Last updated: July 2025

At Happy Hive (trading name of We Are Atomics Ltd), we are committed to protecting the privacy and personal data of all individuals whose data we process. This GDPR Compliance Policy outlines how we comply with the UK General Data Protection Regulation (UK GDPR) and EU General Data Protection Regulation (EU GDPR).

Our Commitment to GDPR Compliance

We process personal data lawfully, fairly, and transparently, ensuring that individuals’ rights are respected and protected at all times.

Legal Basis for Processing

We process personal data under the following legal bases:

Legitimate Interest (Article 6(1)(f))

  • Website analytics and improvement
  • Security monitoring and fraud prevention
  • Direct marketing (with appropriate balancing of interests)

Contract Performance (Article 6(1)(b))

  • Providing our platform services
  • Account management and customer support
  • Processing subscription payments

Consent (Article 6(1)(a))

  • Marketing communications (where required)
  • Non-essential cookies
  • Optional data collection activities

Legal Obligation (Article 6(1)(c))

  • Compliance with accounting and tax requirements
  • Responding to lawful requests from authorities

Individual Rights Under GDPR

We respect and facilitate the following rights for all data subjects:

Right to Information (Articles 13 & 14)

We provide clear information about how we collect and use personal data through our Privacy Policy and direct communications.

Right of Access (Article 15)

Individuals can request a copy of their personal data and information about how it’s being processed.

Right to Rectification (Article 16)

Individuals can request correction of inaccurate or incomplete personal data.

Right to Erasure (Article 17)

Individuals can request deletion of their personal data in certain circumstances, including:

  • The data is no longer necessary for the original purpose
  • Consent is withdrawn and there’s no other legal basis
  • The data has been unlawfully processed

Right to Restrict Processing (Article 18)

Individuals can request limitation of processing in certain circumstances.

Right to Data Portability (Article 20)

Individuals can request transfer of their data to another service provider in a structured, commonly used format.

Right to Object (Article 21)

Individuals can object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision Making (Article 22)

We do not engage in automated decision-making that significantly affects individuals.

How to Exercise Your Rights

To exercise any of these rights, contact us at support@happyhivehq.com. We will:

  • Respond within one month (extendable by two months for complex requests)
  • Verify your identity before processing requests
  • Provide responses free of charge (unless requests are manifestly unfounded or excessive)
  • Explain any reasons if we cannot comply with a request

Data Protection Principles

We ensure all personal data processing adheres to the GDPR principles:

Lawfulness, Fairness, and Transparency

  • We have a legal basis for all processing activities
  • We process data fairly and provide clear information to individuals

Purpose Limitation

  • We collect data for specified, explicit, and legitimate purposes
  • We do not process data for incompatible purposes

Data Minimization

  • We collect only data that is adequate, relevant, and necessary
  • We regularly review data collection practices

Accuracy

  • We keep personal data accurate and up to date
  • We correct or delete inaccurate data promptly

Storage Limitation

  • We retain data only as long as necessary for the specified purposes
  • We have clear retention schedules and deletion procedures

Integrity and Confidentiality

  • We implement appropriate security measures
  • We protect against unauthorized access, loss, or damage

Accountability

  • We can demonstrate compliance with GDPR principles
  • We maintain records of processing activities

International Data Transfers

When transferring personal data outside the UK or EU, we ensure adequate protection through:

  • Adequacy Decisions: Transfers to countries with adequate data protection levels
  • Standard Contractual Clauses: EU/UK approved contract terms with recipients
  • Binding Corporate Rules: For transfers within multinational organizations
  • Codes of Conduct or Certification: Where applicable

Data Breach Management

Our data breach response procedure includes:

Detection and Assessment (within hours)

  • Immediate assessment of the nature and scope of the breach
  • Determination of potential risks to individuals

Notification (within 72 hours to authorities)

  • Report to relevant supervisory authority (ICO for UK, local DPA for EU)
  • Include nature of breach, likely consequences, and measures taken

Communication to Data Subjects (without undue delay)

  • Direct notification when high risk to rights and freedoms
  • Clear explanation of the breach and protective measures

Documentation and Review

  • Maintain records of all breaches
  • Review and improve security measures based on lessons learned

Privacy by Design and Default

We implement privacy protection measures:

At the Design Stage

  • Consider privacy implications in system development
  • Implement data protection measures from the outset

By Default

  • Process only necessary personal data
  • Limit processing to what’s needed for each purpose
  • Minimize data retention periods

Training and Awareness

All staff receive regular training on:

  • GDPR requirements and principles
  • Individual rights and how to respond to requests
  • Data breach procedures
  • Secure data handling practices

Third Party Relationships

We ensure all third parties processing personal data on our behalf:

  • Sign appropriate data processing agreements
  • Implement adequate security measures
  • Comply with GDPR requirements
  • Are regularly audited for compliance

Regular Compliance Reviews

We conduct regular assessments of:

  • Data processing activities and legal bases
  • Security measures and controls
  • Staff training and awareness
  • Third party compliance
  • Policy effectiveness and updates needed

Data Protection Impact Assessments (DPIAs)

We conduct DPIAs when processing is likely to result in high risk to individuals, particularly when:

  • Using new technologies
  • Processing special category data
  • Systematic monitoring of public areas
  • Processing on a large scale

Record Keeping

We maintain comprehensive records of:

  • All processing activities
  • Legal bases for processing
  • Data retention and deletion schedules
  • Data sharing arrangements
  • Security incidents and breaches
  • Individual rights requests and responses

Supervisory Authority Cooperation

We cooperate fully with supervisory authorities:

  • UK: Information Commissioner’s Office (ICO)
  • EU: Relevant national data protection authorities

We respond promptly to all official requests and investigations.

Contact Information

Data Controller:
We Are Atomics Ltd (trading as Happy Hive)

Contact for Data Protection Matters:
Email: support@happyhivehq.com
Website: https://happyhivehq.com

Data Protection Officer:
Available upon request at support@happyhivehq.com

Policy Updates

This policy is reviewed annually and updated as needed to reflect:

  • Changes in data processing activities
  • Legal and regulatory developments
  • Best practice evolution
  • Lessons learned from compliance activities