Privacy Policy

LAST UPDATED: 1st November2021

Your privacy is important to us. To better protect your privacy we, “12Handz”by Bauer SME Services GmbH, Burchardstraße 11, 20077 Hamburg, Germany (“12Handz“,“we”, “us”) provide this notice explaining our online information practices and the choices you can make about the way your information is used when we act as the Controller as defined in applicable data protection laws. To make this notice easy to find, we make it available on our homepage and every other page of our websites and on our mobile app ("Privacy Policy"). This Privacy Policy is designed to help you understand what information we collect, why we collect it, what we do with it and what rights you have. Thank you for taking the time to carefully read it.

1. ABOUT 12Handz

We are a company that provides a cloud platform as an 'all in one' solution to small and medium business with a comprehensive set of fully integrated tools to manage clients, staff, online presence, digital-marketing, booking, scheduling, and payments (collectively the "Services"). This Privacy Policy applies to all websites and applications owned and operated by us and all Services we provide. We are located in the United Kingdom, the European Union and the United States of America and we can be contacted as follows:

(a) By email to our data protection officer at customer@12handz.com; and

(b) By writing to Bauer SME Services GmbH, Burchardstraße 11, 20077 Hamburg, Germany, for the attention of our data protection officer.

We have set out below a summary of the important points, but it is important that you read this Privacy Policy in full.


We provide a solution for small and medium business management through our cloud platform; which is accessible via our website and our mobile app.  To be able to provide the most appropriate solutions and to improve our Services, we require personal data including your name, contact information, IP address and other information  about your computer or device. We also collect payment information so that we  can process payment in accordance with the terms of service. We only collect  your personal data where it is lawful and necessary to do so. We keep your personal data only as long as  is necessary and appropriate for the specific purpose for which it was collected. We use third-party processors and transfer data globally but  always in compliance with applicable data protection laws - you can find out further information by contacting us.

You have various rights in respect of your personal data including: the right to withdraw consent (for example, if you have signed up to receive a newsletter from us); right of access, rectification and erasure; rights is respect of data portability; the right to restriction of processing; and the right to lodge a complaint with the supervisory authority. Please contact us at customer@12handz.com if you have any questions regarding the use of your personal data.

2. PERSONAL DATA WE COLLECT

We process information about two categories of data subjects: (a) representatives of our clients (“Clients“); and (b) customers of our Clients (“Customers“). Where we say “you” we mean our Clients; as we act as a Processor in terms of Personal Data relating to Client’s Customers; so, any Customers should refer to their privacy statements.

We collect details of about you directly from you, automatically through your usage and indirectly from third-party sources.

Information We Collect Directly

In order to access or use certain portions of the Services, or otherwise in conducting business with us or seeking to conduct business with us, you may be prompted to provide certain personal data to us: (a) by filling in forms (for example, a 'Contact us' form) on our website or at a trade show or any where else we conduct business; (b) by creating an account on our website; (c) by downloading documentation from our website; (d) by subscribing to news letters or other communications; or (e) by corresponding with us by phone, e-mail or otherwise using our contact details.

The personal data you will be asked to provide directly includes:

This personal data is required create an account and access our Services, to enter into a contract with you (in anticipation of an agreement to provide Services) or to perform a contract with you (such as to provide Services at your request), and failure to provide any information may result in our inability to perform such contract.

You are responsible for ensuring the accuracy of the Personal Data you submit to us. Inaccurate information will affect the information you receive when we provide you Services and our ability to contact you as contemplated in this Privacy Policy as well as to provide you the Services at the best manner possible.

You may also elect to provide the following Information (for example to create a free trial account):

We do not process any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health or genetic and biometric data). Nor do we process any information about criminal convictions and offences.

Information We Collect Automatically

We collect information automatically about users via a variety of methods, such as cookies, web beacons, JavaScript, and log files. This information may include user IP addresses, browser types, domain names, operating systems, geo-location data (country only at the time of sign-up); device type, page visits, time stamp, referring URL and other log file information; user activities within the Service; aggregate and statistical information regarding overall server/visitor traffic and navigation patterns for the Services (“Technical Usage Data“). Web servers collect this type of basic information automatically as part of Web log processes and other information that may uniquely identify you and may also be considered as part of your Personal Data. For more information, see the “How We Use Cookies and Analytics” section below and our Cookie Policy accessible here.

