Privacy Policy


This policy explains how we collect, use, share and protect your personal information.  There may be other privacy policies that apply to certain services we provide. You will find such policies in the terms of your contract with Boomerang.


If you have any questions about this privacy policy or our privacy practices, please contact us in the following ways:

Full name of legal entity: Boomerang I-COMMS LTD / Boomalert Limited

Email address: operations@boomcomms.com

Postal address: 11 St. Chad’s Street, London WC1H 8BG

1.     Collecting your personal information

We can get your personal information when you:

  1. Buy a product or service from us
  2. Register in order to get information for a specific product or service
  3. Subscribe to newsletters, alerts or other services from us
  4. Ask us for more information about a product or service, or contact us with a question or complaint
  5. Use our products or services
  6. Visit our website
  7. We may also collect information about you from other organizations, if this is appropriate. These include fraud-prevention agencies, business directories and credit reference agencies. We may also collect information about you from other companies and our business partners.

We may also collect information about you from other organizations, if this is appropriate. These include fraud-prevention agencies, business directories and credit reference agencies. We may also collect information about you from other companies and our business partners..

2.     Understanding what you want

We use cookies (small text files stored in your browser) and other techniques such as Cookies collect information that tells us how you use our websites, web-related products and services, providing us with information that helps us improve the user’s experience.

This, in turn, helps us make our website relevant to your interests and needs. We may use a persistent cookie (a cookie that stays linked to your browser) to record your details so we can recognise you if you visit our website again.

You can choose to refuse cookies or set your browser to let you know each time a website tries to set a cookie. Information regarding how to manage cookies is provided within the Boomerang website or Boomerang UI application.

3.     The personal information we collect

The information we collect about you depends on the products and services you use and the way you navigate our website. It includes (but isn’t limited to) the following:

  1. Standard contact details, such as your name, work address, email, and contact phone numbers including a mobile number which is used to receive an authorisation code when creating a new Boomerang UI account
  2. Social media contact details, such as Facebook, Twitter, and LinkedIn
  3. Your role in the business you work in, including seniority and decision-making rights
  4. The name and contact details of any assistant that you delegate work through
  5. Your interest in receiving marketing, product, or technical alerts
  6. Contact details to which billing information is sent
  7. Contact details to which support or service related notifications maybe sent
  8. Our contact history with you (such as calls, SMS and emails), and details about your website browsing
  9. When upgrading from a trial or free account, we may ask for company information, including but not limited to a registered office, trading address, registration number and VAT number
  10. When you upgrade your account from a trial or free account, we’ll ask you to provide our payment processor with your payment method data such as your bank details, credit card information or your Paypal account information, and/or your billing address. Our payment processor, acting on our behalf, gathers this so that we can bill you for your use of our products and services
  11. Specific product related information relating to your intended use of the service that may be required in order to provision that service (e.g. dedicated SMS short-codes).


4.     Service related data we collect

  1. We collect and store the API credentials (username, password and licence key) that are used to authenticate your requests to our APIs
  2. We will collect data relating to any service specific issues you have encountered to help us resolve any issues as quickly as possible. This may include information relating to how and why you are using the service, technical specifications and configurations that are local to your environment and business applications. Some of this information may be used for our internal ‘knowledge base’ that is used to help inform and train customer service representatives
  3. Boomerang communication functions used by your business applications and IP addresses for those applications communicating with Boomerang
  4. A username (email address) and password used to access the Boomerang UI online applications
  5. We allow you to add and / or import your customer data into Boomerang UI. This includes but is not limited to communication addresses (including email addresses, mobile telephone numbers and landline telephone numbers) and other custom data which may be used for personal data.  Access to such data can be controlled using permission features within the application itself, to ensure that any sensitive data is only available on a need to know basis.  Any such data will not be accessed or used by Boomerang.
  6. Expected message volumes and service usage to ensure that the Service has the capacity support the required usage
  7. Transactional message data used for reporting that includes (but not limited to); message content, the recipient’s communication address, the communication method, any associated identifiers, frequency of usage, the delivery status and any response messages associated to those transactions. Boomerang’s Service Agreements define content that is deemed as not acceptable when processing transactional message data through the Services
  8. Activity by carried out by individual system users including a record of when users accessed Boomerang’s applications and activities performed within the application so that an audit trail of user behaviour is available to the customer
  9. We may gather publicly-available information about companies that are our customers or competitors, such as where they are located, their website URL, their industry, and their size. Sometimes this type of customer account data is obtained through third-party service providers that specialize in pulling together publicly-available information about companies.


5.     Using your personal information

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/ActivityType of dataLawful basis for processing including basis of legitimate interest
To register you as a new customer(a) Identity

(b) Contact

Performance of a contract with you
To provide our products and services to you including:

(a) Manage payments, fees and charges

(b) Collect and recover money owed to us

(c) To detect fraudulent and unlawful use of our products and services

(d) to provide you with access to your account data through our UI

(a) Identity

(b) Contact

(c) Financial

(d) Transaction

(e) Marketing and Communications

(a) Performance of a contract with you

(b) Necessary for our legitimate interests (to recover debts due to us)

To manage our relationship with you which will include:

(a) Notifying you about changes to our terms or privacy policy

(b) Asking you to leave a review or take a survey

(a) Identity

(b) Contact

(c) Profile

(d) Marketing and Communications

(a) Performance of a contract with you

(b) Necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)

To enable you to partake in a prize draw, competition or complete a survey(a) Identity

(b) Contact

(c) Profile

(d) Usage

(e) Marketing and Communications

(a) Performance of a contract with you

(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)

To administer and protect our business, our UI and website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)(a) Identity

(b) Contact

(c) Technical

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

(b) Necessary to comply with a legal obligation

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you(a) Identity

(b) Contact

(c) Profile

(d) Usage

(e) Marketing and Communications

(f) Technical

Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences(a) Technical

(b) Usage

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you(a) Identity

(b) Contact

(c) Technical

(d) Usage

(e) Profile

(f) Marketing and Communications

Necessary for our legitimate interests (to develop our products/services and grow our business)


We’ll store your information for as long as we have to by law. If there’s no legal requirement, we’ll only store it for as long as we need it. We’ll also keep some personal information for a reasonable period after the provision of products and services has finished – just in case you decide to use our services again.


