Privacy Policy

Halo Consultancy’s Privacy Policy

Policy Date: 18th June 2021. This policy supersedes any previous policy and is frequently reviewed.

Who we are?

Halo Consultancy (Halo) is a telecommunications company that has two main areas of business:
a) Halo brokers data for use within the telecommunications industry
b) Halo provides call centre outsourcing services.

Halo’s Contact details

[email protected]
[email protected]
Mobile Phone number: 07966 21119
Heritage Park
37 Sutton Avenue

ICO Registration Number: ZA427338
Company Registration Number: 05366742

Brokering Data

The data brokered by Halo is generally used for live call, call centre contact in order to sell mobile phone products. Halo may broker data for opt-in email also.
Halo does not collect the data directly from the customer. Halo purchases data from online or telemarketing data suppliers and /or aggregators on behalf of its end clients. Therefore, Halo’s business involvement is commercial (data costs and value) and compliance (data due diligence and auditing of the data collection process).

Data Supplier and Collection Due Diligence

The purchased data must meet the following conditions:

• Halo will only buy data from reputable, ICO registered data suppliers which in turn collect personal data via  GDPR compliant online or telemarketing methods.
• Halo uses either consent or ‘legitimate interests’ as the legal means for processing the customer’s data for marketing purposes.
• The customer must have been presented with a clear, unambiguous fair processing statement where choice is freely given, is specific, informed and positive expression of choice provided. This will include the granularity of  marketing consent e.g being presented with opt-in tick boxes across the potential communications channels of phone, email and post ( for consent).
• The customer must have been given notification that their data maybe passed onto a 3rd party for marketing purposes.
• The customer must have been given notification that phone contact will potentially be made.
• If a campaign involves email contact, opt-in for email contact must have been given by the subject.
• The subject must have been presented with relevant marketing sectors which the 3rd parties may represent. e.g. telecommunications.
• If consent is used, the brands associated with the potential marketing must be listed.
• The customer must be provided with clear opportunities to opt out and to withdraw consent.
• There must be a clear link to a privacy policy which will outline how the supplier/ data collector will process and manage the customer’s data.
• The privacy policy must also contain a minimum amount of data collection/processing information which must include the supplier’s contact details, the legal basis for data processing, the personal data collected and reasons for processing,  where Legitimate Interests is relied on, the details of what these Legitimate Interests are should be stated, marketing/industry sectors stated and brand listing if consent is used for processing, a commitment to data security, stating customers’ rights including consent withdrawal and subject data access, the right to lodge a complaint with a supervisory authority, the data retention period stated, details of transfers to third country and any safeguards in place, where relevant, an explanation of any automated processing or profiling of personal data undertaken, state whether cookie data is collected and if so, state the different types of cookie data, changes and date the Privacy Policy and the DPO contact details where applicable.

General Data Protection Regulation (GDPR)

The GDPR, the new data protection law comes into effect May25th 2018. The GDPR sets a higher standard when obtaining customer consent for marketing (a legal basis for data collection and processing).
Halo already sets a high bar when obtaining opt in consent data as the customer must proactively opt-in to receive marketing calls from a telecoms 3rd party. Halo does not purchase data with pre ticked boxes or any data that provides default consent.
However, as the GDPR is about providing choice, control and transparency Halo will ensure GDPR compliant data collection practices will be adhered to. Please see the GDPR section under ‘Compliance’ on the Halo Consultancy website for further details.

What Personal Information Does Halo Hold?

Halo does not handle any personal data.
Halo sources marketing data which matches Halo’s compliance and commercial requirements. Halo sets up a relationship between the data supplier and the end client without being involved in the transfer or handling of the personal data itself.
Halo does carry out due diligence on the data handling processes of the data suppliers and the end clients to ensure appropriate data protection and security are in place.

Data Processing Activities

Halo does perform processing activities on non personal data, specifically a mobile phone number which is not linked to any other data.
Halo checks a mobile phone number against the Home Location Register (HLR) to determine its ‘live’ or ‘dead’ status.
Halo holds a Telephone Preference Service (TPS) licence. Therefore, in conjunction with the Privacy and Electronic (EC Directive) Regulation 2003 all mobile phone data is screened against the TPS with any registrations removed.
The HLR and TPS checks take place in accordance with the General Data Protection Regulation’s 4th principle to ensure that the data is appropriately filtered, cleansed and made accurate for the purposes of the sales campaign.
Records of these data processing activities are maintained.

