Privacy Policy | helloFriday

We value your privacy of confidential data and strictly comply with the security guidelines.

We log all access to all accounts by IP address, so we can always verify that no unauthorized access occurs for as long as the logs are kept. Only in case you ask us to, we’ll access your account to help you troubleshoot a software bug.
This policy applies to data that is collected, used, and retained by us in the United Kingdom.

Identity & Access

We value your privacy of confidential data and strictly comply with the security guidelines.

We log all access to all accounts by IP address, so we can always verify that no unauthorized access occurs for as long as the logs are kept. Only in case you ask us to, we’ll access your account to help you troubleshoot a software bug.
This policy applies to data that is collected, used, and retained by us in the United Kingdom.

Identity & access

We ask for your name, company name, phone and email address when you sign up for helloFriday. This is done to setup and personalize your new account and send you invoices, updates, newsletter or other important information. Your personal information will never be sold to third parties, and we won’t use your name/phone or company in marketing statements without your consent.
When you contact helloFriday with an inquiry or to ask for help, we keep the email address and correspondence for future reference. When you browse our social media pages, we’ll track them for statistical purposes (like tracking the sources of signups, market research, conversion rates and to test new designs) and to improve the content of our web pages and the quality of our service.
You always have the right to access the personal information we store about you. And, if you wish to further limit our use of your personal information, please contact at [email protected]

Users of helloFriday can store any type of information in helloFriday, but helloFriday does not access or share that data, and does not know what type of data you or other users are storing. The data is only used by the account owner and invited users as they intend to use it.
The only times we’ll ever share your info is to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, group, place, region, nation, violations of our Terms of Service, or as otherwise required by law.

Law enforcement

While we may be required to disclose your personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements, helloFriday won’t submit your data over to law enforcement unless a court order says we have to. We flat-out reject requests from local and federal law enforcement when they seek data without a court order. And unless we’re legally prevented from it, we’ll always inform you when such requests are made.

Encryption

All data is encrypted via SSL/TLS when transmitted from our servers to your browser. The database backups are also encrypted. The data isn’t encrypted while it’s live in our database (since it needs to be ready to send to you when you need it), but we have checks in place to secure your data at rest. You can read more about it on our security page.

Cookies

In order to improve our services and the website, and provide more convenient, relevant experiences to you, we and our vendors may use “cookies”, “web beacons”, and similar devices to track your activities.

Third Parties and data storage

helloFriday uses third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run helloFriday. The current list of vendors is available upon request.
Although helloFriday owns the code, databases, and all rights to the helloFriday application, you retain all rights to your data.

Deleted data

When you cancel your account, we’ll ensure that nothing is stored on our servers past 15 days. Anything you delete on your account while it’s active will also be purged within 15 days (deleted data stays in the trash can for 15 days, unless the trash can is emptied manually and data gets purged immediately).

EU-US and Swiss-US Privacy Shield Framework

helloFriday complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov/.

EU-US and Swiss-US Privacy Complaints

In compliance with the US-EU and Swiss-US Privacy Shield Principles, helloFriday commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact helloFriday at [email protected] or by mail at the given address, 80 Clarendon Mansions, Brighton, United Kingdom, BN1 1NF.

helloFriday GDPR Commitment

We welcome the arrival of GDPR and view the regulations as raising the bar for data protection, security, and compliance. We will continue to be committed to our customers and users to help them comply with the GDPR while using helloFriday as their data processor.

We worked with our engineering, product, security and legal teams to make both our product and our legal terms in line with the GDPR and will continue to ensure they keep in line continuously. As part of helloFriday GDPR readiness project we’ve taken the following steps:

  • Reviewed and strength our security infrastructure and practices, data encryption in transit and at rest, backup, logs and security alerts.
  • A risk assessment and data mapping process were made to make sure any data that may be stored or processed is processed and managed according to the GDPR instructions.
  • We delete analytics data of users after user’s deletion
  • Had an external audit made by E&Y to receive a SOC 2 Type II security certification from the American Institute of Certified Public Accountants (AICPA)
  • Received an internationally recognized security certification for ISO 27001 ISMS (information security management system) and ISO 27018 (for protecting personal data in the cloud).
  • We’ve self-certified under the E.U.-U.S. Privacy Shield frameworks to comply with data protection requirements when transferring personal data to helloFriday US subsidiary.
  • We’ve made sure we have the appropriate contractual terms in place, to perform our role as a data processor for our customers while complying with the GDPR.
  • We’ve put on place all the internal procedures, processes and controls and recurring training sessions for the team, to ensure our on-going compliance with the GDPR
  • We’ve revised our Terms of Use and Privacy Policy to support the GDPR requirements.
  • Performed security and privacy assessment to our sub-processors to ensure they are all complying with the GDPR requirements.
  • We’ve appoint a Data Protection Office (DPO) and a representative in the EU.
  • We’ve developed and we’re making available these days product features that allows organization to deal with data deletion:
    • Delete users profile: Admin can now delete users’ personal data from the system (in their own initiative or as per user’s request), this will allow the organization to meet the GDPR requirements. This will delete the user name, phone, email, picture, address, title, social networks references, and other customer fields if provided.
    • Deleting user will not delete the user posts or uploaded files – which will remain available for the organization, under an anonymous name, as defined by the organization
    • Delete account: While canceling an account, admin can decide if they want to keep the organization information (including personal data) for future use or delete it permanently.

