Last updated: 30 April 2026
When you register as a Rep, we collect: your name and email address, your union name, branch name, and region, your job title/role (optional), and your connection and activity within the portal (e.g. connection approvals, case updates).
Reps can see: the names of members who have connected with them, aggregated branch incident statistics (not individual incidents), and incident flags explicitly sent to them by members. Reps cannot see: individual incident descriptions, member evidence files, wellbeing diary entries, or personal vault documents. This is enforced at the database level with Row-Level Security.
We process rep data to operate the Rep Portal, generate and validate connection codes, deliver notifications about member activity, and generate anonymised analytics dashboards. The legal basis for processing is contractual necessity (the rep agreement) and legitimate interests.
All rep data is stored on EU West 2 (London) servers with AES-256 encryption at rest. All data in transit is protected by TLS 1.3. Access is restricted via Row-Level Security.
Rep account data is retained while your account is active. Upon account deletion, personal data is erased within 30 days. Aggregated, anonymised analytics data may be retained indefinitely.
Under UK GDPR, you have the right to access, rectify, erase, or port your personal data. You also have the right to object to processing and to restrict processing. To exercise these rights, contact privacy@hwprotect.com.
Data controller: HWProtect Ltd, registered in England & Wales. For privacy queries: privacy@hwprotect.com.
Questions? privacy@hwprotect.com