Last Updated: 08.10.2020
HALA Digital OÜ (“us”, “we”, or “our”) operates the hala.ai website (the “Service”).
This policy applies across all websites that we own and operate and all services we provide, including hala.ai and hala.one (https://www.hala.ai and https://www.hala.one subdomains). For the purpose of this document, we’ll refer to them simply as our ‘services’.
Information you provide
Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable.
We collect personal information when you register for an account, create or modify your profile, apply for a job, or otherwise use, access, or interact with our services. Personal information we collect for all users includes:
- Contact information such as name and email address
- An optional photo to attach to your profile
You may enter this information yourself, or alternatively, your name and email address may be entered by an account administrator to create an account on your behalf (usually someone from your organisation, or a trusted third party such as your accountant).
We also collect the following personal information from the owner of the Hala account:
- Billing information such as credit card number and billing address.
- Contact phone number
- An optional mailing address
Other information that we collect for all users includes:
- Notification and marketing preferences
Hala’s core activity is to provide intelligent virtual assistant services facilitating financial analysis, reporting, accounting data and all other information available in the business entities such as companies, trusts etc. To provide this functionality, Hala allows you to import into Hala’s service:
- Accounting information related to an entity (eg. Chart of Accounts, Profit & Loss, Balance Sheet, Customers income, Expenses, Master Data, Transactional Data), and
- Other non-financial information related to the entity to supplement this accounting information (eg. KPI results).
This information can be entered manually, uploaded from a spreadsheet you provide or imported directly from third party services (eg. Xero, FreshBooks, Intuit) where you have given us permission to do so. In the latter case we securely store access tokens which allow us to update the accounting information in Hala on your behalf.
We may also collect information that your browser sends whenever you visit our Service (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages and other statistics.
In addition, we may use third-party services such as Google Analytics that collect, monitor and analyze this type of information in order to increase our Service’s functionality. These third-party service providers have their own privacy policies addressing how they use such information.
Usage and Data analytics
We collect usage data automatically as you interact with our services. This data is useful for us as it helps us get a better understanding of how you’re using our websites and services so that we can continue to provide the best experience possible (e.g., by personalising the content you see).
This information may include search queries, pages you visit, information on the device you are using, features you use, actions you take etc.
Hala uses various third party service providers to help us provide customer support to our users. In the course of obtaining support you may provide personal information or other commercially confidential information required to resolve an issue. The communication may occur by web-form, through a pop-up chat service, via email or by phone. The communication, including any file attachments, may be stored by these service providers.
The communication may also be shared with the third party service from which you imported accounting information (eg. FreshBooks, Intuit) for the purpose of troubleshooting and providing customer support.
Hala and our third party partners also use other tracking technologies like ‘web beacons (also known as "tracking pixels"). These are tiny images that may be used in our websites or in emails to help us count visits, understand usage and campaign effectiveness and determine whether an email has been opened and acted upon.
Information we collect from other sources
- We don’t disclose your personal information to entities outside the Hala except as described in this policy.
- We will not sell or rent your personal information.
- We do not share your personal information with third parties for their marketing purposes (including direct marketing) without your consent.
The personal information we collect is used for a variety of purposes including to:
- Provide, operate, maintain, improve, and promote our services;
- Enable you to access and use our services, including uploading information, downloading reports, collaborating on reports and sharing access with other users;
- Process payments and send you related communications, including invoices;
- Send you notices, product updates, security alerts, support and administrative messages;
- Provide customer support and to help train support staff;
- Monitor and analyze trends, usage, and activities in connection with Hala Services and for marketing or advertising purposes;
- Personalize Hala Services, including by providing content and features that match your interests and preferences;
- Understand user demographics and behaviour for the purpose of product development;
- Investigate and prevent unauthorised access to Hala Services, and other illegal activities;
- Comply with our legal obligations, resolve disputes and enforce our agreements.
Other uses of your information are outlined below.
Third party services
We may share your information with third party service providers who provide services to us to help with our business activities. These companies are authorised to use your personal information only as necessary to provide these services to us. These services include payment processing, customer service, sending marketing communications, research and analysis, hosting, backup, cloud computing infrastructure.
Hala takes steps to ensure that information is treated confidentially by third party service providers. If you would like more information on the services we use, please contact us using the contact information below.
In the event that a Data Subject or Supervisory Authority made a request relating to the processing of Personal Data under the Agreement to Hala. Hala shall not respond to such communication directly without Customer’s prior authorization, unless legally compelled to do so. If Hala is required to respond to such a request, Hala shall promptly notify Customer and provide it with a copy of the request unless legally prohibited from doing so.
