Version 1.1 This policy was last reviewed and updated in October 2020.
While we will never deviate from our commitment to maintain your privacy, we may update this policy from time to time. Please be aware that should you follow a link to another website, you are no longer covered by this policy.
Who we are
HubPro Limited ("HubPro", "we", "us", "our"), company registration 9694294, owns the HubProActive business management system Software as a Service (“SaaS”), suitable for all organisations but in particular SMEs and those maintaining ISO certification.
HubPro is registered with the ICO, registration no: ZA318524
The information we collect
When we say "personal data", we mean any information that relates to and identifies a living person. Personal data will be contained in the information that you provide to us or that is provided during your interactions with us.
When it comes to your personal data, we comply in full with our obligations under the General Data Protection Regulation (GDPR) and other applicable data protection legislation
Information you provide – Your personal data includes the information you provide to us or that you authorise someone else to provide when you:
- sign up to the HubProActive SaaS on behalf of your organisation;
- are given user access to the HubProActive SaaS or the HubProActive Help Centre;
- communicate with us by email or letter;
- sign up to receive our emails or communications;
- participate in or answer questionnaires or surveys or provide feedback;
- provide information in your HubProActive management system;
- provide information during a support enquiry about you and/or your organisation;
- provide information when you authorise us to set up your direct debit.
Examples of this personal data include name, email address, contact number, company name and address, mobile number, as well as any correspondence sent by you when you contact us.
HubPro Ltd has no requirement to collect or process any special categories of personal data, as defined under GDPR and the Data Protection Act 2018, in order to provide the service. In addition, we do not knowingly collect or solicit any personal data from anyone under the age of 16. Information input into the HubProActive SaaS is managed internally by you, the customer and it is your responsibility to ensure legal requirements are met.
It is your responsibility to safeguard your login information and control your third party access. Also, you need to make sure you have made suitable disclosures and, where applicable, have obtained any relevant consents or permissions necessary for you to upload the data of others (such as suppliers and clients) to HubProActive and for that data to be used as set out in this policy.
We may also receive your information from a third party e.g. a referral from another customer, service provider or business partner.
Sharing your information with us is essential for you to be able to communicate with us, for us to provide our services, comply with contractual obligations and keep you up to date with any changes and improvements to our services.
Information we collect - We collect information about your usage of our service and website to improve our service, understand trends and enhance and customise content and campaigns. Some of this data may be "personal data", where it relates to an identifiable person. Here's the information that we collect and how we use it:
- we may monitor patterns of usage, such as login dates and volumes of data, so we can understand how people are using HubProActive. We also do this in order to keep HubProActive secure and to develop and improve our products.
- for security reasons and to aid in our monitoring of usage patterns, we log your Internet Protocol (IP) address when you use our website. This is the individual identification number that is assigned to your computer when it’s connected to the internet.
- we monitor traffic information to our website and Help Centre and emails, including page visits, email clicks, referring sites, and video viewings. We use this information to improve our website, advertising, promotions, and to understand customer behaviour. Please see section 10 below regarding our policy on cookies.
How we use your personal data
We collect and use your personal data for a variety of business reasons. However, we need some of the data to enter into and perform our contract with you, maintain the security of our systems and provide you with access to our services. This data includes your contact details and other information requested during the HubProActive setup process. If you fail to provide this data, or refuse to do so, we may be unable to provide our service to you.
Under data protection laws, whenever we process your personal data, we must meet at least one set condition for processing. These conditions are set out in data protection law and we rely on a number of different conditions for the activities we carry out. We have listed below the purposes and the lawful basis for processing your information:
How we may use your personal data
Website enquiries – if you visit our website we and use our website contact form we will receive your enquiry as an email. We will collect and store your information in our email system and management system.
Legitimate Interest: - to respond to enquiries and to take steps to enter into a contract with you.
Legitimate interests - to manage our customer relationship and deliver the contracted services, to protect our business interests and the interests of our customers.
Legal. to maintain financial records to meet statutory and legal requirements.
Customers: to provide you with important announcements about the services you have with us we will store your information in Mailchimp.
Contractual - To carry out our contractual obligation to keep you up to date with changes and updates to our services that could affect you through emailed announcements.
