Halo Lab Cookie Policy
At Halo Lab, we use cookies to enhance your user experience on our website. This Cookie Policy explains how we use cookies and other similar technologies to collect information about your use of our website and to provide a more personalized experience.
In the European Economic Area (EEA) and the United Kingdom (UK), we set non-essential cookies (e.g., analytics and advertising) only with your consent collected via our cookie banner/consent management platform. You can grant, refuse, or withdraw consent at any time via the “Manage cookies” link in the site footer. Rejecting non-essential categories will not affect access to core site functions, though certain features may be limited.
This Policy applies to cookies and similar technologies used on our Website. For how we process personal data, see our Privacy Policy.
What Are Cookies?
Cookies are small text files that are placed on your device when you visit a website. They are widely used to make websites work more efficiently and to provide a better user experience. Cookies enable websites to remember your preferences and settings, to analyze how you use the website, and to serve personalized content.
“First-party” cookies are set by Halo Lab; “third-party” cookies are set by providers such as analytics, advertising, or CRM tools. Some cookies last only during your session (session cookies); others persist for a defined period (persistent cookies).
Types of Cookies We Use
We use the following types of cookies on our website:
- Necessary cookies: These cookies are essential for the website to function properly. They enable basic functions such as page navigation, security, and access to certain areas of the website. Without these cookies, the website cannot function properly.
- Analytics cookies: These cookies collect information about how you use our website, such as which pages you visit most often and whether you receive any error messages. This information helps us improve the performance of our website and provide a better user experience (e.g., Google Analytics 4, Microsoft Clarity, Crazy Egg).
- Functional cookies: These cookies remember your preferences and settings, such as language preferences and font size. They enable us to provide a more personalized experience and to remember your preferences for future visits.
- Advertising cookies: These cookies are used to deliver personalized advertisements to you based on your interests and browsing behavior. They enable us to serve relevant ads and measure the effectiveness of our advertising campaigns.
We also use similar technologies (e.g., localStorage, sessionStorage, IndexedDB, pixels/beacons). Non-essential technologies are activated only after consent in the EEA/UK. Key providers: Google Analytics 4, Microsoft Clarity, Crazy Egg (analytics); Google Ads (advertising); HubSpot (forms/CRM).
For more information about which cookies are used, see the table below.
| Cookie | Duration | Description |
|---|---|---|
| CLID | 1 year | Microsoft Clarity set this cookie to store information about how visitors interact with the website. The cookie helps to provide an analysis report. The data collection includes the number of visitors, where they visit the website, and the pages visited. |
| __cf_bm | 1 hour | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. |
| __cf_bm | 1 hour | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. |
| ph_phc_A5mpPvj0uOc22boQH3Bqj9GpoQFAoIsBnIS9gQeRJb9_posthog |
1 year
|
|
| __cf_bm | 1 hour | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. |
| __cf_bm | 1 hour | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. |
| __cf_bm | 1 hour | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. |
| _clck | 1 year | Microsoft Clarity sets this cookie to retain the browser's Clarity User ID and settings exclusive to that website. This guarantees that actions taken during subsequent visits to the same website will be linked to the same user ID. |
| __cf_bm | 1 hour | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. |
| bcookie | 1 year | LinkedIn sets this cookie to track the use of embedded services. |
| li_gc | 6 months | Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes. |
| lidc | 1 day | LinkedIn sets the lidc cookie to facilitate data center selection. |
| _fbp | 3 months | Facebook sets this cookie to store and track interactions. |
| _clsk | 1 day | Microsoft Clarity sets this cookie to store and consolidate a user's pageviews into a single session recording. |
| __cf_bm | 1 hour | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. |
| _cfuvid | session | Cloudflare sets this cookie to track users across sessions to optimize user experience by maintaining session consistency and providing personalized services |
| __hstc | 6 months | This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session). |
| hubspotutk | 6 months | HubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts. |
| __hssrc | session | HubSpot cookie sets this cookie to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session. |
| __hssc | 1 hour | HubSpot sets this cookie to keep track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (which increments with each pageview in a session), and session start timestamp. |
| SM | session | Microsoft Clarity cookie set this cookie for synchronizing the MUID across Microsoft domains. |
