At Hoowla we are committed to safeguarding and preserving the privacy of our users.
We will never deviate from our overall philosophy of maintaining your privacy and complying with the requirements of the current legal framework in relation to data processing and with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
When you share your personal data with us, we treat it with care and take our responsibility to protect it seriously. All Hoowla employees and subcontractors have entered into confidentiality terms with Hoowla Ltd.
As a processor in respect of personal data shared with us we are GDPR compliant and will always makes available to the controller all information necessary to demonstrate compliance.
Information Commissioners Office Registration Reference: ZA119760
Information We Collect
In running and maintaining our website we may collect and process the following data about you:
- i. Information about your use of our site, including details of your visits such as pages viewed and the resources that you access. Such information includes traffic data, location data and other communication data.
- ii. Information provided voluntarily by you. For example, when you register for information, create an account, case or person.
- iii. Information that you provide when you communicate with us by any means.
Information you provide
Your personal data includes the information you provide, or that you authorise one of your employees or client to provide, when you sign up for an account or sign up to receive our emails, or when you answer questionnaires, surveys or provide information in your account profile, on the Hoowla website and Case Management System, or during a support enquiry. It also includes information you provide when you complete any forms which you submit to us and information you upload to your Hoowla account.
Examples of this personal data include your name, your email address, contact and/or employee names; and any correspondence when you contact us. It could also include your bank account details and bank transaction details (if it identifies a person). It could also include details in any documents and files you upload (if they identify a person).
We do not collect or process special categories of personal data, as defined under GDPR.
We may gather information about your general internet use by using the cookie. Where used, these cookies are downloaded to your computer and stored on the computer’s hard drive. Such information will not identify you personally, it is statistical data. This statistical data does not identify any personal details whatsoever.
You can adjust the settings on your computer to decline any cookies if you wish. This can easily be done by activating the reject cookies setting on your computer.
Use of Your Information
We use the information that we collect from you to provide our services to you. In addition to this we may use the information for one or more of the following purposes:
- i. To provide information to you that you request from us relating to our products or services.
- ii. To provide information to you relating to other products that may be of interest to you. Such additional information will only be provided where you have consented to receive such information.
- iii. To inform you of any changes to our website, services or goods and products.
If you have previously purchased goods or services from us we may provide to you details of similar goods or services, or other goods and services, that you may be interested in. Where such consent has been provided it can be withdrawn by you at any time.
Storing Your Personal Data
Your data, including personal data, is housed in a highly available, scale-able solution situated in the ISO 27001 certified AWS data centres in Dublin and London. https://aws.amazon.com/compliance/data-center/
Briefly this means:
- Access is scrutinised, controlled and monitored
- Video surveillance
- Intrusion detection, and access log monitoring systems
- Physical access is strictly controlled by two factor authentication and 24 hour security escorts
- Core applications are deployed to an N+1
All Hoowla employees and company representatives are physically based in the UK. We use the Heroku and AWS platforms and they have their own information regarding data storage here: https://devcenter.heroku.com/articles/gdpr and here: https://aws.amazon.com/compliance/gdpr-center/
How long is your Data stored for
Your data is only stored in Hoowla for as long as necessary for the purpose of processing set out in this policy. When you cancel your Hoowla account you can either delete your data immediately, or we will automatically delete your data after one year. If your account is blocked due to non payment we will keep your data available for you for two years. After two years of inactivity we will automatically delete it.
Marketing contact details will be deleted after two years of inactivity.
For the integrity of our systems and your data we continually take secure, encrypted backups. All data, including deleted data, remains archived within these backups and these are maintained according to our defined two-year data retention policy, after which they are removed.
Your financial data
In addition to your personal data, we will also store financial data that you enter into Hoowla. Examples of your financial data include your organisation’s bank transactions, invoices, expenses and receipts.
You own all of the financial data you enter into Hoowla and have final control over who has access to it. For example, if you want to give your employee or accountant access to your financial data, you can give them access to this in Hoowla. It is your responsibility to keep your password and account access secure. You need to make sure you have obtained any relevant consents or permissions necessary for you to upload the personal data of others (such as suppliers and clients) to Hoowla and for it to be used as set out in this policy.
You can export your data anytime
You can export a copy of your data in Hoowla whenever you like, either via links in our website or using our backup tool. This includes your case and client details and does not need Hoowla to access the data once exported.
You can also ask us for a copy of your personal data that we hold.
You can delete your data any time
You have the option to request us delete all of your data at any time, by emailing firstname.lastname@example.org. After you delete your data we may not immediately delete residual copies from our active servers and may not remove information from our backup systems.
We highly recommend that you export your data before cancelling, since many countries (including the UK) require you retain your business records for a set period, even if you have finished trading.
If your use of Hoowla expires, you account is not automatically cancelled within our system. We will retain historical details about your payments to Hoowla for accounting purposes, as required to do so by law. These records are retained securely for 7 years after your account is cancelled. After this time they will be securely deleted.
If your data is deleted or blocked due to non-payment your data is automatically deleted after two years, but we will retain historical details about your payments to Hoowla for accounting purposes as required to do so by law. These records are retained securely for 7 years after your account is cancelled. After this time they will be securely deleted.
Disclosing Your Information
- i. In the event that we sell any or all of our business to the buyer.
- ii. Where we are legally required by law to disclose your personal information.
- iii. To further fraud protection and reduce the risk of fraud.
We will promptly notify you if we receive a request from a Data Subject under any Data Protection Law in respect of your Personal Data and we will ensure only to respond to that request as required by Applicable Laws to which we are subject.
Data breach notification
On becoming aware of a data breach we will notify the affected users within 72 hours and where appropriate any other authorities. We will provide you with sufficient information to allow you to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.
We shall co-operate with you and take reasonable commercial steps as are directed by you to assist in the investigation, mitigation and remediation of each such Personal Data Breach.
Third Party Links
Access to Information
In accordance with the General Data protection Regulation act you have the right to access any information that we hold relating to you.
We will also assist you with responding to data subject requests regarding to data you hold on Hoowla.
- You can unsubscribe from our promotional email communications at any time by just clicking the ‘unsubscribe’ link in any email, or by emailing us at email@example.com. If you have a Hoowla account, you will still receive any essential emails from us about your service, including notifications from the application and notifications about your billing and subscription.
- You have the right to request a copy of personal data we hold about you. To do this, simply write to us at to the address below or email us at firstname.lastname@example.org
- To provide the highest level of customer service we need accurate customer information. You can help by informing us whenever your circumstances change. You can ask us to correct incorrect personal data about you by writing to the address below or emailing us at email@example.com
- You can find detailed information about your rights under UK Data Protection legislation on the UK Information Commissioner’s website at www.ico.gov.uk.
Your additional audit rights
We will make available to you, on request, all information necessary to demonstrate compliance with this Agreement, and shall allow for and contribute to audits, including inspections, by you or an auditor mandated by you in relation to the Processing of your and your clients Personal Data by the Contracted Processors. Your audit rights only extent to your rights in meeting the relevant requirements of Data Protection Law.
Sub-processing of data
Hoowla shall not appoint (or disclose any company personal data to) any sub-processor unless required or authorised by you.
Phone: 01792 687146
Post: 54 Mansel Street Swansea SA1 5TE
Our Data Protection Officer is Adam Curtis who can be contacted on the above details.