Privacy policy.

HIWACORP LTD Privacy Policy

Effective date: 27 February 2026

HIWACORP LTD ("we", "our" or "us") is committed to protecting your privacy and handling your personal data in a fair and transparent way. This Privacy Policy explains how we collect, use, disclose and protect your personal information when you engage our bespoke creative services through The Labs and The Agency, use our website at hiwacorp.com, contact us, or otherwise interact with us. It also describes your data protection rights and how to exercise them.

1. Who we are

We are HIWACORP LTD, a private limited company registered in England and Wales (company number 16431317). Our registered office is:

3rd Floor, 86‑90 Paul Street, London, England, United Kingdom, EC2A 4NE.

You can contact us with any privacy‑related questions or requests at info@hiwacorp.com. Under UK data protection law, we are the “controller” of the personal data we collect about you because we determine the purposes and means of processing.

2. What data we collect

We collect and process personal data that is necessary to deliver our services and operate our business. Depending on how you interact with us, this may include:

CategoryExamplesIdentity and contact informationYour first and last name, job title, company name, email address and phone number, provided when you complete our "Let’s Work Together" form, request a quotation or otherwise correspond with us.Project informationDetails about your project requirements, creative brief, assets you provide (such as images, scripts, product specifications), and any feedback or preferences you share with us.Payment and billing detailsRecords of invoices, purchase orders, and payments for our services. We use trusted third‑party payment processors (e.g., Stripe or equivalent) to handle card transactions and do not store full card details on our servers.Usage data and analyticsTechnical information about your visit to our website, including your IP address, browser type, device type, pages visited, clickstream data, and referral URLs. This data is collected via cookies and similar technologies to help us understand how visitors use our website and to improve its functionality.Marketing preferencesYour preferences regarding receiving marketing communications and newsletters.

We generally do not collect sensitive personal data (such as health, race or ethnicity, religious beliefs, or sexual orientation) and we ask that you do not submit such information to us. If it becomes necessary to process special categories of personal data for a particular project, we will obtain your explicit consent.

3. How we collect your data

We obtain personal data directly from you when you:

  • Complete our online Let’s Work Together form or any other contact forms on our website.

  • Engage our services and provide project briefs, creative assets or feedback.

  • Correspond with us by email, telephone or social media.

  • Request a quotation, proposal or invoice.

  • Consent to receive our marketing updates or newsletters.

  • Visit our website, during which we automatically collect usage data via cookies and analytics technologies.

We may also receive personal data indirectly from publicly available sources (e.g., Companies House) when we carry out due‑diligence checks, or from our service providers (such as payment processors) for the purpose of confirming payment status.

4. Why we use your data and legal basis

We only use your personal data when the law allows us to, and we must identify a lawful basis under the UK GDPR. Our purposes and legal bases include:

PurposeDescriptionLegal basisPerforming our contract with youTo communicate with you about your project, deliver creative services, provide quotations, prepare and send invoices, and deliver project deliverables.Necessary for the performance of a contract (Article 6(1)(b) UK GDPR).Operating and improving our servicesTo manage our website, resolve technical issues, analyse how users interact with our site, improve user experience, and develop new offerings.Legitimate interests to operate and improve our business (Article 6(1)(f) UK GDPR).Marketing and communicationsTo send you information about our services, updates or promotions. You can opt out at any time.Consent (Article 6(1)(a) UK GDPR) or legitimate interests where relevant.Complying with legal obligationsTo comply with financial and tax requirements, respond to lawful requests from authorities, and maintain records for regulatory purposes.Legal obligation (Article 6(1)(c) UK GDPR).

5. How we use your data

We use the data we collect for the following purposes:

  • To provide and manage services – we use your identity, contact and project data to respond to enquiries, prepare proposals, deliver creative outputs (images, videos, prototypes, voiceovers, etc.), manage accounts and process payments.

  • To communicate with you – we may email or phone you to confirm project details, answer questions, provide updates, send invoices or statements, and respond to support requests.

  • To personalize your experience – we use analytics to understand how users interact with our website and tailor our content and offerings accordingly.

  • To send marketing – if you have agreed to receive marketing, we will send you newsletters or information about our services that we think may be of interest. You can opt out at any time.

  • To protect our business – we may use data to detect and prevent fraud or abuse, enforce our terms and conditions, and protect our rights and property.

  • To comply with the law – we process and retain certain data as required by tax, accounting and other legal obligations.

