Privacy policy.

At 7WiseOwls, we are committed to protecting the privacy and security of our customers' and partners’ personal information. This policy outlines how we collect, use, store, and safeguard your data.

1. Data Collection and Use:

We collect and process personal data necessary for providing our services. This includes:

  • Names and contact information (email addresses, phone numbers)

  • Business information (e.g. company information, policies, procedures, organisational structure, technologies used, etc.) depending on type of service provided

  • Service usage data and preferences

  • Communication records with our team

We use this information to:

  • Provide and improve our services

  • Communicate about service updates or issues

  • Send relevant marketing communications

  • Analyse service usage to enhance user experience

  • Comply with legal and contractual obligations


2. Legal Basis for Processing:

We use several legal basis to  process customers’ and partners’ personal data, namely:

  • Contractual basis 

  • Legitimate Interests and Consent 

  • Fulfillment of our legal obligations 



3. Data Storage and Security:

7WiseOwls utilizes Google Workspace for data storage and processing. We leverage Google's robust security features to ensure the protection of your information, including:

  • Data encryption: Industry-standard encryption protocols (AES 256-bit encryption) for data at rest and minimum TLS 1.2 for data in transit

  • Multi-factor authentication for all staff accessing customer data

  • Regular security audits and penetration testing

  • Automatic alerts for potential security issues

  • Compliance with international security standards (e.g. ISO 27001, SOC 2, SOC 3)

We also implement internal security measures such as:

  • Regular staff training on data protection

  • Strict access controls based on the principle of least privilege

  • Monitoring and logging of data access


4. Data Retention:

We retain different types of data for varying periods:

  • Account information: Retained while the account is active and for a period afterward for legal and business purposes

  • Transaction data: Kept for the duration required by tax and accounting regulations

  • Communication records: Stored for a set period to handle inquiries and improve customer service

After the retention period, data is securely deleted using industry-standard methods.


5. Your Rights:

You have the following rights regarding your personal data:

  • Right to access: Request a copy of your personal data

  • Right to rectification: Ask us to correct any inaccurate data

  • Right to erasure: Request deletion of your data under certain circumstances

  • Right to restrict processing: Ask us to limit how we use your data

  • Right to data portability: Request your data in a machine-readable format

  • Right to object: Object to certain types of processing

To exercise these rights, please contact us at dataprotection@7wiseowls.com. We aim to respond to all requests within 30 days.


6. Third-Party Sharing:

We do not sell your personal information. We may share data in the following circumstances:

  • With selected service providers (subprocessors) who help us deliver our services

  • When required by law or to protect our rights

  • In case of a business transfer (e.g. merger or acquisition)

All third parties are required to adhere to strict data protection standards through contractual obligations.


7. Policy Updates:

This privacy policy may be updated periodically to reflect changes in our practices or relevant regulations. For significant changes:

  • We'll post a notice on our website

  • We'll email our customers directly for material changes

  • The "Last updated" date at the bottom of the policy will be revised

We encourage you to review this policy periodically to stay informed about how we protect your data.


8. Training and Data Breach Processes:

Employee Training:

All 7WiseOwls employees undergo regular data protection and privacy training. This includes:

  • Annual comprehensive data protection courses

  • Quarterly security awareness updates

  • Role-specific training for employees handling sensitive data

Data Breach Process:

In the event of a data breach, we will:

  • Immediately assess the nature and extent of the breach

  • Implement measures to contain and mitigate any potential damage

  • Notify affected individuals and relevant authorities within 72 hours, where required by law

  • Conduct a thorough investigation and implement corrective measures to prevent future occurrences


9. Data Processors and International Data Transfers:

We use the following key data processors:

  • Google (for data storage and processing)

  • Docusign (for contracts management)

  • Calendly (for scheduling)

  • Zoom (for remote work management)

Some of these processors may be located outside the EU. In such cases, we ensure that appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission

  • Ensuring processors adhere to frameworks such as the EU-U.S. Data Privacy Framework

  • Other adequate safeguards

We regularly review our processors to ensure they meet the requirements of relevant data protection laws, including GDPR and UK GDPR & DPA 2018.

10. Enabling Compliance with Data Subject Rights:

To enable our clients to comply with Data Subject Rights, we have implemented the following processes:

  • Prompt notification of any data subject requests we receive directly

  • Assistance in locating and retrieving relevant data

  • Support in formatting data for portability requests

  • Capability to rectify, restrict processing, or erase data as required

  • Regular data inventory and mapping to facilitate quick responses

We aim to respond to all data subject rights requests within 30 days, in line with GDPR requirements.

11. Third-Party Processor Compliance:

We confirm that all third-party processors we select are carefully vetted to ensure they meet the requirements of relevant data protection laws, including:

  • GDPR and UK GDPR compliance

  • Appropriate technical and organisational measures for data protection

  • Ability to assist with data subject rights’ requests

  • Compliance with international data transfer regulations

We maintain a register of these processors, regularly audit their compliance, and update our agreements as necessary to reflect changes in data protection laws.

For any questions or concerns regarding your data privacy, please contact us at dataprotection@7wiseowls.com .


Last updated: July 2024