6.    Sharing your personal information

Unless you give us your permission, we won’t share your customer content, customer account data, or customer usage data with third parties, except as described below:

  1. Message carriers and operators as necessary for proper routing and connectivity. Therefore, customer content and certain customer usage data is shared with and received from telephony operators to the extent necessary to route and connect those communications from the sender to the intended recipient. How those telephony operators handle your customer content and customer usage data is generally determined by those operators’ own policies and local regulations.
  2. Other communications service providers for proper routing and connectivity. Boomerang may also allow you to use its products and services to send or receive communications through communications service providers that do not use the PSTN, such as Telegram, Facebook Messenger (often referred to as Over-the-Top (OTT) communications service providers). If you choose to use Boomerang’s products and services to send or receive communications by way of these providers, Boomerang will share and receive customer content and customer usage data with these providers to the extent necessary to route and connect those communications from the sender to the intended recipient. How those communications service providers handle your customer content and customer usage data is determined their own policies.
  3. Third-party service providers or consultants. We may share your data stored on our systems with third-party service providers or consultants who need access to the data to perform their work on Boomerang’s behalf, like sharing relevant customer account data with our payment processor so it can process payments on our behalf, or our storage provider for storing your data on our behalf. These third-party service providers are limited to only accessing or using this data to provide services to us and must provide reasonable assurances that they will appropriately safeguard the data.
  4. Compliance with Laws. We may disclose your data stored on our systems to a third party if (i) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or a government request (including to meet national security or law enforcement requirements), (ii) to enforce our agreements and policies, (iii) to protect the security or integrity of our services and products, (iv) to protect ourselves, our other customers, or the public from harm or illegal activities, or (v) to respond to an emergency which we believe in good faith requires us to disclose data to assist in preventing a death or serious bodily injury. If Boomerang is required by law to disclose any of your data that directly identifies you, then we will use reasonable efforts to provide you with notice of that disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Further, we object to requests that we do not believe were issued properly.
  5. We may share your data with our affiliates. We all will only use the data as described in this notice.
  6. Business transfers. If we go through a corporate sale, merger, reorganization, dissolution or similar event, customer data we gather from you may be part of the assets transferred or shared in connection with the due diligence for any such transaction. Any acquirer or successor of Boomerang may continue to use your data as set forth in this notice.
  7. Credit reference, fraud prevention or business scoring agencies, or other credit scoring agencies
  8. Debt collection agencies or other debt recovery organizations

We do not share your data (including, but not limited to, the personal data of your end users) with third parties for their direct marketing purposes, unless you give us your consent to do so.


7.    Storage and transfer of data

Please note that all Boomerang customer account data is stored on servers and equipment located in the UK. In performing its duties as a service provider Boomerang may need to pass customer content (transactional message data) to suppliers located outside of the UK.


8.    Information from Children

We do not knowingly collect any personal information directly from children. If we discover we have received any personal information from a child in violation of this policy, we will take reasonable steps to delete that information as quickly as possible. If you believe we have any information from or about anyone a child, please contact operations@boomcomms.com.


9.    How we secure your data

We work to recognised security standards and constantly review and improve our measures to protect your personal information from unauthorized access, accidental loss, disclosure or destruction.

We work with suppliers who have the appropriate security controls in place to protect your data from unauthorized access, accidental loss, disclosure or destruction. These organisations won’t be entitled to use your personal information for their own purposes.

We use appropriate measures to protect your data based on the sensitivity of the information that we collect, process and store and the current state of technology. Please note though that no service is completely secure. So, while we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.

We work to help our customers protect their data, by providing access confidential data such as usernames and passwords securely and we provide access to security controls within the Boomerang UI application and across the Boomerang messaging gateway that allows customers to overwrite any sensitive data such as messages content and communication addresses.

Communications over the Internet (such as emails) are not secure unless they’ve been encrypted. Your communications may go through a number of countries before being delivered – as this is the nature of the Internet. We can’t accept responsibility for any unauthorized access or loss of personal information that’s beyond our control.


10.    Changes to this policy

Should we elect to change our privacy policy we will publish these changes on our Boomerang UI application and here on our company website. Where the changes are significant, we may also choose to email all customers with the new details. Where required by law, will we obtain your consent to make these changes.


11.     Your rights

You have the right to:

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

  • If you want us to establish the data’s accuracy.
  • Where our use of the data is unlawful but you do not want us to erase it.
  • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
  • You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

To request deletion of your Boomerang account, email us at operations@boomcomms.com Deleting your Boomerang account will result in you permanently losing access to your account and all customer data to which you previously had access through your account. Please note that certain data associated with that account may nonetheless remain on Boomerang’s servers in an aggregated or anonymized form that does not specifically identify you. Similarly, data associated with your account that we are required by law to maintain will also not be deleted.

If you are an end user of an application that uses Boomerang’s services, you should direct requests for access and/or deletion of your data associated with that application to the relevant service provider in accordance with that application provider’s own privacy policy.