Hooftec Access Web Portal
Back to Home

Privacy Policy

Last updated: March 2nd, 2026
Effective date: March 2nd, 2026

1. Who We Are

Data Controller (for most purposes):
Hooftec Online Ltd
Email: [email protected]
Website: https://hooftec.app

"Hooftec", "we", "us", "our" means Hooftec Online Ltd, a company incorporated in England and Wales (company number [insert]), whose registered office is at [insert registered office address].

For personal data processed within customer accounts (e.g. farmers' clients, herd records), Hooftec acts as a Data Processor and the subscribing business is the Data Controller.

2. Scope of This Policy

This Policy applies to:

  • Account holders
  • Website visitors
  • Business contacts
  • Prospective customers
  • Individuals whose data is processed when interacting directly with Hooftec

It does not replace the customer's own privacy obligations where they act as controller of their own client data.

3. Categories of Personal Data We Collect

3.1 Account Information

  • Name
  • Email address
  • Telephone number
  • Business name
  • Billing address
  • Professional role

3.2 Payment Information

Payments are processed by a third-party payment provider (e.g., Stripe). We do not store full card details.

We may process:

  • Billing contact details
  • Payment status
  • Subscription tier
  • Transaction references

3.3 Usage Data

  • Log data
  • Device information
  • IP address
  • Browser type
  • App usage metrics
  • Crash diagnostics

3.4 Communications Data

  • Support enquiries
  • Email correspondence
  • Feedback submissions

3.5 Customer-Submitted Data (Processor Role)

When customers use the Service to record herd or business data, we process personal data such as:

  • Customer contact details
  • Business records
  • Agricultural service records

In this context, we act solely as a Data Processor on the instructions of the subscribing business.

4. Lawful Bases for Processing

We rely on the following lawful bases under UK GDPR:

Purpose Lawful Basis
Account administration Contract
Subscription billing Contract
Service delivery Contract
Security monitoring Legitimate interests
Service improvement analytics Legitimate interests
Legal compliance Legal obligation
Direct B2B marketing Legitimate interests (with opt-out)

Where consent is required (e.g., optional analytics cookies), it will be obtained separately.

5. How We Use Personal Data

We use personal data to:

  • Provide and maintain the Service
  • Process subscription payments
  • Provide customer support
  • Improve and develop the platform
  • Maintain system security
  • Comply with legal obligations
  • Communicate service updates

We do not sell personal data.

6. Data Sharing

We share personal data only where necessary with trusted service providers, including:

  • Cloud hosting providers
  • Payment processors
  • Analytics providers
  • Email delivery services

All third-party processors are contractually required to implement appropriate safeguards.

We may also disclose data:

  • Where required by law
  • To regulators
  • In connection with a business sale or restructuring

7. International Transfers

Where personal data is transferred outside the UK, we implement appropriate safeguards such as:

  • UK International Data Transfer Agreement (IDTA)
  • UK Addendum to EU Standard Contractual Clauses
  • Transfers to jurisdictions subject to adequacy decisions

8. Data Retention

We retain personal data:

  • For the duration of the subscription
  • For up to 6 years after termination for legal and accounting purposes
  • As required by tax law
  • For security logging purposes for a limited period

Customer account data will be deleted or anonymised upon request, subject to legal retention obligations.

Backups are overwritten in accordance with our standard retention cycle.

9. Data Security

We implement appropriate technical and organisational measures including:

  • Encryption in transit
  • Encryption at rest
  • Access controls
  • Role-based permissions
  • Secure cloud infrastructure
  • Regular security monitoring

No system can guarantee absolute security.

10. Data Subject Rights

Individuals have the following rights under UK GDPR:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction
  • Right to data portability
  • Right to object
  • Right to lodge a complaint

Requests can be submitted to: [email protected]

We will respond within one month, subject to statutory extensions.

Where we act as Data Processor, requests relating to customer-managed data will be referred to the relevant business controller.

11. Marketing Communications

We may send B2B service communications based on legitimate interests.

You may opt out at any time using the unsubscribe link or by contacting us.

We do not conduct automated decision-making or profiling with legal or similarly significant effects.

12. Cookies and Analytics

Our website and application may use:

  • Essential cookies
  • Performance and analytics tools

Where legally required, consent will be obtained via a cookie banner. Further details are provided in our Cookie Policy.

13. Children's Data

The Service is not intended for individuals under 18 years of age. We do not knowingly collect data relating to children.

14. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or in-app notification.

15. Complaints

If you believe we have not handled your data correctly, you may contact us first.

You also have the right to lodge a complaint with:

Information Commissioner's Office (ICO)

Website: https://ico.org.uk

Helpline: 0303 123 1113

This Privacy Policy does not form part of any contractual agreement except where expressly referenced in our Terms & Conditions.