Last Updated: December 2020
We are Ninian Solutions Limited (t/a Huddle) whose registered offices are 2nd Floor, Aldgate Tower, 2 Leman Street, London, E1 8FA, UK. Any references in this Policy to “Huddle“, “we”, “our”, “us” etc. will be interpreted as a reference to us. Our contact details can be found below under “Contacting us and making a complaint”.
Please read the following information carefully to understand our views and practices regarding your personal data and how we will treat it.
Huddle’s Controller and Processor Responsibilities
Huddle processes your personal data in several ways, depending on how you interact with us and/or our customers.
- We process personal data when you visit our main website (www.huddle.com). Huddle is the Data Controller for this personal data.
- We process personal data about prospective customers of Huddle. Huddle is the Data Controller for this personal data.
- We process personal data about our existing customers, such as contact information about key users. Huddle is the Data Controller of this data.
- We process personal data which may be contained within the content uploaded by our customers, such as files, comments and other collaboration material. Huddle is the Data Processor for this personal data.
- We process Personal Data when you use our applications (huddle.net and us.huddle.com and sub-domains) and associated tools/services, such as User Profile data you provide during registration or when updating your details via the applications. In most cases Huddle is the Data Processor, and the Customer is the Data Controller of this Personal Data, however in such cases where you are a member of multiple Customer accounts Huddle will be the Data Controller for this personal data.
Huddle is a data processor in relation to, and does not control, the content uploaded by Users to our platform. As such, we shall keep your Personal Data for as long as determined by the relevant data controller customer. Should you wish to remove your Personal Data from within customer content, you should contact the relevant customer, who is responsible for giving effect to your rights in relation to Personal Data, including the right of access and erasure.
Information we may collect and otherwise process
We may collect and otherwise process the following data about you:
- We collect information when you complete forms on our websites (huddle.com, huddle.net, these Services can also be accessed using a custom domain name e.g. myaccount.huddle.net, myaccount.huddle.com) – “our sites” – including when registering to use our Sites or subscribing to our Services or updating your profile. The information we may collect about you includes, your name and email address; your title, company and other profile information you provide as well as aggregate information about your use of the features of the Services we provide to you such as the number of times you upload/download files and documents.
- Information that you provide to us by completing surveys on our site or as carried out by our approved third parties.
- If you contact us for customer or technical support, we may keep a record of that correspondence or conversation.
- Information we receive from third-party search engines such as, but not limited to Google, Yahoo and Microsoft (Bing and MSN) relating to your search activity.
- Details of your visits to our site including, but not limited to, traffic data, location data, IP addresses, weblogs and other communication data and the resources that you access.
On registration with Huddle or when completing forms on our Sites, Huddle does not require nor ask for sensitive personal data such as – General medical information, race/ethnicity, gender, political opinions, or sexuality. Where you believe you have either submitted or been asked to provide this information as part of registration or completion of forms, you are to contact email@example.com to have this information deleted or removed from our records.
Most of the information comes directly from you, but we may obtain information from third parties, e.g. your employer when you are asked to register as a user of our Services.
Huddle receives Business-to-Business (B2B) marketing lists from trusted partners for the purpose of contacting new prospects. For details, contact firstname.lastname@example.org
Uses made of your information
Huddle may use the information it holds about you in the following ways:
For the purpose of legitimate interests being pursued by us in relation to the Services that we provide. For example, we will use your information to:
- provide our Services and features to you, to measure and improve those services and features
- provide you with customer and technical support through Customer Relationship Management systems
- contact you with any service-related announcements from time to time
- ensure that content from our Sites are presented in the most effective manner for you and for your computer
- detect and prevent fraud or malicious use
- Where it is necessary for the performance of a contract with you.
- To provide marketing information to you in relation to our Services and to provide you with advertisements concerning our products and services through our Third-Party Partners Programme (see Third-Party Partners programme below for more details) where you have given your consent, or we are otherwise legally entitled to do so and it is in our legitimate interests to provide such information to you; if you do not wish to be contacted in this way, you can use the “unsubscribe” option in communications sent to you or send us an email at email@example.com.
- In order to comply with any legal obligation that we have, in connection with any legal proceedings, or in order to establish, exercise or defend our legal rights.
Where we have relied on our legitimate interests to process your personal data, you may contact us to obtain more information, including in relation to our assessment of the impact on you.
Cookies, Web Beacons and IP addresses
Marketing communications and opting-out
We will provide you with information concerning our products or Services that you request from us or which we feel may interest you by email unless you have opted-out of receiving this information.
You may at any time opt-out of receiving this information by clicking on the opt-out link in the footer of a marketing email you have received or by sending us an email at firstname.lastname@example.org
Opt-out requests will not apply where Huddle sends you a notice regarding the status of service, upgrades to platform, additional features, security alerts, quality surveys or any notice pertinent to your service and account.
How you can access, change or remove your personal information, and other rights
You understand that by accepting an invitation into Huddle, those who are in a Workspace with you will be able to identify you by your Huddle profile.
You may view, change, or remove your profile information displayed through our site at any time by going to your profile and editing your information.
You have the following rights regarding your information:
Right to be informed
You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we are providing you with the information in this policy.
Right of access
Right to rectification
You are entitled to have your information corrected if it is inaccurate or incomplete.
Right to erasure
This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
Right to restrict processing
You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
Right to data portability
You have the right to obtain and reuse your personal data in a structured, commonly used and machine-readable format in certain circumstances. In addition, where certain conditions apply, you have the right to have such information transferred directly to a third party.
Right to withdraw consent
If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful).
