Data Privacy at Willow360
Info Technology Supply Ltd, a company incorporated in England and Wales under number 2230502 whose registered office is at 2 Hobbs House, Harrovian Business Village, Bessborough Road, Harrow, HA1 3EX, England, United Kingdom trading as Willow360 and its authorised resellers (together "Willow360") takes the protection of our customers’ information seriously and is committed to complying with applicable data privacy laws, including GDPR and UK GDPR, when providing services to our customers. Data privacy is a collaborative effort and Willow360 is also committed to ensuring that you can use Willow360 services while complying with your obligations under applicable data privacy laws. This page is designed to help you with your data privacy obligations by providing information about Willow360’s data protection practices and the choices that you have regarding the data processed by Willow360 when you use Willow360 services. It should be read in addition to our Privacy Policy and other data protection documents provided by us to you.
Privacy Compliance at Willow360
Willow360 has ongoing processes to protect your data and privacy rights:
Legal Review
Willow360 collaborates with legal and other professional lawyers to understand its role under both current and proposed data privacy laws and regulations such as GDPR and UK GDPR. Willow360 regularly reviews and periodically updates its privacy and related documents to seek to ensure continued compliance with such data privacy laws and regulations.
Internal Data Audits
Willow360 periodically reviews the types of data that it collects, the reasons for collecting that data and when Willow360 personnel might need to access it.
Vendor Audits
Willow360 audits its vendors, both at the time of onboarding and thereafter, to ensure that they adhere to data privacy laws/regulations and sign any necessary contractual documents including relating to data processing.
Communications
Willow360 documents pertinent changes in its privacy compliance practices. Customer and partner notification occurs via email and this webpage. Willow360 also maintains a Data Privacy & Security FAQ page that may be useful to review.
Ongoing Process Changes
Willow360 continues to refine processes it uses for customer support, builds services and handles data. This includes internal documentation, training and other processes.
Customer Content
For "Customer Content" (content transferred in and out of workflows or other Willow360 services), you, the customer, are considered the “data controller” of that data from a privacy law perspective.
In turn, Willow360 is the “data processor” responsible for safeguarding Customer Content as it flows through Willow360’s systems. Willow360’s security measures are described on Willow360’s Security and Compliance page.
As data controller, you are responsible for safeguarding Customer Content as you interact directly with services integrated with Willow360. You should not configure your workflows to work with other users' data without a lawful basis to do so under UK GDPR or the local relevant data protection legislation to which you are subject.
Data Processing Addendum
Willow360’s Terms of Service refer to Willow360’s Data Processing Addendum (“DPA”).
Data Retention/Deletion
Below is information regarding Willow360’s data retention/deletion practices for Customer Content processed in Willow360 services (last updated: 5th May 2023):
| Retention period | |
| File Data file content transferred in and out of workflows. | - 30 days after workflow completion. - Duration of the license period while processed in workflow. |
| File Data file content transferred to inboxes. | - Duration of the license period. |
| File Data shared by Willow360 during processing | - 30 days from date of individual share. |
| Configuration Data related to the configuration of workflows, teams, and users. | Duration of the license period. - 90 days on expiry of license. - immediately on individual administrator deletion. |
| History information about the workflow, such as the name of the workflow, dates the workflow was used, file names placed in a workflow, interactions with the workflow. | - Up to 2 years with a valid license. - Operational history is stored in Willow360’s non-production database for internal Willow360 product analytics purposes. |
Deletion & Export Options
Deletion options
These options describe how manually to delete a file or workflow data from your account. Otherwise, data is deleted from logs and backups based on the standard retention periods described above.
Delete file data in your account
File data can be removed by viewing the file and clicking Delete.
Delete a specific workflow
A Willow360 administrator can delete any workflow configuration by editing it and clicking Delete.
Export options
This describes how to manually export data from your account.
Export your Willow360 Transactions
A Willow360 administrator can export credit transactions in Organisation settings > Edit Settings > Licence > Export Credit Audit
Sub processors
Willow360 engages with third-party sub processors and Willow360 affiliates to help us provide services to our customers. These sub processors store Customer Content and assist Willow360 with processing it.
Third-Party Sub processors
| Name | Nature of Processing | Location |
| Microsoft Azure | Third-party hosting provider | EU |
| FreshDesk | Customer service platform used for technical support ticket management | EU |
Service Specific Sub processors
Willow360 engages with Service Specific Sub processors to process Customer Content when customers use certain services. When customers request the relevant functionality, these sub processors process their Customer Content. Their use is limited to the indicated services:
| Name | Nature of Processing (Supported Willow360 Services) | Location |
| SparkPost | Email Processing (Email send Action, Email to Workflow) | USA |
| OneSignal | Push notifications (all browser notifications) | USA |
