Hofy Customer Privacy Policy

This Customer Privacy Policy describes how Hofy Ltd and its affiliates (Hofy Inc and Hofy B.V.) (“Hofy”) collect, use and disclose information associated with an identified or identifiable individual (‘Personal Data’) through our Services, and what choices you have over our processing activities.

This Customer Privacy Policy applies globally, but includes some location-specific provisions for territories with particular requirements (including California and the EU).

Hofy’s Services

Hofy’s Services include:

  • Access to Hofy’s platform;
  • Rental of Hofy equipment;
  • Purchase of Hofy equipment;
  • Mobile device management of Hofy devices; and
  • IT Service Desk.     

This Policy also applies to other interactions that you, as a Customer or end user, may have with Hofy (e.g. with our Customer Success or Sales teams).

If you visit Hofy’s website, please see our separate website privacy policy.

This Privacy Policy does not apply to any Hofy partners, or any other third parties, including any third party applications or software that integrate with the Services through the Hofy platform.   

What personal data do we collect and receive?

1. Customer Data

Hofy Services are governed by a contract between Hofy Ltd and your organisation.  When you use a Hofy Service provided by your organisation, Hofy Ltd is required to process your personal data in order to provide that Service.  Hofy Ltd’s affiliates may also be required to process your personal data, depending where you and the Customer are located.  

Information that is supplied to us by you or the Customer in the course of us providing our services, is Customer Data.  The Controller of the Customer Data is your organisation, and Hofy Ltd, and/or its Affiliates, is the Processor.  

Customer Data includes:  

  • Name
  • Address
  • Country of residence
  • Email address
  • Telephone number
  • Products and services ordered
  • Unique employee ID
  • Answers to DSE assessments 
  • Customer support interactions
  • All personal data processed as a result of Hofy’s IT helpdesk service or MDM service.  Note that this can include device location data to identify the whereabouts of a missing device.  
  • Any other data provided by you or your organisation in the course of the Services (except Other Personal Data).

Hofy relies on its contracts with its customers in order to process this personal data.  As such, Hofy does not require additional consent from end users in order to process this personal data.

Hofy does not process Special Category Data on behalf of customers, with the exception of any DSE assessment information (which could constitute Special Category Data within the meaning of the General Data Protection Regulations applicable to the EU and UK) if health information is provided.  

Hofy will never ask individual users for personal payment information.  You may, however, be asked to prove your identity for delivery of a Hofy product by one of our third party delivery providers by displaying biometric information.    

2. Other Personal data

Most of the personal data that Hofy processes which relates to Hofy’s services is Customer Data.  However, depending on the terms of its contracts with Customers, Hofy may act as the Controller of other personal data in limited circumstances, as set out below.    

  • Account administrator information;
  • Metadata and log data generated through use of the Services;
  • Cookie information;
  • Audio and video data and metadata; and
  • Additional information provided to Hofy.

How do we use personal data? 

Customer Data 

We process Customer Data in accordance with our Customers’ instructions, which are contained within Hofy’s terms of business with its Customers.

As a guide, Hofy may use Customer Data to:

  • Administer and manage users set up on the Customer’s account (and enable the Customer to administer and manage users), including:
  • Issuing, cancelling and recalling Hofy equipment
  • Transferring Hofy equipment to another user
  • Resolve any complaints or enquiries you or the Customer may have;
  • Provide reports or information to the Customer regarding the Hofy services;
  • Improve Customer experience, including for training purposes. 
  • Provide effective management reporting and for internal analysis of products & services;
  • Prevent, detect and investigate any incidents of delivery failures or fraud;
  • Fulfilling Hofy’s legal obligations (e.g. responding to government or law enforcement requests, where we consider that such action is required or permitted by law);
  • Creating anonymised data sets for internal reporting purposes (where such information cannot be linked back or reverse engineered to any individual).   

We never sell or rent Personal Data, we will not share your information with third parties for the purpose of direct marketing, and we do not use data to profile end users.   

Transfers of equipment to other users 

If your organisation requests Hofy to transfer your equipment directly to another user, we ask your organisation to confirm that they have your consent for a user-to-user transfer.  This is because names and addresses may become visible on shipping labels.  

Personal data contained on Hofy devices

Hofy has no access to your personal data contained on Hofy devices (except for very limited information if your organisation has enrolled its devices into Hofy’s MDM service).   

