• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Skip to custom navigation
HaloCRM

HaloCRM

  • Features
  • Solutions
    • By Industry
      • Retail and E-Commerce

        Create dazzling service experiences for your shoppers with AI ChatBots and more.

      • Healthcare

        Reduce overheads and increase patient happiness in the only all-inclusive customer service tool.

      • Public Sector

        Create a modern and intuitive customer journey for your constituents and public.

      • All Industries
    • By Use
      • For Enterprise Teams
      • For Customer Services
      • For IT Service Management
      • For Managed Service Providers
    • Resources
      • Integrations
      • Guides
      • Compare HaloCRM
  • Integrations
  • Pricing
  • Contact Us
  • Schedule a Demo
  • Start a Trial

GDPR Statement

HaloCRM GDPR Statement

This document will outline how General Data Protection Regulation (GDPR) affects HaloCRM, and customers of HaloCRM; including what action we have taken in response, and the information you need as a customer of HaloCRM to best comply with GDPR.

Introduction

The European Union has taken a monumental step in protecting the fundamental right to privacy for every EU resident with the General Data Protection Regulation (GDPR) which became effective from May 25th, 2018. Simply put, EU residents will now have greater say over what, how, why, where, and when their personal data is used, processed, or disposed. This rule clarifies how the EU personal data laws apply even beyond the borders of the EU. Any organization that works with EU residents’ personal data in any manner, irrespective of location, has obligations to protect the data. HaloCRM is well aware of its role in providing the right tools and processes to support its users and customers meet the compliance standards.

HaloCRM’s Commitment

At HaloCRM, we have always honoured our users’ right to data privacy and protection. We have never relied on advertising as a revenue stream. We have never served ads to our users, and never will. This means that we have no necessity to collect and process users’ personal information beyond what is required for the functioning of our products.

Over the past 20+ years, we have demonstrated our commitment to data privacy and protection. We already have strong Data Processing Agreements, and have revised them to meet the requirements of the GDPR.

Some of our ongoing initiatives are:

  • Identifying personal data – Each of our 40+ different applications undertakes a different level of personal data collection, usage, storage and disposal. Defining the purview of personal data for each of these applications and documenting the various sources of data will go a long way in providing a roadmap for compliance in the days leading up to the implementation.
  • Providing visibility and transparency – The most important aspect of GDPR is how the collected data is used. As a data processor, HaloCRM’s key role is to provide our customers (the data controllers) with the access to effectively manage and protect their user data. HaloCRM is exploring ways to make optimal product enhancements without compromising on performance so that we can provide better transparency to our customers.
  • Enhancing data integrity and security – Data privacy and data security are closely linked. As our customers tighten their data security measures, HaloCRM would like to extend a helping hand. We’re streamlining the processes for our cloud applications by implementing IT policies and procedures that provide end-to-end security.
  • Portability and transferability of data – GDPR gives end users the right to either receive all the data provided and processed by the controller or transfer it to another controller depending on technical feasibility. With this new right in mind, HaloCRM has worked further enhancing its data exporting capabilities to enable export even at the individual level.

What Personal Data is Collected and How it is Collected

Please see the HaloCRM Privacy Policy which describes the categories of information we process and the purposes for which we process personal data.

How Long is Personal Data Retained

If you provide information to us to request a demo, we will keep that information for up to twelve months after your last communication with us.

We will keep personal information provided by customers for up to three months after the end of our business relationship and subject to our SaaS agreement.  All payment information will be deleted three months after processing, unless we are required by law to keep it longer. 

If you contact us directly using the contact information provided on the HaloCRM website, we will retain your contact information for a period of up to three months after we respond to your inquiry. After that, the communications will be deleted from our system, unless we are required by law to retain it longer.

Children’s Privacy

The HaloCRM website and platform were not developed or intended for individuals that are deemed to be children under applicable data protection or privacy laws, and we do not knowingly collect information from children.

Legal Basis for Processing

If you are a user of the HaloCRM website or platform located in the EEA, we rely on legitimate interest as the legal basis for processing the personal data we collect via the website and platform.