| MUID | 1 year 24 days | Microsoft Bing sets this cookie to identify unique web browsers visiting Microsoft sites. These cookies are used for advertising, site analytics, and other operational purposes. |
| __cf_bm | 1 hour | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. |
| _cfuvid | session | Cloudflare sets this cookie to track users across sessions to optimize user experience by maintaining session consistency and providing personalized services |
| MUID | 1 year 24 days | Microsoft Bing sets this cookie to identify unique web browsers visiting Microsoft sites. These cookies are used for advertising, site analytics, and other operational purposes. |
| MR | 7 days | This cookie, set by Bing, is used to collect user information for analytics purposes. |
| SRM_B | 1 year 24 days | Used by Microsoft Advertising as a unique ID for visitors. |
| MR | 7 days | This cookie, set by Bing, is used to collect user information for analytics purposes. |
| ANONCHK | 10 minutes | The ANONCHK cookie, set by Bing, is used to store a user's session ID and also verify the clicks from ads on the Bing search engine. The cookie helps in reporting and personalization as well. |
| _cfuvid | session | Cloudflare sets this cookie to track users across sessions to optimize user experience by maintaining session consistency and providing personalized services |
| lastExternalReferrerTime | never | |
| cache-sprite-plyr | never | |
| 5BfvCM3AlfcZEJGt0o4q,12133378573_expiresAt | never | |
| 5BfvCM3AlfcZEJGt0o4q,12133378573 | never | |
| topicsLastReferenceTime | never | |
| plyr | never | |
| lastExternalReferrer | never | |
| _cltk | session | |
| client-country | session | |
| client-country-code | session | |
| ph_phc_A5mpPvj0uOc22boQH3Bqj9GpoQFAoIsBnIS9gQeRJb9_primary_window_exists | session | |
| ph_phc_A5mpPvj0uOc22boQH3Bqj9GpoQFAoIsBnIS9gQeRJb9_window_id | session |
Managing Cookies
You can control cookies through your browser settings and other tools. Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. However, if you choose to disable cookies, some features of our website may not function properly. Your browser usually informs you how to refuse, delete or block cookies. You can find this information for some of the most commonly used browsers through the following links:
If you need help disabling cookies, please refer to the instructions provided by your browser. Additionally, you can find information on how to disable third-party cookies from Google Analytics through ad settings or by visiting
https://adssettings.google.com.
Necessary cookies are always active and cannot be switched off via the banner because they are essential for core functionality (security, load balancing, consent logging). You can change or withdraw your choices for non-essential categories at any time via the persistent “Manage cookies” link in the footer; we retain consent records for compliance. Our banner provides “Accept all”, “Reject all”, and granular category choices. Rejecting all non-essential categories will not affect access to core site functions, though some features may be limited.
Opting Out of Personalized Ads
When you visit our website, non-essential cookies and similar technologies may be used to measure campaigns and show more relevant ads. In the EEA/UK, these technologies are activated only after your consent via our cookie banner. You can opt out of or control personalized ads via the cookie banner: choose “Reject all” or switch off “Advertising” (and “Analytics,” if you wish); you can adjust your choices later via the “Manage cookies” link in the footer.
Advertising & Remarketing
We use advertising tags and pixels (e.g., Google Ads, Microsoft Advertising/Bing, Meta/Facebook, LinkedIn) to measure campaigns, build/serve audiences, and attribute conversions. These technologies may collect information such as page URLs and referrers, timestamp, cookie or device identifiers (e.g., _gcl_au, MUID, _fbp, bcookie), coarse IP-based location, and basic device/browser details. In the EEA/UK, these run only after you give consent via our cookie banner.
Third-Party Cookies
We use third-party service providers to help us analyze how you use our website. These providers may use cookies and other tracking technologies to collect information about your use of our website. We do not have access to or control over these third-party cookies. Please review their privacy and cookie policies for details:
- Google Analytics 4 / Google Ads - Privacy policy; Technologies & ads;
- Microsoft - Privacy policy; Cookies;
- Crazy Egg - Privacy policy; Cookie Policy;
- HubSpot - Privacy Policy; Cookie Policy;
- LinkedIn - Privacy Policy; Cookie Policy;
- Meta - Privacy Policy; Cookie Policy;
- Cloudflare - Privacy Policy; Cookie Policy;
- Webflow - Privacy Policy; Cookie Policy.
Updates to This Cookie Policy
We may update this Cookie Policy from time to time in response to changing legal, technical, or business developments. If we make material changes (e.g., add new categories or providers), we will provide reasonable notice (banner/notice on the Website) and update the “Last updated” date below.
Last updated: September 16, 2025
Halo Lab Website
Terms of Use
Definitions
"Halo Lab" or "we" or "us" refers to HALO LAB, SL (Societat Limitada), registered address: Av. de les Nacions Unides, 40, 6-1, Edifici A Tower, Escala A, AD700 Escaldes-Engordany, Principat d’Andorra., a development and design agency, including its officers, directors, employees, agents, and affiliates.