Therefore, if you lose access to your Hofy devices (in the event of a change of employment, for example), you will lose access to personal data or other content on any Hofy devices. 

It is part of Hofy’s terms and conditions with Customers that all end users must remove all personal data from Hofy devices before returning devices to Hofy, or when transferring devices to another permitted user. 

End users are required to ensure that devices are wiped of personal data before they are returned to Hofy or before a permitted transfer to another user.  Hofy does not accept any responsibility for loss of personal data in these circumstances.       

Hofy’s Mobile Device Management Service

Hofy offers an MDM service to some Customers, in accordance with their specifications.  This service involves the provision of software which allows Hofy to manage devices remotely, push apps to those devices, and enforce security policies. 

Hofy cannot read the content of your emails, see browser history, see your messages ,or view your photographs.  However, depending on the MDM settings, it is possible for Hofy to geolocate mobile devices when they are in managed lost mode.   

If you require information on Hofy’s MDM capabilities for your organisation, please contact your organisation. 

Other Personal Data

Hofy has a legitimate interest in processing Other Personal Data, for the purposes set out below.  

Customer account administrator information

To create a Hofy account, the Customer must supply Hofy with the names, email addresses, phone numbers, password and other account set-up details for account administrators. Hofy may also receive billing details which are linked to an individual acting on behalf of an organisation (such as credit card information, banking information and/or a billing address).  Hofy acts as the Controller of this information in order to ensure that it can manage its Customer accounts, and any debts owed to Hofy.  

Metadata and log data generated through use of the Services

When a user interacts with Hofy’s Services, metadata and log data may be generated that provides additional context about the way that a user uses the Services, and any problems they experience in using the Services.  Other Personal Data here may include your Internet Protocol (IP) address, browser type and settings, the date and time that the Services were used, and actions performed on the account.  This data helps Hofy understand how users interact with the Services so that we can continue to improve and develop our Services, and also helps us to fix bugs.  

Cookie information

Hofy uses cookies and similar technologies to enable the collection of Other Personal Data.  For more details about how we use these technologies, and your opt-out controls and other options, please visit our Website Privacy Policy.

Audio and video data and metadata

Hofy may receive, capture and store metadata such as data regarding the date and time of recorded sales calls with Hofy in order to improve our sales experience for customers.

Additional information provided to Hofy

We receive Other Personal Data that is submitted to us, such as personal opinions that you may provide us (for example, if you participate in a pilot, or provide feedback about our products or services), interactions with our social media accounts, or other communications with Hofy.  We use this data for the purpose of improving Hofy’s services.   

Data Protection enquiries

In respect of Customer Data, you should direct any data protection enquiries (including any requests to exercise your data protection rights) to your organisation’s Administrator.  Hofy is not responsible for the privacy or security practices of our Customers, which may differ from those contained in this policy. 

Please contact [email protected] if you have a question regarding any Other Personal data controlled by Hofy. 

How do we handle data retention?

Storage periods depend on the data processing terms with our Customers and their choices, the type of Personal Data, purposes of its collection and processing, and the applicable law.

Hofy will retain Customer Data in accordance with a Customer’s instructions (including to perform any applicable terms in the Customer Agreement and through the Customer’s use of Services functionality) and as required by applicable law. We must retain customer contact and product information during the course of any equipment lease, or other Hofy service, and we will retain information for a set period of time after this, according to the retention period agreed with our Customers.

Hofy may retain Other Information relating to you for as long as necessary for the purposes described in this Privacy Policy.  This may include keeping Other Information after your organisation no longer receives Hofy services, for the period of time needed for Hofy to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.

What security measures do we use?

Hofy takes security of data very seriously.  Hofy is SOC2 compliant and takes reasonable and appropriate measures to protect your Personal Data from loss, misuse, and unauthorised access. We use standard, industry-wide practices including firewalls and encryption of Customer Data to protect your information.  

No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee absolute security.

Which third party subprocessors do we use?

Hofy engages third parties to enable us to provide our services.  Key third party services which we use include web hosting services, diagnostics services, sales platform services, trade credit services and courier services. 