Customers: to provide you with support for issues related to HubProActive (HPA) we use a third party platform managed by Zendesk.
Contractual - To carry out our contractual obligation to manage requests for support and provide a high level of service to our customers.
Customers: if you require support for the functions and use of HPA we may need to have temporary access to your HPA management system (which may include some personal data). We will only process or access this data as per your instructions. It is your responsibility to ensure your end users are aware of this.
Contractual - To carry out our contractual obligation to manage requests for support and provide a high level of service to our customers.
Enquiries and Complaints: to handle general enquiries and complaints we will store your data in our Helpdesk system, filing system and/or email system depending on the way you communicate with us.
Legitimate interests - to manage our customer relationship and provide a high level of service, to respond to enquiries and to ensure complaints are investigated promptly and satisfactorily.
Customers, enquirers, suppliers, and others who communicate with us: to communicate with you by email, phone, post or other digital methods e.g. Zoom and Teams. For example:
- to manage customer and supplier relationships
- for the purpose of meeting contractual or regulatory requirements
- to keep you informed of changes or updates to your services
- to respond to enquiries made through our website contact form
We may keep records of communication in our management system, filing system or email system.
Legitimate interest -
- to manage our customer relationship and provide a high level of service, to protect our business interests and the interests of our customers.
- to manage our supplier relationship, to protect our business interests and the interests of our customers.
- to respond to an enquiry.
Legitimate interest - to provide you with information about our products and services that may be of interest. In relation to direct digital marketing, where we have your consent to do so. You can unsubscribe at any time.
Customers: to recover any debts you owe us and enforce other obligations we are entitled to under contract and to protect ourselves against harm to our rights and property interests. We will keep records of communication in our management system and accounts system.
Legitimate interest -to ensure our business is run with due diligence and we are capable of recovering the debts owed to us.
Customers and potential customers: Where necessary to undertake checks for the purposes of detecting and preventing fraud, and money laundering and to verify your identity before providing services to you.
Legitimate interest - to detect and prevent fraud, money laundering and other crimes and to verify your identify in order to protect our business.
Legal - Where the law requires it.
Service providers e.g. HPA Partners: Where necessary to undertake checks for the purposes of detecting and preventing fraud, and money laundering and to verify your identity before permitting you to provide services on our behalf.
To store your data in our accounts system.
Legitimate interest - to detect and prevent fraud, money laundering and other crimes, to verify your identify and to undertake compliance checks in order to protect our business.
Legal: Where the law requires it financial record keeping.
Supplier and Third Party Arrangements
As part of the service, we may need to share your personal information outside HubPro Ltd. There are limited circumstances in which we would do this and we will always have a compelling business reason to do so. Examples of when we will share your information include:
- when we have your permission to do so;
- when you ask us to share your information as part of the service or a connected product you are interested in so that we can tailor your experience;
- when part of the service, or a product you are interested in, is supported or provided by a third party for example a HubProActive Partner that you have given permission;
- when we are under a duty to disclose or share your personal or financial data in order to comply with any legal or regulatory obligation;
- to cooperate with law enforcement officials, judicial bodies, government entities, or regulatory bodies in the investigation of unlawful activities of HubProActive users or relating to HubProActive users; or in order to enforce or apply any contract with you; or to protect our rights, property, or the safety of our employees, customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
- sharing with third parties and other companies to help prevent, detect and prosecute unlawful acts and fraudulent behaviour;
- sharing with suppliers, sub-contractors and advisors who support the operation of the service, provide information for an insight, or manage connected products;
- sharing with third parties in the event that we, our business, or substantially all of its assets are acquired by a third party (in which case, personal information about customers will be one of the transferred assets);
We will always take steps to ensure that the safety and security of your information is maintained. We will implement and maintain technical and organisational measures over each transfer of personal information and mandate that our partners and third parties do the same. No ownership rights to the data will be transferred to any third party, unless otherwise notified.
The GDPR aims to give you more control of your data. It provides new and strengthened rights as follows:
Right to access – you can ask us whether we’re processing your personal data, including where and for what purpose. You can also request an electronic copy of your personal data free of charge. If you require further copies of the data there may be a charge where permitted by the legislation.
Right to restrict processing – in certain circumstances, you can ask us to restrict our use of your personal data.
