1. Who We Are
HRV Consultancy Limited, trading as HaloScore ("we", "our", "us"), provides a cloud-based scorecard and reporting platform that integrates with HaloPSA. We are the data controller responsible for your personal data and are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Information We Collect
We may collect and process the following categories of personal data:
Account Information
When you sign up for HaloScore, we collect your name, email address, company name, and billing information to create and manage your account.
HaloPSA Data
When you connect your HaloPSA instance to HaloScore, your data is synced and processed on our system solely for the purpose of generating your scorecards and reports. This data belongs to you. HaloScore does not access, view, or use your HaloPSA data for any purpose other than delivering the service to you. Our team does not have visibility of your HaloPSA data unless you explicitly grant us access for the purpose of troubleshooting or support, and any such access is temporary and revoked once the support request is resolved.
Usage Data
We automatically collect information about how you interact with our platform, including pages visited, features used, browser type, device information, and IP address.
Cookies
We use essential cookies to keep you signed in and to ensure the platform functions correctly. We may also use analytics cookies to understand how our service is used and to improve it. You can manage your cookie preferences through your browser settings.
3. How We Use Your Information
Your HaloPSA Data vs. Your Personal Data
It is important to distinguish between the data that flows from your HaloPSA instance into HaloScore (your "Customer Data") and the personal data we collect to manage your account and provide customer service.
With respect to Customer Data, HaloScore acts as a data processor on your behalf. You remain the data controller. We store and process your Customer Data only to operate the service for you. We do not sell, share, analyse, or otherwise use your Customer Data for our own purposes. We do not have routine access to it and our staff cannot view it unless you explicitly authorise temporary access for support purposes.
With respect to your personal data (account details, usage data, billing information), HaloScore acts as a data controller and processes it as described in this policy.
We use your personal data for the following purposes:
- To provide, operate, and maintain the HaloScore platform
- To sync data from your HaloPSA instance and generate scorecards and reports
- To send you scorecard digests, smart alerts, and service notifications
- To process payments and manage your subscription
- To provide customer support
- To improve our platform and develop new features
- To comply with legal obligations
4. Lawful Basis for Processing
We rely on the following lawful bases under UK GDPR to process your personal data:
- Contract: Processing is necessary to perform our contract with you (providing the HaloScore service).
- Legitimate interests: Processing is necessary for our legitimate interests, such as improving our service, preventing fraud, and ensuring security, where those interests are not overridden by your rights.
- Consent: Where we send marketing communications, we will obtain your consent first. You can withdraw consent at any time.
- Legal obligation: Processing is necessary to comply with a legal obligation to which we are subject.
5. Who We Share Your Data With
We do not sell your personal data. We may share your data with the following categories of third parties, only as necessary to provide and improve the service:
- Hosting and infrastructure providers who store and process data on our behalf
- Payment processors to handle subscription billing securely
- Analytics providers to help us understand usage patterns and improve the platform
- Communication providers to deliver email digests, Slack, and Teams notifications
All third-party processors are bound by data processing agreements and are required to handle your data in accordance with UK GDPR.
6. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. When you cancel your account, we will delete or anonymise your data within 90 days, unless we are legally required to retain it for longer.
7. Data Security
We take the security of your data seriously and implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. This includes encryption in transit and at rest, access controls, and regular security reviews.
8. International Transfers
Your data may be transferred to and processed in countries outside the United Kingdom. Where this happens, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO), to protect your data to the same standard as under UK GDPR.
9. Your Rights
Under UK GDPR, you have the following rights in relation to your personal data:
- Access: You can request a copy of the personal data we hold about you.
- Rectification: You can ask us to correct inaccurate or incomplete data.
- Erasure: You can ask us to delete your personal data in certain circumstances.
- Restriction: You can ask us to restrict how we process your data.
- Portability: You can request your data in a structured, commonly used format.
- Objection: You can object to processing based on legitimate interests.
- Withdraw consent: Where processing is based on consent, you can withdraw it at any time.
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month.
10. Complaints
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO). You can contact the ICO at ico.org.uk or by calling 0303 123 1113.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make significant changes, we will notify you via email or through a notice on our platform. We encourage you to review this page periodically.
12. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact us:
HRV Consultancy Limited
Trading as HaloScore
Roxburgh House
Poringland, Norfolk, NR14 7XP
United Kingdom