"Website" refers to Halo Lab's website located at halo-lab.com, including any subdomains, mobile versions, and related content and functionality.
"Services" refers to the development, design, marketing, and other services provided by Halo Lab, as well as any related software, documentation, and other materials provided by Halo Lab through your use of the Website’s Contacts form. Any paid services are governed by a separate agreement (e.g., MSA/SOW) entered into with Halo Lab.
General
These Terms of Use ("Terms") govern your access to and use of our Website ("Services"). By accessing or using our Services, you agree to be bound by these Terms. Any paid design/development work is governed by a separate master services agreement, statement of work, or similar contract between you and Halo Lab; in case of conflict, such signed agreement prevails over these Terms.
Please read these Terms carefully. If you do not agree to these Terms, you must not access or use our Services through our Website.
The collection and use of personal data in connection with the Website are governed by our Privacy Policy and Cookie Policy (together, the “Privacy Documents”). These Terms do not modify your rights or our obligations under the Privacy Documents. If there is any conflict between these Terms and the Privacy Documents regarding the processing of personal data, the Privacy Documents shall prevail. Links to the Privacy Policy and Cookie Policy are provided on the Website, and you may manage your cookie choices at any time via the “Manage cookies” control.
Eligibility
You must be at least 18 years of age to use our Services, unless you are between the ages of 14 and 18 (or the age of majority established by law in the user's jurisdiction) and are under the supervision of a parent or legal guardian who has agreed to these Terms. Individuals under the age of 14 are prohibited from requesting our Services. By accessing or using our Services, you represent and warrant that you meet the above requirements and are capable of entering into a legally binding agreement.
Where a higher minimum age is required by applicable law (including the age of majority or the “digital consent” age for information society services in your country), that higher age applies. In the European Economic Area and the United Kingdom, if you are below the applicable digital consent age (which ranges from 13 to 16 depending on the country), any consent required for cookies, analytics, advertising, or similar processing must be provided or authorized by your parent or legal guardian. In the United States, we do not knowingly collect personal information from children under 13 (COPPA). We may request and verify parental/guardian consent and may refuse, suspend, or terminate access if appropriate consent/authority is not provided or if age is misrepresented. If you are a parent or legal guardian who permits a minor to use the Services, you agree to be responsible for the minor’s activity and compliance with these Terms.
License to Use the Website
Subject to these Terms, Halo Lab grants you a limited, non-exclusive, non-transferable, non-sublicensable and revocable license to access and use the Website solely for your personal and non-commercial use. No other rights are granted. You may not reproduce, distribute, publicly display, create derivative works from, or otherwise exploit any part of the Website or its content except as expressly permitted by these Terms. You must not remove or alter any copyright, trademark, or other proprietary notices. All rights not expressly granted are reserved by Halo Lab. This license is conditioned on your continued compliance with these Terms (including the Restrictions/Acceptable Use section); Halo Lab may suspend or terminate this license at any time in case of breach or to protect the Website.
Restrictions
You agree not to use the Website in any manner that violates these Terms or any applicable laws, rules, or regulations. Without limiting the foregoing, you agree not to:
- Engage in any conduct that interferes with or disrupts the Website, including but not limited to distributing viruses, creating an unreasonable load on the Website, or using any automated means to access or collect data from the Website;
- Use any robot, spider, scraper, or other automated means to access or collect data from the Website for any purpose without our express written permission;
- Attempt to gain unauthorized access to any portion of the Website, other accounts, computer systems, or networks connected to the Website, through hacking, password mining, or any other means; probe, scan, or test the vulnerability of any system or network, or breach any security or authentication measures;
- Bypass, disable, or interfere with the Website’s cookie banner, consent-management platform, or other mechanisms designed to obtain, record, or honor user choices;
- Frame, mirror, or embed any part of the Website without our prior written consent;
- Use any manual or automated software, devices, or other processes to "crawl" or "spider" any page of the Website;
- Introduce any viruses, Trojan horses, worms, time bombs, cancelbots, or other computer programming routines that may damage, interfere with, intercept, or expropriate any system, data, or personal information;
- Modify, adapt, translate, or create derivative works based on the Website or any portion thereof;
- Remove, obscure, or alter any copyright, trademark, or other proprietary rights notice or legends that appear on the Website;
- Harvest, collect, or compile email addresses, phone numbers, or other contact details from the Website for the purposes of unsolicited communications, spamming, or data brokerage;
- Use the Website to develop, operate, or provide any product or service that competes with the Website or that replicates substantial features, look-and-feel, or content without our written permission;
- Misrepresent your identity or affiliation, or impersonate Halo Lab personnel or other persons;
- Use any third-party tools or integrations accessible via the Website in a manner that violates those third parties’ terms or privacy notices; or
- Use the Website for any commercial purpose without our express written permission.
