• Privacy policy

GDPR Compliance: This policy explains how we handle your data in compliance with the General Data Protection Regulation (GDPR).

1. Introduction

HumanWox Ltd (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our compliance orchestration platform and related services.

We are a data controller for the personal information we collect about you in relation to your use of our website and services. We comply with all applicable data protection laws, including the General Data Protection Regulation (GDPR).

2. What Data We Collect

We collect personal information you provide to us directly, as well as certain technical and usage data automatically when you use our service:

Personal Information
  • Name, email address, and phone number
  • Job title and company name
  • Billing information and transaction records
  • Account login credentials
  • Communication preferences
Usage Data
  • IP addresses and device information
  • Browser type and operating system
  • Pages visited and features used
  • Time spent on platform and interaction patterns
  • Error logs and performance data
Content Data

This includes any data that you upload, create, or manage through our platform, such as compliance documents, workforce records, or vendor data. You control this content data and remain the data controller for it.

3. How We Use Your Data

We use your information for the following purposes:

Providing Our Services
  • Setting up and managing your account
  • Processing and fulfilling your requests
  • Authenticating your identity and access rights
  • Delivering the features and functionality you use
Improving and Maintaining Our Services
  • Troubleshooting and fixing issues
  • Enhancing existing features
  • Developing new services and capabilities
  • Analysing usage patterns to optimise performance
Communication and Support
  • Responding to your inquiries and support requests
  • Sending service-related announcements
  • Providing information about product updates
  • Delivering marketing communications (with your consent)

We process your data based on one or more of the following legal grounds:

  • To perform our contract with you
  • To comply with legal obligations
  • For our legitimate business interests (such as improving our services)
  • With your consent, where required
4. Who We Share Your Data With

We may share your information with third parties in the following circumstances:

Service Providers

We work with carefully selected vendors who provide services such as:

  • Cloud infrastructure and hosting
  • Payment processing
  • Customer support tools
  • Analytics
  • Email and communication services

Our cloud infrastructure providers are located in the UK and EEA, and we ensure any data transfers comply with applicable data protection laws. These service providers only access your information as necessary to perform their functions and are contractually bound to protect your data.

Identity Service Providers (IDSPs)

For certain compliance verification features, we may work with identity service providers to validate credentials or certificates. This is always done with transparent notice and appropriate controls.

Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request.

Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of the transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information.

5. Cookies and Tracking

We use cookies and similar technologies to enhance your experience on our platform, analyse usage patterns, and optimise performance. For detailed information about our use of cookies, please refer to our Cookies Policy.

You can manage your cookie preferences through your browser settings or our cookie consent tool.

6. Data Retention and Deletion

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

For account information, we keep your data for the duration of your relationship with us, plus a reasonable period afterward for legal and operational purposes.

For content data that you upload to our platform, we store this data according to your account settings and instructions. If you delete specific content or close your account, we will remove the relevant data within a reasonable timeframe, typically within 30 days.

We may retain anonymized or aggregated data that no longer identifies you for analytics and service improvement purposes.

7. Your Rights Under GDPR

If you are in the European Economic Area (EEA), you have the following rights regarding your personal data:

  • Right of access: You can request a copy of the personal data we hold about you.
  • Right to rectification: You can ask us to correct inaccurate or incomplete information.
  • Right to erasure: In certain circumstances, you can ask us to delete your personal data.
  • Right to restrict processing: You can request that we limit how we use your data.
  • Right to data portability: You can request a copy of your data in a structured, machine-readable format.
  • Right to object: You can object to our processing of your personal data in certain situations.
  • Rights related to automated decision-making: You can request human intervention for decisions based solely on automated processing.

To exercise any of these rights, please contact us using the details provided in the “Contact for Data-Related Requests” section below.

8. Contact for Data-Related Requests

For any questions about this Privacy Policy or to exercise your data protection rights, please contact our team at:

Email: privacy@humanwox.com

We will respond to your request within one month, as required by applicable law. In certain cases, we may need additional time to respond and will notify you accordingly.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) or other relevant supervisory authority.

9. Updates to Policy

We may update this Privacy Policy periodically to reflect changes in our practices or for legal, operational, or regulatory reasons. The updated version will be indicated by an updated “Last Updated” date.

If we make material changes, we will notify you by:

  • Sending an email to the address associated with your account
  • Displaying a prominent notice on our website or platform

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

Last Updated: May 7, 2025

  • GDPR Compliant
  • UK Data Hosting
  • IDSP-Ready Integration
  • ICO Registration