contact us via the following methods and location:

We are registered with the Information Commissioner’s Office (ICO) under registration number Z5722574.

What is the purpose of this privacy notice and who does it cover?

This privacy notice provides information about how we collect and process personal data when:

Our Dotpost services and our website are not intended for use by children.

It is important that you read this notice together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using personal data. This notice supplements the other notices and is not intended to override them.

This privacy notice deals with the questions below and you can go directly to a specific section by clicking on each heading.

    1. Who is the controller and who is the processor for personal data and how can I make a complaint?

      The answer to this question will depend on your relationship with us.

    2. If you are a customer of ours, you will be the data controller and we will be the data processor for the data which you provide to us to enable us to perform our services.
    3. If you are an individual private customer of ours (not in a business capacity) you will be asked to provide us with your personal data to enable us to set up your account and where that is the case, we will be the data controller and processor of that personal data.
    4. If you are an individual private customer of ours (not in a business capacity) you may provide us with documents containing the personal data belonging to others or to store your documents and where that is the case, you will be the data controller and we will be the data processor.
    5. If you are not a customer of ours, but you provide us with your personal data, we will be the data controller and processor of that personal data.
    6. In either case, you have certain rights with regard to the processing of personal data (see below) and you can make a complaint to the ICO, ( if you feel we have infringed those rights. We would, however, appreciate the chance to deal with any concerns you may have before you approach the ICO.
    1. What happens if this privacy notice is updated or my personal data changes?

      It is important that the personal data we hold about you is accurate and current. Please keep us informed if there are any changes during your relationship with us by updating your Dotpost account at: ( or contact the Dotpost Support Team using the details set out below:


      Telephone: 01761 409701

      We will publish any changes to this notice on our website.

    1. What are my rights under data protection law?

      As a data subject, you have the following rights under data protection law:

    2. Right to be informed – When we collect personal data, we have to tell you what we are going to do with it as set out in this Privacy Policy.
    3. Right of access – You have the right to contact us to request details of the information we hold about you.
    4. Right of rectification – You have the right to ask us to rectify information that we hold about you if this is inaccurate or incomplete.
    5. Right to erasure - This is also known as the right to be forgotten and gives you the right to request your information to be removed if there is no compelling reason for its continued processing. We keep a list of people who have asked not to be contacted which is used to ensure that you receive no further marketing information from us. Without this list your personal data could enter our system again from another source and we would have no record of the fact that you asked us not to contact you.
    6. Right to restrict processing – this is the alternative to erasure and gives you the right to tell us to stop processing your data but allowing us to keep enough information about you to ensure that your wishes are respected in the future.
    7. Right to data portability – this gives you the right to ask the holder of your information to transfer that information to another business. This right would be most commonly used if you were switching banks, insurance companies, utility companies or mobile phone companies.
    8. Right to object – you have the right to object to the processing of your data for marketing purposes and profiling for marketing purposes. Your rights and freedoms override our interests.
    9. Rights related to automated decision-making including profiling – we do not use automated decision-making processes which would have a potentially damaging effect on the information we hold about you. But if we did you have the right to obtain human intervention, express your point of view and obtain an explanation of the decision and challenge it.
    10. Rights to withdraw consent at any time where relevant – you have the right to withdraw your consent to the processing of your information at any time and we must provide you with the information you need to do so at the time we collect your data and each time we contact you.
    1. What personal data do you collect?

    2. Personal data means any information about an individual from which that person can be identified. It does not include personal data where the identity has been removed (anonymous data).
    3. Special categories of personal data mean any information about you which includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any special categories of personal data about you.
    4. We collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows. The terms below are mainly used to explain why we use the personal data in the way we do:
      1. Communication this includes the channel and method by which we communicate with you.
      2. Contact this could include address, email address, telephone numbers and business cards.
      3. Identity this could include your name and title.
      4. Marketing this could include your preferences in receiving marketing from us.
      5. Technical this could include internet protocol (IP) address, browser type and version, time zone setting, browser plug‐in types and versions and operating system and platform.
      6. Usage this could include information about how you use our website and services.
    1. How do you collect personal data?

      We use different methods to collect personal data from and about you including through the following interactions set out below:

    2. Direct interactions. You give us your Identity, Communication, Contact, Transaction and Financial data by filling in forms or by corresponding with us by post, phone, email or online. This could include personal data you provide when you:
      1. request information about our services;
      2. enter into a contract for the provision of services with us;
      3. request marketing to be sent to you;
      4. give us your business card and contact details.
    3. Automated technologies or interactions. As you interact with our website, we may automatically collect Technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.
    4. Third parties. We receive personal data about you from the third parties below:
      1. Technical data from analytics providers such as Google;
      2. Contact, Identity, Financial and Transaction data from providers of technical, payment and delivery services.
    1. What happens if I provide you with personal data about another individual?

      In order for us to provide our services to you, we may need to process personal data about other individuals, for example your customers or another individual. In this situation we will not have direct contact with those individuals and it will not be appropriate for us to provide them with a copy of this privacy notice.

      You are required to ensure that you have satisfied all legal requirements before passing this personal data to us, including providing them with a copy of this privacy notice and you must ensure that we can use any personal data that you pass to us in accordance with this privacy notice and data protection law.

