Privacy policy
Last updated: 17 June 2026
1. Who we are
Howell Technology Ltd (trading as "HowTech", "we", "us") is the data controller for personal data processed via this website and our consultancy services. We are registered in England and Wales (company number 16524481), with our registered office at FibreHub, Trevenson Lane, Pool, Redruth TR15 3GF.
We are registered with the Information Commissioner's Office (ICO) under registration number ZB998041.
2. Personal data we collect
2.1 Information you provide
- Name, email, phone, company and message – via the contact form
- Email address – via the insights newsletter form
- Name and email – when you download a gated resource
- Account details – if you sign in to a client area
2.2 Information collected automatically
- IP address, user-agent and approximate location (for security and abuse prevention)
- Pages viewed, referrer and aggregate analytics (only with consent)
- Heatmaps and masked session replay via Microsoft Clarity (only with consent)
- Cookies – see our Cookies policy
3. Purposes and legal bases
Under UK GDPR Article 6 we rely on the following legal bases:
| Purpose | Legal basis | Retention |
|---|---|---|
| Responding to enquiries (contact form) | Legitimate interest / pre-contract steps (Art. 6(1)(b)/(f)) | 24 months from last contact |
| Delivering consultancy services | Contract (Art. 6(1)(b)) | For the term of engagement + 6 years |
| Insights newsletter | Consent (Art. 6(1)(a)) / soft opt-in (PECR reg. 22) | Until you unsubscribe |
| Site analytics & session replay (Clarity) | Consent (Art. 6(1)(a)) | Up to 12 months |
| CRM record of enquiries and leads (Attio) | Legitimate interest (Art. 6(1)(f)) | 24 months from last contact, then deleted |
| Newsletter and resource nurture sequences (MailerLite) | Consent (Art. 6(1)(a)) | Until you unsubscribe |
| Accounting and tax records | Legal obligation (Art. 6(1)(c)) | 6 years (Companies Act 2006) |
| Site security, fraud and abuse prevention | Legitimate interest (Art. 6(1)(f)) | 90 days for logs |
4. How the contact and newsletter forms work
Form submissions are stored in our Supabase database (EU region) and trigger a transactional email via Resend so we can reply. Contact-form submissions are additionally written to our CRM (Attio) so the team can track the enquiry through to resolution – a Person record is created/updated, a Note containing your message is attached, and a Deal is opened. Submissions are retained for 24 months from the last contact, then deleted.
The newsletter form stores your email address and the date and time of your subscription, and adds you to our newsletter list in MailerLite (our email-marketing provider). You'll receive a welcome email and can unsubscribe at any time using the link at the bottom of any newsletter we send, or by emailing hello@howell.co.uk.
When you download a gated resource we record the resource on your Attio Person record so we can see who downloaded what. If you ticked the optional marketing-consent box on the form, we additionally add you to the MailerLite nurture sequence for that resource. You can unsubscribe from any nurture sequence the same way.
4a. Email tracking
Emails we send (newsletter confirmations, resource downloads and contact-form replies) include click tracking, and our newsletter additionally includes open tracking. Links in our emails route throughlinks.howell.co.ukbefore redirecting to the final destination so we can see which links are useful, and a small invisible image (a "tracking pixel") tells us when a newsletter has been opened.
We collect: the email address the message was sent to, which links were clicked, the time of the click or open, and the IP address / user-agent of the device that opened the email. This is processed by Resend (EU region) on our behalf.
Legal basis: legitimate interest for transactional replies (you've asked us to contact you); consent for the marketing newsletter, given when you tick the subscription box. You can opt out at any time by unsubscribing from the newsletter, or by emailing hello@howell.co.uk to ask us to disable tracking on emails sent to you.
5. Sharing and processors
We do not sell your personal data. We share it only with the following processors, each bound by a written data-processing agreement:
- Supabase – database, authentication and edge functions (EU region)
- Resend – transactional and direct email delivery (US – Standard Contractual Clauses with the UK Addendum)
- Cloudflare – CDN, DNS, bot mitigation and Worker hosting (global)
- Attio – customer relationship management (US – Standard Contractual Clauses with the UK Addendum)
- MailerLite – newsletter and marketing email delivery (EU/UK – only for subscribers who have opted in)
- Microsoft Clarity – analytics and session replay (US – only with consent)
We may also disclose data when required by law or to protect our rights.
6. International transfers
Attio, Resend and Microsoft Clarity process data in the United States. Transfers are protected by Standard Contractual Clauses with the UK Addendum (and, where applicable, the UK Extension to the EU-US Data Privacy Framework / "UK-US Data Bridge"). MailerLite processes data in the EU/UK. Cloudflare may route traffic globally; routing data is processed under SCCs and the UK IDTA.
7. Your rights
Under UK GDPR you have the right to:
- Be informed about how we use your personal data
- Access a copy of your personal data
- Have inaccurate data corrected
- Have your data erased ("right to be forgotten")
- Restrict or object to processing
- Data portability
- Withdraw consent at any time (without affecting prior lawful processing)
To exercise any of these rights, email hello@howell.co.uk. We will respond within one calendar month.
8. Right to complain
You can complain to the UK Information Commissioner's Office at any time: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF – telephone 0303 123 1113 – ico.org.uk/make-a-complaint. We'd appreciate the chance to address your concern first.
9. Automated decision-making
We do not use your personal data for solely-automated decision-making or profiling that produces legal or similarly significant effects on you.
10. Security
We are Cyber Essentials certified and apply appropriate technical and organisational measures including TLS in transit, encryption at rest, role-based access, MFA, rate-limiting and audit logging. No method of transmission over the internet is 100% secure; we will notify you and the ICO of any qualifying breach within 72 hours.
11. Children
Our services are aimed at businesses. We do not knowingly collect personal data from children under 13.
12. Changes to this policy
We may update this policy from time to time. Material changes will be flagged on this page and, where appropriate, notified by email.
13. Contact us
Howell Technology Ltd – Privacy
Email: hello@howell.co.uk
Phone: +44 (0)1209 500 585
Post: FibreHub, Trevenson Lane, Pool, Redruth TR15 3GF