Information Obtained from Third Parties or Public Sources:

We use third-party service providers to enhance and enrich our marketing database of business professionals who have requested further information on our products. They may use information that is made public by you for example via LinkedIn; or where you have granted 12Handz permissions within social media applications that allow Facebook/Twitter/Instagram to share your activity, access media (including photos) and post on your behalf. You may also elect to import contacts from your phone, and/or provide access to photos and camera for logos, site images, campaign mages and social post images. We may also collect personal data about you from third parties that we work with such as third-party providers of services to us (e.g., fraud detection, identity verification and security) as well as from public records and our affiliated companies.  We work with these third-party providers to help us operate, provide, improve, understand, customize, support, and market our Services.

Please note that this Privacy Policy does not cover the following information as it cannot be considered as Personal Data: (a) information relating to a legal entity (e.g. corporate information, corporate contact details, accounting information, etc.); or (b) anonymized data, namely information which does not relate to an identified or identifiable natural person or to Personal Data rendered anonymous in such a manner that the data subject is no longer identifiable and cannot be identified.

3. HOW WE USE PERSONAL DATA

12Handz generally uses personal data as follows:

4. SHARING OF PERSONAL DATA WITH THIRD PARTIES

We share the information we collect as follows:

Social Media Sharing. If you chose to share information through social media outlets, such as Facebook and Twitter and Instagram, other users may receive information via these platforms. You can also link you’re account to a Google-My-Business page if you provide additional permissions.

Service Providers. We employ independent contractors, vendors and suppliers to provide specific services related to the Service, which are the following categories: hosting and maintaining the Service, providing credit card processing and fraud screening, and developing applications for the Service, email services and marketing enrichment services. In particular, Stripe stores and is liable for the processing of payment information. We also engage: (a) Camilyo, a white-labeled, integrated marketing platform; and (b) marketing service providers, i. Hubspot (CRM), ii. Intercom (chat functionality), iii. FullStory (analytics), iv. Heap (analytics), v. Appcues (in-tool help), vi. Google Analytics, vii. MaxMind (to identify traffic), and viii. TaxJar (billing tax calculation); and (c) an email provider (SendGrid, part of Twilio); and (d) SMS provider (Vonage), as sub-processors.

Legal Disclosures. We may disclose a Service user’s information (including personal data) where we believe that we are required to do so in order to comply with an applicable statute, regulation, rule or law, a subpoena, a warrant or administrative request, a court or regulatory order, or other valid legal processes. We may also disclose personal data where we believe it is necessary to identify, contact or bring legal action against someone who may be violating the Terms of Service for our Services, to detect fraud, for assistance with a delinquent account, as evidence in litigation in which we are involved, or to protect the safety and/or security of our users, the Services or the general public.

Authorities. We will disclose personal data to appropriate authorities if we determine that you have attempted to defraud 12Handz, or if we suspect you are committing any fraudulent activity.

Law Enforcement, Regulatory Bodies Or Professional Advisors. We may disclose to these third parties if we believe it is reasonably necessary to prevent harm or loss or if we believe that the disclosure will further an investigation of suspected or actual illegal activities

Law Enforcement, Regulatory Bodies Or Professional Advisors. We may disclose to these third parties if we believe it is reasonably necessary to prevent harm or loss or if we believe that the disclosure will further an investigation of suspected or actual illegal activities

Business Transfers. We reserve the right to transfer information (including personal data) to a third party in the event of a sale, merger or other transfer of all or substantially all of the assets of 12Handz or any of its Affiliates (including as part of a bankruptcy or insolvency proceeding) or if we are acquired by or merge with a third party. We may disclose personal data about Service users to our affiliated companies. Our affiliates’ use of your personal data will be in accordance with the terms of this Privacy Policy.

Others. If you have requested and/or agreed that the Personal Data will be provided to third parties – i.e. to your Customers.

