Hornbill Privacy Statement

This policy deals with Hornbill in its capacity as a Data Controller and not as a Data Processor.


Hornbill Corporate Limited is the ultimate holding company for the following Hornbill Group companies:

  • Hornbill Technologies Limited
  • Hornbill Service Management Applications Limited
  • Hornbill Service Management Limited

This Privacy Policy is applied consistently across these companies and the single point of contact for enquires about privacy is the CFO who can be contacted at data.privacy@hornbill.com. The CFO can be contacted by post at Hornbill Corporate Limited, Apollo, Odyssey Business Park, West End Road, Ruislip, HA4 6QD UK.


All individuals for whom we hold personal data have the following rights and our systems and processes will ensure that these rights are respected:

  1. Right to be Informed
  2. Right of Access
  3. Right to Rectification
  4. Right to Erasure
  5. Right to Restrict Processing
  6. Right to Data Portability
  7. Right to Object
  8. Rights in Relation to Automated Decision Making

These rights and our policies to ensure they are respected are considered in more detail in the following sections.


The Board of Directors and senior management of Hornbill are committed to preserving the confidentiality, integrity and availability of personal data processed by the company. To that end Hornbill takes the following protective measures:

  1. Personal data is only accessible to those authorised to access it and all employees, sub-contractors, project consultants and any other external parties are made aware of their responsibilities to preserve information security, to report security breaches, and to act in accordance with security policies whilst doing so. The consequences of security policy violations are described in Hornbill’s disciplinary processes contained within the HR policy. All staff receive information security awareness training and specialist employees will receive appropriately focused training as required to meet Hornbill’s business, contractual, and regulatory requirements and obligations.
  2. Hornbill is committed to compliance with all national and, where appropriate, international laws relating to the protection of personal data and individual privacy (including GDPR); this policy applies to all personal data processed by Hornbill. Hornbill continuously reviews and audits operations and security arrangements to ensure personal data is processed appropriately by authorised Hornbill personnel.
  3. Hornbill maintains rigorous policies in respect to mobile security and requires mobile devices (laptops, mobile computers, PDAs, mobile phones, USB sticks and other similar memory devices) to have: (i) password protection, (ii) where appropriate/possible and to be encrypted, (iii) the most recent operating system and application security-related patches, fixes and updates installed. Hornbill also requires notebook computers are physically protected against theft and damage while in transit, in storage or in use and that, in cases of loss or theft this is reported immediately. Furthermore, Hornbill ensures users are appropriately trained, understand and can carry out their agreed security obligations.
  4. Hornbill undertakes vetting of all Hornbill personnel in line with BS7858:2012
  5. Hornbill personnel, with access to personal data, are provided with and sign a contract of employment which includes a confidentiality agreement covering the various responsibilities and actions required of signatories to avoid unauthorized information disclosure, the permitted use of the information, the signatories’ rights in respect of that information and the required actions on termination of the agreement.
  6. Hornbill will monitor for, analyse and respond to information security incidents immediately they are seen or experienced and report all such incidents to the Information Security Manager who will be responsible for undertaking an assessment and categorising the reported incident in a timely manner and in accordance with Hornbill’s documented operating procedures.
  7. Hornbill will report to you any; access to, alteration, disclosure of, accidental or unlawful destruction, or loss to your personal data (a “Breach”). An initial report will be made to you. As Hornbill investigates or otherwise becomes aware of further information, and unless restricted by any applicable law, Hornbill will provide all further information pertaining to the nature and impact of the Breach.


Hornbill currently process personal data for the following distinct groups:

  1. Customer’s employees or subcontractors’ personal data
  2. Suppliers employees or subcontractors’ personal data
  3. Potential customers employees or subcontractors’ personal data
  4. Individuals who interact with our website

Each of these distinct groups is considered in more detail here.

Hornbill currently process personal data for the following distinct groups: