Policy Date: 18th June 2021. This policy supersedes any previous policy and is frequently reviewed.
Who we are?
Halo Consultancy (Halo) is a telecommunications company that has two main areas of business:
a) Halo brokers data for use within the telecommunications industry
b) Halo provides call centre outsourcing services.
Halo’s Contact details
ICO Registration Number: ZA427338
Company Registration Number: 05366742
The data brokered by Halo is generally used for live call, call centre contact in order to sell mobile phone products. Halo may broker data for opt-in email also.
Halo does not collect the data directly from the customer. Halo purchases data from online or telemarketing data suppliers and /or aggregators on behalf of its end clients. Therefore, Halo’s business involvement is commercial (data costs and value) and compliance (data due diligence and auditing of the data collection process).
Data Supplier and Collection Due Diligence
The purchased data must meet the following conditions:
• Halo will only buy data from reputable, ICO registered data suppliers which in turn collect personal data via GDPR compliant online or telemarketing methods.
• Halo uses either consent or ‘legitimate interests’ as the legal means for processing the customer’s data for marketing purposes.
• The customer must have been presented with a clear, unambiguous fair processing statement where choice is freely given, is specific, informed and positive expression of choice provided. This will include the granularity of marketing consent e.g being presented with opt-in tick boxes across the potential communications channels of phone, email and post ( for consent).
• The customer must have been given notification that their data maybe passed onto a 3rd party for marketing purposes.
• The customer must have been given notification that phone contact will potentially be made.
• If a campaign involves email contact, opt-in for email contact must have been given by the subject.
• The subject must have been presented with relevant marketing sectors which the 3rd parties may represent. e.g. telecommunications.
• If consent is used, the brands associated with the potential marketing must be listed.
• The customer must be provided with clear opportunities to opt out and to withdraw consent.
General Data Protection Regulation (GDPR)
The GDPR, the new data protection law comes into effect May25th 2018. The GDPR sets a higher standard when obtaining customer consent for marketing (a legal basis for data collection and processing).
Halo already sets a high bar when obtaining opt in consent data as the customer must proactively opt-in to receive marketing calls from a telecoms 3rd party. Halo does not purchase data with pre ticked boxes or any data that provides default consent.
However, as the GDPR is about providing choice, control and transparency Halo will ensure GDPR compliant data collection practices will be adhered to. Please see the GDPR section under ‘Compliance’ on the Halo Consultancy website for further details.
What Personal Information Does Halo Hold?
Halo does not handle any personal data.
Halo sources marketing data which matches Halo’s compliance and commercial requirements. Halo sets up a relationship between the data supplier and the end client without being involved in the transfer or handling of the personal data itself.
Halo does carry out due diligence on the data handling processes of the data suppliers and the end clients to ensure appropriate data protection and security are in place.
Data Processing Activities
Halo does perform processing activities on non personal data, specifically a mobile phone number which is not linked to any other data.
Halo checks a mobile phone number against the Home Location Register (HLR) to determine its ‘live’ or ‘dead’ status.
Halo holds a Telephone Preference Service (TPS) licence. Therefore, in conjunction with the Privacy and Electronic (EC Directive) Regulation 2003 all mobile phone data is screened against the TPS with any registrations removed.
The HLR and TPS checks take place in accordance with the General Data Protection Regulation’s 4th principle to ensure that the data is appropriately filtered, cleansed and made accurate for the purposes of the sales campaign.
Records of these data processing activities are maintained.
Access To Your Data.
You have a right to access the information about you which may have been processed.
Halo does not handle or store personal data but Halo will help you to identify whether your data has been processed for a marketing campaign. Therefore, Halo can identify whether a data lead has been bought from a data supplier and whether it has been transferred onto an end client.
There will be no charge for providing this information and this data search will be completed within 30 days.
Your Right To Make A Complaint To The ICO.
If you are dissatisfied with any investigation Halo has carried out you have the right to complain to the supervisory, regulatory body which is the Information Commissioner’s Office (ICO). Please go to the following web link for further details https://ico.org.uk/for-the-public/raising-concerns/ or call their helpline on 0303 123 1113.
Data Storage and Transfer.
As stated above Halo does not store personal data.
A ‘privacy by design’ process has been developed to ensure that any personal data transfers take place between the data supplier and the end client removing Halo from the personal data process chain.
Data Protection and Security.
Halo is committed to the privacy and security of all personal data. This means adhering to the current Data Protection 1998 (DPA) and its principles of data protection. It will also mean adhering to General Data Protection Regulation which will supersede the DPA in May 2018. Therefore, Halo is committed to the following:
• Any personal data purchased is used only for legitimate and lawful purposes.
• The data used is not excessive, is up to date, accurate and is relevant.
• Only secure delivery methods are used to transfer between the data supplier and end client.
• All data suppliers and end clients have a joint responsibility and commitment to the privacy and security of personal data.
• Halo will comply with all customer queries and rights including the customer’s right to data access and consent withdrawal.
• Halo will provide process transparency and the appropriate governance over its business practices which includes carrying out adequate due diligence of its data suppliers, its end clients and the data collection processes used.
A Glossary of Terms and Definitions Which May Be Of Help To You.
DPA: The current Data Protection Act 1998
GDPR: General Data Protection Regulation: New data protection laws that will replace the current DPA and will come into force in May25th 2018.
ICO: The Information Commissioner’s Office in the United Kingdom is a non-departmental public body which reports directly to Parliament and is sponsored by the Ministry of Justice. It is the independent regulatory office dealing with upholding the public’s information rights and the enforcement of data protection laws including the Data Protection Act 1998 the forthcoming GDPR plus the Privacy and Electronic Communications (EC Directive) Regulations 2003 across the UK
Personal Data: Personal data means data which is related to a living individual who can be identified from the data held. e.g. name and address.
HLR: The Home Location Register is the main database of permanent subscriber information for a UK mobile network. The HLR provides information on whether the subscriber’s number is ‘live’ or ‘dead’ and which network the mobile number is on.
TPS: Telephone Preference Service is the official central opt out register on which you can record your preference not to receive unsolicited sales or marketing calls. It is a legal requirement that all organisations (including charities, voluntary organisations and political parties) do not make such calls to numbers registered on the TPS unless they have your consent to do so. All data used by Halo is screened for TPS entries.
Opt-in Customer Consent: Consent is a legal means for collecting personal data. To ‘opt-in’ refers to a customer proactively choosing to request contact by telephone or other methods such as post and email from a 3rd party.
SAR: Subject Access Request. This is a legal right, created by section 7 of the Data Protection Act which allows individuals to see a copy of the information an organisation holds about them
Sensitive data: Halo does not purchase sensitive data. Sensitive data is personal data but with additional information such as the racial or ethnic origin of the data subject, political opinions, religious beliefs, Trade Union membership, physical or mental health information, financial information and criminal information.
Data Supplier: This relates to a business which collects personal data and provides opt in consent for marketing purposes through websites or telemarketing.
End Client: An end client is a business which requests Halo to seek and purchase marketing data on its behalf. This will be for telephone and email marketing campaigns.