Effective from 25th May 2018
At Habu, we believe that each and every one of us has the right to both privacy and the ownership of our personal data. All our products and services are built with strong security measures and with privacy respected by default.
Who We Are
Transparency and clarity are central to every healthy relationship, so let’s start with introducing who we are and how you can contact us.
We are Habu Spaces Ltd (“Habu”) and are legally registered at 80 Stokes Croft, Bristol, BS1 3QY, UK. Habu is represented by the founders and directors Jack Ollett and Robert Ollett (“Habu” or “we/us”). We are the operator of the website www.habu.co
(“Website”) and the providers of the services we offer via the Website (the “Service”). You can read our Terms and Conditions for the use of our Service at www.habu.co/terms
We are registered in the United Kingdom with the Company Number: 8973046 and Tax Number: GB189898606.
If you have any questions, contact us by email at firstname.lastname@example.org
or by mail at Habu Spaces Ltd, 80 Stokes Croft, Bristol, BS1 3QY, UK.
Collection and Use of Personal Data
Personal Information is data that relates to you and can — either on its own or in combination with other information — identify you as an individual. Personal Information does not include data that has been aggregated or made anonymous such that you can no longer be identified using any means reasonably available to us.
We will only collect, use or pass on personal data if law permits or if you consent to the data processing.
What personal information we collect
We collect the minimum personal data possible to deliver our services. In addition to our own data collection, we use a number of Third Party Services to enhance our ability to service the needs of our customers. These Third Party Service providers and what role they play, are detailed in the section ‘Third Party Disclosures’.
When using the Service and/or Website, the personal information collected by Habu, or on behalf of Habu, includes:
- First Name, Last Name
- Workspace or Company Name
When registering for an account, this data (“Registration Data”) is encrypted in transit and stored in a database hosted on AWS (AICPA SysTrust, ISO 27001, and other leading physical security measures). You can manage this data at any time under ‘Settings’ in your Habu account.
In addition, non-personal information collected by Habu, or on behalf of Habu, includes:
- Device type
- Website actions
- Habu platform actions
This non-personal data will only be used via the Website and with our support to the extent that this processing is necessary for (a) the fulfilment of a contract with us, (b) for the implementation of pre-contractual measures, such as using our Website, (c) to support and respond to enquiries by the user or (d) for analytics to help optimize product development and user experience.
What Are Cookies? What Do They Do? How To Manage Cookies.
Cookies are small files that allow the storage of specific information, concerning the users device, on the user’s device (computer, smartphone, etc.). Firstly, they serve a users account (e.g. storage of login data) as well as the user-friendliness of the website and/or service. In addition, they are used by the third parties listed below to collect statistical data with the aims of customer support or improving the website and/or service.
When visiting the website and/or service, so-called session cookies are used, some are automatically deleted when closing the tab or browser, others are deleted from the device as soon as the user signs out.
The Legal Foundations of Our Data Processing
In line with the implementation of GDPR - General Data Protection Regulation (EU) 2016/679 on the 25th of May 2018, it’s essential to outline the legal foundations of our data processing.
When using our services, the processing of data is generally based on the legal basis of Legitimate Interest (section 6 (1) f. GDPR). As a controller, we collect the minimum personal data necessary to deliver our services, including customer support. As a processor, our service makes it possible for you to store a wide range of personal data on your contacts, users and members; we do this with the objective of allowing you to provide them with services they may request or initiate e.g. such a making a booking, or paying for a membership plan. A legitimate interest exists, if a significant and appropriate relationship between you (or the data subject) and us (or the person responsible) exists and that processing is necessary for that purpose.
For our marketing, such as receiving our newsletter, the legal basis for processing your personal data is consent based (section 6 (1) a. GDPR). We respect privacy as a default, and this consent is always Opt-In and explicit. You can unsubscribe or request that your personal information is removed at any point.
The processing of data when using our service is based on section 6 (1) b). GDPR, i.e. the data will be processed, when this is necessary for the fulfilment of the contract between you and us or for the execution of pre-contractual measures that take place on your request. In special cases, we may also process your data according to section 6 (1) c. GDPR if processing is required to fulfil a legal obligation to which we or other responsible parties are subject.
