Last updated on 5th March 2022.

The privacy of your data — and it is your data, not ours! — is a big deal to us. In this policy, we lay out: what data we collect and why; how your data is handled; and your rights to your data.

This policy applies to the use of Hanno Limited’s website and newsletter, as well as any correspondence or job applications you send to us. For clients working with us on projects, privacy terms are separately detailed in our project contracts and NDA agreements.

What we collect and why

Our guiding principle is to collect only what we need, and to minimise tracking wherever possible. Here’s what that means in practice:

Cookies, browser local storage and Do Not Track

We may use functional cookies or local storage data in your browser to enhance our website performance: for example, saving the current timestamp if you are listening to a podcast audio file on this website.

We do not use tracking or advertising cookies on our websites, so our sites do not respond to Do Not Track requests sent by your browser.

Website interactions

Our website and DNS providers (Netlify and Cloudflare) may collect aggregated, anonymised statistics (for example, total page views, broken down by country) and present these to us. We use these to better understand how our websites and content are being used. This information may be viewed by our team and collaborators.

Newsletter subscriptions

If you choose to subscribe to our newsletter, your email address will be transmitted to our newsletter mailing software (Mailchimp) and may be used to contact you via email for the purpose of sharing intermittent updates on news from Hanno.

Your email address will only be visible to administrators of our Mailchimp account, not to the individual team members or contractors responsible for writing and publishing emails.

When we send emails, we may collect tracking information so that we can better understand deliverability, open rates and click through rates. We use this information to improve our newsletter communication.

We may retain this information indefinitely, but you can correct or remove your information at any time by clicking the unsubscribe/update links in the footer of these newsletters, or by contacting us.

Job applications

When you submit an application on our website, the information you provide (such as your email address, name and written correspondence) is transmitted to Netlify and Zapier. We periodically purge the logs on these services so that data is only retained in them temporarily.

Your application will then be stored in our applicant tracking system, Asana. Access to this information is limited to Hanno team members who participate in the applicant selection process. We retain your information in Asana for as long as we believe there is a possibility of us working together, or for 3 years, whichever is less. You can ask us to correct, update or delete your data at any time by contacting us.

If we respond to your application (via email), details will be retained in our company email accounts, so that we have a history of past correspondence and as a paper trail for legal purposes.

A separate policy with more comprehensive privacy terms will apply if we end up working together.

Voluntary correspondence

When you email us with a question, we store this correspondence (including the email address) so that we have a history of past correspondence if you contact us subsequently. We may also retain this correspondence for an indefinite period as a paper trail for legal purposes. This information may be viewed by the team members involved in responding to correspondence.

How we secure it

Your data is encrypted when it is being transmitted between our servers and your browser (via SSL/TLS). Any local access or storage of your data by our team or contractors will be in encrypted format. For information on supplier security, please see the links below.

Who we share it with

We may share your information with the following third parties:

• Cloudflare (Cloudflare, Inc): our DNS provider. The place of processing is primarily in the United States and the European Economic Area — Privacy Policy.
• Google (Google, LLC; Google Ireland Limited): our email and data storage provider and is also used for data backup. The place of processing is Europe and the United States – Privacy Policy and Security.
• Mailchimp (The Rocket Science Group LLC): our email address management and message sending service. The place of processing is the United States – Privacy Policy; Security.
• Netlify (Netlify, Inc.): our web hosting service. The place of processing is the United States – Privacy Policy; Security.
• Employees and contractors of Hanno: on a need-to-know basis. These are located both in the UK and internationally. Any transfer of your data will be subject to the appropriate data protection and privacy terms being in place.

Lawful basis and rights under GDPR

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:

• Your consent. You are able to remove your consent at any time. You can do this by contacting legal@hanno.co.
• And where we have a legal obligation to retain correspondence records.

Under data protection law, you have rights including:

• Your right of access - You have the right to ask us for copies of your personal information.
• Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
• Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
• Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
• Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
• Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we will respond to you as soon as we can, but in any event at least within 1 month. Please contact us at legal@hanno.co if you wish to make a request.

Contacts and complaints

The owner and data controller of your data is Hanno Limited, c/o Craufurd Hale LLP, Ground Floor, Arena Court, Crown Lane, Maidenhead, SL6 8QZ.

If you have any questions or complaints regarding this policy or our use of your data, please get in touch at legal@hanno.co.

If you remain unhappy with how we have used your data:

• You can complain to the ICO in the UK: https://www.ico.org.uk or via mail at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
• You can complain to your specific authority in the EU to file a GDPR complaint: https://edpb.europa.eu/about-edpb/board/members_en.

Changes to this policy

We may update this policy as needed to comply with updates to regulations and changes in our practices.

Attribution

This policy is adapted from the Basecamp open-source policies / CC BY 4.0.