Privacy Policy

1. Data Controller

Howell Systems Ltd (company number 16030189), registered at 20 Wenlock Road, London, England, N1 7GU, is the data controller for personal data collected through Howell Systems (https://howellsystems.co.uk).

For data protection enquiries, contact us at connor@howellsystems.co.uk.

2. Data We Collect

We collect the following categories of personal data:

Contact Form Submissions

Name, email address, and message content when you use our contact form.

Account Registration

Name, email address, and password (stored securely as a hash) when you create an account.

Billing Information

Payment details are collected and processed directly by Stripe. We store your Stripe customer ID and subscription status but do not store card numbers or payment credentials on our servers.

Analytics

We use Umami, a privacy-focused, cookieless analytics platform. Umami does not collect personal data, does not use cookies, and does not track individual users across sessions.

3. Lawful Bases for Processing

Under UK GDPR, we process your data on the following lawful bases:

• Contract — to provide our services, manage your account, and process payments.
• Legitimate interests — to respond to enquiries via the contact form and to improve our services.
• Legal obligation — to comply with tax, accounting, and regulatory requirements.

4. Third-Party Data Processors

We share personal data with the following third-party processors:

• Stripe — payment processing. Stripe's privacy policy applies to payment data.
• Microsoft (Graph API) — email delivery for contact form submissions and transactional emails.

5. Data Retention

Account data is retained for as long as your account is active. If you request account deletion, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes (e.g. financial records retained for 6 years).

Contact form submissions are retained for up to 12 months to manage ongoing enquiries.

6. International Data Transfers

Your data may be transferred outside the UK where our third-party processors operate (Stripe and Microsoft). These transfers are protected by appropriate safeguards, including Standard Contractual Clauses and adequacy decisions where applicable.

7. Your Rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you
• Rectify inaccurate personal data
• Request erasure of your personal data
• Restrict or object to processing of your personal data
• Data portability — receive your data in a structured, machine-readable format
• Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, contact us at connor@howellsystems.co.uk.

8. Complaints

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Children's Privacy

Our services are not intended for individuals under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us so we can delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on our website. The effective date at the top of this page indicates when the policy was last revised.