Privacy Policy

1. Introduction

Workflow Systems (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller Information

Workflow Systems Ltd acts as the Data Controller for the personal data we collect. Our registered office is in the United Kingdom. For any privacy-related inquiries, please contact us at info@workflowsystem.com.

3. Information We Collect

We collect the following types of personal data:

• Contact Information: Name, email address, phone number, and company name when you fill out forms or contact us.
• Technical Data: IP address, browser type, device information, and cookies (see our Cookie Policy).
• Usage Data: Information about how you use our website and services.
• Project Information: Details about your business requirements and project specifications.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent: When you have given us explicit permission to process your data.
• Contract: When processing is necessary for the performance of a contract with you.
• Legitimate Interests: When processing is necessary for our legitimate business interests, provided your rights do not override these interests.
• Legal Obligation: When we are required to comply with a legal obligation.

5. How We Use Your Information

We use your personal data to:

• Respond to your inquiries and provide customer support
• Deliver our services and fulfill contractual obligations
• Send administrative information and service updates
• Improve our website and services
• Send marketing communications (with your consent)
• Comply with legal obligations

6. Data Sharing and Transfers

We do not sell your personal data. We may share your data with:

• Service Providers: Third-party vendors who assist in delivering our services (e.g., cloud hosting, analytics).
• Delivery Partners: Approved offshore development teams under strict Data Processing Agreements.
• Legal Authorities: When required by law or to protect our rights.

All international data transfers are conducted under UK International Data Transfer Agreements (IDTA) with appropriate safeguards.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• AES-256 encryption for data at rest and in transit
• Zero-trust architecture with role-based access control
• Regular security audits and penetration testing
• Employee training on data protection

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Contact data is typically retained for 6 years after the end of our business relationship.

9. Your Data Protection Rights

Under UK GDPR, you have the following rights:

• Right to Access: Request a copy of your personal data.
• Right to Rectification: Request correction of inaccurate data.
• Right to Erasure: Request deletion of your data (“right to be forgotten”).
• Right to Restrict Processing: Limit how we use your data.
• Right to Data Portability: Receive your data in a machine-readable format.
• Right to Object: Object to processing based on legitimate interests or direct marketing.

To exercise these rights, please contact us at info@workflowsystem.com. We will respond within 30 days.

10. Cookies and Tracking

We use cookies and similar technologies to enhance your browsing experience. For detailed information, please see our Cookie Policy.

11. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

12. Complaints

If you are unhappy with how we handle your personal data, you have the right to complain to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.