Halo privacy policy

Background
Reneza Limited ("Halo", "we", "us", "our"), understands that your privacy is important to you and that you care about how your personal data is processed. We are committed to protecting and respecting your privacy.
Under data protection laws, we are required to provide you with certain information about who we are, how we process your personal data and for what purposes, and your rights in relation to your personal data. This privacy policy applies to personal data in ways that are described here, and in manner that is consistent with our obligations and your rights under the law.
1
Information about us
1.1
Our website is owned and operated by Reneza, a limited company registered in England under company number 11204247, whose registered office is at 16 Folgate st., Spitalfields, London, E1 6BX and whose main trading address is CityPoint, Ropemaker St., EC2Y 9HT
1.2
Halo is the controller of your personal information. Our data protection officer is Mr. Benas Baltramiejunas, and can be contacted by email at benas@Halo.com, or by telephone +44 7428 770230‬. We are registered with the ICO, you can view our details at https://ico.org.uk/ESDWebPages/Entry/ZA787846.
1.3
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues, however, we will appreciate if you contact our data protection office in the first instance so that we can assist in resolving any queries you may have. For further information concerning your rights, please contact the Information Commissioner’s Office or your local Citizens Advice Bureau.
‬‬‬
1.4
Our services:
1.4.1
www.Halo.rent ("website");
1.4.2
app.Halo.com ("web app");
1.4.3
Together, these form "our services";
1
Changes to this privacy policy
1.1
If you disagree with the changes contained in this privacy policy, you should deactivate your account with our services. Please contact us if you wish to request the removal of your personal data. Any changes we make to our privacy policy in the future will be posted on this page and, where possible, notified to you by email. Please check frequently to see any changes or updates.
3
Personal data we collect
3.1
We collect the following types of personal data:
Identity Data
First name, last name, maiden name, username or similar identifier, marital status, title, date of birth, gender, email address, postal address, residential address, employer details, salary, name of guarantors, referee data, your passport and/or other legal identification information
Contact Data
Billing address, delivery address, email address and telephone numbers
Financial Data
Bank account and payment card details
Transaction Data
Includes details about payments to and from you
Device Data
Includes [the type of mobile device you use, a unique device identifier (for example, your Device's IMEI number, the MAC address of the Device's wireless network interface, or the mobile phone number used by the Device), mobile network information, your mobile operating system, the type of mobile browser you use, time zone setting
Profile Data
Includes your username and password, purchase history, your interests, preferences, feedback and survey responses
Usage Data
includes details of your use of any of our web app Apps or your visits our site, including, but not limited to, traffic data, whether this is required for our own billing purposes or otherwise and the resources that you access
Marketing and
Communications
Data
Includes your preferences in receiving marketing from us and our third parties and your communication preferences
Location Data
Includes your current location disclosed by GPS technology (Avery Law: please confirm if the web app collects location data)
Technical Data
Includes your IP address, browser type and version, time zone setting, broad location, log-in information, operating system and platform, download errors; number and duration of visits to the Portal, any search queries entered on the Portal, details of which particular pages have been visited and your activities generally in relation to the Portal and your interactions with other users

Some of this information may be collected by a third party website analytics service provider on our behalf and may be collected using cookies. For further details about how we use cookies, please see section 10 of this privacy policy.
1.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.
2.
If you are an estate/letting agent or any other asset manager benefiting from our services who is setting up landlords and/or tenants accounts and entering their personal information, you have to ensure your sharing this privacy policy with them and have the authority and permission from landlord and/or tenant to do so.
3.
If you are a tenant, you must ensure that you have authority and permission to share any personal data relating to any data subject such as guarantor, referee or previous landlord. Please provide a copy of this privacy policy to those persons and ensure that they are aware of and understand its contents.
