Privacy Policy

HALO Privacy Policy

Effective date: 1 January 2025
Controller: Halo Service Solutions Limited (“HALO”, “we”, “us”, “our”), Cartref, Bonar Bridge, Ardgay, Scotland, IV24 3AR, United Kingdom. We act as data controller for the data described in this notice. For data you store in our hosted platform we act as data processor and you are the controller (see §2.3).

1. Scope

This Policy covers personal data we collect when you:

Download a trial, request a demo or submit a contact form

Visit our websites or other online properties that link to this Policy

Use our SaaS products and related services (the “Services”)

Interact with our marketing (emails, events, ads)

It does not cover data held solely within your selfhosted (“NonHosted”) HALO environment.

2. Data we collect & why

2.1 Data you provide

Identity & contact data (name, job title, company, email, phone, country/region)

Account data (username, password)

Billing & payment data (handled through PCIcompliant processors)

Support communications (tickets, chat, emails, webinar questions)

Marketing preferences (optins/outs)

Partner referral details (e.g., which reseller you’re working with)

Legal bases (GDPR/UK GDPR): contract (or steps before entering one), legitimate interests (B2B marketing, product improvement, security), consent (where used) and legal obligation.

2.2 Data collected automatically

Usage & device data (IP address, browser type/version, pages viewed, timestamps, crash logs)

Cookies & similar tech (see §6)

2.3 Customer content – Hosted vs NonHosted

If you use our Hosted service, we process the data you upload only on your documented instructions (contract/admin settings). Access by HALO staff is limited to support, maintenance, security or legal requirements. In this role we are your processor. For NonHosted deployments, you control and host all data yourself.

2.4 Google user data (if you enable those integrations)

Our use of Google APIs follows Google’s API Services User Data Policy (including “Limited Use”). Humans do not read Gmail content except with your explicit consent, for security/legal reasons, or in aggregated/anonymised form.

2.5 Optional AI features

Optional AI functions (triage, summarisation, knowledge discovery) route data to OpenAI as a subprocessor. Data is transmitted securely, processed in memory and not retained by OpenAI; we delete transient data after the active session. Data sent to OpenAI is not used to train its models. You can disable AI features at any time.

3. How we use personal data

We use data to:

Provide, secure and maintain the Services (authentication, support, fraud/security monitoring)

Set up trials/demos and respond to enquiries

Send product updates, tips and invitations you’d reasonably expect (or where you’ve consented)

Process payments and manage subscriptions

Analyse usage to improve and develop features

Comply with legal obligations and enforce agreements

4. How we share personal data

We do not sell personal data in the traditional sense. However, providing lead/contact details to authorised partners so they can follow up on your request may be deemed a “sale” or “sharing” under the CCPA/CPRA. You can opt out at any time.

4.1 Categories of recipients

Service providers / subprocessors (hosting, analytics, payment, email, chat, CRM, security). Example: Amazon Web Services (data centres in the US, UK, Canada, South Africa, Australia, Bahrain, Germany). They act under contract, use data only on our instructions, and must protect it appropriately. A current list of subprocessors is available on request.

Authorised partners/resellers – when you ask us to connect you, download a trial via a partner, or otherwise indicate interest.

Corporate transactions – as part of mergers, acquisitions or asset sales.

Legal/safety obligations – to comply with law or protect rights, property or safety.

5. International transfers

We process data in the UK and other countries where we or our providers operate (see AWS regions above). When transferring personal data internationally we rely on appropriate safeguards such as the EU Standard Contractual Clauses (SCCs) and the UK International Data Transfer Agreement/Addendum (IDTA).

6. Cookies & Similar Technologies

We use:

Essential cookies – signin, security, session management

Analytics cookies – Google Analytics, Usermaven

Advertising/retargeting cookies – Google Ads

You can manage preferences via our cookie banner/preference centre or your browser settings. Blocking essential cookies may impact site functionality.

7. Security

We apply administrative, technical and physical safeguards aligned with industry standards, including encryption in transit/at rest (where feasible), rolebased access, monitoring, vulnerability management and employee training. HALO is certified to ISO/IEC 27001 and SOC 2 Type II.

8. Retention

Leads / marketing records: 7 years

Support logs/tickets: 7 years

Hosted log data after contract termination: up to 4 weeks (unless otherwise agreed)

Contract/billing records: retained as required for tax/accounting laws

We delete or anonymise data when it’s no longer needed or when legally required.

9. Your rights

Your rights depend on where you live, but may include:

9.1 EU/EEA & UK (GDPR/UK GDPR)

Access, rectification, erasure, restriction, objection (including to direct marketing), portability and withdrawal of consent. You may complain to your supervisory authority.

9.2 United States (state privacy laws including California)

Rights to know/access, delete, correct, opt out of “sale”/“sharing” and targeted advertising, and nondiscrimination for exercising rights.

California (CCPA/CPRA): Use our “Do Not Sell or Share My Personal Information” link or contact us as below to opt out. You may limit use/disclosure of Sensitive Personal Information.

9.3 Canada (PIPEDA)

Right to access and correct personal information, and to challenge compliance with PIPEDA’s fair information principles.

9.4 Brazil (LGPD)

Rights similar to GDPR, including confirmation of processing, access, correction, anonymisation, portability, deletion and information about sharing.

9.5 Australia (APPs)

Right to access and correct personal information under Australian Privacy Principles.

10. Exercising your rights

Email communications@imaginehalo.com or use our web form here. We may need to verify your identity (and, where applicable, your authorised agent). For data stored in a Hosted environment, please contact your organisation (the controller) first; we will assist them as needed.

11. Changes to this Policy

We may update this Policy periodically. We will post the latest version here and, if changes are material, notify you by email or inapp. Continued use after the effective date constitutes acceptance.

Contact

Halo Service Solutions Limited
Cartref, Bonar Bridge, Ardgay, Scotland, IV24 3AR, United Kingdom
Email: communications@imaginehalo.com

Platform

Latest News

HaloITSM and saasgenie Partner to Accelerate AI-Led ITSM Deployments Worldwide

Halo launches new ‘Halo Athlete’ programme with Suffolk darts star Ryan Meikle

Halo Partners with Loughborough Sport to Support Student Athletes

Software

HaloITSM

The unified Service Management solution, redefined for Enterprises demanding best-in-class results.

HaloPSA

Intuitive, all-inclusive PSA solution, built to transform and modernise the delivery of managed IT services.

HaloCRM

Unify customer-facing teams to boost leads, conversions and customer service with the all-in-one CRM.

Solutions

By Use

By Sector

Customers

Company

Partner