Privacy policy.
At 7WiseOwls, we are committed to protecting the privacy and security of our customers' and partners’ personal information. This policy outlines how we collect, use, store, and safeguard your data.
1. Data Collection and Use:
We collect and process personal data necessary for providing our services. This includes:
Names and contact information (email addresses, phone numbers)
Business information (e.g. company information, policies, procedures, organisational structure, technologies used, etc.) depending on type of service provided
Service usage data and preferences
Communication records with our team
We use this information to:
Provide and improve our services
Communicate about service updates or issues
Send relevant marketing communications
Analyse service usage to enhance user experience
Comply with legal and contractual obligations
2. Legal Basis for Processing:
We use several legal basis to process customers’ and partners’ personal data, namely:
Contractual basis
Legitimate Interests and Consent
Fulfillment of our legal obligations
3. Data Storage and Security:
7WiseOwls utilizes Google Workspace for data storage and processing. We leverage Google's robust security features to ensure the protection of your information, including:
Data encryption: Industry-standard encryption protocols (AES 256-bit encryption) for data at rest and minimum TLS 1.2 for data in transit
Multi-factor authentication for all staff accessing customer data
Regular security audits and penetration testing
Automatic alerts for potential security issues
Compliance with international security standards (e.g. ISO 27001, SOC 2, SOC 3)
We also implement internal security measures such as:
Regular staff training on data protection
Strict access controls based on the principle of least privilege
Monitoring and logging of data access
4. Data Retention:
We retain different types of data for varying periods:
Account information: Retained while the account is active and for a period afterward for legal and business purposes
Transaction data: Kept for the duration required by tax and accounting regulations
Communication records: Stored for a set period to handle inquiries and improve customer service
After the retention period, data is securely deleted using industry-standard methods.
5. Your Rights:
You have the following rights regarding your personal data:
Right to access: Request a copy of your personal data
Right to rectification: Ask us to correct any inaccurate data
Right to erasure: Request deletion of your data under certain circumstances
Right to restrict processing: Ask us to limit how we use your data
Right to data portability: Request your data in a machine-readable format
Right to object: Object to certain types of processing
To exercise these rights, please contact us at dataprotection@7wiseowls.com. We aim to respond to all requests within 30 days.
6. Third-Party Sharing:
We do not sell your personal information. We may share data in the following circumstances:
With selected service providers (subprocessors) who help us deliver our services
When required by law or to protect our rights
In case of a business transfer (e.g. merger or acquisition)
All third parties are required to adhere to strict data protection standards through contractual obligations.
7. Policy Updates:
This privacy policy may be updated periodically to reflect changes in our practices or relevant regulations. For significant changes:
We'll post a notice on our website
We'll email our customers directly for material changes
The "Last updated" date at the bottom of the policy will be revised
We encourage you to review this policy periodically to stay informed about how we protect your data.
8. Training and Data Breach Processes:
Employee Training:
All 7WiseOwls employees undergo regular data protection and privacy training. This includes:
Annual comprehensive data protection courses
Quarterly security awareness updates
Role-specific training for employees handling sensitive data
Data Breach Process:
In the event of a data breach, we will:
Immediately assess the nature and extent of the breach
Implement measures to contain and mitigate any potential damage
Notify affected individuals and relevant authorities within 72 hours, where required by law
Conduct a thorough investigation and implement corrective measures to prevent future occurrences
9. Data Processors and International Data Transfers:
We use the following key data processors:
Google (for data storage and processing)
Docusign (for contracts management)
Calendly (for scheduling)
Zoom (for remote work management)
Some of these processors may be located outside the EU. In such cases, we ensure that appropriate safeguards are in place, including:
Standard Contractual Clauses (SCCs) approved by the European Commission
Ensuring processors adhere to frameworks such as the EU-U.S. Data Privacy Framework
Other adequate safeguards
We regularly review our processors to ensure they meet the requirements of relevant data protection laws, including GDPR and UK GDPR & DPA 2018.
10. Enabling Compliance with Data Subject Rights:
To enable our clients to comply with Data Subject Rights, we have implemented the following processes:
Prompt notification of any data subject requests we receive directly
Assistance in locating and retrieving relevant data
Support in formatting data for portability requests
Capability to rectify, restrict processing, or erase data as required
Regular data inventory and mapping to facilitate quick responses
We aim to respond to all data subject rights requests within 30 days, in line with GDPR requirements.
11. Third-Party Processor Compliance:
We confirm that all third-party processors we select are carefully vetted to ensure they meet the requirements of relevant data protection laws, including:
GDPR and UK GDPR compliance
Appropriate technical and organisational measures for data protection
Ability to assist with data subject rights’ requests
Compliance with international data transfer regulations
We maintain a register of these processors, regularly audit their compliance, and update our agreements as necessary to reflect changes in data protection laws.
For any questions or concerns regarding your data privacy, please contact us at dataprotection@7wiseowls.com .
Last updated: July 2024