If a Supervisory Authority or law enforcement agency sends Hala a demand for Customer Data (for example, through a subpoena or court order), Hala shall attempt to redirect the Supervisory Authority or law enforcement agency to request that data directly from Customer. As part of this effort, Hala may provide Customer’s basic contact information to the Supervisory Authority or law enforcement agency. If compelled to disclose Customer Data to Supervisory Authority or law enforcement agency, then Hala shall give Customer reasonable notice of the demand to allow Customer to seek a protective order or other appropriate remedy unless Hala is legally prohibited from doing so.
Return or Deletion of Data
Upon termination or expiration of the Agreement, Hala shall (at Customer’s election) delete or return to Customer all Customer Data (including copies) in its possession or control, this requirement shall not apply to the extent Hala is required by applicable law to retain some or all of the Customer Data, or to Customer Data it has archived on back-up systems, which Customer Data Hala shall securely isolate and protect from any further processing, except to the extent required by applicable law.
Customer agrees to:
- Provide instructions to Hala and determine the purposes and general means of Hala’s processing of Customer Personal Data in accordance with the Terms of usage.
- Comply with its obligations as a Data Controller under Data Protection Laws in respect of its processing of Customer Data and any processing instructions it issues to Hala.
- Provide notice and obtained (or shall obtain) all consents and rights necessary under Data Protection Laws for Hala to process Customer Data and provide the Services pursuant according to the Terms of usage.
- Comply with its protection, security and other obligations with respect to Customer Personal Data prescribed by Data Protection Requirements for data controllers by: (a) establishing and maintaining a procedure for the exercise of the rights of the individuals whose Customer Personal Data are processed on behalf of Customer; (b) processing only data that has been lawfully and validly collected and ensuring that such data will be relevant and proportionate to the respective uses; and (c) ensuring compliance with the provisions of this Agreement by its personnel or by any third-party accessing or using Customer Personal Data on its behalf.
a. Process Customer Personal Data (i) only for the purpose of providing, supporting and improving Hala’s services, using appropriate technical and organizational security measures; and (ii) in compliance with the instructions received from Customer. Hala will promptly inform Customer if it cannot comply with the requirements under this Policy, in which case Customer may terminate the Agreement or take any other reasonable action, including suspending data processing operations;
b. The parties agree that this Policy and the Agreement set out the Customer’s complete and final instructions to Hala in relation to the processing of Customer Data and processing outside the scope of these instructions (if any) shall require prior written agreement between Customer and Hala;
c. Inform Customer promptly if, in Hala’s opinion, an instruction from Customer violates applicable Data Protection Requirements;
d. Take commercially reasonable steps to ensure that (i) persons employed by it and (ii) other persons engaged to perform on Hala’s behalf comply with the terms of the Agreement;
e. Ensure that its employees, authorized agents and any Sub-processors are required to comply with and acknowledge and respect the confidentiality of the Customer Personal Data, including after the end of their respective employment, contract or assignment;
f. Upon request, provide Customer with a summary of Hala’s privacy and security policies; and
g. Inform Customer if Hala undertakes an independent security review.
Notice to Customer
Hala will inform Customer if Hala becomes aware of:
a. Any non-compliance by Hala or its employees with this Policy relating to the protection of Customer Personal Data processed under this Policy;
b. Any legally binding request for disclosure of Customer Personal Data by a law enforcement authority, unless Hala is otherwise forbidden by law to inform Customer, for example to preserve the confidentiality of an investigation by law enforcement authorities;
c. Any notice, inquiry or investigation by a Supervisory Authority with respect to Customer Personal Data; or
d. Any complaint or request (in particular, requests for access to, rectification or blocking of Customer Personal Data) received directly from Data Subjects of Customer. Hala will not respond to any such request without Customer’s prior written authorization.
Assistance to Customer
Hala will provide reasonable assistance to Customer regarding:
a. Any requests from Customer Data Subjects in respect of access to or the rectification, erasure, restriction, portability, blocking or deletion of Customer Personal Data that Hala processes for Customer. In the event that a Data Subject sends such a request directly to Hala, Hala will promptly send such request to Customer;
b. The investigation of Security Incident and the notification to the Supervisory Authority and Customer’s Data Subjects regarding such Personal Data Breaches; and
c. Where appropriate, the preparation of data protection impact assessments and, where necessary, carrying out consultations with any Supervisory Authority.
Our data store and data infrastructure provider is located in the United States of America and European Union (only for for the customers based in European Union). Personal information from users in other jurisdictions will be transferred to, and stored in that location. We have taken steps to satisfy ourselves that our provider will manage and secure our data in a way that is consistent with applicable regulatory requirements and international best practice.
We may share or transfer your information (including your personal information) in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business. You will be notified via email and/or a prominent notice on the Hala website of any change in ownership or related uses or disclosures of your personal information, as well as any choices you may have regarding your personal information in those circumstances.