Disclosure to Third Parties
Data will only be transferred if we are legally authorised or obliged to do so, if you have given your consent and has not revoked it and/or if this is necessary to enforce our rights.
We use Google Analytics, a web analytics service provided by Google Inc. of Mountain View, CA, USA (“Google”).
- Browser type/version; operating system used; referrer URL (the previously visited page); hostname of the accessing computer (IP address); time of server request when using the website
They are usually transmitted to and stored by Google on a server in the USA, although due to the activation of IP anonymization on the Website, the IP address of Google’s users will be shortened in advance within member states of the European Union or in other signatory states to the agreement on the European Economic Area. The full IP address is therefore not transferred to a Google server in the USA and is not shortened there. IP anonymization is active on the Website. On our behalf, Google will use the collected data to evaluate the use of the Website by users, to compile reports on Website activity and to provide us with further services related to the use of offers and the Internet.
The IP address transmitted by the user's browser as part of Google Analytics will not be merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; however, we hereby inform you that in this case you, may not be able to use all functions of the Website in full. Users can also prevent Google from collecting and processing the data generated by the cookie (including the IP address) and related to the use of our Offer by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout
We use the message and customer service tool provided by Intercom Inc., 55 2nd St, 4th Fl., San Francisco, CA, 94105, USA and Intercom R&D Unlimited Company, 2nd floor, Stephen court, 18-21 St. Stephen’s green, Dublin 2, Ireland at www.intercom.com (“Intercom”).
When you use the message tool and/or customer service within our Service, your data, such as;
- name, email address, operating system, browser version, referrer, IP address as well as the content of your message(s) will be transferred to Intercom and stored on Intercom’s servers in the US.
Intercom will then use these data to provide and fulfill its services. For more details please refer to: https://docs.intercom.com/pricing-privacy-and-terms/intercom-terms-of-service
Any questions regarding the services of Intercom may be addressed to us at email@example.com or directly to Intercom, at firstname.lastname@example.org.
For more details please refer to: https://www.intercom.com/privacy
We use the website analytics services provided by Mixpanel, Inc., 405 Howard St., 2nd Floor, San Francisco, CA 94105, USA.
Mixpanel collect and process event based data such as your IP address and browser data.
For more details please refer to: https://mixpanel.com/legal/privacy-policy/
You can opt out of being tracked by Mixpanel at any point in time by following this link: https://mixpanel.com/optout/
We may use the scheduling services provided by Calendly LLC, 1315 Peachtree St NE, Atlanta, GA 30309, USA if you decide to schedule a meeting or a demo with us online.
Calendly collect and process data that you voluntarily provide which may include your name, email, and any other data that your choose to provide in order to schedule a meeting as well as send you meeting reminders.
For more details please refer to: https://calendly.com/pages/privacy
Other Third Party Services used in our Service
We use further third party services in our software available on the Website only after the user has successfully subscribed for our Service and logged in. Many of these services are explicit, opt-in integrations and are outlined accordingly in the Integrations and Opt-in by Third Party Services section.
Essential Third Party Services
Amazon Web Services
In our software service we use the services by Amazon Web Services, Inc., 410 Terry Ave North, Seattle, WA, 98109-5210, US (“AWS”).
AWS processes your data for the purpose of general storage, caching and backups on our behalf as well as providing the service as outlined in our Terms.
For more details please refer to: https://aws.amazon.com/privacy/
In our software Service we use the service postmark by Wildbit LLC, 225 Chestnut St., Philadelphia, PA, 19106, USA.
Postmark process your data (email address, name, and content of email) for sending transactional email notifications.
For more details please refer to: https://wildbit.com/privacy-policy
In our software service we use the services by salesforce.com, inc., The Landmark @ One Market, Suite 300, San Francisco, California 94105, US (“Heroku”).
Heroku processes your data for the purpose of general storage and backup on our behalf as well as providing the service as outlined in our Terms.
For more details please refer to: https://www.salesforce.com/company/privacy/
In our software service we may use the services by One More Cloud Inc., 1228 Monterey Avenue Berkeley, CA 94707, USA (“Bonsai”).
Bonsai process your data to enable hosting elasticsearch, this is to optimize the display of you data within our service and to provide search functionality.
