Privacy Policy

By using websites, products, services, or otherwise by interacting with Boomerang I-Comms Limited (trading as Boomerang), you consent to the following privacy policy. Please do not engage in any of these activities if you do not agree with the terms of this privacy policy.

Your privacy is important to Us. The purpose of this privacy policy is to inform you about the information We may gather about you, how we may use that information, whether we disclose it to anyone, and the choices you have regarding our use of the information we collect.

Boomerang I-Comms Ltd. trading as Boomerang, we or us, a company incorporated in England and Wales with registered number 8217876 whose registered office is at Regina House, 124 Finchley Road, London, NW35JS;

1        Collecting your personal information

We can get your personal information when you:

  • Buy a product or service from us
  • Register in order to get information for a specific product or service
  • Subscribe to newsletters, alerts or other services from us
  • Ask us for more information about a product or service, or contact us with a question or complaint
  • Use our products or services
  • Visit our website

We may also collect information about you from other organizations, if this is appropriate. These include fraud-prevention agencies, business directories and credit reference agencies. We may also collect information about you from other companies and our business partners..

2        Understanding what you want

We use cookies (small text files stored in your browser) and other techniques such as Cookies collect information that tells us how you use our websites, web-related products and services, providing us with information that helps us improve the user’s experience.

This, in turn, helps us make our website relevant to your interests and needs. We may use a persistent cookie (a cookie that stays linked to your browser) to record your details so we can recognise you if you visit our website again.

You can choose to refuse cookies or set your browser to let you know each time a website tries to set a cookie. Information regarding how to manage cookies is provided within the Boomerang website or Boomerang UI application.

3        The personal information we collect

The information we collect about you depends on the products and services you use and the way you navigate our website. It includes (but isn’t limited to) the following:

  • Standard contact details, such as your name, work address, email, and contact phone numbers including a mobile number which is used to receive an authorisation code when creating a new Boomerang UI account
  • Social media contact details, such as Facebook, Twitter, and LinkedIn
  • Your role in the business you work in, including seniority and decision-making rights
  • The name and contact details of any assistant that you delegate work through
  • Your interest in receiving marketing, product, or technical alerts
  • Contact details to which billing information is sent
  • Contact details to which support or service related notifications maybe sent
  • Our contact history with you (such as calls, SMS and emails), and details about your website browsing
  • When upgrading from a trial or free account, we may ask for company information, including but not limited to a registered office, trading address, registration number and VAT number
  • When you upgrade your account from a trial or free account, we’ll ask you to provide our payment processor with your payment method data such as your bank details, credit card information or your Paypal account information, and/or your billing address. Our payment processor, acting on our behalf, gathers this so that we can bill you for your use of our products and services
  • Specific product related information relating to your intended use of the service that may be required in order to provision that service (e.g. dedicated SMS short-codes).


4     Service related data we collect

When using any of the services provided the following data may be collected:

  • We collect and store the API credentials (username, password and licence key) that are used to authenticate your requests to our APIs
  • We will collect data relating to any service specific issues you have encountered to help us resolve any issues as quickly as possible. This may include information relating to how and why you are using the service, technical specifications and configurations that are local to your environment and business applications. Some of this information may be used for our internal ‘knowledge base’ that is used to help inform and train customer service representatives
  • Boomerang communication functions used by your business applications and IP addresses for those applications communicating with Boomerang
  • A username (email address) and password used to access the Boomerang UI online applications
  • We allow you to add and / or import your customer data into Boomerang UI. This includes but is not limited to communication addresses (including email addresses, mobile telephone numbers and landline telephone numbers) and other custom data which may be used for personal data.  Access to such data can be controlled using permission features within the application itself, to ensure that any sensitive data is only available on a need to know basis.  Any such data will not be accessed or used by Boomerang.
  • Expected message volumes and service usage to ensure that the Service has the capacity support the required usage
  • Transactional message data used for reporting that includes (but not limited to); message content, the recipient’s communication address, the communication method, any associated identifiers, frequency of usage, the delivery status and any response messages associated to those transactions. Boomerang’s Service Agreements define content that is deemed as not acceptable when processing transactional message data through the Services
  • Activity by carried out by individual system users including a record of when users accessed Boomerang’s applications and activities performed within the application so that an audit trail of user behaviour is available to the customer
  • We may gather publicly-available information about companies that are our customers or competitors, such as where they are located, their website URL, their industry, and their size. Sometimes this type of customer account data is obtained through third-party service providers that specialize in pulling together publicly-available information about companies.


