Who we are
Barbal Limited (“we”) is a company registered in England and Wales. Company Number 11682895.
We take both the privacy and information security of our users and stakeholders seriously. We collect data to understand our customers and how our users use our websites and applications.
In line with our information security policy, access to confidential information (including personal data) by Barbal personel is on a needs-only basis. We only collect and store information that is essential for us to perform business functions.
All personel at Barbal with access to personally identifiable information are subject to idenfication checks.
Information collected for sales and marketing purposes is only accessible to our sales and marketing teams.
Customer information provided directly through the service or indirectly via an employee is only accessible to personel who have had background checks and need to access information to perform their role. More information about privacy and security of our applications and services is given below.
We use a number of third party products and services for marketing and user analytics. These will not collect personal information through our websites and apps without your consent.
The Barbal and StandardsRepo web applications (“the apps”) require a cookie opt in to use the service. We only store essential cookies to make the app work or improve the use of the service. We do not use third party cookies in the apps.
First party cookies
Barbal websites and apps use Google Analytics (GA), a web analytics service provided by Google, Inc. (“Google”). The information generated by the cookie about your use of our website will be transmitted to and stored by Google, however, we do not allow Google to use this information. We use this information to better understand our audience and ultimately to provide a better experience with our websites and apps.
Google analytics uses the following cookies:
We use Hubspot as our marketing and customer relationship management system.
Hubspot uses the following cookies on the barbal.co website:
If you provide us with any personal data by e.g. by contacting us, booking a demo, joining the mailing list or signing up to our events or services, we will store this in Hubspot so that we can contact you. We do not give Hubspot permission to use your information for any other purpose.
We collect the following personal data about you in forms on this site so that we can respond to your queries appropriately and provide you with relevant information or communications:
- Email address
You can opt-out from receiving communications from Barbal via hubspot using links in email footers.
We use mailchimp as our mailing list provider for marketing emails. We only store your email address and subscription preferences in Mailchimp.
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Barbal Document Drafting System
We collect information about usage of our Barbal Document Drafting System web application (app.barbal.co and app.standardsrepo.com) (“the service”) to help us identify and plan maintenance and enhancements.
We handle both personal data and content provided to the service on a confidential basis with the same protocols.
The service is self-certified as meeting the 14 Cloud Security Principles.
Personal data collected by the service relating to user accounts
Barbal is the data controller for personal data required for user accounts.
We process the following personal data from users:
- Necessary personally identifiable information
- Email address
- Necessary linkable information
- Optional personally identifiable information
- Full Name
- Optional linkable information
The only personal data required to use the service is an email address. We use your email address for authentication, notifications and to contact you with issues to relating to your account or use of the service. We never disclose your email address to other users of the service or third parties. Your username does not need to contain personal data.
You may provide additional personally identifiable information such as name, affiliation and profile picture, which is presented by the service on your profile page to help other users understand who you are. This information is classed as “content” (see below) and will be made available to collaborators in workspaces.
All users of the app have a public profile which lists their username, profile content and activities in public workspaces.
Personal data processed by the service in content
We class “content” as any information, documents or files uploaded or entered directly into workspaces (“workspace content”) or non-mandatory aspects of user profiles (“profile content”). Except where excluded by our acceptable usage policy, we do not restrict the types or nature of content processed by the service. This means that users may enter personal data or other content they wish to keep private or confidential.
Securing your account
Your account is secured with a password, which must be in accordance with our password and security policy.
We recommend that you also enable two-factor authentication which is available in your user settings.
You may opt in to marketing via the service. See the Hubspot section for more information.
Workspaces can be private or public.
Workspace privacy settings are available to the workspace administrator.
Public workspaces are listed in the Explore pages and are indexed by search engines. Anyone on the web can view the content of a public workspace including the latest saves of each document copy, proposal and the info pages.
We recommend that public workspaces include a copyright statement including the owner of the work and the basis for which it is made available to others.
Barbal is not responsible for data breaches that result from a user making a workspace public or entering content into a public workspace.