Right to object to processing
In addition to the above rights, you also have the right to object to certain types of processing, in certain circumstances. In particular, the right to object to the processing of your personal data based on the grounds of legitimate interests (including processing for direct marketing).
For more information on your rights or to exercise any of these rights at any time, you can contact us by email at email@example.com or by post at address:
Head of Information Security (Privacy Dept.)
2nd Floor, Aldgate Tower
2 Leman Street
London, E1 8FA
If you want to stop using your account, you may deactivate it. When you deactivate an account, you will not be able to use our Sites or Services, and your information will not be capable of being viewed through our sites. However, even after you deactivate your account, copies of your information, including but not limited to name and email address may be retained by us for legal and compliance reasons.
Security and management of your personal information
All information relating to you is stored on secure servers operated by us or our third-party providers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone including employees of Huddle.
Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
Huddle’s Information Security Management is 3rd party ISO 27001:2013 certified by BSI. We will take all reasonable technical and organizational precautions to prevent loss or misuse of your personal information. Your information is stored on protected servers and transmission of data is encrypted. Huddle stores and processes your information for as long as required and removes when no longer needed or upon your request. Safeguards using appropriate technical and organizational measures to minimize the risk of accidental loss, unlawful processing, destruction or damage have been implemented. Huddle will endeavor to ensure your information is accurate, adequate, limited to what is necessary for concerning the purpose for which it is being processed, kept up to date and erased or rectified without undue delay. You acknowledge that the transmission of information over the Internet is inherently insecure and we cannot guarantee the security of data that is sent over the internet. We have implemented security capability including encryption where applicable in all transmission of data. You are responsible for the safe storage of your access credentials to our Services.
Children aged 16 or under are not permitted to utilise the Sites and Services without parental or guardian consent.
Disclosure of your information
We may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If we or substantially all of our assets are acquired by a third-party, in which case personal data held by us will be one of the transferred assets.
- To establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).
Huddle may use trusted third parties to assist in the delivery, provision, analysis and improvement of the Services including but not limited to data storage, maintenance services, database management, analytics, payment processing, Customer Relationship Management services/systems and improvement to the Services features. This includes Huddle’s affiliate in the USA, Huddle Inc.
Huddle’s trusted third parties utilize your personal data for the following business purposes:
- Support services
- Customer relationship management services
- Financial management services
- Communication management services
- Digital signature service.
All onward transfers of data to trusted third parties will be completed under a written contract with terms that include that:
- Data will only be processed for limited and specified purposes; and
- Data will be protected using appropriate technical and organizational security measures.
If it is determined that a third party can no longer meet its obligations under the contract with us, the third-party provider is contractually obligated to notify us.
Where we store your data
Your personal data may be transferred outside the EEA.
This might occur because you choose to use the Huddle platform to communicate and/or share content with persons of your choosing. We do not have access to the content that you chose to share with another other person using our platform and we encrypt such messages on an end-to-end basis. Accordingly, where we are acting only as your processor of any of the data that you choose to share with others through our platform (i.e., only providing the means by which you communicate with anybody else), then it is your responsibility (as controller of the corresponding personal data) in such circumstances to ensure that such transfer complies with all applicable data privacy and data protection law.
However, to the extent that we are acting as your processor and process your personal data in (or use as a sub-processor one of our associate companies that is in) a region that is not part of the EEA or in respect of which the European Commission has not made a finding of adequacy, then we confirm that we shall process the corresponding personal data in accordance with the prevailing mandatory standard contractual clauses (found here: https://eur-lex.europa.eu/eli/dec/2010/87/oj ) provided by the applicable data protection law, whereby, with regard to the corresponding details to be set out in:
Appendix 1 of those standard contractual clauses: the "data exporter" is you; the "data importer" is Huddle , the "data subjects" are the data subjects determined by you that you choose to use the Huddle platform to communicate with (e.g. conceivably being your employees, customers, suppliers and other partners); "categories of data" being the categories of data that you choose to use the Huddle platform to share with other people, which conceivably includes first name, last name, job title, company name, e-mail address, postal address, telephone number, country, device-specific information and log information regarding the above mentioned data subjects; "special categories of data if appropriate" being any special category of data regarding the above mentioned data subjects that you decide to use the Huddle platform to communicate to other persons; and the "processing operations" being the processing operations set out in this privacy statement; and,
Where we transfer any of your personal data in our capacity as a controller, then, where the recipient of the data is in a region that is not part of the EEA or in respect of which the European Commission has not made a finding of adequacy, we shall ensure that such recipient shall process the corresponding personal data in accordance with the prevailing standard contractual clauses provided by the applicable data protection law.
How long we will keep your information
In summary, however, we keep:
- User Profile information for the duration of the contract of any Customer accounts of which you are a member, and one year thereafter, or until such time as you request it to be removed.
- Financial information for seven years to meet our legal obligations for accounting and tax reporting.
- Customer account-related information for the term of the agreement plus seven years, and beyond this period if it is required to enforce or defend a claim against Huddle that has been made under the Subscription Agreement.
- Security-related information, such as log data, for a minimum of one year to meet our security compliance obligations.
We will securely erase your information in advance of these deadlines if we decide that we no longer need it.
Contacting us and making a complaint
Head of Information Security (Privacy Dept.)
2nd Floor, Aldgate Tower
2 Leman Street, London
If you are not satisfied with our response or you believe our use of your information does not comply with data protection law, you can make a complaint to the relevant privacy regulator. In the UK, that is the Information Commissioner – see www.ico.org.uk for more information.