hifel tech logo
hifel tech logo

Privacy Policy

Data Privacy Policy

Effective Date: 01-10-2024

At HIFEL TECH, we prioritise protecting your personal data and complying with all relevant data protection regulations, including the UK General Data Protection Regulation (GDPR). This Privacy Policy explains how we collect, use, and protect your personal data when you visit our website or use our services.

This Privacy Policy applies to:

  • Visitors to our website.
  • Customers and prospective customers.
  • Data processed on behalf of clients during the provision of services.
For more information about your rights under GDPR, visit the ICO GDPR Guide.

For details on cookie usage, please refer to our Cookie Policy.

a. Website Visitors
We collect the following data from website visitors:

  • IP Addresses: Collected via AWS CloudTrail and VPC Flow Logs for performance monitoring, security purposes, and to prevent unauthorised access.
  • Cookies: We use cookies for analytics, website functionality, and advertising purposes with your consent. Learn more in our Cookie Policy.
a. Customers and Prospective Customers
We collect:
  • Name
  • Email Address
  • Telephone Number
  • Other project or inquiry-specific information

  • IP Addresses: Used for security monitoring through AWS services and website analytics.
  • Customer Data: Used for communication regarding projects, invoicing, and providing support.
  • Marketing: We use a double opt-in process for marketing communications. You may opt-out at any time.
  • Advertising Cookies: With your consent, we use cookies to track user activity and serve personalised ads via third-party providers such as Google Ads, Facebook.

Our lawful bases for processing personal data are:

  • Legitimate Interests: For website security (through AWS logging), performance improvements, and business purposes.
  • Contractual Necessity: To fulfil service agreements and provide the necessary services.
  • Consent: Obtained for marketing activities and the use of non-essential cookies (e.g. analytics and advertising cookies).

The following table outlines our data retention periods:

Data Type Retention Period Reason for Retention
IP Addresses 2 years Security and analytics
Customer Data 5 years after last contact Managing customer relationships
Financial Data 6 years Legal accounting obligations
Marketing Data Until consent is withdrawn Marketing communications
Project Emails 10 years Record-keeping and legal documentation
AWS Access Logs 90 days Security monitoring and compliance
Advertising Cookies Up to 1 year Personalised ads and tracking

We adhere to the principle of data minimisation. This means we only collect personal data that is necessary for the specified purposes. By limiting data collection to only what is required, we reduce the risks associated with handling excessive or unnecessary personal data.

We have clear internal processes for managing GDPR requests, which include:

  • Data Access: Submit access requests by emailing dataprotection@hifeltech.co.uk. We will respond within 30 days, providing a copy of your data in a structured, commonly used format (e.g., CSV, PDF)
  • Rectification: If any of your personal data is inaccurate or incomplete, you can request rectification. Contact us with details, and we will make necessary corrections promptly.
  • Erasure: You may request the deletion of your personal data, subject to legal obligations (such as retention periods for financial data). Requests can be made via email, and we will inform you of any legal limitations within 30 days.
Please direct any requests to dataprotection@hifeltech.co.uk.

Below is a breakdown of cookies we use:

Type of Cookie Purpose Provider Duration
Essential Cookies Website security and functionality. HIFEL TECH LTD Session (until browser is closed)
Analytics Cookies Website performance and usage analysis. Google Analytics Up to 2 years
Functional Cookies User preferences and settings. HIFEL TECH LTD 1 year
Advertising Cookies Targeted advertising and ad personalisation. Google Ads, Facebook Up to 1 year
To manage or block cookies, please visit our Cookie Policy.

We only share personal data when necessary:

  • Third-Party Providers: We partner with GDPR-compliant providers such as Google Analytics, AWS, and third-party advertising platforms (Google, Facebook) to provide personalised ads. We have Data Processing Agreements (DPAs) in place with these providers to ensure compliance.
  • AWS is certified with industry-standard security accreditations, including ISO 27001, SOC 1, SOC 2, and SOC 3.
  • Legal Requirements: Personal data may be disclosed if required by law or in response to legal requests from public authorities.

When acting as a Data Processor for our clients, we process personal data strictly under the instructions of the client, who is the Data Controller. As a Data Processor, we follow the client's guidelines for data processing and ensure compliance with GDPR by implementing strong security measures and contractual obligations.

Our responsibilities include processing this data securely, conducting regular audits, and maintaining transparency with clients regarding how we handle data on their behalf. We act as a Data Controller when collecting personal data directly from customers or website visitors, such as through inquiries or account creation, and are responsible for obtaining consent and ensuring compliance with relevant regulations.

Clients should provide their own privacy policies to users when using services we develop or host for them.

If personal data is transferred outside the UK or EEA, such as when using AWS services, we ensure compliance through safeguards like Standard Contractual Clauses (SCCs). AWS complies with GDPR and other global data protection standards to protect your personal data. We conduct regular reviews of third-party providers to ensure they continue to meet these compliance standards, including their adherence to SCCs, security certifications (such as ISO 27001 and SOC 2), and GDPR compliance. This review process occurs annually, or whenever there are significant changes in service or regulatory requirements.

We employ state-of-the-art security measures to protect your personal data:

  • Encryption: All data is encrypted in transit and at rest using AES-256 encryption standards.
  • Multi-Factor Authentication (MFA): Access to our systems is protected by MFA to reduce the risk of unauthorised access.
  • AWS Logging: AWS services such as CloudTrail and VPC Flow Logs monitor our infrastructure for security threats.
  • Third-Party Compliance: AWS, our data storage provider, is certified with ISO 27001 and SOC 2 standards, ensuring the highest level of security.
  • Ongoing Audits: We conduct regular privacy audits to assess the effectiveness of our security measures and ensure that third-party agreements are compliant with the latest regulations.

In the event of a data breach, we will:

  • Notify the relevant supervisory authority within 72 hours if the breach poses a risk to individuals.
  • Inform affected individuals promptly if the breach could result in significant harm.
  • Take immediate steps to mitigate the breach and prevent future incidents. These steps include reviewing and reinforcing our internal security protocols, conducting a root cause analysis, and implementing additional technical safeguards (e.g., access control adjustments, enhanced encryption). We will provide affected individuals with updates on how the breach occurred and what measures have been taken to prevent a recurrence.

As a data subject, you have the following rights:

  • Access: Request access to your personal data.
  • Rectification: Request corrections to inaccurate or incomplete data.
  • Erasure: Request deletion of personal data (subject to legal obligations).
  • Data Portability: Receive your data in a structured, commonly used format.
  • Objection: Object to the processing of your data for legitimate interests.
  • Withdraw Consent: Withdraw consent for marketing communications at any time.
To exercise your rights, contact us at dataprotection@hifeltech.co.uk.

If you believe your data protection rights have been breached, you can file a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 0303 123 1113
ICO Website

We review and update this policy regularly to reflect changes in our operations or legal requirements. This policy was last updated on 20-10-2024.

For any questions about this policy or to exercise your rights, contact us at:

HIFEL TECH LTD
128 City Road, London, EC1V 2NX, United Kingdom.
dataprotection@hifeltech.co.uk

  • GDPR: General Data Protection Regulation, the primary regulation governing data protection in the EU and UK.
  • DPA (Data Processing Agreement): A legal agreement between a data controller and a processor to ensure GDPR compliance.
  • SCC (Standard Contractual Clauses): Standard legal contracts used to transfer personal data outside of the EEA securely.
  • ISO 27001: An international standard for managing information security.
  • SOC 2: A compliance standard for service organisations to manage data securely.

Message us