We may make copies of data stored in public workspaces for internal development and testing of functionality and features. This will not be re-published without the permission of the owner.
A private workspace is only accessible by users added by administrators of that workspace (see also Access by Barbal to your data).
The adminstrator is responsible for ensuring that only authorised users are granted access to private workspaces.
Additional privacy agreements
For customers on our enterprise pricing tier we may agree to additional privacy and information security measures and procedures, including overriding aspects in this policy relating personal data (e.g. by requiring a username to be personally identifiable). Please contact us to discuss your needs.
We only use first party cookies in the service.
You must accept cookies to sign in to the service.
We use first party cookies for the following purposes:
- Sign you in
- Keep you signed in (optional – “Remember Me” feature)
- Store your preferences (e.g. what language you prefer)
- Store information about your current session
- Secure your interaction with our service (e.g. protect against Cross-site request forgery attacks)
We use the following first party cookies:
|user_accepts_cookies||Indicates that you chose to accept cookies and allows the below cookies to be installed|
|_csrf||Stores a unique identifier to protect you against Cross Site Request Forgery attacks|
|barbal_user||Stores your username (used by the “Remember Me” feature)|
|barbal_auth||Stores an encrypted version of your password (used by the “Remember Me” feature)|
|barbal_session||Stores a unique identifier so that the server can validate your session|
|lang||Stores your language preference|
You can set your browser not to accept cookies, and allaboutcookies.org tells you how to remove cookies from your browser. You will only be able to view the public features of our website without accepting cookies.
We also support the “I don’t care about cookies” plugin. If you have this plugin installed, this will take priority and you will not be able to manage your cookies through our privacy control, unless you add standardsrepo.com as an exception.
We use logging to:
- understand how users are using the services,
- proactively anticipate user support needs,
- understand how the app is performing,
- identify and analyse issues, and
- monitor data and security incidents.
Logs store meta-data about activities and events in the service.
Logs are classified as secure information and are only available to authorized personel. We may access logs at any time and without explicit permission. We will anonymise log information when sharing it.
The service is hosted by Google Cloud Platform which is accredited to ISO 27001.
Data is stored and processed in Google’s “europe-west2” region.
Only authorised personel have access to the cloud hosting platform. We log all access and activity.
The service is shared with other users. We can provide dedicated instances of the service to customers on our enterprise tier.
The service is protected by best-practice security measures and is encrypted at rest and in transit.
The service penetration tested by a CREST-certified tester annually to ensure that unauthorised access to your data is prevented.
Barbal Limited will keep “necessary” and any optional data (as defined in section 1 above) that you have provided for a period of seven years after your last login. Once this time period has expired, we will delete your data (necessary and optional) from our systems.
Access by Barbal to your data
We manage who has access to confidential information carefully inline with our information security policy. Only authorised personel have access to your personal data and content via the application or the cloud hosting environment.
We will not access content in private workspaces without the permission of the workspace owner.
Data breaches or cyber incidents are handled by our Chief Technology Officer, who reports the nature and resolution of all breaches to the board.
Your data protection rights
We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
The right to access – You have the right to request Barbal Limited for copies of your personal data. We may charge you a small fee for this service.
The right to rectification – You have the right to request that Barbal Limited correct any information you believe is inaccurate. You also have the right to request Barbal Limited to complete the information you believe is incomplete.
The right to erasure – You have the right to request that Barbal Limited erase your personal data, under certain conditions.
The right to restrict processing – You have the right to request that Barbal Limited restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to Barbal Limited’s processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that Barbal Limited transfer the data that we have collected to another organisation, or directly to you, under certain conditions.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email: firstname.lastname@example.org
Or write to us: Barbal Limited, 286 Paintworks, Arnos Vale, Bristol, BS4 3AQ, United Kingdom.
Privacy policies of other websites
How to contact the appropriate authority
Should you wish to report a complaint or if you feel that Barbal Limited has not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office.
Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Feedback or queries