Privacy Policy

1. Who we are

Unless a different HoneyBee entity, affiliate, authorised reseller, or implementation partner is identified in the applicable quotation, order form, invoice, or signed agreement, the website and direct online Services are operated by:

For privacy-related questions, requests, or complaints:

2. Scope of this Privacy Policy

This Privacy Policy applies to personal data processed in connection with:

• visits to our website;
• account registration and workspace setup;
• free plans, trials, and subscriptions;
• use of the HoneyBee platform and mobile functionality;
• support, implementation, onboarding, migration, and training services;
• communications with us by email, contact forms, chat, or other channels;
• security, fraud prevention, and compliance activities;
• cookies and similar technologies;
• AI-assisted features and related user interactions.

This Privacy Policy does not replace any separate contract, Data Processing Addendum, or privacy notice that may apply to a specific customer implementation, employment relationship, partner relationship, or regulated deployment.

3. Roles: when HoneyBee is controller and when HoneyBee is processor

3.1 HoneyBee as controller

HoneyBee acts as a controller when we determine the purposes and means of processing personal data for our own business purposes, including for example:

• operating the website;
• creating and managing accounts for direct users;
• handling billing, payments, and subscription administration;
• responding to sales inquiries and demo requests;
• delivering support communications;
• securing the platform and investigating abuse or fraud;
• improving the performance, reliability, and security of the Services;
• complying with legal, tax, accounting, audit, and regulatory obligations.

3.2 HoneyBee as processor or service provider

When a customer uses HoneyBee to manage its own employees, contractors, clients, suppliers, applicants, operations, or internal records, that customer will typically act as the controller of the personal data in its workspace, and HoneyBee will generally act as a processor or service provider on the customer's behalf. Where required, processing by HoneyBee as processor is governed by the HoneyBee Data Processing Addendum.

3.3 End users of customer workspaces

If you are an end user of a HoneyBee customer workspace and your organisation gave you access to the platform, your organisation is usually the primary party responsible for your personal data in that workspace. In those cases, you should normally direct your privacy requests first to that organisation.

4. What personal data we collect

Depending on how you interact with HoneyBee, we may collect and process the following categories of personal data.

4.1 Identity and contact data

• full name;
• business email address;
• business phone number;
• company name;
• job title and department;
• business address or office location;
• user profile details.

4.2 Account and authentication data

• username or account identifier;
• password hash and authentication credentials;
• login history, timestamps, and session records;
• multi-factor authentication status and related metadata.

4.3 Billing and commercial data

• subscription details, invoice and payment records;
• tax information where required;
• pricing plan, seat allocation, and account status;
• contract, quotation, and order details.

4.4 Support and communication data

• support tickets and correspondence;
• implementation and onboarding communications;
• demo requests and sales inquiries;
• chat, feedback, and product requests.

4.5 Technical and usage data

• IP address, browser type and version;
• device identifiers and operating system;
• usage logs, error logs, and diagnostics;
• approximate location based on IP;
• activity timestamps and feature usage.

4.6 Workspace and business data

When customers use the platform, we may process data submitted into the workspace, including:

• employee, supplier, or client contact records;
• finance and operational records;
• HR or attendance records and project data;
• uploaded files, attachments, and documents;
• machine, IoT, or time-series records;
• AI prompts and generated outputs where AI features are used.

4.7 Cookies and similar technologies

We may collect information through cookies, pixels, local storage, scripts, and similar technologies as described in Section 14 below.

5. How we collect personal data

We collect personal data:

• directly from you when you fill in forms, create an account, book a demo, contact us, or use the Services;
• from your employer or organisation where they create your account or upload data to the workspace;
• automatically through platform usage, logs, and technical monitoring;
• through cookies and similar technologies where permitted;
• from affiliates, partners, payment providers, infrastructure providers, or implementation partners involved in delivering the Services;
• from publicly available sources or business databases where relevant for legitimate B2B outreach or due diligence.