For more details please refer to: https://bonsai.io/privacy/
Integrations and Opt-in by Third Party Services
To process the payments for our Service we use the payment providers: Stripe, Inc., 185 Berry Street, Suite 550, San Francisco, CA 94107, USA (“Stripe”), and; Adyen B.V., Simon Carmiggeltstraat 6-50, 1011 DJ, Amsterdam, the Netherlands. Only such payment providers will process your payment data for the purpose of the respective payment, whereas we will not access and/or save your full payment information.
For more details please refer to;
In our Service we may use services by Stripe, Inc., 185 Berry Street, Suite 550, San Francisco, CA 94107, USA.
Stripe enable online payment processing and store card details if the integration is used.
For more details please refer to: https://stripe.com/de/privacy
In our Service we may use services by Adyen B.V., Simon Carmiggeltstraat 6-50, 1011 DJ, Amsterdam, the Netherlands.
Adyen enable online payment processing and store card details if the integration is used.
For more details please refer to: https://www.adyen.com/policies-and-disclaimer/privacy-policy
In our software Service we may use the service postmark by XERO ONE, 19-23 Taranaki St, Te Aro, Wellington, 6011, New Zealand,
Xero process your billing data for invoicing and accountancy purposes if the integration is used.
For more details please refer to: https://www.xero.com/about/terms/privacy/
In our software service we may use the services by Zebrafish Labs Inc., 1141 Howard Street, San Francisco, CA 94103, USA (“Imgix”) if you or your users choose to upload images.
Imgix process, host and optimize uploaded images for the purpose of displaying background images for your login screen, for bookings, and displaying contact images on our behalf as well as providing the service as outlined in our Terms.
For more details please refer to: https://www.imgix.com/privacy
In our software Service we may use the services by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043,USA.
Google processes your data (booking dates/times, booking title and comments, name of the booking party) in order to organize your calendar if the integration is used.
In our software Service we may use the services by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
Microsoft processes your data (booking dates/times, booking title and comments, name of the booking party) in order to organize your calendar if the integration is used.
For more details please refer to: https://privacy.microsoft.com/en-gb/privacystatement
In our software Service we may use the services by Apple, One Apple Park Way, Cupertino, CA 95014, USA.
Apple processes your data (booking dates/times, booking title and comments, name of the booking party) in order to organize your calendar if the integration is used.
For more details please refer to: https://www.apple.com/legal/privacy/
We fully welcome and support the introduction of GDPR policy. This is European Union (EU) policy that provides you and your users with a number of fundamental rights. You have the right to:
- Be informed about the collection and use of your personal data.
- Access your personal data and supplementary information.
- Have inaccurate personal data rectified, or completed if incomplete.
- Have your personal data erased. The right to erasure is also known as ‘the right to be forgotten’.
- Request that we restrict processing of your personal data.
- Data portability. Any personal data you have provided us with will be available to you on request in a structured, transferable and machine-readable format.
- Object or revoke consent regarding the use, processing or transmission of your data at any time.
For further information, you can contact us at email@example.com.
Duration of the storage of personal data
As a rule, we only store your personal data for as long as it is necessary for the execution of the contract or the respective purpose and limit the storage period to an absolutely necessary minimum.
In the case of long-term contractual relationships, such as the use of our Service, these storage periods may vary, but are generally limited to the duration of the contractual relationship or, with regard to the inventory data, or to the maximum legal retention periods, for example in accordance with (Limitation Act 1980 (Section 5)
Criteria for the storage period include whether the data is still up-to-date, whether the contractual relationship with us still exists, whether an inquiry has already been processed, whether a process has been completed or not, and whether legal retention periods for the personal data concerned are relevant or not.
We take data security seriously. Our website, and all Habu services, transmit data to your browser or to third parties using an encrypted connection. Our SSL certificates are provided by highly respected providers; Gandi.net & Comodo.
While we take every effort to operate according to recognised best practices and work continuously to maintain enterprise-level security, these are limited to the current understanding of technology and security. Please be advised, that we cannot fully guarantee data protection, data security and that we cannot accept any liability for the disclosure of data due to errors or unauthorized access by third parties. Users of our website or services are solely responsible for the security of their own devices, the internet connection they use, any data transferred by them or made available to them.
or via mail at Habu Spaces Ltd, 80 Stokes Croft, Bristol, BS1 3QY, UK.