Right to rectification – you can ask us to correct inaccurate personal data we hold about you.
Right to erasure (right to be forgotten) – in certain circumstances, you can ask us to erase your personal data.
Right to data portability – you can ask us to provide you with a copy of your personal data in a commonly used electronic format so that you can transfer it to other businesses.
Right to object to automated decision-making – in certain circumstances, you can ask us not to make automated decisions about you based on your personal data that produce significant legal effects.
Right to lodge a complaint – you can lodge a complaint with the supervisory authority ICO but we ask that you allow us to see if we can resolve the problem first (See complaints and queries section).
This means you can at any time:
- inform us of a correction to your personal data;
- withdraw any permission you have previously given to allow us to use your information;
- object to any automated decision-making;
- ask us to stop or start sending you marketing messages;
- ask us to send you (or someone you nominate) a copy of the information we hold about you;
- ask us to stop using your information in certain circumstances.
Data Subject Access Request
You have the right to request a copy of the personal data we hold about you and to have any inaccuracies corrected. We will require you to prove your identity with 2 pieces of approved identification. We will use reasonable efforts consistent with our legal duty to supply, correct or delete personal information about you on our files.
If you can advise of the specific information that you require, we can process your request more quickly. We will respond to your request within one month of you providing information that confirms your identity.
We will then give you a description of your data, why we have it, who it could be disclosed to and it will be in a format that you can access easily.
If you wish to make a DSAR request please contact us using the contact details at the end of this notice and we will explain the process to you.
Retention of your Data
We will keep your data for as long as we have a relationship with you. Once our relationship has come to an end we will only retain your personal data for a period of time that is calculated depending on the type of personal data and the purposes for which we hold that data. Your data in HubProActive belongs to you and deletion of your data is under your control. Once your contract for HubProActive has ended you will have a grace period to download your data in accordance with our Terms of Service before your profile and data is deleted.
We only retain information that enables us to:
- maintain business records to comply with our contractual obligations
- comply with record retention requirements under the law
- defend or bring any existing or potential legal claims
- maintain records of anyone who does not want to receive marketing from us
- deal with any future complaints regarding services we have delivered
- if required to by law enforcement agencies
How do we protect your Personal data
We are committed to protecting your information. We adopt appropriate, industry-standard data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction. For further details of the security measures we have implemented please see our Security Policy.
Where we utilise third parties to help provide our services, we will always ensure that, as a minimum, the security policies and confidentiality arrangements of those third parties adhere to the same requirements that we impose and expect.
We communicate best practice password management to new users when they are sent their first password. You are responsible for maintaining strong password policies for your HubProActive users. We strongly recommend the Two-Factor authentication option is enabled.
We shall periodically check that the personal data we store for you is accurate. If you would like to update the personal data we hold about you, please contact us at email@example.com with your request.
Please note that the internet is not a secure medium and although we will do our best to protect your data, we cannot guarantee the security of any data transmitted to your HubProActive SaaS management system. Any such transmission is at your own risk.
What is a Cookie and how do we use them
We may use third-party site usage tracking companies to analyse your Site visit or to conduct surveys e.g. Google Analytics. When visiting our website these third parties may place or recognise a unique “cookie” on your browser. These companies may use information (not including your name, address, e-mail address or telephone number) about your visits to our website and other Web sites in order to help us understand how to serve you better.
If you wish, you can prevent cookie files from using information about you by either deleting the cookie folder in your browser or by putting your browser’s Privacy setting higher, but doing so will mean that;
- your use of the Site will be adversely affected (and quite possibly entirely prevented)
- you will not be presented with advertising that reflects the way that you use our, and other, sites.
You can find out how to make these changes to your browser at this site: www.allaboutcookies.org/manage-cookies/.
Queries or Complaints
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. Please get in touch if you think we are using or collecting your data in an inappropriate way.
You can call us on 0333 2420557 and ask to be referred to the Privacy Manager.
or you can email firstname.lastname@example.org
or write to us at HubPro Ltd, Floor 2, Market House, Market Square, Aylesbury, HP20 1TN
The supervisory body for the UK is the Information Commissioners Office (ICO)
You can visit their website at: https://ico.org.uk/
Or contact them on: 0303 123 1113