Privacy Policy

‍HanSpringett Ltd (trading as HLabs)
‍Last updated: June 2026 | Version 2.0

1. Who we are

We are HanSpringett Ltd, trading as HLabs. Our company registration number is 12468367 and our registered address is 33 Churchfields, West Mersea, Colchester, England, CO5 8QJ.

We are registered with the Information Commissioner's Office (ICO) as a data controller.

For all data protection matters, contact us at: privacy@hlabs.co.uk

2. What this policy covers

This Privacy Policy explains how HLabs collects, uses, stores, and shares personal data relating to:

- visitors to our website (www.hlabs.co.uk)
- people who contact us or submit enquiries
- clients and prospective clients

It does not cover how we handle personal data relating to our employees, contractors, and freelancers — that is set out in our separate Workforce Privacy Notice.

For information about how we use cookies, please see our separate Cookie Policy.

3. What personal data we collect and when

Website visitors

When you visit our website, we automatically collect standard server log information, including your IP address, browser type, pages visited, and the date and time of your visit. This is collected by our website host (Amazon Web Services) and, where you have consented, by analytics tools.

We do not use this information to identify you personally unless you choose to contact us.

Enquiries and contact forms

When you submit an enquiry via our website, email, telephone, or any other channel, we collect the information you provide — typically your name, work email address, employer, telephone number, and the content of your message.

Clients and prospective clients

In the course of providing our services, we collect and hold professional contact information for client contacts — including names, job titles, work email addresses, work telephone numbers, and work addresses. We may also hold records of communications, project instructions, feedback, and approvals.

4. Why we collect personal data and the lawful basis for each purpose

Lawful bases for processing

Purpose	Lawful basis
Responding to enquiries submitted via our website or directly	Legitimate interests (responding to business enquiries)
Delivering creative and digital services under contract	Performance of a contract
Managing client relationships and communications	Legitimate interests (business administration)
Marketing to existing clients about our services	Legitimate interests (existing client relationship)
Marketing to prospective clients who have opted in	Consent
Website analytics and performance monitoring	Consent (via cookie banner)
Essential website functionality	Legitimate interests (necessary to operate the website)
Complying with legal obligations (e.g. financial record-keeping)	Legal obligation

‍

Where we rely on legitimate interests, we have carried out an assessment and are satisfied that our interests are not overridden by your rights and interests. You have the right to object to processing based on legitimate interests — see Section 8.

Where we rely on consent, you can withdraw it at any time — see Section 8.

5. Who we share your personal data with

We share personal data only where necessary and only with organisations that have agreed to process it securely and in accordance with data protection law.

Third-party recipients

Recipient	Purpose	Location	Safeguard
Amazon Web Services (AWS)	Website hosting	UK/EU (regional configuration)	AWS Data Processing Addendum; ISO 27001, SOC 2 Type II certified
Google LLC (Google Workspace)	Email, document storage, communications	US	Standard Contractual Clauses (SCCs) via Google Cloud Data Processing Addendum
HighLevel	Email marketing platform	US	Data Privacy Framework (UK Extension) certified; SCCs + UK IDTA
Google LLC (Google Analytics)	Website analytics	US	Standard Contractual Clauses (SCCs) via Google Data Processing Terms
Microsoft Corporation	Website analytics (Microsoft Clarity)	US	Microsoft acts as an independent data controller for Clarity. See Section 6 and our Cookie Policy for details.
Webflow Inc.	Website platform and content delivery	US	Webflow Data Processing Agreement; SCCs

‍

We do not sell personal data to third parties. We do not share personal data for third-party marketing purposes without your consent.

We may disclose personal data where required by law or to prevent and detect crime.

6. Microsoft Clarity

Our website uses Microsoft Clarity, a behavioural analytics tool provided by Microsoft Corporation. Microsoft Clarity records how visitors use our website, including mouse movements, clicks, and scroll behaviour. This may involve the collection of data that could identify individual users or patterns of individual behaviour.

Microsoft acts as an independent data controller for data collected through Clarity — this means Microsoft has its own data protection obligations and its own privacy policy applies to their use of that data. You can read Microsoft's privacy statement at https://privacy.microsoft.com].

We use this information to improve our website. Microsoft Clarity is only activated if you consent via our cookie banner.

7. International transfers

Some of the third-party services we use process personal data outside the UK. Where this happens, we ensure appropriate safeguards are in place:

- Google LLC (US): Standard Contractual Clauses (SCCs) via the Google Cloud Data Processing Addendum. Applies to both Google Workspace and Google Analytics.
- Webflow Inc. (US): SCCs via Webflow Data Processing Agreement.
- HighLevel (US): Data Privacy Framework (UK Extension) certification, with SCCs and UK International Data Transfer Addendum as backup safeguards.
- Amazon Web Services (US/EU): AWS Data Processing Addendum incorporating SCCs and UK Addendum. We use AWS regional configuration to keep data within UK/EU where possible.
- Microsoft Corporation (US): Microsoft's international transfer mechanisms apply as independent controller. See Microsoft's privacy statement for details.

We do not transfer personal data to countries outside the UK or EEA without appropriate safeguards in place.

## 8. How long we keep your data

We keep personal data only for as long as necessary for the purpose it was collected, and in line with our Data Retention Schedule.

| Data type | Retention period |
|---|---|
| Client and prospective client contact details | Duration of relationship + 7 years |
| Enquiry records (not converted to a client relationship) | 12 months from last contact |
| Website analytics data | Per analytics platform settings (typically 26 months) |
| Financial and contractual records | 7 years (HMRC requirement) |
| Email correspondence | 7 years from the end of the relevant matter |

9. Your rights

Under UK data protection law, you have the following rights in relation to your personal data:

- The right to be informed — to know how we use your personal data (this policy).
- The right of access — to request a copy of the personal data we hold about you (a Subject Access Request).
- The right to rectification — to ask us to correct inaccurate or incomplete data.
- The right to erasure — to ask us to delete your personal data in certain circumstances.
- The right to restrict processing — to ask us to limit how we use your data in certain circumstances.-
- The right to data portability — to receive your data in a structured, machine-readable format in certain circumstances.
- The right to object — to object to processing based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will stop immediately. Where you object to other legitimate-interests processing, we will consider your objection and stop unless we have compelling legitimate grounds.
- The right not to be subject to automated decision-making — we do not make decisions about you solely by automated means.

To exercise any of these rights, please contact us at: privacy@hlabs.co.uk

We will respond within one calendar month. We will not charge a fee for reasonable requests.

10. Cookies

We use cookies on our website. Some are essential for the site to work; others are only set with your consent.

For full details of the cookies we use, what they do, and how to manage your preferences, please see our Cookie Policy.

11. How to contact us and make a complaint

For any data protection query or to exercise your rights, contact us at:

Email: privacy@hlabs.co.uk

Post:
HLabs
33 Churchfields
West Mersea
Colchester
CO5 8QJ

If you are not satisfied with how we have handled your personal data, you have the right to make a complaint to the Information Commissioner's Office (ICO):

Website: www.ico.org.uk
‍Telephone: 0303 123 1113

We would welcome the opportunity to resolve any concern directly before you contact the ICO — please do reach out to us first.

12. Changes to this policy

We keep this policy under regular review. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

HanSpringett Ltd | Company No. 12468367 | Registered in England and Wales