Learn as if you will live forever, live like you will die tomorrow.

   +1 555 87 89 56   80 Harrison Lane, FL 32547

Privacy Policy

We value your privacy in regards to confidential data and strictly comply with the security guidelines.

We log all access to all accounts by IP address, so we can always verify that no unauthorised access occurs for as long as the logs are kept. We will only access your account if you ask us to help you troubleshoot a software bug.

This policy applies to data that is collected, used, and retained by us in the United Kingdom.

Identity & Access

We ask for your name, company name, phone and email address when you sign up for helloFriday. This is done to setup and personalise your new account and send you invoices, updates, newsletter or other important information. Your personal information will never be sold to third parties, and we won’t use your name/phone or company in marketing statements without your consent.

When you contact helloFriday with an enquiry or to ask for help, we keep the email address and correspondence for future reference. When you browse our social media pages, we’ll track them for statistical purposes (like tracking the sources of signups, market research, conversion rates and to test new designs) and to improve the content of our web pages and the quality of our service.

You always have the right to access the personal information we store about you. And, if you wish to further limit our use of your personal information, please contact us at [email protected]

Users of helloFriday can store any type of information in helloFriday, but helloFriday does not access or share that data, and does not know what type of data you or other users are storing. The data is only used by the account owner and invited users as they intend to use it.

The only time we’ll ever share your info is to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, group, place, region, nation, violations of our Terms of Service, or as otherwise required by law.

Law Enforcement

While we may be required to disclose your personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements, helloFriday won’t submit your data over to law enforcement unless a court order says we have to. We flat-out reject requests from local and federal law enforcement when they seek data without a court order, and unless we’re legally prevented from it, we’ll always inform you when such requests are made.

Encryption

All data is encrypted via SSL/TLS when transmitted from our servers to your browser. The database backups are also encrypted. The data isn’t encrypted while it’s live in our database (since it needs to be ready to send to you when you need it), but we have checks in place to secure your data at rest.

Cookies

In order to improve our services and the website, and provide more convenient, relevant experiences to you, we and our vendors may use “cookies”, “web beacons”, and similar devices to track your activities.

Third Parties & Data Storage

helloFriday uses third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run helloFriday. The current list of vendors is available upon request.

Although helloFriday owns the code, databases, and all rights to the helloFriday application, you retain all rights to your data.

Deleted Data

When you cancel your account, we’ll ensure that nothing is stored on our servers past 15 days. Anything you delete on your account while it’s active will also be purged within 15 days (deleted data stays in the trash can for 15 days, unless the trash can is emptied manually and data gets purged immediately).

EU-US and Swiss-US Privacy Shield Framework

helloFriday complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov/.

EU-US and Swiss-US Privacy Complaints

In compliance with the US-EU and Swiss-US Privacy Shield Principles, helloFriday commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals with enquiries or complaints regarding this privacy policy should first contact helloFriday at [email protected] or by mail at the given address, 80 Clarendon Mansions, Brighton, United Kingdom, BN1 1NF.

helloFriday's GDPR Commitments

We welcome the arrival of GDPR and view the regulations as raising the bar for data protection, security, and compliance. We will continue to be committed to our customers and users to help them comply with GDPR while using helloFriday as their data processor.

We worked with our engineering, product, security and legal teams to make both our product and our legal terms in line with GDPR, and we will continue to do so. As part of helloFriday’s GDPR readiness project, the following steps were taken:

  • We reviewed and strengthened our security infrastructure and practices, data encryption in transit and at rest, backup, logs and security alerts
  • A risk assessment and data mapping process were undertaken to ensure any data that may be stored or processed is processed and managed according to GDPR instructions
  • After a user is deleted, we delete their analytics data
  • An external audit was performed by E&Y giving us a SOC 2 Type II security certification from the American Institute of Certified Public Accountants (AICPA)
  • We received an internationally recognised security certification for ISO 27001 ISMS (information security management system) and ISO 27018 (protecting personal data in the cloud)
  • We’ve self-certified under the EU-US Privacy Shield frameworks to comply with data protection requirements when transferring personal data to helloFriday’s US subsidiary
  • We’ve made sure we have the appropriate contractual terms in place, to perform our role as a data processor for our customers while complying with GDPR
  • We put in place all the internal procedures, processes and controls, and recurring training sessions for the team, to ensure our ongoing compliance with GDPR
  • We revised our Terms of Use and Privacy Policy to support GDPR requirements
  • We performed a security and privacy assessment of our sub-processors to ensure they are all complying with GDPR requirements
  • We appointed a Data Protection Office (DPO) and a representative in the EU
  • We’ve developed our platform to make the following features available to allow organisations to deal with data deletion:
  • Delete a user profile: System admins can delete a user’s personal data from the system (on their own initiative or in response to a user’s request), allowing the organisation to meet GDPR requirements. Deleting a user’s profile will delete their name, phone number, email address, photo, postal address, title, social network references, and any other fields as required by the customer. Deleting a user will not delete the user’s posts or uploaded files – these will remain available to the organisation, under an anonymous name, as defined by the organisation.
  • Delete an account: While cancelling an account, admins can decide if they want to keep the organisation’s information (including personal data) for future use, or delete it permanently.