Where Hofy engages third party subprocessors who transfer personal data abroad, Hofy uses the Standard Contractual Clauses approved by the European Commission or UK (as appropriate) to govern transfers to countries which do not have equivalent safeguards to the UK and EU, including the United States, Canada, India, Japan, South Korea.

Changes to this privacy policy

Hofy may change this Privacy Policy from time to time without prior notice.  We will post the changes to this policy online. 

Data protection officer

To contact Hofy’s data protection officer, please email [email protected].   

Additional information for EU and UK residents

Data subjects in the EU and United Kingdom have certain rights regarding the processing of their Personal Data.  You should contact your organisation (the Data Controller) in order to obtain information on how to exercise your rights or to make any complaint regarding the handling of your personal data.  Hofy will work with your organisation to ensure that we comply with any permissible request to exercise your rights or manage any complaint.  

In the limited circumstances where we process information as Controller, you should make any requests or bring any complaints directly to Hofy.  Your rights include:   

Your right of access - You have the right to ask for copies of your personal information.

Your right to rectification - You have the right to ask to rectify personal information you think is inaccurate. You also have the right to ask to complete information you think is incomplete.

Your right to erasure - You have the right to ask to erase your personal information in certain circumstances.

Your right to restriction of processing - You have the right to ask to restrict the processing of your personal information in certain circumstances.

Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.

Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we will normally respond to you within one month, but may seek an extension of time if necessary.  

Additional information for California residents

California residents have the right to request a list of all third parties to which a Company has disclosed certain Personal Information for third party direct marketing purposes in the previous year.  Note that Hofy does not disclose any Personal Information to third parties for their direct marketing purposes.

Under the California Consumer Privacy Act (“CCPA”), if you are a California Consumer, or an authorised representative of a California Consumer as defined by the CCPA, you have the following rights regarding your Personal Information (as defined by the CCPA) collected during the 12 months before your request:

  • The right to request disclosure of the categories of Personal Information collected about you;
  • The right to request deletion of Personal Information collected about you;
  • The right to request disclosure of the categories of sources from which your Personal Information is collected;
  • The right to request disclosure of the business or commercial purpose for collecting or selling your Personal Information. Note that We do not sell Personal Information We collect about you; however third-party cookies are used as described above. If you do not wish to permit such cookies, please visit http://optout.aboutads.info/
  • The right to request the categories of third parties with whom the business shares your Personal Information;
  • The right to request a copy of the specific Personal Information collected about you; and/or
  • The right not to be discriminated against because you have exercised any of these rights.

We recommend that you contact your organisation first regarding any data rights requests.  Alternatively, you may contact Hofy directly at [email protected].   

Collections notice for California residents

This notice applies solely to Hofy Customers or users who reside in the State of California.  It contains additional details about the personal information that we collect about California individuals under the California Consumer Privacy Act or ‘CCPA’, as amended by the California Privacy Rights Act or ‘CPRA’.

We collect the following information from users or account administrators if you are an end user of Hofy services (i.e. you receive Hofy equipment provided by your organisation, or your organisation provides you with access to any other Hofy services).  In addition, we may collect personal information from third party partners if those third parties are authorised referrers or resellers for Hofy services.

Category of Personal Information

Intended Use

Identifiers such as a real name, alias, postal address, online identifiers, email address or unique personal identifier or other similar identifiers.

To service the products and services your organisation has with us; to contact you regarding our services and to verify your identity.

Any information that identifies, relates to, describes, or is capable of being associated with a particular individual, including, but not limited to, name, signature, Employer Identification Number, address, telephone number, passport number, driver's license or state identification card number, employer issued payment methods (e.g. employer credit card).  

To service the products and services you have with us;  to contact you regarding our services and to verify your identity.

Internet or other electronic network activity information, Internet Protocol (IP) address.

To support internal operations of our website or Platform.

Geolocation, including electronic network activity information pulled from a device which can be used to identify the precise location of an individual.

To determine country and time zone to support the internal operations of our Platform or offer services to you, including IT or MDM services and not for any other purpose.

Geolocation, including electronic network activity information pulled from a device which can be used to identify the precise location of an individual.

To determine country and time zone to support the internal operations of our Platform or offer services to you, including IT or MDM services and not for any other purpose.

Hofy will protect the privacy of information collected in accordance with applicable state, federal, and local laws. If you have any questions about the use of your personal information, please contact [email protected].