Access To Your Data.

You have a right to access the information about you which may have been processed.
Halo does not handle or store personal data but Halo will help you to identify whether your data has been processed for a marketing campaign. Therefore, Halo can identify whether a data lead has been bought from a data supplier and whether it has been transferred onto an end client.
If you would like to understand how your personal data may have been used, please email or write to Halo using the contact details provided within this privacy policy. Where possible, Halo will help to provide processing transparency either through its own activities or through those of its data suppliers and end clients.
There will be no charge for providing this information and this data search will be completed within 30 days.
Your Right To Make A Complaint To The ICO.
If you are dissatisfied with any investigation Halo has carried out you have the right to complain to the supervisory, regulatory body which is the Information Commissioner’s Office (ICO). Please go to the following web link for further details or call their helpline on 0303 123 1113.

Data Storage and Transfer.

As stated above Halo does not store personal data.
A ‘privacy by design’ process has been developed to ensure that any personal data transfers take place between the data supplier and the end client removing Halo from the personal data process chain.

Data Protection and Security.

Halo is committed to the privacy and security of all personal data. This means adhering to the current Data Protection 1998 (DPA) and its principles of data protection. It will also mean adhering to General Data Protection Regulation which will supersede the DPA in May 2018. Therefore, Halo is committed to the following:
• Any personal data purchased is used only for legitimate and lawful purposes.
• The data used is not excessive, is up to date, accurate and is relevant.
• Only secure delivery methods are used to transfer between the data supplier and end client.
• All data suppliers and end clients have a joint responsibility and commitment to the privacy and security of personal data.
• Halo will comply with all customer queries and rights including the customer’s right to data access and consent withdrawal.
• Halo will provide process transparency and the appropriate governance over its business practices which includes carrying out adequate due diligence of its data suppliers, its end clients and the data collection processes used.

A Glossary of Terms and Definitions Which May Be Of Help To You.

DPA: The current Data Protection Act 1998
GDPR: General Data Protection Regulation: New data protection laws that will replace the current DPA and will come into force in May25th 2018.
ICO: The Information Commissioner’s Office in the United Kingdom is a non-departmental public body which reports directly to Parliament and is sponsored by the Ministry of Justice. It is the independent regulatory office dealing with upholding the public’s information rights and the enforcement of data protection laws including the Data Protection Act 1998 the forthcoming GDPR plus the Privacy and Electronic Communications (EC Directive) Regulations 2003 across the UK
Personal Data: Personal data means data which is related to a living individual who can be identified from the data held. e.g. name and address.
HLR: The Home Location Register is the main database of permanent subscriber information for a UK mobile network. The HLR provides information on whether the subscriber’s number is ‘live’ or ‘dead’ and which network the mobile number is on.
TPS: Telephone Preference Service is the official central opt out register on which you can record your preference not to receive unsolicited sales or marketing calls. It is a legal requirement that all organisations (including charities, voluntary organisations and political parties) do not make such calls to numbers registered on the TPS unless they have your consent to do so. All data used by Halo is screened for TPS entries.
Opt-in Customer Consent: Consent is a legal means for collecting personal data. To ‘opt-in’ refers to a customer proactively choosing to request contact by telephone or other methods such as post and email from a 3rd party.
FPN: Fair Processing Notice. This relates to the consent statement and privacy policy that is presented to the customer at the point of offering their consent.
SAR: Subject Access Request. This is a legal right, created by section 7 of the Data Protection Act which allows individuals to see a copy of the information an organisation holds about them
Sensitive data: Halo does not purchase sensitive data. Sensitive data is personal data but with additional information such as the racial or ethnic origin of the data subject, political opinions, religious beliefs, Trade Union membership, physical or mental health information, financial information and criminal information.
Data Supplier: This relates to a business which collects personal data and provides opt in consent for marketing purposes through websites or telemarketing.
End Client: An end client is a business which requests Halo to seek and purchase marketing data on its behalf. This will be for telephone and email marketing campaigns.