2
Personal data we collect
Providing and managing your services account
Installing the web app and registering you as a new user
Managing our relationship with you including notifying you of changes to our services
Personalising and tailoring your experience on our website
Providing the services, products you purchased via Halo web app
Processing credit and debit card payments
Incorporating your account on one or more portals (including this website) and create an integrated account and service provided by Halo
Making sure the service you receive is efficient and effective
Identity
Contact
Financial
Device
Profile
Your consent
Performance of a contract
Necessary for our legitimate interests (to provide the highest quality
services)
Providing an integrated service, information and deal with your enquires in relation to your use of the Halo web app and notify of changes if any
Facilitating the agreement between the tenant/agent/landlord and you
Processing purchases and delivering services, including managing payments and collecting money for services
Supplying our services to you which are incidental to the tenancy process
Analysing subscription and payment trends to facilitate well informed business strategy decisions
Identity
Contact
Financial
Transaction
Device
Marketing and Communications
Location
Performance of a contract
Necessary for our legitimate
interests (for example,
to recover debts due)
Administering and protecting our business and our services including troubleshooting, data analysis and system testing, research, and statistical purposes
To improve our services to ensure that our content is presented in the most effective manner for you and for your device
Sharing your personal information with different departments within our organisation
To allow you to participate in interactive features of our service, when you choose to do so
Identity
Contact
Device
Usage
Necessary for our legitimate interests (for example, to protect our business interests)
Analysing your use of our website and gathering feedback to enable us to continually improve our website and your user experience
Delivering content and advertisements to you about services provided by us and our partners
Making recommendations to you about services which may interest you
Measuring and analyzing the effectiveness of the advertising we serve you
Monitoring trends so we can improve our services;
Improving and maintaining our services by, detecting abuse or breach of a user account, detecting and tracking errors and by monitoring activity to provide customer support and conduct bug fixes
As part of our efforts to keep our website and/or web app safe and secure, we use your personal data for the purpose of preventing account abuse and detecting possible breaches
Identity
Contact
Device
Profile
Usage
Marketing and Communications
Location
Necessary for our legitimate interests (for example, to recover debts due)
Verifying your identity (know your customer and anti-money laundering requirements)
Identity
Contact
Usage
Performance of a contract
Necessary to comply with legal obligations
Necessary for our legitimate interests (as may be required in order to provide our services)
Contacting you by email and/or telephone with information, news and offers on our products and/or services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the EU GDPR, UK GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (where appropriate)
Contact
Usage
Marketing and Communications
Necessary for our legitimate interests (to provide services that may be of interest to you on the basis of the services you are receiving from us)
Keeping a record with regards to your exercise of your legal rights under the data protection laws
Accounting for our decisions and investigating complains
Identity
Contact
Profile
Necessary to comply with our legal obligations
Sharing your contact details with our third party partners for them to contact you with marketing information about their products and services
Identity
Contact
Profile
Your consent
2.1
We may share your personal information with third parties (including but not limited to Eversign, Rightmove, Zoopla, Xero) whose content appears on our website and/or web app may use third party Cookies. Please see section 10 below for information regarding the use of cookies. Please note that we do not control the activities of such third parties, nor the data they collect and use and advise you to check the privacy policies of any such third parties.
2.2
We also collect, use and share "Aggregated Data" such as statistical data with our partners for any purpose, including statistical and analytical purposes. Aggregated Data could be derived from your personal information but is not considered personal information in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if it is combined or connected Aggregated Data with your personal information so that it can directly or indirectly identify you, it treats the combined data as personal information which will be used in accordance with this policy.
2.3
We do not collect any "Special Categories of Personal information" about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor does it collect any information about criminal convictions and offences.
3
How we collect your personal data
3.1
We may use different methods to collect data from and about you including through Direct interactions. You may give your Identity, Contact and Financial Data by filling in forms or by corresponding with the Operator or JPM by post, phone, email or otherwise. This includes personal information you provide when you:
Create an account on our web app or website
Contact an agent who may share your personal information with us – in which case such relevant agent is responsible for obtaining all necessary consents and other lawful bases for the purpose of processing your personal data; please ensure you request a copy of the privacy policy from the relevant agent
contact us; and
obtain our services.