6. How we use personal data

6.1 To provide and operate the Services

• create accounts and workspaces; authenticate users;
• deliver subscriptions and platform functionality;
• store, retrieve, structure, and display records;
• operate mobile and connected features;
• provide backups, exports, integrations, and core functionality.

6.2 To manage commercial relationships

• send quotations, invoices, and commercial notices;
• administer plans, pricing, renewals, and payments;
• manage seat allocations and account structure.

6.3 To support customers and users

• respond to questions and support requests;
• provide onboarding, implementation, migration, and training;
• troubleshoot technical issues and improve service delivery.

6.4 To secure and improve the Services

• prevent fraud, abuse, and unauthorised access;
• monitor reliability, uptime, and performance;
• investigate incidents and enforce our Terms;
• test, develop, improve, and secure the platform.

6.5 To communicate with you

• send account and billing notices; provide operational updates;
• respond to contact requests;
• send marketing communications where permitted by law or with required consent.

6.6 To comply with legal obligations

• comply with applicable laws and regulations;
• maintain tax, accounting, and audit records;
• respond to lawful requests from authorities;
• establish, exercise, or defend legal claims.

7. Legal bases for processing

Where applicable law requires a legal basis for processing, HoneyBee relies on one or more of the following:

• Performance of a contract: where processing is necessary to provide the Services, manage an account, or perform a contract with you or your organisation.
• Legitimate interests: where processing is necessary for platform security, operational improvement, customer support, fraud prevention, internal administration, product analytics, or business communications, provided those interests are not overridden by your rights.
• Legal obligation: where processing is necessary to comply with tax, accounting, regulatory, audit, employment, sanctions, fraud-prevention, or other legal requirements.
• Consent: where consent is specifically required, for example for certain marketing communications or non-essential cookies.
• Vital interests or public interest: only where applicable law recognises those grounds and they are relevant to the circumstances.

8. Customer workspace data and instructions

Where HoneyBee processes personal data in a customer workspace on behalf of a customer:

• HoneyBee generally acts only on the customer's documented instructions;
• the customer is responsible for determining the lawfulness of the data submitted to the workspace;
• the customer is responsible for user permissions, notices, consents, employment-law compliance, and the legal basis for using the platform;
• HoneyBee may process that data as necessary to host, secure, back up, support, troubleshoot, migrate, and maintain the Services.

Where required, that processing is governed by the HoneyBee Data Processing Addendum.

9. AI-related processing

Where AI-assisted features are enabled, HoneyBee may process prompts, instructions, context data, and related output metadata in order to provide the AI functionality. We may use this data to:

• generate requested outputs;
• maintain feature reliability;
• enforce usage controls;
• detect misuse, abuse, or unsafe behaviour;
• support debugging and product improvement.

AI-generated outputs may reflect the content, permissions, and context available in the workspace. Customers remain responsible for reviewing AI outputs before relying on them for legal, financial, employment, engineering, or commercial decisions.

Where an AI deployment is private, on-premise, or otherwise contractually restricted, the applicable order form or implementation agreement may further limit how AI-related data is processed.

10. Sharing of personal data

We may share personal data only where reasonably necessary for the purposes described in this Privacy Policy.

10.1 Within the HoneyBee group

We may share data with HoneyBee affiliates or related entities involved in service delivery, account administration, support, implementation, or compliance.

10.2 Service providers and subprocessors

We may share data with infrastructure and service providers, including providers of:

• hosting and cloud infrastructure; storage and backup;
• communications and email delivery;
• billing and payment services;
• support and ticketing systems;
• analytics and monitoring tools;
• implementation and technical support services;
• AI-related components where contractually applicable.

10.3 Partners and resellers

Where an authorised implementation partner, reseller, or local commercial partner is involved, we may share relevant data to support sales, onboarding, implementation, support, or billing.

10.4 Legal and regulatory disclosures

We may disclose personal data where required by law, in response to lawful requests by courts, regulators, or authorities, to protect rights, safety, property, or legal claims, or in connection with an audit, fraud investigation, security incident, or compliance review.

10.5 Corporate transactions

If HoneyBee undergoes a merger, acquisition, restructuring, financing, or sale of assets, personal data may be transferred as part of that transaction, subject to appropriate safeguards.

