Solutions The best route to security compliance
Platform A powerful suite of ISMS features
Resources Everything you need to know
Knowledge Base Learn more about infosec
Company Security and customers first

Privacy Policy

How and why Hicomply collects and stores data.

Hicomply Limited (“us”, or “we”) are the “data controller” in respect of your personal information. This privacy notice sets out the basis on which we will process any of your personal information that we collect from you or third parties, or that you provide to us either through the Hicomply website or when you contact us (e.g. via our customer service team or sales team).

Please read the following carefully to understand our practices regarding your personal information and how it will be treated. Please note that this Website Privacy Notice does not apply to any personal information which Hicomply may collect and otherwise process as part of the service which Hicomply provides to its clients.

Please see the Hicomply Terms of Use for details regarding how we handle any such information.

How and when we collect personal information about you

We collect and process personal information when you:

  • Visit our website (including when registering on our site, or filling in forms on our site, such as when you sign up for newsletters);
  • Register for a Hicomply product demonstration via our website;
  • Contact us with an enquiry or to request information;
  • Participate in our customer satisfaction surveys or other market research; and communicate with us via social networking websites, third party apps or similar technologies.
  • Purchase or use the Hicomply Product, we will collect only the personal information required for you to use the product such as email address, name, job role etc.

We may also collect information about you from third party sources, such as from your use of other websites which we operate and from related third parties such as sub-processors.

We may collect information from publicly accessible sources such as various social media platforms.

What personal information do we collect about you?

Submitted Information

We may collect and process the following personal information about you which you provide to us:

  • Contact details (such as your name, business address, email address, job title, company information and telephone number);
  • Password and other authentication information;
  • Responses to any customer satisfaction surveys or market research (unless these are provided anonymously) ;
  • Your marketing preferences; and
  • Your online activity on our websites.

Additional information

If you contact us with a complaint or query, we may keep a record of any phone number used to call us as well as the correspondence and the period of time it took for us to deal with a query or any request you had. We may also record your levels of satisfaction with the services we have provided.

When you visit our website, we may also collect information from you, for example using cookies and other similar technologies. A cookie is a small file of letters and numbers that we may set on your device. You can find more information about the cookies we use and the purposes for which we use them in our Cookie Policy. This type of information may include the following:

  • Information about your device, operating system and IP address;
  • Your login information;
  • Browser type and version;
  • Information about your visit, including URL, clickstream (i.e. your journey to, through and from our site), length of visits to certain pages, and page interaction information.

Purposes for processing your personal information

We may process your personal information for the following purposes:

  • To provide you with the information, products and services that you have requested from us
  • To send you marketing and advertising materials in relation to our services or articles, ebooks and publications we may have prepared that we believe are relevant to you;
  • Where applicable, to authenticate your access to our website or service platforms;
  • For system administration purposes and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • To distinguish you from other users (for example to remember your log-in details);
  • To monitor your use of our website to improve the user experience and to ensure that content is presented in the most effective manner for you and for your device;
  • To provide customer support and ensure that we provide you with a good level of customer service;
  • To tailor any marketing or advertising so that it is more relevant to you;
  • To notify you of any changes to our services;
  • To conduct marketing analysis to allow us to assess trends and the effectiveness of our advertising and marketing campaigns (including using your personal information to evaluate, analyse or predict certain personal aspects relating to you, such as your preferences, economic situation, interests, and/or location);
  • For security and fraud prevention;
  • To ensure that our website and digital properties are safe and secure;
  • To comply with applicable laws and regulations.

We may also match personal information that you provide to us directly with other information about you obtained from or held by third party sources (such as social media platforms). This may include your contact details, demographic data, your social media interactions, preferences, interests, geographic location and age or age range.

We may use this personal information to tailor and show advertisements more relevant to you either on our website or on third party websites, including social media platforms.

