Data Protection Policy

Reviewed: August 26, 2019


“GDPR” means the General Data Protection Regulation.

"CommonPage” (“we”, “our”) means CommonPage, Inc., a Delaware corporation having principal place of business at208 Lenox Avenue, #145, Westfield, NJ 07090, USA, and its Affiliates.

"CommonPage Parties” means CommonPage, its partners, licensors, merchants, information providers and others involved in the delivery of the Platform, and their respective shareholders, directors, officers, managers, members, employees, contractors, and agents.

Platform” means the computer hardware, computer software, methods, data, services and work product of any kind, that are provided directly to you by CommonPage or are accessible directly or indirectly via any software, web service or website provided or operated by or on behalf of CommonPage, including, without limitation: (a) any website provided by CommonPage, including but not limited to those using the top-level domain names,, or using sub-domains under these top-level domains; (b) any data or information, forming part of or used in creating or delivering any Content; (c) the format and organization of any User Content, and the integration and use of such data with other parts of the Platform (but excluding the User Content itself); (d) the methods used in the production of any Content not independently known to or developed by you or; (e) the source code, object code, scripts, text, screens, other computer programs and associated documentation that provide the graphical user interface and system to input, store, process, retrieve and output information in order to request, purchase, create, manage, deliver or access any Content; (f) the content, format and organization of information output used in any Content and (g) all updates, upgrades, enhancements and modifications to any of the foregoing, any derivations based on the foregoing and all Intellectual Property Rights related thereto.

 “Responsible Person” means Thomas Eisner, co-founder of CommonPage.

Register of Systems” means a register of all systems or contexts in which personal data is processed by CommonPage.

Register of Systems

  • Website Analytics (Google Analytics)
  • Email Systems (All related domains
  • Platform documentation
  • Website at
  • Platform hosted at
  • Mailchimp for marketing and updates
  • Notion for customer information
  • Facebook social media account (
  • Twitter social media account (
  • Pinterest social media account (,uk/commonpage)
  • LinkedIn social media account (

Data Protection Principles

CommonPage is committed to processing data in accordance with its responsibilities under the GDPR.

Article 5 of the GDPR requires that personal data shall be

  1. processed lawfully, fairly and in a transparent manner in relation to individuals;
  2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
  3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
  5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
  6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

General Provisions

  1. This policy applies to all personal data processed by CommonPage.
  2. The Responsible Person shall take responsibility for CommonPage’s ongoing compliance with this policy.
  3. This policy shall be reviewed at least annually.
  4. CommonPage shall register with the Information Commissioner’s Office as an organization that processes personal data.

Lawful, Fair and Transparent Processing

  1. To ensure its processing of data is lawful, fair and transparent, CommonPage shall maintain a Register of Systems.
  2. The Register of Systems shall be reviewed at least annually.
  3. Individuals have the right to access their personal data and any such requests made to CommonPage shall be dealt with in a timely manner.

Lawful Purposes

  1. All data processed by CommonPage must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests (see ICO Guidance for more information).
  2. CommonPage shall note the appropriate lawful basis in the Register of Systems.
  3. Where consent is relied upon as a lawful basis for processing data, evidence of opt-in  consent shall be kept with the personal data.
  4. Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in CommonPage’s systems.

To access, or request removal of data, an email to be sent to, to which CommonPage will respond within 30 days.

Data Minimization and Retention

  1. CommonPage shall ensure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
  2. The archiving policy shall consider what data should/must be retained, for how long, and why.


  1. CommonPage shall take reasonable steps to ensure personal data is accurate.
  2. Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.


  1. CommonPage shall ensure that personal data is stored securely using modern software that is kept-up-to-date.
  2. Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorised sharing of information.
  3. When personal data is deleted this should be done safely such that the data is irrecoverable.
  4. Appropriate backup and disaster recovery solutions shall be in place.

Third Party Policies

  1. MailChimp subscription lists are kept in accordance with MailChimp’s own privacy policy and terms and conditions.
  2. Facebook data are kept in accordance with Facebook’s own privacy policy.
  3. Twitter data are kept in accordance with Twitter’s own privacy policy.
  4. Pinterest data are kept in accordance with Pinterest’s own privacy policy.
  5. Linkedin data are kept in accordance with Linkedin’s own privacy policy.


In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, CommonPage shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the ICO (more information on the ICO website).

Cookies Policy

We respect the privacy of our visitors and do not share or sell any personal information with third parties.

Any information you provide to CommonPage will be treated in confidence and used only for the purpose for which you provided it. Where personal information can be entered, the Platform ensures that industry-standard security measures are in place to protect it.

CommonPage uses cookies on the Platform. These cookies are essential in order to enable you to move around the Platform and use its features, such as accessing secure areas of the Platform. Without these cookies some services cannot be provided.

These cookies don’t gather information about you that could be used for marketing or remembering where you’ve been on the internet.

By using the Platform, you agree that we can place these types of cookies on your device.