6. Who we share your data with

We will never sell or rent your personal data. We may share your data with trusted third parties where necessary to deliver our services or meet legal obligations, including:

  • Service providers and suppliers – such as cloud hosting providers, IT support, email newsletter providers, analytics services, and generative AI platforms used to create project outputs. These providers process data on our behalf and are subject to strict confidentiality and data protection obligations.

  • Payment processors – we use secure third‑party providers (e.g., Stripe) to process payments. These processors collect your payment details directly and are responsible for their own compliance.

  • Professional advisers – including lawyers, accountants and insurers who provide us with professional services and are bound by confidentiality.

  • Regulators and law enforcement – where we are required to disclose information to comply with legal obligations or respond to lawful requests.

Where we transfer data to third parties outside the United Kingdom or European Economic Area, we ensure appropriate safeguards (such as Standard Contractual Clauses) are in place to protect your data.

7. Data retention

We retain personal data only for as long as necessary to fulfil the purposes described in this policy and to comply with legal and regulatory requirements. In general:

  • Project records, contact information and invoices are kept for at least six years to satisfy tax, accounting and legal obligations.

  • Marketing preferences are kept until you opt out or we cease sending marketing communications.

  • Website analytics data are retained for a shorter period (typically up to 26 months) to analyse trends and improve our services.

  • When we no longer need your data, we securely delete or anonymise it.

8. Your data protection rights

Under the UK GDPR you have the following rights, subject to certain conditions:

  • Right of access – to request copies of the personal data we hold about you.

  • Right to rectification – to request correction of inaccurate or incomplete data.

  • Right to erasure – to request deletion of your data where there is no legal reason for us to continue processing it.

  • Right to restrict processing – to request that we limit how we use your data.

  • Right to object to processing – to object to processing based on our legitimate interests or for direct marketing.

  • Right to data portability – to request that we transfer your data to you or another organisation in a structured, commonly used format.

  • Right to withdraw consent – where we rely on your consent (e.g., for marketing), you may withdraw it at any time without affecting the lawfulness of prior processing.

If you wish to exercise any of these rights, please contact us at info@hiwacorp.com. We will respond within one month. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) or your local supervisory authority if you believe that we have not complied with data protection laws.

9. Cookies and similar technologies

Our website uses cookies and similar technologies to improve your experience. Cookies are small text files placed on your device that collect standard Internet log information and visitor behaviour information. We use cookies for the following purposes:

  • Strictly necessary cookies – to enable core website functions and features such as secure login and form submissions.

  • Functionality cookies – to remember your preferences, such as language or region, and enhance your experience.

  • Analytics cookies – to collect information about how you use our website (e.g., pages you visit, time spent) to help us improve our services.

  • Advertising cookies (where used) – to deliver relevant advertising based on your browsing behaviour. We sometimes share limited aspects of this data with third‑party advertising partners.

You can set your browser not to accept cookies or remove cookies from your browser; however, some website functions may not work correctly as a result. For further information visit allaboutcookies.org.

10. Marketing

We may send you marketing communications about our creative services if you have given us your consent or where we have a legitimate interest to do so. You can opt out of marketing emails at any time by clicking the unsubscribe link in the email or contacting us at info@hiwacorp.com. We will honour your request promptly.

11. Links to third‑party websites

Our website may contain links to other websites. This privacy policy applies only to our website. If you follow a link to a third‑party site, please review that site’s privacy policy before submitting any personal information.

12. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss or misuse. These include secure servers, encryption, access controls and regular security reviews. However, no method of transmission over the Internet or method of electronic storage is completely secure. We therefore cannot guarantee absolute security and you acknowledge that you provide your information at your own risk.

13. Children

Our services are directed at business customers and are not intended for children under 16. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can delete it.

14. Changes to this policy

We review and update this policy regularly to reflect changes in our practices or legal requirements. When we update the policy, we will post the new version on this page and update the effective date. We encourage you to check this page periodically. If we make significant changes that affect how we process your personal data, we will notify you directly.

15. Contact us

If you have any questions about this privacy policy, your personal data, or wish to exercise your rights, please contact us at:

Email: info@hiwacorp.com
Postal address: HIWACORP LTD, 3rd Floor, 86‑90 Paul Street, London, EC2A 4NE, United Kingdom

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) (www.ico.org.uk) or your local supervisory authority.