5        Using your personal information

Generally, we use all the data that you provide to us or that we collect from you to provide our products and services to you, to enable you to access and use our products and services, to deliver your communications to their intended destination, and to analyse our customers’ use of our products and services, to improve our products and services, and to detect fraudulent or unlawful activity in connection with Boomerang accounts.

We may use and analyse your information to:

  • Bill you for using our products or services
  • Respond to any questions or concerns you may have about using our products or services
  • Protect our systems and manage the volume of texts and other use of our systems
  • Understand how you use our products and services to help us develop more interesting and relevant products and services
  • Carry out research and statistical analysis including to monitor how customers use our products and services on an anonymous or personal basis
  • Prevent and detect fraud or other crimes, recover debts or trace those who owe us money
  • Keep you informed generally about new products and services (unless you choose not to receive our marketing messages)
  • Contact you with offers or promotions based on how you use our products and services
  • To send you service related notifications that relate to use of our products and services, such as low credit warnings, account expiration warnings and undelivered messages
  • Customer Content – We use customer content for the purposes that you allow us access to it, like conveying it to and from telecommunications carrier networks or recording and transcribing it per your instruction. We may also use customer content stored on our systems to troubleshoot issues such as call quality concerns
  • Customer Account Information – We use your email address in connection with your account password to authenticate your account to allow you to access your account data through the Boomerang UI application
  • We will use publicly-available customer account data about your company, such as your industry, the size of your company, and your company’s website URL, to help us understand our customer base better and to tailor information we send you about other Boomerang products, services, or events
  • If you provide us with a physical address in order to obtain a number for which Boomerang is required to have your physical address on file, we’ll use that address so that we can confirm we can allow you to have that number. We may also check the physical address you provide and/or your billing address, as well as other information you provide or that we obtained from your use of our service about your identity such as your name, email address, and IP address, with our fraud prevention and identity validation providers (to confirm you have provided us with accurate details). We may also use your address information to calculate taxes. We may also have to share these addresses with the telecommunications provider from whom Boomerang obtained the phone number or local authorities upon their request. Unless prohibited from doing so by law, we’ll let you know if we have to share your address information like this
  • We use your payment information so we can bill you and be paid for your use of our products and services
  • We use transactional message data processed through your account to generate reports and to provide an itemised bill of your messaging activity.

We’ll store your information for as long as we have to by law. If there’s no legal requirement, we’ll only store it for as long as we need it. We’ll also keep some personal information for a reasonable period after the provision of products and services has finished – just in case you decide to use our services again.

6        Sharing your personal information

Unless you give us your permission, we won’t share your customer content, customer account data, or customer usage data with third parties, except as described below:

