Halio – Data Protection Policy

1. Introduction

At Halio, protecting your personal data is a priority. This Data Protection Policy explains how we, as a Data Processor, handle personal data on behalf of our customers, including direct customers and Licensees offering a white-labelled version of the Halio platform.

This Policy ensures compliance with UK data protection laws, including the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

By creating an account on the Halio Platform, either directly or through a Licensee, you agree to this Policy.

2. Key Definitions

  • Data Controller: The organisation (you, the Company/Licensee) that determines the purpose and means of processing personal data.
  • Data Processor: Halio, which processes personal data on behalf of the Controller.
  • Personal Data: Any information relating to an identifiable individual, such as names, email addresses, or payment details.
  • Processing: Any operation performed on personal data, including collection, storage, modification, use, or deletion.
  • Data Subject: The individual whose personal data is being processed.
  • Subprocessor: A third party engaged by Halio to process personal data on its behalf.
  • Data Breach: A security incident leading to destruction, loss, alteration, unauthorised disclosure of, or access to personal data.

3. Roles and Responsibilities

3.1 Controller Responsibilities

  • If you are a direct customer, you act as the Data Controller.
  • If you are a Licensee, you act as the Data Controller for your end users.
  • Controllers are responsible for ensuring that personal data collected and uploaded complies with data protection law.

3.2 Halio as Processor

Halio acts as a Data Processor, processing personal data only on documented instructions from the Controller and in compliance with this Policy.

4. Processing of Personal Data

4.1 Lawful Processing

Halio will process personal data only for purposes necessary to provide and support the Platform, and only in accordance with applicable data protection laws.

4.2 Controller Instructions

The Controller instructs Halio to process personal data as necessary to:

  • Provide access to the Platform and its features
  • Store and back up data
  • Support communications between users and Halio
  • Perform analytics and monitoring for Platform improvement

5. Security Measures

Halio implements technical and organisational measures to ensure the confidentiality, integrity, and availability of personal data, including:

  • Data encryption in transit and at rest
  • Access controls and authentication requirements
  • Regular security audits and penetration testing
  • Multi-layered backup and recovery systems

6. Subprocessing

  • Halio may use subprocessors (e.g., hosting, analytics, AI, or payment providers) to process data.
  • Subprocessors are bound by written agreements requiring equivalent data protection obligations.
  • A current list of subprocessors can be provided upon request.
  • Halio will notify Controllers of material changes to subprocessors where feasible.

7. Data Subject Rights

Controllers are responsible for handling Data Subject requests (DSRs). These include:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction
  • Right to portability
  • Right to object

Halio will provide reasonable assistance to Controllers in fulfilling these rights.

8. Personal Data Breaches

In the event of a breach, Halio will notify the Controller without undue delay and provide:

  • A description of the breach
  • The categories and approximate number of affected Data Subjects
  • Potential consequences of the breach
  • Measures taken or proposed to address the breach

Halio will cooperate fully with the Controller to investigate and, where required, notify supervisory authorities and affected Data Subjects.

9. International Transfers

Where data is transferred outside the UK or EEA, Halio ensures compliance with GDPR requirements through:

  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules
  • Other legally recognised safeguards

10. Retention and Deletion

  • On termination of the Agreement, Halio will delete or return all personal data processed on behalf of the Controller.
  • User Data is retained for 30 days post-termination to allow export.
  • Backups may persist for up to 90 days before being overwritten.
  • Data may be retained beyond this period only where required by law.

11. Audit Rights

Halio will provide documentation demonstrating compliance with this Policy. Controllers or their auditors may conduct audits, subject to:

  • Reasonable prior notice
  • Confidentiality obligations
  • Proportionality of the request

12. Governing Law and Jurisdiction

This Policy is governed by the laws of England and Wales. Any disputes will be subject to the exclusive jurisdiction of the English courts.

13. Confidentiality

Halio treats all personal data processed on behalf of Controllers as confidential. This obligation continues after termination of the Agreement.

14. Data Protection Impact Assessments (DPIAs)

Halio will assist Controllers in conducting DPIAs, where required under Article 35 UK GDPR, for high-risk processing activities involving the Platform.

15. Changes to This Policy

Halio may update this Policy from time to time to reflect changes in law or processing practices. Controllers will be notified of material changes.

16. Contact Information

For any questions about this Policy or data protection practices, contact: 📧 support@halio.ai

Ready to start posting?
*Try free for 14 days. No credit card required.
Get Started
Saas Webflow Template - Nairobi - Designed by Azwedo.com and Wedoflow.com
AI-powered social media tool for financial advisers and accountants – Halio.ai dashboard preview.
Where AI meets simplicity - Transform your social media with us!
Ready to get started?
Get Started
Useful links
Home
About
Pricing
Insights
Resources
Legal
Help Centre
Video Tutorials
Industries
SJP Advisers
Financial Advisers
UK Accountants
© 2025 Halio.ai