Halawa GmbH is user-privacy first
We believe all app users have a right to privacy, with full protection and security covering their personal data. We’ve been ePrivacy certified since 2015, following the most stringent European data standards available. We’ve consistently led the way as champions for user privacy and responsible mobile measurement and analytics.
We Handle data with care
All data is secured in transit. The processing of personal data happens in a way that the data can no longer be assigned to a specific data subject without additional information being provided.
We uphold the right to be forgotten
According to Art. 17 GDPR, users can request to have their personal data deleted at any time. This means that if you receive a request for account information deletion – this would have to be forwarded to us in order to fully comply with the request.
What’s considered personal data?
According to Art. 4 para. 1 GDPR, personal data includes various digital identifiers as ‘personal data’. Previously, name, photos, email and so on, were typical identifiers. Now, this list has expanded to include specifically:
- IP addresses
- Online identifiers
- A user’s location data
- Biometric data (fingerprints and retina scans)
- Behavioral and demographic profiling data
If your users consent to be tracked, you must protect this data.
A deletion policy, record of processing activities, Data Processing Agreement and TOMs
These are only some of the GDPR requirements (articles 17, 28, 30 and art. 32 para. 4).
Our Technical and Organizational measures include for example:
- Physical access control – Our physical data centers are secure. Security measures include having security officers onsite, monitoring and alarm systems, video/CCTV monitors and much more. No person, not even a member of Halawa GmbH, has self-determined access to the servers.
- Data access, usage and transmission controls – Tools in place to protect unauthorized access, usage or transmission of data. For example, we make sure that the data cannot be changed or deleted by unauthorized persons during transmission.
- Separation rule – To keep data private and secure we ensure that any information collected for different purposes is separate during processing. This extends to test systems and production systems as well.
- Pseudonymization – Any data is hashed as early as possible. The processing of personal data happens in a way that the data can no longer be assigned to a specific data subject without additional information being provided.
- Availability control and rapid recoverability – Frequent backups protect all stored data against loss. Halawa GmbH creates continuous backups, which are also transferred to a remote site. With this, Halawa GmbH can restore data if lost.
- Incident response management – If data is lost we inform those affected immediately.
Pursuant to Art. 28 GDPR, the processing of personal data by Halawa GmbH on behalf of the client requires a written agreement, containing each party’s obligations with regard to data protection. Such a Data Processing Agreement is concluded with all our clients before the provision of our services.
While the content on this page is designed to help you understand the GDPR when working with third parties, the information contained should not be construed as legal advice. You should consult with your own legal counsel with respect to interpreting your unique obligations under the GDPR and the use of a company’s products and services to process personal data.
For more information on our GDPR compliance, get in contact with our privacy team – hello@halawaweb.com