International Transfers. Whilst data is primarily stored in the European Union, the information we collect will be transferred to, stored and processed in the U.S., as well as other international locations (including Israel) where we have affiliates and service providers. The U.S. and other jurisdictions (including Israel)) to where we transfer your information may not offer an equivalent level of data protection as in your home country. As a result, where the personal data that we collect through or in connection with the Services is processed in the United States, we will take steps to ensure that the information receives the same level of protection as if it remained within your home country. For data processing in Israel, this is pursuant to 2011/61/EU: Commission Decision of 31 January 2011 on the adequate protection of personal data by the State of Israel. If you are a Data Subject in the European Union or the United Kingdom, you have a right to receive details of those steps where your data is transferred outside the European Union or United Kingdom, (e.g. to request a copy where the safeguard is documented, for example the Standard Contractual Clauses approved by the European Commission – and we will implement additional measures if required to ensure that there is adequate protection of your data). The safeguard may be redacted to ensure confidentiality.

5. HOW WE USE COOKIES AND ANALYTICS

We use cookies and other tracking mechanisms to track information about your use of our Service. Please refer to our full Cookie Policy for further Information. We have set out a summary below.

Cookies. We use cookies to track visitor activity. A cookie is a text file that a website transfers to your computer’s hard drive for record-keeping purposes. We, and our service providers, use cookies to track user activities on our Services, such as the pages visited and time spent on our Services. Most browsers allow users to refuse cookies. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. However, many of our Services will not function properly with cookies disabled.

Do-Not-Track Signals. Our Services do not recognize “do-not-track” requests; however, we do not track your activities after you leave our platform.

Local Shared Objects. We may use local shared objects (“LSOs”), such as Flash LSOs to store your preferences and to personalize your visit. LSOs are different from browser cookies because of the amount and type of data stored. Typically, you cannot control, delete, or disable LSOs through your web browser. For more information or to learn how to manage your Flash LSO settings, go to the Adobe Flash Player Help Page, choose “Global Storage Settings Panel” and follow the instructions.

Clear GIFs, beacons, pixel tags and other technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages and cannot be disabled through your browser. We may use clear GIFs (a.k.a. web beacons, web bugs or pixel tags), in connection with our Services to, among other things, track the activities of users, help us manage content, and compile statistics about usage. We, and our service providers may also use clear GIFs in HTML emails to our clients to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.

Third-Party Analytics. We use Google Analytics to evaluate usage of our Service. We use this tool to help us improve our Services, performance, and user experiences. This entity may use cookies and other tracking technologies to perform their services. To learn more about Google’s privacy practices, please review the Google privacy policy at https://www.google.com/policies/privacy/. You can also download the Google Analytics Opt-out Browser Add-on to prevent their data from being used by Google Analytics at https://tools.google.com/dlpage/gaoptout. You can also customize Google Display Network ads using the Google Ads Preferences Manager.

6. HOW WE LINK AND INTERACT WITH OTHER WEBSITES

Our Services may contain links to other websites not owned or operated by 12Handz and may provide users with access to other websites and services. Please be aware that we are not responsible for the privacy practices of such third-party websites or services and any access to and use of such linked websites is not governed by this Privacy Policy. We encourage you to read the privacy policies or statements of every website you visit.

7. HOW WE PROTECT PERSONAL DATA

12Handz implements reasonable and appropriate physical, administrative and technical safeguards to help us protect your personal data from unauthorized access, use and disclosure, and to maintain accuracy and ensure the appropriate use of your information. Where appropriate, these safeguards include encryption. However, no data transmissions over the Internet can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk. We believe that we have put in place appropriate physical, electronic, and managerial procedures to help safeguard and help prevent unauthorized access, maintain data security, and correctly use the information we collect online.

User Generated Content. The Services may feature various community areas and open text areas (the “Public Areas“) where users can share information or post questions for others to answer, where users may post to blogs (and add comments); where users can add reviews and where users can display social feeds from social networks (via widgets). These Public Areas are open to the public and should not be considered private. We cannot prevent such information from being used in a manner that may violate this Privacy Policy, the law, or your personal privacy. We are not responsible for the results of such postings or for the accuracy of any information contained in those postings. You should think carefully before posting any information in any Public Area. What you post can be seen, disclosed to or collected by others and may be used by others in ways we cannot control or predict. As with any public forum on any website, the information you post may also show up in third-party search engines like Google.

Credentials: You must notify us promptly about any possible misuse of your accounts or authentication credentials or any security incident related to the Services that we providing to you.

8. OUR COMMITMENT TO CHILDREN'S PRIVACY

Protecting the privacy of the very young is especially important. For that reason, our Services are not directed towards and may not be used by persons under the age of 16.

