Privacy Policy

Privacy Policy for HB Automation Solutions

Last updated: June 21, 2025

At HB Automation Solutions, we are committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you visit our website, interact with our services, or engage with us in business.

1. Who We Are

HB Automation Solutions is a UK-based company specializing in Power Automate and business process automation solutions, with a focus on enhancing efficiency and operational excellence for organisations.

Our website address is: https://hbautomationsolutions.co.uk.

For any privacy-related questions or concerns, please contact us at: accounts@hbautomationsolutions.co.uk.

2. What Personal Data We Collect and Why We Collect It

We collect personal data to provide and improve our services, communicate with you, and operate our business effectively.

a. Information You Provide Directly to Us:

• Contact Form / Inquiry Forms: When you use our contact or inquiry forms, we collect information such as your name, email address, phone number, organisation name, and your message.
  • Purpose: To respond to your inquiries, provide information about our services, and establish potential business relationships.
  • Legal Basis (GDPR): Performance of a contract or to take steps at your request before entering into a contract; or Legitimate Interests (to respond to genuine business inquiries).
• Consultation Bookings (if applicable): If you use a scheduling tool on our site to book consultations, we collect your name, email, phone number, and any details you provide about your project.
  • Purpose: To schedule and conduct consultations regarding our services.
  • Legal Basis (GDPR): Performance of a contract or to take steps at your request before entering into a contract.
• Newsletter Subscriptions (if applicable): If you sign up for our newsletter, we collect your email address.
  • Purpose: To send you updates, news, insights, and marketing communications about our services and relevant industry trends.
  • Legal Basis (GDPR): Consent (you will explicitly opt-in).
• Direct Communications: If you communicate with us via email, phone, or other channels, we may retain copies of these communications.
  • Purpose: To maintain records of our interactions and manage client relationships.
  • Legal Basis (GDPR): Legitimate Interests (to manage our business operations and communications).

b. Information We Collect Automatically:

• Website Usage Data / Analytics: We may use analytics services (e.g., Google Analytics, Microsoft Clarity) to collect data about your use of our website, such as your IP address, browser type, operating system, referral source, pages visited, time spent on pages, and navigation paths. This data is typically anonymized or aggregated where possible.
  • Purpose: To understand how visitors use our website, improve user experience, optimize site performance, and analyze marketing effectiveness.
  • Legal Basis (GDPR): Legitimate Interests (to improve our website and services) or Consent (via cookie consent banner, if applicable).
• Cookies: Our website uses cookies.
  • Functional Cookies: If you leave a comment, opt-in to saving your details in cookies for convenience (for a year). If you visit our login page, a temporary cookie is set to check browser cookie acceptance (discarded on closing browser). Login cookies last for two days; screen options cookies for a year.
  • Performance/Analytics Cookies: These are used by our analytics services (e.g., Google Analytics) to track website usage.
  • Third-Party Cookies: Cookies may be set by embedded content from other websites (see below).
  • Purpose: To ensure website functionality, remember user preferences, and collect anonymous usage data.
  • Legal Basis (GDPR): Legitimate Interests (for necessary functional cookies); Consent (for non-essential cookies like analytics, via a cookie consent banner).
• Comments: When visitors leave comments on the site, we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
  • An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
  • Purpose: To manage comments, prevent spam, and display user contributions.
  • Legal Basis (GDPR): Legitimate Interests (to maintain a functional and secure comment section).
• Media (if applicable): If you upload images to the website (e.g., as part of a guest blog post or profile image), you should avoid uploading images with embedded location data (EXIF GPS). Visitors to the website can download and extract any location data from images on the website.
  • Purpose: To facilitate content contribution.
  • Legal Basis (GDPR): Consent (by uploading the image) or Legitimate Interests.
• Embedded content from other websites: Articles on this site may include embedded content (e.g. videos from YouTube, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
  • These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
  • Purpose: To enhance website content and user experience.
  • Legal Basis (GDPR): Legitimate Interests; Consent (via cookie banner, if applicable).

3. Who We Share Your Data With

We do not sell, rent, or trade your personal data to third parties. We may share your data with:

• Service Providers: We may share data with third-party service providers who perform services on our behalf, such as website hosting, analytics providers, email delivery services (for newsletters), CRM systems, or online scheduling tools. These providers are contractually obligated to protect your data and only use it for the purposes for which we engage them.
  • Examples may include: Google Analytics, Microsoft Clarity, HubSpot, Calendly, Mailchimp.
• Legal and Regulatory Authorities: We may disclose your information if required to do so by law, or in response to a valid request by public authorities (e.g., a court or government agency).
• Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction.
• Automated Spam Detection Service: Visitor comments may be checked through an automated spam detection service. If you request a password reset, your IP address will be included in the reset email.