3.2
As you interact with our app, we will automatically collect Technical Data about your equipment, browsing actions and patterns.
4
Others who may receive or have access to your personal information
4.1
When sending your information to third parties, we only disclose to them any personal information that is necessary for them to provide their service and we have a contracts in place that require such parties to keep your information secure and not to use it other than in accordance with our specific instructions. Before sharing your personal data, we will consider all legal implications of doing so.
4.2
When deciding whether to share personal data with any third parties we will:
Identify the objective that we wish to achieve
Identify the risks that the data sharing will pose
Consider the potential benefits and risks to individuals us
Consider the likely results of not sharing the data
Consider how the personal data should be shared
Consider the appropriate safeguards that will match the risks of sharing the data
Consider whether it is appropriate to achieve the same objective without sharing the data and we will keep records of all aforementioned considerations and our decisions
4.3
Other than as expressly set out in this privacy policy or as otherwise required or permitted by law, we will not share, sell or distribute any of your personal information without your consent
4.4
Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in s. 1159 of the UK Companies Act 2006
4.5
Carefully selected third parties (business partners, landlords, agents, tenants, suppliers, sub-processors, sub-contractors and credit rating agencies) for the performance of any contract we enter into with them for the purposes identified in the table above. In particular, we provide your personal data to the following third parties:
Stripe – holding deposit collection purposes
Eversign – tenancy agreements prepopulating
FCC Paragon – tenant referencing services (We are currently developing the integration for it)
Legals for Landlord - tenant referencing services
Good2Rent – tenant referencing services
Vorensys – tenant referencing services
Very-Check - tenant referencing services
The Lettings Hub – tenant referencing services
HomeLet – tenant referencing services
4.6
In certain circumstances, we may be legally required to share certain data held by us, which may include your personal data, with competent law enforcement bodies, regulatory, government agencies, third party or court in compliance with our legal obligations.
4.7
For the purposes of improving and optimising our services we use the following cloud service providers:
Google Cloud
5
Others who may receive or have access to your personal information
5.1
We may sometimes use third party data processors that are located: (i) in the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein) in accordance with the EU GDPR; or (ii) to any other third country. Where we transfer any personal data outside the UK, we will take all reasonable technical and organisational steps to ensure safety of personal data in accordance with the EU GDPR and the UK GDPR (where appropriate), for example by way of adopting standard contractual clauses.
5.2
In some circumstances, we may transfer personal data to a third country following an adequacy decision, pursuant to which the following countries (as may be amended from time to time) provide sufficient protections with regards to personal data: Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland and Uruguay.
5.3
Halo website and our web app may from time to time contain links to other websites belonging to or operated by other third parties. By making these links available, we are not endorsing third-party websites, their content, products, services, nor do we warrant that these websites provide adequate protection with regards to personal data. It is your responsibility to make sure that you obtain any information which may be relevant to making a decision, and that you read the privacy and security policies on such third-party websites.
6
Where and how long we store your personal information
6.1
We will not keep your personal information for longer than is necessary, for the purposes for which it was collected and is processed and for the purposes of satisfying our legal, accounting or regulatory reporting requirements.
6.2
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements
6.3
In some circumstances we will anonymise your personal information (so that it can no longer be associated with you) for research, statistical or analytical purposes, in which case we may use this information indefinitely without further notice to you
7
Technical and organizational security
7.1
Personal data security is very important to us, and to protect your data we have taken suitable measures to safeguard and secure data collected through our website and/or web app.
7.2
We implement appropriate technical and organizational measures to protect your personal information when collecting and processing.
7.3
As part of our efforts to keep our website and/or web app safe and secure, we employ measures that are designed to provide the appropriate level of security.