Legal basis for processing your personal information

We will only process your personal information where we have a legal basis to do so. The legal basis will depend on the purposes for which we have collected and use your personal information. In almost every case the legal basis will be one of the following:

  • Delivery of Software services and related support for registered platform users
    • Type of Data - First name, surname, work email address, IP address (optional: avatar/profile photo and phone number)
    • Lawful Basis - Performance of a Contract
  • Processing and delivery of orders, including payment management and debt collection
    • Type of Data - First name, surname, phone number, business address, payment information
    • Lawful Basis - Performance of a Contract and Legitimate Interest
  • Marketing and promotion of our services to prospective buyers and customers
    • Type of Data - First name, surname, job role, email address, contact number
    • Lawful Basis – Consent and Legitimate Interests
  • Data analytics to improve our website, products/services, marketing, customer relationships, and experiences
    • Type of Data - First name, surname, email address, IP address.
    • Lawful Basis - Legitimate Interests, Performance of a Contract
  • Incident prevention, customer protection, and swift response to security issues
    • Type of Data - First name, surname, email address, IP address, phone number
    • Lawful Basis - Performance of a Contract, Compliance with Legal Obligations
  • Response to legal or regulatory demands
    • Type of Data - Any or all information held, depending on the request
    • Lawful Basis - Compliance with Legal Obligations
  • Monitoring, quality control, training, and improvement of sales demonstrations and phone calls
    • Type of Data - Call and screen share recordings, name, email address, phone number
    • Lawful Basis - Consent, Legitimate Interests
  • Where we are also subject to legal obligations and may need to use your personal information in order to comply with that obligation, for example should we be requested to share information with a regulator or government organisation.

Where we store your personal information

Personal Data collected within the Hicomply Software product is stored in the UK, or other regional data centres if selected.

Personal data provided to us for support queries, accounting, sales, and marketing purposes is primarily handled within the UK. However, data transfers may occur outside the UK when involving third-party sub-processors with facilities in other countries. When transferring your personal data outside the UK, we only engage countries that offer adequate data protection measures or implement approved transfer mechanisms, such as the European Commission's Standard Contractual Clauses with the UK's International Data Transfer Addendum.

For further information on the specific mechanisms used for transferring your personal data, please contact us.

How we keep your personal information

We take steps to ensure that the personal information that you provide is retained for only as long as it is necessary for the purpose for which it was collected. After this period it will be deleted or in some cases anonymised.

For example, where you have made a purchase with us, we will keep a record of your purchase for the period necessary for invoicing, tax, legal claim and warranty purposes (where applicable). We may also keep a record of correspondence with you (for example if you have made a complaint) for as long as is necessary to protect us from a legal claim.

Where we have collected the personal information based on your consent and we have no other lawful basis to continue with that processing, if you subsequently withdraw your consent then we will delete your personal information, subject to any exemptions which may permit us to retain your data under data protection legislation.

Please note that where you unsubscribe from our marketing communications, we will keep a record of your email address to ensure we do not send you marketing emails in future.

Disclosing your information

We may share your personal information within our group of companies (i.e. our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006).

We may share your personal information with our suppliers, business partners and service providers, where they are helping us to market and advertise our services as well as providing our services to you.

We may disclose your personal information to other third parties in the following cases:

  • For the purposes of research, evaluation, and analysis;
  • For the purposes of independent audit for financial and security authentications;
  • In the event that we sell any business or assets, in which case we may disclose your personal information to the prospective buyer of such business or assets;
  • If we or substantially all of our assets are acquired by a third party, in which case personal information held by us about our customers and visitors to our website will be one of the transferred assets;
  • If we are under a duty to disclose or share your personal information in order to comply with any legal or regulatory obligation or request;
  • To protect the rights, property or safety of us or our users, or others, and in order to enforce or apply our terms and conditions (this includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).

Your rights

You have certain rights in relation to your personal information. These include:

  • The right to object to the processing of your information for certain purposes;
  • The right to access your personal information;
  • The ability to erase, restrict or receive a machine-readable copy of your personal information.

We will handle any request to exercise your rights in accordance with applicable law and any relevant legal exemptions. If you wish to exercise any of these rights please contact us using the contact details below.

You may also have the right to complain to a data protection authority if you think we have processed your personal information in a manner which is unlawful or breaches your rights. If you have such concerns we request that you initially contact us (using the contact details below) so that we can investigate, and hopefully resolve, your concerns.

Our website and other digital properties may, from time to time, contain links to and from third party websites and services such as our business partners and advertisers. If you follow a link to any of these websites and/or services, please note that they have their own privacy notices and we do not accept any responsibility or liability for them. Please check any such third party privacy notices before you submit any personal information to these websites or services.

Changes to this privacy notice

We may change this privacy notice at any time. The new privacy notice will be displayed on our website. The date this privacy notice was last updated appears at the bottom.

Contact us: [email protected]

Privacy Policy last updated: 07/07/2023