Privacy policy
Last updated: 2 May 2026
1. Who we are
Howell Technology Ltd (trading as "HowTech", "we", "us") is the data controller for personal data processed via this website and our consultancy services. We are registered in England and Wales (company number 16524481), with our registered office at 12 Clinton Road, Redruth, Cornwall TR15 2QE.
We are registered with the Information Commissioner's Office (ICO) under registration number ZB998041.
2. Personal data we collect
2.1 Information you provide
- Name, email, phone, company and message — via the contact form
- Email address — via the insights newsletter form
- Name and email — when you download a gated resource
- Account details — if you sign in to a client area
2.2 Information collected automatically
- IP address, user-agent and approximate location (for security and abuse prevention)
- Pages viewed, referrer and aggregate analytics (only with consent)
- Heatmaps and masked session replay via Microsoft Clarity (only with consent)
- Cookies — see our Cookies policy
3. Purposes and legal bases
Under UK GDPR Article 6 we rely on the following legal bases:
| Purpose | Legal basis | Retention |
|---|---|---|
| Responding to enquiries (contact form) | Legitimate interest / pre-contract steps (Art. 6(1)(b)/(f)) | 24 months from last contact |
| Delivering consultancy services | Contract (Art. 6(1)(b)) | For the term of engagement + 6 years |
| Insights newsletter | Consent (Art. 6(1)(a)) / soft opt-in (PECR reg. 22) | Until you unsubscribe |
| Site analytics & session replay (Clarity) | Consent (Art. 6(1)(a)) | Up to 12 months |
| Marketing visitor identification (HubSpot) | Consent (Art. 6(1)(a)) | Up to 13 months |
| Accounting and tax records | Legal obligation (Art. 6(1)(c)) | 6 years (Companies Act 2006) |
| Site security, fraud and abuse prevention | Legitimate interest (Art. 6(1)(f)) | 90 days for logs |
4. How the contact and newsletter forms work
Form submissions are stored in our Supabase database (EU region) in thecontact_submissionstable and trigger a transactional email via Resend so we can reply. Submissions are retained for 24 months from the last contact, then deleted. The newsletter form stores your email address and the date you subscribed. We send a welcome email confirming the subscription, and you can unsubscribe at any time by replying "UNSUBSCRIBE" or emailing hello@howell.co.uk.
4a. Email tracking
Emails we send (newsletter confirmations, resource downloads and contact-form replies) include click tracking, and our newsletter additionally includes open tracking. Links in our emails route throughlinks.howell.co.ukbefore redirecting to the final destination so we can see which links are useful, and a small invisible image (a "tracking pixel") tells us when a newsletter has been opened.
We collect: the email address the message was sent to, which links were clicked, the time of the click or open, and the IP address / user-agent of the device that opened the email. This is processed by Resend (EU region) on our behalf.
Legal basis: legitimate interest for transactional replies (you've asked us to contact you); consent for the marketing newsletter, given when you tick the subscription box. You can opt out at any time by unsubscribing from the newsletter, or by emailing hello@howell.co.uk to ask us to disable tracking on emails sent to you.
5. Sharing and processors
We do not sell your personal data. We share it only with the following processors, each bound by a written data-processing agreement:
- Supabase — database, authentication and edge functions (EU region)
- Resend — transactional email delivery (EU)
- Cloudflare — CDN, DNS, bot mitigation and Worker hosting (global)
- HubSpot — marketing CRM and visitor identification (US — only with consent)
- Microsoft Clarity — analytics and session replay (US — only with consent)
We may also disclose data when required by law or to protect our rights.
6. International transfers
HubSpot and Microsoft Clarity process data in the United States. Transfers are protected by the UK Extension to the EU-US Data Privacy Framework ("UK-US Data Bridge") and, where applicable, the UK International Data Transfer Agreement (IDTA) or EU Standard Contractual Clauses with the UK Addendum. Cloudflare may route traffic globally; routing data is processed under SCCs and the IDTA.
7. Your rights
Under UK GDPR you have the right to:
- Be informed about how we use your personal data
- Access a copy of your personal data
- Have inaccurate data corrected
- Have your data erased ("right to be forgotten")
- Restrict or object to processing
- Data portability
- Withdraw consent at any time (without affecting prior lawful processing)
To exercise any of these rights, email hello@howell.co.uk. We will respond within one calendar month.
8. Right to complain
You can complain to the UK Information Commissioner's Office at any time: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF — telephone 0303 123 1113 — ico.org.uk/make-a-complaint. We'd appreciate the chance to address your concern first.
9. Automated decision-making
We do not use your personal data for solely-automated decision-making or profiling that produces legal or similarly significant effects on you.
10. Security
We are Cyber Essentials certified and apply appropriate technical and organisational measures including TLS in transit, encryption at rest, role-based access, MFA, rate-limiting and audit logging. No method of transmission over the internet is 100% secure; we will notify you and the ICO of any qualifying breach within 72 hours.
11. Children
Our services are aimed at businesses. We do not knowingly collect personal data from children under 13.
12. Changes to this policy
We may update this policy from time to time. Material changes will be flagged on this page and, where appropriate, notified by email.
13. Contact us
Howell Technology Ltd — Privacy
Email: hello@howell.co.uk
Phone: +44 (0)1209 500 585
Post: 12 Clinton Road, Redruth, Cornwall TR15 2QE