7.4
Even though we will do our best, communication via internet is not always secure and we cannot guarantee your personal information is secure whilst is being transmitted.
7.5
Once the information has been received, we will ensure appropriate technical and organizational security measures to protect your personal information from unauthorized access, unlawful destruction, loss.
7.6
While we are doing our best to protect your personal data, you are responsible for keeping your user details and password securely and confidentially
7.7
Our members of staff are fully aware of our data protection responsibilities under the UK GDPR and the EU GDPR. Only employees and other parties working on our behalf that need access to, and use of, personal data in order to perform their work shall have access to personal data held by the company and will be trained to handle the data and bound by contract (where appropriate) to comply with this policy and our legal obligations.
8
Your rights
8.1
As a data subject, you have a number of legal rights:
Right to rectification. If your personal information is incorrect or incomplete any way, you may notify a person dealing with your matter and where inaccurate or incomplete, it will be corrected it without unreasonable delay.
Right of access. You have a right to:
request a confirmation that we are processing your personal information;
access your personal information and request a copy (unless providing a copy adversely affects the rights and freedoms of others);
obtain certain information about how your personal information is processed, categories of personal information processed, recipients or categories of recipients who receive your personal information; and
request how long your personal information is stored for and the criteria used to determine retention periods.;
Right to be informed. You have a right to be informed
how your personal information is being proccessed;
how long it will be stored for;
the legal basis for processing;
recipients (or categories of recipients) of your personal information; and
whether personal information must be provided under statute or for another reason and the consequences of not providing the personal information to ensure the fair and transparent processing of your personal information.
Right to restrict processing under certain circumstances. You have a right to restrict processing under certain circumstances:
if you contest the accuracy of your personal information, processing may be restricted, until the accuracy can be verified;
if the processing is unlawful;
If we no longer need to process your personal information, unless we still need your personal information for establishing and defending legal claims; and
if you object to processing that relies on public interest or legitimate interest of any relevant party as the lawful processing ground.
Right to data portability. You have a right to receive from us a copy of your personal information in commonly used and machine-readable format and store it for further use on a private devise. You have a right to transmit personal information to another third party; or have your personal information transmitted directly from one third party to another where technically possible.
Right not to be subject of automated processing. You have a right not to be subject to automated decision-making, including profiling, which has legal or other significant effects on you. This does not apply when the automated decision is necessary for entering into or performing a contract with you; or it is authorised by the relevant law applicable to us if the law requires suitable measures to safeguard your rights and freedoms and legitimate interests; or based on your explicit consent.
The right to object to processing. You may object to direct marketing, including profiling related to direct marketing. We will stop processing your personal information once notified by you, subject to reasonable period required to comply with your request, except if we can demonstrate a compelling legitimate ground for processing the personal information that overrides your request; or processing is necessary to exercise or defend legal claims.
8.2
If you wish to exercise any of the rights set out above, please contact us at the address set out above.
9
No fee usually required
9.1
You will not have to pay a fee to access your personal information (or to exercise any of the other rights).
10
Cookies and other tracking technology
Strictly necessary cookies. These are cookies that are required for the operation of our website and/or web app. They include, for example, cookies that enable you to log into secure areas of our website and/or platform.
Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website and/or platform when they are using it. This helps us to improve the way our website and/or platform works;
Functionality cookies. These are used to recognise you when you return to our website and/or platform. This enables us to personalise our content for you, greet you by name and remember your preferences; and
Targeting cookies. These cookies record your visit to our website and/or platform, the pages you have visited and the links you have followed. We will use this information to make our website and/or platform and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
10.4
Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies. Please check such third party’s privacy and cookie policy before accessing their websites and applications.
10.5
You can block cookies by activating the relevant settings on your browser which allow you to refuse particular types of cookies; however, if you use your browser settings to block all, or strictly necessary, cookies you may not be able to access all or parts of our website and web app.