9. INFORMATION FOR INDIVIDUALS IN THE UNITED KINGDOM AND EUROPEAN UNION

Where we act as a controller, data protection laws require us to have a legal basis to do so. The following legal basis pertains to our collection and processing of data in the capacity of a controller:

Note:

Contractual Necessity means processing your data where it is necessary for the performance of a contract to which you are a party, in particular the Terms of Service.

Compliance with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to, such as anti-money laundering legislation and tax requirements.

Consent means freely given, unambiguous and clear permission (i.e. you have actively opted into a service or in-app notifications by ticking a box).

Legitimate interests can be our own interests or the interests of third parties, and can extend to commercial interests as well as wider societal benefits – we have described our interests above where applicable.

If you would like to find out more about the legal basis for processing personal data, please contact us at customer@12handz.com.

Your Legal Rights. Subject to certain exemptions, and dependent upon the processing activity we are undertaking, you have certain rights in relation to the personal data we process for you in the capacity of a controller as follows:

Right to access, correct, and delete your personal data: You have the right to request access to the personal data that we hold about you and: (a) the source of your personal data; (b) the purposes and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal data may be transferred. You also have the right to request that we correct any inaccuracies or delete your information. We are not required to comply with your request to erase personal data if the processing of your personal data is necessary for compliance with a legal obligation or for the establishment, exercise, or defense of legal claims. Please note that we may require you to verify your identity before responding to any requests to exercise your rights.

Right to restrict the processing of your personal data: You have the right to restrict the use of your personal data when (i) you contest the accuracy of the data; (ii) the use is unlawful but you do not want us to erase the data; (iii) we no longer need the personal data for the relevant purposes, but you require it for the establishment, exercise, or defense of legal claims; or (iv) you have objected to our personal data use justified on our legitimate interests verification as to whether we have a compelling interest to continue to use your data. We can continue to use your personal data following a request for restriction, where: (a) we have your consent; (b) to establish, exercise or defend legal claims; or (c) to protect the rights of another natural or legal person.

Right to data portability: To the extent that we process your information: (i) based on your consent or under a contract; and (ii) through automated means, you have the right to receive such personal data in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller.

Right to object to the processing of your personal data: You can object to any processing of your personal data which has our legitimate interests as its legal basis if you believe your fundamental rights and freedoms outweigh our legitimate interests. If you raise an objection we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms. Where we rely upon legitimate interest as a basis for processing we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.

You also have the right to object to our use of your personal data (including profiling) for direct marketing purposes. Where we rely on your consent to process Personal Data, you have the right to withdraw or decline your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

How to Exercise Your Rights: If you would like to exercise any of the rights described above, you should note that we provide registered users with the ability to correct, delete, or block their data, or make such corrections, deletions, or blockages in the account management section of the Services. Should you require any help or wish to exercise any of the other rights noted above, please contact us at customer@12handz.com and/or you may also contact your success manager. We may ask you for additional information to confirm your identity and for security purposes before disclosing the personal data requested to you. We reserve the right to charge a fee where permitted by law, for instance, if your request is manifestly unfounded or excessive. We may not always be able to fully address your request, for example, if it would affect the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

Right to lodge a complaint with your local supervisory authority: You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal data. We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

Retention. We will keep your information accurate, complete and up to date. We will retain your data for the period necessary to fulfill the different purposes outlined in section 3, typically this will be a period of six years in line with local laws (statutory retention periods). With respect to our chat function and monitoring of success, we retain your personal data for 9 months after your last request for a Service. Where we are required to do so to meet legal and regulatory requirements, we will retain your data for longer periods of time, but only where permitted to do so, including so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a possibility of legal action relating to your data or dealings. Upon termination of your use of the Services, and unless we required to retain such Personal Data for legal reasons as mentioned or contractually, we shall delete the Personal Data as soon as reasonably practicable and according to our policies and applicable laws. Please note that permanently deleting your account erases all of your information and after completing this process, you can no longer use any of your our Services, your account and all its data will be removed permanently and we will not be able to restore your account or retrieve your data in the future.

10. CHANGES TO OUR PRIVACY POLICY

12Handz may amend this Privacy Policy from time to time. We will provide notice of any material changes made to our Privacy Policy by prominently posting the revised Policy with an updated date of revision on our homepage. We encourage you to check this page periodically for any changes. If we make any material changes that affect information we have previously collected about you, we will provide you with notice via email or within the Services.