Processor

HaloCRM, Halo Service Solutions Ltd., is a Processor of personal data covered by the Privacy Policy for purposes of European data protection legislation.

Subprocessors

In connection with the operation of our website, HaloCRM may engage third parties (each a “Subprocessor”) to process your personal data. As a condition of permitting a Subprocessor to process your personal data, HaloCRM will enter into a written agreement with each Subprocessor containing data protection obligations at least as protective as the technical and organisational measures HaloCRM has put into place to protect your personal data from accidental or unlawful destruction, loss, alteration, or unauthorized disclosure or access.

We use the following Subprocessors to operate our website and provide our services:

NameSubprocessing ActivityCountry of Origin
Amazon Web Services, Inc.Cloud Service ProviderUnited States
Microsoft CorporationInfrastructure and CollaborationUnited States
DocuSign Inc.Contract SigningUnited States
MailChimpMarketingUnited States
Intuit Inc.Subscription & Billing  United States

Features

We’ve added features that will enable you to easily and completely delete all data linked to an individual user.

There is functionality for data anonymisation within Halo, this exists within the Customer module with direct effect to the database user records. This is designed to replace the users name-value string with an anonymous user, in the event of a customer or employee leaving your organisation.

Agreements


Our Data Processing Agreement (DPA) that explains the privacy considerations in place and our terms for meeting GDPR compliance.

If you are a current Halo customer who would like to enter into a DPA with us, you can do so by emailing or calling your dedicated account manager to request a DPA agreement.

You’ll need to download, review, and sign the agreement. You can then return it back to us by sending to: compliance@imaginehalo.com.

Team Changes

HaloCRM Data Protection Officers oversee and maintain policies as they relate with data management.

To contact the Data Protection Officer at any time, please reach out to compliance@imaginehalo.com.

We’ve also augmented our team training to accommodate needs associated with GDPR.

Data Transfers

We currently utilise AWS services for data centres within the European Union, of which are self-contained and completely isolated units which are solely used for European customer accounts to ensure compliance. All of the data for these EU apps are completely isolated to these servers, including backups, to ensure no data ever leaves the EU. This data is 100% encrypted.

If you are unsure if your data is currently housed in our EU data centre, you can check with your dedicated account manager via phone or email to check.

What does this mean for our customers?

Depending on the type of agreement you have with us, this will have different implications to how GDPR affects you:

Cloud Purchase: If HaloCRM hosts your PSA software, it will be on your own dedicated server – ensuring optimum performance and security. All of your information will remain secure and only accessible by those you give permission to. For GDPR, you will benefit from our enhanced reporting service for any activity taking place on our servers. With our secure AWS Servers, you can be rest assured your European Citizen data will be based out of the UK in compliance with GDPR.

On-Premise Purchase: If you benefit from installing HaloCRM onto your own servers. Then you will still be able to benefit from the additional features coming in to help you comply with GDPR.

If you wish to upgrade to our hosted service to benefit from increased security and monitoring capability, please contact: sales@HaloCRM.com.

Some of our product enhancements are about to make it easier for you to:

  • Provide access controls
  • Encrypt, anonymize or delete user data
  • Perform data audits or assessments using data processing logs
  • Create provisions for data subjects rights
  • Enhance security for user data

For any requests for further information, to exchange Data Processing Agreement (DPA)’s and urgent reporting requests, please contact us: communications@HaloCRM.com

Footer

Company

  • Contact Us
  • Careers
  • Technology Partners
  • Channel Partners
  • Referral Program
  • Global Impact

HaloCRM

  • Features
  • Integrations
  • Mobile Apps
  • Pricing
  • HaloCRM Guides
  • Roadmap
  • Blog

Key Features

  • Ticketing
  • Omnichannel
  • Automation
  • Customer Portal
  • Customisation
  • Reporting and Analytics

Compare Tools

  • Freshdesk Alternative
  • Help Scout Alternative
  • HubSpot Alternative
  • Microsoft Dynamics 365 Alternative
  • Salesforce Service Cloud Alternative
  • Zendesk Alternative
  • Zoho Alternative

Social

  • Terms and Conditions
  • Privacy Policy
  • Security
  • GDPR