4. International Data Transfers

As some of our service providers (e.g., Microsoft, Google, HubSpot) may operate globally, your personal data may be transferred to, and stored at, a destination outside the UK or European Economic Area (EEA). Where this occurs, we ensure that appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission or the UK Information Commissioner’s Office (ICO), or relying on adequacy decisions where applicable.

5. How Long We Retain Your Data

We retain personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

• Inquiries: Data collected via contact forms is typically retained for 2-3 years for follow-up and record-keeping, unless a business relationship is established, in which case it may be retained longer as per contract terms.
• Newsletter Subscribers: Email addresses are retained until you unsubscribe.
• Comments: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
• Website Users (if any): For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
• Analytics Data: Retained according to the settings of the analytics service (e.g., Google Analytics data retention policies).

6. Your Rights Over Your Data (GDPR)

Under GDPR, you have the following rights regarding your personal data:

• The Right to Be Informed: About how your personal data is being used.
• The Right of Access: To access your personal data (commonly known as a “data subject access request”).
• The Right to Rectification: To have inaccurate personal data rectified, or completed if it is incomplete.
• The Right to Erasure ( “Right to be Forgotten”): To request the deletion or removal of personal data where there is no compelling reason for its continued processing.
• The Right to Restrict Processing: To ‘block’ or suppress the processing of your personal data in certain circumstances.
• The Right to Data Portability: To obtain and reuse your personal data for your own purposes across different services.
• The Right to Object: To processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics.
• Rights in relation to automated decision making and profiling: Not applicable for most of our website use.

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

To exercise any of these rights, please contact us at accounts@hbautomationsolutions.co.uk. We will respond to your request within one month.

7. Where Your Data Is Sent

Visitor comments may be checked through an automated spam detection service. Other data may be processed by our third-party service providers (as listed in Section 3) who operate globally, under appropriate safeguards.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures are designed to ensure a level of security appropriate to the risk of processing your personal data, taking into account the state of the art, costs of implementation, and the nature, scope, context, and purposes of processing.

These measures include:

Technical Measures:

• Encryption: We use SSL/TLS encryption (Secure Socket Layer/Transport Layer Security) for all data in transit between your browser and our website, ensuring secure communication. Where appropriate, we also employ encryption for data at rest (e.g., on our servers or devices).
• Access Control Systems: We implement strict access controls to our systems, databases, and digital files containing personal data. Access is granted on a “need-to-know” basis, meaning only authorized personnel can access specific data required for their roles.
• Strong Password Policies: We enforce strong, unique passwords for all internal systems and accounts, combined with Multi-Factor Authentication (MFA) wherever possible, to prevent unauthorized access.
• Network Security: Our website is hosted on secure servers provided by reputable providers (e.g., Microsoft Azure/365 infrastructure for email and core business data, and IONOS for web hosting, both of which implement robust physical and network security measures including firewalls and intrusion detection systems).
• Regular Software Updates: We ensure that all our software, systems, and website plugins (including WordPress core, themes, and plugins) are kept up-to-date with the latest security patches to protect against known vulnerabilities.
• Malware Protection: We utilize reputable antivirus and anti-malware software on all company devices and servers to detect and prevent malicious software.
• Data Backup and Recovery: We implement regular backup procedures for critical business data and website content to prevent data loss in the event of a system failure or incident, with tested recovery plans.

Organizational Measures:

Regular Review and Assessment: We regularly review and assess the effectiveness of our technical and organizational security measures to ensure they remain appropriate and up-to-date in response to evolving threats and technological advancements.

Internal Data Protection Policies: We have internal policies and procedures for handling personal data, including data minimization, data retention, and secure disposal guidelines.

Employee Training: All staff involved in processing personal data receive regular training on data protection principles, security awareness (e.g., phishing prevention), and our internal data handling procedures.

Confidentiality Agreements: Our employees are bound by confidentiality obligations.

Incident Response Plan: We have a plan in place to detect, respond to, and mitigate the impact of any potential data breaches or security incidents, including procedures for notifying affected individuals and the ICO where required.

Third-Party Due Diligence: Where we use third-party service providers who process personal data on our behalf, we conduct due diligence to ensure they also implement appropriate security measures and comply with data protection regulations, and we have appropriate data processing agreements (DPAs) in place with them.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Last updated” date. We encourage you to review this policy periodically to stay informed about how we are protecting your data.