  • Message carriers and operators as necessary for proper routing and connectivity. Therefore, customer content and certain customer usage data is shared with and received from telephony operators to the extent necessary to route and connect those communications from the sender to the intended recipient. How those telephony operators handle your customer content and customer usage data is generally determined by those operators’ own policies and local regulations.
  • Other communications service providers for proper routing and connectivity. Boomerang may also allow you to use its products and services to send or receive communications through communications service providers that do not use the PSTN, such as Telegram, Facebook Messenger (often referred to as Over-the-Top (OTT) communications service providers). If you choose to use Boomerang’s products and services to send or receive communications by way of these providers, Boomerang will share and receive customer content and customer usage data with these providers to the extent necessary to route and connect those communications from the sender to the intended recipient. How those communications service providers handle your customer content and customer usage data is determined their own policies.
  • Third-party service providers or consultants. We may share your data stored on our systems with third-party service providers or consultants who need access to the data to perform their work on Boomerang’s behalf, like sharing relevant customer account data with our payment processor so it can process payments on our behalf, or our storage provider for storing your data on our behalf. These third-party service providers are limited to only accessing or using this data to provide services to us and must provide reasonable assurances that they will appropriately safeguard the data.
  • Compliance with Laws. We may disclose your data stored on our systems to a third party if (i) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or a government request (including to meet national security or law enforcement requirements), (ii) to enforce our agreements and policies, (iii) to protect the security or integrity of our services and products, (iv) to protect ourselves, our other customers, or the public from harm or illegal activities, or (v) to respond to an emergency which we believe in good faith requires us to disclose data to assist in preventing a death or serious bodily injury. If Boomerang is required by law to disclose any of your data that directly identifies you, then we will use reasonable efforts to provide you with notice of that disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Further, we object to requests that we do not believe were issued properly.
  • We may share your data with our affiliates. We all will only use the data as described in this notice.
  • Business transfers. If we go through a corporate sale, merger, reorganization, dissolution or similar event, customer data we gather from you may be part of the assets transferred or shared in connection with the due diligence for any such transaction. Any acquirer or successor of Boomerang may continue to use your data as set forth in this notice.
  • Credit reference, fraud prevention or business scoring agencies, or other credit scoring agencies
  • Debt collection agencies or other debt recovery organizations

We do not share your data (including, but not limited to, the personal data of your end users) with third parties for their direct marketing purposes, unless you give us your consent to do so

7        Storage and transfer of data

Please note that all Boomerang customer account data is stored on servers and equipment located in the UK. In performing its duties as a service provider Boomerang may need to pass customer content (transactional message data) to suppliers located outside of the UK.

8        Information from Children

We do not knowingly collect any personal information directly from children. If we discover we have received any personal information from a child in violation of this policy, we will take reasonable steps to delete that information as quickly as possible. If you believe we have any information from or about anyone a child, please contact operations@boomcomms.com.

9        How we secure your data

We work to recognised security standards and constantly review and improve our measures to protect your personal information from unauthorized access, accidental loss, disclosure or destruction.

We work with suppliers who have the appropriate security controls in place to protect your data from unauthorized access, accidental loss, disclosure or destruction. These organisations won’t be entitled to use your personal information for their own purposes.

We use appropriate measures to protect your data based on the sensitivity of the information that we collect, process and store and the current state of technology. Please note though that no service is completely secure. So, while we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.

We work to help our customers protect their data, by providing access confidential data such as usernames and passwords securely and we provide access to security controls within the Boomerang UI application and across the Boomerang messaging gateway that allows customers to overwrite any sensitive data such as messages content and communication addresses.

Communications over the Internet (such as emails) are not secure unless they’ve been encrypted. Your communications may go through a number of countries before being delivered – as this is the nature of the Internet. We can’t accept responsibility for any unauthorized access or loss of personal information that’s beyond our control.

10     Changes to this policy

Should we elect to change our privacy policy we will publish these changes on our Boomerang UI application and our company website. Where the changes are significant, we may also choose to email all customers with the new details. Where required by law, will we obtain your consent to make these changes.

11     Your privacy rights

You can write to us at any time to get a copy of the personal information we hold about you and we will process your request as quickly as possible.  If you believe we’re holding inaccurate information about you, please contact us at operations@boomcomms.com

If you no longer want to receive marketing messages from us please write to us at this email address or use the unsubscribe option provided in the relevant email.

Please note that even if you opt out of promotional communications, we may still send you messages relating to access to and use of the services and products and things like updates to our terms of service or privacy notices, security alerts, and other notices.

To request deletion of your Boomerang account, email us at operations@boomcomms.com Deleting your Boomerang account will result in you permanently losing access to your account and all customer data to which you previously had access through your account. Please note that certain data associated with that account may nonetheless remain on Boomerang’s servers in an aggregated or anonymized form that does not specifically identify you. Similarly, data associated with your account that we are required by law to maintain will also not be deleted.

If you are an end user of an application that uses Boomerang’s services, you should direct requests for access and/or deletion of your data associated with that application to the relevant service provider in accordance with that application provider’s own privacy policy.