      You must also comply with any data protection provisions set out in the terms of business or contract we have entered into with you.

    1. How do you use my personal data?

      We will only use personal data when the law allows us to. We may process personal data without your knowledge or consent where this is required or permitted by law. Most commonly, we will use personal data in the following circumstances and for the following purposes:

    2. Legal or regulatory obligation – to comply with a legal or regulatory obligation to which we are subject.
    3. Legitimate interest – where it is in our legitimate interests or that of another third party. We will always make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process personal data for our legitimate interests. We do not use personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us at
    4. Performance of contract – where it is necessary for us to process personal data for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract; and
    5. Consent – we may rely on consent as a legal basis for processing personal data. If we do, you can withdraw your consent at any time by contacting us at
    1. What do you use my personal data for and why?

    2. We have set out in the table below, a description of all the ways we use personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. We may process personal data for more than one legal basis depending on the specific purpose for which we are using the personal data.
    3. We will only use personal data for the purposes for which we collected it, unless we consider that we need to use it for another reason and that reason is compatible with the original purpose.
    4. If we need to use personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
      Individual Purpose for processing Data used Legal basis relied on
      Dotpost Customers To take you on as a new Dotpost customer and open an account
      • Identity
      • Contact
      • Communication
      • Performance of a contract
      • Legal and regulatory obligation
      Dotpost Customers For the collection, storage and organisation of your personal information
      • Identity
      • Contact
      • Financial
      • Transaction
      • Special category
      • Usage
      • Communication
      • Performance of a contract
      • Legal and regulatory obligation
      Dotpost Customers To manage our relationship with you including notifying you about changes to our terms
      • Identity
      • Contact
      • Communication
      • Performance of a contract
      • Legal and regulatory obligation
      Dotpost Customers To invite you to events and/or workshops and to manage your attendance at those events and/or workshops
      • Identity
      • Contact
      • Communication
      • Legitimate interests – to grow and expand our business
      Prospective Dotpost Customers To contact you to provide you with information about us and our services which you have requested when you are not our client
      • Identity
      • Contact
      • Communication
      • Legitimate interests – to respond to requests for information from you
      All website visitors To administer and protect our business and our website including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data which may include the use of cookies
      • Identity
      • Contact
      • Technical
      • Usage
      • Legal and regulatory obligation
      • Legitimate interests – to run our business, provide administration and IT services, network security and to prevent fraud
      All website visitors To deliver relevant website content to you and measure or understand the effectiveness of our website
      • Usage
      • Technical
      • Communication
      • Legitimate interests – to study how clients and prospective clients use our services, to develop them, to grow our business and to inform our marketing strategy
      All website visitors To use data analytics to improve our website, services, marketing, customer relationships and experiences
      • Usage
      • Technical
      • Reporting
      • Legitimate interests – to identify individuals for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy
    1. How do you use my personal data for marketing and how can I opt out?

    2. We use the information provided to us to contact you regarding our products, services and latest offers (we define this as marketing). You will receive marketing communications from us if you have provided your consent.
    1. To whom do you disclose my personal data?

    2. We may have to share personal data with the parties set out below for the purposes set out in the table above:
      1. Service providers based in the EEA who provide IT and system administration services and access to platforms we use for operational purposes to run our business;
      2. Professional advisers including lawyers, barristers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services;
      3. Third parties who require access to the personal data we process for the purposes of the prevention or detection of crime or for the purposes of legal proceedings;
      4. HM Revenue & Customs, regulators and other authorities based in the UK who require reporting of processing activities in certain circumstances, for example to ensure we are complying with legal and regulatory obligations;
      5. External auditors who provide auditing and similar compliance services to us to ensure we are complying with our legal and regulatory obligations when we provide services to you, process personal data or where we are certified under any relevant schemes or certifications;
      6. Financial providers who provide us with financial services and facilities.
    1. To where do you transfer personal data?

    2. We do not transfer any personal data to any third parties outside of the EEA.
    1. How do you safeguard personal data?

    2. We have appropriate security measures in place to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
    3. We also have in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
    1. For how long will you use personal data for?

    2. We will only retain personal data for as long as necessary to fulfil the purposes for which we collected it.
      1. We will retain unclaimed documents for 33 days from the mailing launch.
      2. We will delete all user information 30 days after the account has been closed.
    1. Third-party links on this website

    2. Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share personal data about you. We do not control these third-party websites and are not responsible for their privacy policies. When you leave our website, we encourage you to read the privacy notice of every website you visit.
    1. What are cookies and how are these used?

    2. Cookies are small files of letters and numbers stored on your browser or device that enable the cookie owner to recognise the device when it visits websites or uses online services. The website you visit may set cookies directly, known as first-party cookies, or may trigger cookies set by other domain names, known as third-party cookies. While we may automatically use some cookies that are strictly necessary to provide the services you request or enable communications, we request your consent for all of our other cookie uses. For more information about cookies please visit
    3. You can control and delete cookies through your browser settings. For more information on how to do this please visit
    4. Most web browsers allow you to directly block all cookies, or just third-party cookies, through your browser settings. Using your browser settings to block all cookies, including strictly necessary ones, may interfere with proper site operation.