We’ll continue to monitor the guidance around GDPR compliance and will ensure that our product and processes comply with any additional regulations, as and when they become available.

Data Protection Guidance

At helloFriday, safeguarding your personal information is of paramount importance. We have implemented a robust approach to data protection, and this section aims to provide comprehensive guidance on how you can actively contribute to the security of your information on our platform.

Secure Password Practices

We highly recommend that users create passwords that are both strong and unique. A strong password includes a combination of upper and lower-case letters, numbers, and special characters. Avoid using easily guessable information such as names, birthdates, or common phrases.

Awareness of Phishing and Scams

It’s imperative to exercise caution when dealing with any unsolicited emails or messages that request personal information. Be vigilant and verify the authenticity of any communication claiming to be from helloFriday.

Remember that helloFriday will never ask you to disclose sensitive information via email. If you receive any such requests, please consider them suspicious and refrain from providing any personal details.

Regular Software Updates

Keeping your devices and software up-to-date is crucial in maintaining a secure digital environment. Software updates often include vital security patches that protect against known vulnerabilities.

We advise enabling automatic updates whenever possible, and checking for updates regularly.

Training and Awareness

Staying informed about data protection best practices is a shared responsibility. We offer various resources, including training modules and informative materials, to help you understand and implement effective data protection measures. We encourage you to take advantage of these resources.

Reporting Security Concerns

Your vigilance is a crucial component of our collective security efforts. If you suspect any security issues, potential breaches, or encounter suspicious activity while using our platform, please do not hesitate to contact us immediately at [email protected]. Your prompt reporting enables us to take swift action to investigate and address any concerns.

Request for Access to Personal Information

As a user of helloFriday, you have the right to access and review the personal information we hold about you. To make such a request, please follow the steps outlined below:

Submission of Request

Send an email to [email protected] with the subject line “Access Request”. Please provide your full name, email address, and any additional information that may help us identify your account.

Verification of Identity

To protect your privacy and security, we may ask for further information to confirm your identity.

Processing Time

We will respond to your request within 30 days of receiving all necessary information.

Scope of Access

You will be provided with a summary of the personal information we hold about you, including details of how and why it is used.

Correction or Deletion

If you believe that any of the information we hold is inaccurate, you may request corrections. In certain cases, you may also request the deletion of your personal data.

Subject Access Request Procedure Overview

Detailed below is the complete process for a Subject Access Request (SAR), along with how helloFriday will follow it:

Initiating a SAR

Members of the public wishing to access their personal data within the helloFriday Platform may do so by submitting a Subject Access Request (SAR).

The SAR should be sent through the designated channel, which will be clearly specified in the Privacy Policy.

Identity Verification

Upon receipt of a SAR, helloFriday will undertake measures to verify the identity of the requester. This is to safeguard the security and privacy of the data.

Data Retrieval and Compilation

Our dedicated team will conduct a thorough search for the requested data within the platform’s database. The identified data will be compiled securely, ensuring the inclusion of all relevant information.

Review and Redaction

Before sharing the data with the requester, helloFriday will review the compiled information to ensure it does not contain any sensitive or confidential information related to third parties. Any necessary redactions will be made to protect the privacy and rights of individuals not party to the SAR.

Response and Delivery

helloFriday is committed to promptly responding to SARs, providing the requester with access to the compiled data in a secure and accessible format.

The data will be delivered through a secure channel agreed upon with the requester.

Record Keeping

A record of the SAR, including details of the request, actions taken, and any redactions made, will be maintained for documentation and auditing purposes.

Changes & Questions

helloFriday may periodically update this policy. We’ll notify you about significant changes in the way we treat personal information by sending a notice to the primary email address specified in your helloFriday primary holder account or by placing a prominent notice on our site.

If you’d like to access, change or delete your personal information, or if you have any questions about this privacy policy, contact helloFriday at [email protected].