We’ll continue to monitor the guidance around GDPR compliance and will ensure that our product and processes are complying with those guidance when they become effective.

Data Protection Guidance

At helloFriday, safeguarding your personal information is of paramount importance. We have implemented a robust approach to data protection, and this section aims to provide comprehensive guidance on how you can actively contribute to the security of your information on our platform.

Secure Password Practices:

We highly recommend that users create passwords that are both strong and unique. A strong password includes a combination of upper and lower-case letters, numbers, and special characters. Avoid using easily guessable information such as names, birthdates, or common phrases.

Regularly updating your password is a simple yet effective way to enhance security. We suggest changing your password every few months to reduce the risk of unauthorised access.

Awareness of Phishing and Scams:

It's imperative to exercise caution when dealing with any unsolicited emails or messages that request personal information. Be vigilant and verify the authenticity of any communication claiming to be from helloFriday.

Remember that helloFriday will never ask you to disclose sensitive information through email. If you receive any such requests, please consider them suspicious and refrain from providing any personal details.

Regular Software Updates:

Keeping your devices and software up-to-date is crucial in maintaining a secure digital environment. Software updates often include vital security patches that protect against known vulnerabilities.

We advise enabling automatic updates whenever possible, and checking for updates regularly.

Training and Awareness:

Staying informed about data protection best practices is a shared responsibility. We offer various resources, including training modules and informative materials, to help you understand and implement effective data protection measures. We encourage you to take advantage of these resources.

Reporting Security Concerns:

Your vigilance is a crucial component of our collective security efforts. If you suspect any security issues, potential breaches, or encounter suspicious activity while using our platform, please do not hesitate to contact us immediately at [email protected]. Your prompt reporting enables us to take swift action to investigate and address any concerns.

Request for Access to Personal Information

As a user of helloFriday, you have the right to access and review the personal information we hold about you. To make such a request, please follow the steps outlined below:

Submission of Request:

Send an email to [email protected] with the subject line "Access Request". Please provide your full name, email address, and any additional information that may help us identify your account.

Verification of Identity:

To protect your privacy and security, we may ask for further information to confirm your identity. Processing Time: We will respond to your request within 30 days of receiving all necessary information.

Processing Time:

We will respond to your request within 30 days of receiving all necessary information.

Scope of Access:

You will be provided with a summary of the personal information we hold about you, including details of how and why it is used.

Correction or Deletion:

If you believe that any of the information we hold is inaccurate, you may request corrections. In certain cases, you may also request the deletion of your personal data.

Subject Access Request Procedure Overview:

Below mentioned is the complete process for subject access request and how helloFriday will follow it:

Initiating a SAR:

Members of the public wishing to access their personal data within the helloFriday Platform may do so by submitting a Subject Access Request (SAR).

The SAR should be sent through the designated channel, which will be clearly specified in the Privacy Policy.

Identity Verification:

Upon receipt of a SAR, helloFriday will undertake measures to verify the identity of the requester. This is to safeguard the security and privacy of the data.

Data Retrieval and Compilation:

Our dedicated team will conduct a thorough search for the requested data within the platform's database. The identified data will be compiled securely, ensuring the inclusion of all relevant information.

Review and Redaction:

Before sharing the data with the requester, helloFriday will review the compiled information to ensure it does not contain any sensitive or confidential information related to third parties. Any necessary redactions will be made to protect the privacy and rights of individuals not party to the SAR.

Response and Delivery:

helloFriday is committed to promptly responding to SARs, providing the requester with access to the compiled data in a secure and accessible format.

The data will be delivered through a secure channel agreed upon with the requester.

Record Keeping:

A record of the SAR, including details of the request, actions taken, and any redactions made, will be maintained for documentation and auditing purposes.

Changes and questions

helloFriday may periodically update this policy. We’ll notify you about significant changes in the way we treat personal information by sending a notice to the primary email address specified in your helloFriday primary holder account or by placing a prominent notice on our site.

If you’d like to access, change, delete your personal information or have any questions about this privacy policy, contact at helloFriday at [email protected].