We do not sell customer workspace data as a data broker.

11. International transfers

HoneyBee supports customers across multiple jurisdictions, and personal data may be processed in more than one country. Where personal data subject to the GDPR or similar rules is transferred outside the relevant protected jurisdiction, HoneyBee uses an appropriate transfer mechanism recognised by law:

• where an applicable adequacy decision exists, HoneyBee may rely on that adequacy mechanism;
• where no applicable adequacy decision exists, HoneyBee may rely on the applicable Standard Contractual Clauses and supplementary measures where appropriate;
• where required, the transfer mechanism will be incorporated into the relevant DPA, order form, or supporting data-transfer documentation.

Customers may request additional information about applicable transfer mechanisms during procurement or contract review.

12. Data retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, including to provide the Services, maintain business records, support security and incident response, comply with legal obligations, resolve disputes, and support backups and continuity.

Where we cannot specify a single fixed retention period, we use criteria such as: the type of data, the relationship with the user or customer, the active subscription or account status, contractual obligations, legal or regulatory retention requirements, security and audit needs, and dispute or enforcement risk.

Customer workspace data may be deleted after termination and the expiry of any applicable export or retention window, unless law requires longer retention or a separate agreement provides otherwise.

13. Security

HoneyBee uses commercially reasonable administrative, organisational, and technical measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, misuse, or access. These measures may include:

• role-based access controls and authentication;
• logging, monitoring, and network protections;
• encryption in transit and, where applicable, at rest;
• backup and recovery measures;
• incident response procedures and internal confidentiality obligations.

No service, network, or transmission method can be guaranteed to be completely secure. Users and customers also have responsibilities, including managing passwords, access rights, device security, and internal approval structures.

14. Cookies and similar technologies

HoneyBee may use cookies and similar technologies for:

• essential site and security functions;
• session handling and authentication;
• remembering preferences;
• performance and usage analytics;
• support and communications tools;
• measuring site effectiveness.

Where required by law, HoneyBee will request consent before placing non-essential cookies or similar technologies. Essential cookies necessary for the website and platform to function do not require consent.

15. Your rights

Depending on the law that applies to your personal data, you may have rights including:

• the right to request access to your personal data;
• the right to request correction of inaccurate or incomplete data;
• the right to request deletion of your data in certain circumstances;
• the right to request restriction of processing;
• the right to object to certain processing;
• the right to data portability;
• the right to withdraw consent where consent is the legal basis;
• the right to lodge a complaint with a relevant supervisory authority.

If HoneyBee is acting as a processor on behalf of a customer, we may refer your request to that customer or require the request to be handled through that customer, unless applicable law requires otherwise.

To exercise your rights, contact us at privacy@ourhoneybee.eu. We may need to verify your identity before responding.

16. Marketing communications

HoneyBee may send business-related updates, product news, event invitations, or service announcements where permitted by law. Where consent is required for a particular marketing communication, we will seek that consent. You can unsubscribe from non-essential marketing communications at any time using the unsubscribe link or by contacting us.

We may still send essential service, billing, account, legal, or operational notices even if you opt out of marketing.

17. Children

HoneyBee is intended for business and professional use and is not directed to children. We do not knowingly collect personal data from children in connection with the business Services. If you believe a child has provided personal data to us inappropriately, please contact us so we can investigate and take appropriate action.

18. Third-party websites and services

Our website or Services may contain links to third-party websites, embedded tools, scheduling tools, payment services, support widgets, or integrations. Those third parties operate under their own terms and privacy policies, and HoneyBee is not responsible for their independent privacy practices. We encourage users to review the relevant third-party policies before sharing personal data with those services.

19. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make a material change, we will update the "Last updated" date and, where appropriate, provide additional notice through the website, platform, email, or other reasonable communication channels. Your continued use of the Services after the effective date of an updated Privacy Policy will be subject to the updated version, to the extent permitted by law.

20. Contact us

For privacy-related questions, rights requests, or complaints: