PRIVACY POLICY
1. Purpose and Basis
In order to provide the Services and E-Wallet to you, Halo may be required to collect some of your personal information when you register an E-Wallet or use the Services. This Privacy Policy, in combination with Halo's other applicable policies, set out the rules as to the use and protection of the collected information in order to prevent misuse of your Personal Information
This Privacy Policy is to be read in conjunction with our terms of use pertaining to the E-Wallet (the “Terms”).
2. Designation
For the convenience of wording in Privacy Policy, Halo is referred to as “we”, “us” or “our”.
Users of and other visitors to our Website and E-Wallet are referred to as “you”, “your” or “User”.
We and you are collectively referred to as “both parties” and as “a/one party” individually.
3. Information That We Collect
Personal information is typically data that identifies an individual or relates to an identifiable individual. This includes information you provide to us, information which is collected about you automatically, and information we obtain from third parties.
For the purposes of this Privacy Policy, “Personal Information” refers to all information that is recorded electronically or otherwise and can be used, whether independently or in combination with any other information, to identify any particular natural person or reflect the pattern of behaviour of a particular natural person, including, but not limited to, sensitive personal information.
4. Scope of this Privacy Policy
This Agreement shall apply to all Users utilising the E-Wallet and the Services pertaining to the same, whether on our Website or Mobile App.
You shall comply with the terms and conditions of this Privacy Policy, subject to and as permitted by any and all laws relating to the protection of personal information and data in the country or region where they are based.
5. User Consent and Authorization
You acknowledge and understand that, at the point of creating an E-Wallet, whether on our Website or Mobile App, you will be deemed to have expressed to us your acceptance, consent, undertaking and confirmation of the following, regardless of whether you have completed your registration of the E-Wallet, that:
a.
you agree, on a voluntary basis, to disclose Personal Information to us;
b.
you will abide by all the terms and conditions of this Privacy Policy;
c.
you agree and authorises Halo to collect your Personal Information when the you register your E-Wallet, utilise your E-Wallet and/or use the Services;
d.
you agree to all the terms and conditions of this Privacy Policy and agree to accept any amendment that may subsequently be made to the Privacy Policy;
e.
you agree that any of our branch companies, subsidiary companies, employees, or service providers with whom we have engaged for the provision of the Services, will contact you to request for information or to inform you of any product and service that may be of interest to you (unless the User has indicated that he or she does not wish to receive such information).
6. Information Collected
Personal Information
Whilst we will try to minimise the amount of Personal Information requested from you, we may from time to time, be required to request the following Personal Information, where applicable, in order to comply with applicable law and regulation:
a.
Personal Identification Information: Full name, date of birth, nationality, gender, ethnicity, signature, facial data, utility bills, photographs, phone number, precise location, home address, and/or email;
b.
Formal Identification Information: Government issued identity document such as Passport, Driver's License, National Identity Card, State ID Card, Tax ID number, passport number, driver's license details, national identity card details, visa information, and/or any other information deemed necessary to comply with our legal obligations under financial or anti-money laundering laws.
c.
Contact list information: this may include your contact list you voluntarily provided to our support team when using our services.
d.
Institutional Information: Employer Identification number (or comparable number issued by a government), proof of legal formation (e.g. Articles of Incorporation), personal identification information for all material beneficial owners.
e.
Financial Information: Bank account information, payment card primary account number (PAN), account assets, transaction history, trading data, and/or tax identification.
f.
Transaction Information: Information about the transactions you make on our Services, such as the name of the recipient, your name, the amount, and/or timestamp.
g.
Message Content: Feedback, Email, SMS, App Rating, Comments.
h.
Application Activity: Browsers and tap records, search history, installed apps, user-generated content, favorites.
i.
Device Information: Carrier, brand, software version, model name, manufacturer, system language, network, OAID, IMEI, GUID, MAC address.
j.
Employment Information: Office location, job title, and/or description of role.
k.
Correspondence: Survey responses, information provided to our support team or user research team.
We will collect your Personal Information in accordance with the legislative purpose of the Data Protection Act.
Third Party Wallet
We may also ask you to prove ownership or control of Third Party Wallets which you have imported to our E-Wallet. We are required to ask for this information to comply with anti-money laundering and counter-financing of terrorism requirements, and to ensure we safeguard against and report any suspicious activity.
Automatic collection of data
We may also collect and store certain information automatically when you visit the Website/Mobile App.
To the extent permitted under the applicable law, we may collect certain types of information automatically, such as whenever you interact with the Website/Mobile App or use the Services.
This information helps us address customer support issues, improve the performance of our Website, Mobile App and Services.
Information collected automatically includes:
a.
Online Identifiers: Geo location/tracking details, browser fingerprint, operating system, browser name and version, and/or personal IP addresses.
b.
Usage Data: click-stream data, public social networking posts, and other data collected via cookies and similar technologies.For example, we may automatically receive and record the following information on our server logs:
c.
Application checklist: For advertising and safety use and approval of service applications.
We may also use identifiers to recognize you when you access our Website/Mobile App via an external link, such as a link appearing on a third-party site.
7. Application and Usage of Information Permission
Supply of Information
If Users voluntarily use the E-Wallet and Services, they may be required to fill in and/or provide the following two categories of information in accordance with the requirements of Halo:
a.
Identity Information: this category of the User information, which may help Halo verify the User and comply with applicable laws. Identity information may include the User's full name, registered address, postal address, official proof of identity documents and the document numbers, as well as all other information that may assist Halo in verifying the User's identity (hereinafter collectively referred to as "Identity Information");
b.
Service Information: this category of User information helps the Platform to contact the User and to provide a smooth service experience It includes, but is not limited to, the User’s telephone number, fax number, valid email address, postal address, and debit card information and/or other account information (hereinafter collectively referred to as "Service Information").
Applicable Permissions
| Android Permission | Description | Application |
|---|---|---|
| android.permission.INTERNET | Network access permission | Allows applications to be networked |
| android.permission.ACCESS_NETWORK_STATE | Get network status permission | Allows applications to get the network status |
| android.permission.CHANGE_NETWORK_STATE | Change network status permission | Allows applications to change the network status |
| android.permission.ACCESS_WIFI_STATE | Get WiFi status permission | Allows applications to get the WiFi status |
| android.permission.CHANGE_WIFI_STATE | Change WiFi status permission | Allows applications to change the WiFi status |
| android.permission.FOREGROUND_SERVICE | Frontend service start permission | Allows market monitoring through the ticker widget |
| android.permission.RECEIVE_BOOT_COMPLETED | Boot broadcast monitoring permission | Allows monitoring of background tasks in workmanager |
| android.permission.USE_FINGERPRINT | Touch ID permission | Allows fingerprint login |
| android.permission.VIBRATE | Vibration permission | Allows phone vibration |
| android.permission.WAKE_LOCK | Wake lock permission | Allows keeping the screen in awake status for KYC |
| android.permission.CAMERA | Camera access permission | Allows taking of photos and scanning of ID cards for KYC |
| android.permission.ACCESS_COARSE_LOCATION | Coarse location information access permission | Allows push notifications for news and events |
| android.permission.READ_PHONE_STATE | Read local identification code permission | Allows device fingerprinting, statistics, and facial recognition |
android.permission.READ_EXTERNAL_STORAGE android.permission.WRITE_EXTERNAL_STORAGE | Read and write external storage permission | Allows reading or writing of images, files, etc. to ensure stable app operation |
| android.permission.WRITE_SETTINGS | Read and write system settings permission | Allows device fingerprint functionality |
| android.permission.REQUEST_INSTALL_PACKAGES | Unknown source installation permission | Allows offline push notifications |
android.permission.SYSTEM_ALERT_WINDOW android.permission.SYSTEM_OVERLAY_WINDOW | Hoverbox permission | Allows floating window functionality |
| android.permission.ACCESS_FINE_LOCATION | Fine location information access permission | Used for KYC process to obtain location information |
| ClipboardManager | Clipboard access permission | Used for 2FA login, red envelopes, and deposit and withdrawal services |
| iOS Permission | Description | Application |
|---|---|---|
| NSFaceIDUsageDescription | Facial or fingerprint information access permission | Login with Facial ID |
| Camera | Camera access permission | Allows taking of photos and scanning of ID cards for KYC |
| LocationServices | Coarse location information access permission | Allows push notifications for news and events |
| Photos | Read and write external storage permission | Allows reading or writing of images |
| Push | Push permission | Allows offline push notifications |
| UIPasteboard | Clipboard access permission | Used for 2FA login, red envelopes, and deposit and withdrawal services |
| NSLocationUsageDescription | Fine location information access permission | Used for KYC process to obtain location information |
8. Third-party Protocols and websites
Where a User connects his E-Wallet to any Third Party Protocols, third party websites, or procures a transfer from or to, a Third Party Wallet, the User agrees to and shall comply with the separate and independent privacy policies of such third-parties.
The User understands and acknowledges that Halo is not responsible for the content or activities of such third-party websites or partners.
9. Third Party Service providers
We may transfer personal data to third parties in connection with the provision of the E-Wallet and Services as certain features of the E-Wallet rely on various third-party products and services (collectively “Third Party Services”).
These Third Party Services providers only have access to certain information, in accordance with our contractual agreements and only as permitted by applicable data protections laws.
10. External Databases
Public Databases, Credit Bureaus & ID Verification Partners
We obtain information about you from public databases and ID verification partners for purposes of verifying your identity in accordance with applicable law. ID verification partners like World-Check use a combination of government records and publicly available information about you to verify your identity. Such information may include your name, address, job role, public employment profile, credit history, status on any sanctions lists maintained by public authorities, and other relevant data. We obtain such information to comply with our legal obligations, such as anti-money laundering laws. In some cases, we may process additional data about you to assess risk and ensure our Services are not used fraudulently or for other illicit activities. In such instances, processing is necessary for us to continue to perform our contractual obligations with you and others.
Blockchain Data
We may analyze public blockchain data to ensure parties utilizing our Services are not engaged in illegal or prohibited activity under our Terms, and to analyze transaction trends for research and development purposes.
Joint Marketing Partners & Resellers
Unless prohibited by applicable law, joint marketing partners or resellers may share information about you with us so that we can better understand which of our Services may be of interest to you.
Advertising Networks & Analytics Providers
We work with these providers to provide us with de-identified information about how you found our Website/Mobile App and how you interact with the Website/Mobile App and Services. This information may be collected prior to account creation.
11. Halo entities
Our Halo Family of Companies:Our “family of companies” is the group of companies related to us by common control or ownership (“Affiliates”). In accordance with applicable law, we may obtain information about you from our Affiliates as a normal part of conducting business, if you link your E-Wallet to the Halo Platform or if you are a user of the Halo Platform so that we may offer our Affiliates' Services to you.
12. Cookies
You agree that Halo may use cookies to track User actions in connection with the User’s use of the Services and may collect and record all information left by Users, including but not limited to their IP address, geographical location and other data.
Installation of Cookies
Function of Cookies
Cookies are frequently used to record the habits and preferences of visitors when they browse various items on the Website. Cookies collect anonymous collective statistics which do not contain Personal Information. Cookies cannot be used to obtain data from the User’ hard drive, the User’s email address or Personal Information. Cookies can enable the Website or a service provider’s system to recognize the User’s web browser as well as capture and remember information.
Disabling Cookies
Most browsers are preset to accept Cookies and Users can choose to set their web browsers to reject Cookies or to notify Users upon the installation of Cookies. Users should be aware that they may be unable to start or use certain features of the Services if they opt to disable Cookies.
13. Use of Information
The information collected we collect from you is primarily for the enhancement of our Services, and to comply with any applicable laws and regulations.
The following are some ways which we may use your Personal Information and data collected through your use of the Services:
a.
to provide you with the Services;
b.
to identify and confirm your identity, in accordance with our Anti Money Laundering and Combating the Financing of Terrorism policies and obligations;
c.
to improve and upgrade the Services (the Users' information and feedback received, when you make a support request can help us improve the services of the Services);
d.
to keep statistics relating to the use of the Services and for use in data analysis carried out in cooperation with government agencies and public affairs institutions;
e.
to facilitate transactions (where entities/Third Party Protocols/Third Party Wallets with whom you wish to transact with your E-Wallet, are subject to disclosure requirements under applicable laws);
f.
to send regular emails, newsletters, updates, relevant product or service information, and announcements; and
g.
to fulfil other purposes as specified in the Terms and to be used for all the legal means adopted for fulfilling such purposes.
For the avoidance of doubt, we do not sell, trade, or otherwise transfer information or allow any other party to collect or use any information from your use of the Services.
However, this does not include the following parties and the following information: our affiliates, trusted third parties who assist us with the operation of our website and Services (provided that these parties agree to keep such information confidential).
If we disclose any information to the above-mentioned parties, such information disclosure shall be in accordance with any applicable laws, regulations, rules or by any order of any court or other competent authorities, or necessary for the improvement and provision of Services, or for the protection of the rights, property or safety of us or other persons.
Any such information disclosure will not be used by any of the above-mentioned parties for marketing, advertising or any other purpose that has not been agreed on by all the parties concerned.
For your reference, we may use third-party SDKs AppsFlyer to measure the advertising performance, detect and prevent fraudulent activity on your account in real time. Information shared with AppsFlyer is treated by AppsFlyer in accordance with its Privacy Policy, available at https://www.appsflyer.com/legal/services-privacy-policy/ , we may use Sentry to monitor the anomalies of the Platform. Information shared with Sentry is treated by Sentry in accordance with its Privacy Policy, available at https://sentry.io/privacy/.
| Third-Party SDK | Purpose | Data Involved | Link to Third Party |
|---|---|---|---|
| Firebase | Performance monitoring Cloud configuration Push notifications Crashlytics Analytics | MAID IDFV/Android ID FID App Instance ID Crashlytics Installation UUIDs Crash traces Breakpad minidump formatted data (NDK crashes only) | |
| SensorsAnalyticsSDK | Stability monitoring | Device data Log data File data Network data System name System version Country code | |
| Logan | Stability monitoring | Log data | |
| AppsFlyer | Attribution analysis | Device type and model CPU System language Memory Operating system WiFi status UDID AppList |
14. Protection of Personal Data
Halo adopts appropriate physical, electronic, management and technical measures to protect and safeguard the security of the Users' personal data. Halo will, to the greatest extent possible, ensure that any personal data collected through the Platform shall be free from being subject to nuisance by any third party unrelated to us. The security measures that Halo may take include but are not limited to:
a.
Physical measures: records of Users' Personal Information will be stored in an appropriately secure location.
b.
Electronic measures: computer data containing Users' Personal Information will be stored in computer systems and storage medias that are subject to strict login restrictions.
c.
Management measures: only staff members duly authorized by Halo may access the Users' personal data and such staff members shall comply with Halo’s internal code concerning personal data confidentiality.
d.
Technical measures: encryption techniques such as Secure Socket Layer Encryption may be used to transmit Users' Personal Information.
e.
Other measures: our network servers are protected by a proper "firewall".
15. Your Rights
You have the right to:
a.
Request information in relation to the collection and use of your Personal Information: This enables you to be informed at all times about the purposes for processing your Personal Information.
b.
Request access to your Personal Information: This enables you to receive a copy of the Personal Information we hold about you and to check that we are lawfully processing it.
c.
Request correction of the Personal Information that we hold about you: This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
d.
Request erasure of your Personal Information: This enables you to ask us to delete or remove Personal Information where there is no good reason for us continuing to process it, if we have processed your information unlawfully, or where we are required to erase your personal data to comply with local law. We may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
e.
Object to processing of your Personal Information: Where we are relying on a legitimate interest (or those of a third party) and you want to object to processing. In some cases, we may demonstrate that we have legitimate grounds to process your information which can override your objection.
f.
Request to stop direct marketing: Where we are processing your personal data for direct marketing purposes, you have the right to notify us in writing requesting that we cease or do not begin processing your Personal Information for direct marketing purposes.
g.
Request the transfer of your Personal Information to you or to a third party: We will provide to you, or a third party you have chosen (where technically feasible), your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
h.
Withdraw consent at any time where we are relying on consent to process your Personal Information: You may withdraw your consent for our processing of your Personal Information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide you with continued access to the Services.
16. Data Retention
Please note that even If you delete your E-Wallet or Third Party Wallet addresses from the E-Wallet, uninstall the Mobile App from your device, or request that your information be deleted, we still may retain some information that you have provided to comply with the laws and regulations to which we are subject. If you have any question or objection as to how we collect and process your personal information, please contact [ [email protected] ].
17. Reporting of Flaws
If you become aware of any security flaw in our Website or Mobile App, you should contact us through the service email promptly (per our Website/Mobile App) so that the we can take appropriate measures to address any such flaw as soon as possible.
18. Exemption
Despite the above-mentioned technical and security measures, we cannot guarantee that the information transmitted via the Internet is absolutely safe. As such, Halo does not provide any guarantees with respect to the security of the Personal Information that the Users provide to us; and the we shall not be held liable for any loss or damage arising from or caused by any event that may occur in connection with unauthorized access to your Personal Information.
19. Amendment of this Agreement
Halo reserves the right to modify this Privacy Policy at any time. We will inform the Users of the amendments made to the Privacy Policy by releasing updates thereof, publishing the effective date of new versions thereof and highlighting the amendments thereto.
Sometimes, but not always, we may issue a notice to Users to inform them of any amendments made to the Privacy Policy. Users shall regularly review the Privacy Policy and focus on amendments thereto, if any; and if the Users do not agree to any such amendments, the Users shall promptly stop accessing this Website. Whenever an updated version of this Privacy Policy is released, the User’s continued access to and use of the Website and Mobile App shall demonstrate the User’s agreement to the updated version of the Privacy Policy.
Communication with Us
Any User comments or feedback should be sent to the following email address: [[email protected]]. This is the only valid and official email address through which Halo communicates with Users. If a User uses any other means of communication to contact Halo, we shall not be obliged to reply and will not be held liable in any manner whatsoever.