We may suspend or terminate your access to the Website, remove or disable offending content, preserve information, and notify or cooperate with law-enforcement or regulators if we believe a violation has occurred. We may also seek any remedies available at law or in equity.
Third-Party Links
The Services may contain links to third-party websites, services, or resources. Halo Lab is not responsible for the content, products, or services available from such third parties. You are solely responsible for and assume all risks arising from your use of any third-party websites, services, or resources.
Intellectual Property
All content on our website, including but not limited to text, graphics, logos, images, and software, is the property of Halo Lab or its licensors and is protected by intellectual property laws. You may not use any of our content without our prior written consent.
“Halo Lab,” our logos, and any related names, product or service names, designs, and slogans are trademarks or trade dress of Halo Lab or its affiliates. You may not use our marks without our prior written permission. Third-party names and logos on the Website are the property of their respective owners and are used for identification purposes only.
If you submit ideas, suggestions, or proposals regarding the Website or our Services (“Feedback”), you grant Halo Lab a worldwide, perpetual, irrevocable, royalty-free license to use, reproduce, modify, adapt, publish, translate, distribute, and otherwise exploit such Feedback for any purpose, without restriction or compensation, and you waive any moral rights to the extent permitted by law.
You have only the right to view the Website and use the Website to order the Services. As a condition of using the Website, You warrant to Us that You will not use it for commercial purposes or any other purposes that are illegal or prohibited by these Terms.
Such use of the Website does not include any rights to: (a) sell or commercially exploit any part of the Website; (b) copy, distribute, publicly use, and publicly display any part of the Website; (c) modify any part of the Website or remove notices of titles; or (d) reconstruct or extract the source code of this software.
If you believe that any material on the Website infringes your intellectual property rights, please notify us at mail@halo-lab.com with sufficient detail to identify the material and your rights. We will review and respond consistent with applicable law, and may remove or disable access to alleged infringing content.
Disclaimer of Warranties
The Website is provided "as is" and "as available" without warranties of any kind, either express or implied, including, but not limited to, implied warranties of merchantability, fitness for a particular purpose, and non-infringement. Halo Lab does not warrant that the Services will be uninterrupted, error-free, secure, or free from viruses or other harmful components.
WE EXPRESSLY DISCLAIM ANY AND ALL CONDITIONS, REPRESENTATIONS, WARRANTIES OR OTHER TERMS, WHETHER EXPRESS OR IMPLIED. YOU ACKNOWLEDGE THAT WE DO NOT WARRANT THAT THE WEBSITE WILL BE UNINTERRUPTED, TIMELY, SECURE OR ERROR-FREE AND YOU FURTHER ACKNOWLEDGE THAT WE DO NOT WARRANT THAT THE ACCESS TO THE SERVICE(S), WHICH IS PROVIDED OVER INTERNET AND VARIOUS TELECOMMUNICATIONS NETWORKS, ALL OF WHICH ARE BEYOND OUR CONTROL, WILL BE UNINTERRUPTED, TIMELY, SECURE, ERROR-FREE OR FREE FROM VIRUSES OR OTHER MALICIOUS SOFTWARE.
Your use of the Website is at your own risk, and you are responsible for implementing appropriate safeguards (such as anti-virus and backups).
The Website may link to or integrate third-party websites, tools, or services; your use of any such Third-Party Services is at your own risk and is subject to those third parties’ terms and privacy notices, and we make no warranties regarding them.
For clarity, references to “Services” in this section refer solely to the informational/lead-generation services provided via the Website; any paid professional services are governed by a separate signed agreement (e.g., MSA/SOW), and nothing in this section limits any warranties expressly provided in such agreement.
No Professional Advice. Content on the Website is provided for general informational purposes only.
Governing Law and Jurisdiction
These Terms and any dispute or claim arising out of or in connection with them or their subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of Andorra, without regard to its conflict of law provisions. You agree to submit to the exclusive jurisdiction of the courts located in Andorra la Vella, Principat d’Andorra. Nothing in this section limits any mandatory rights that cannot be waived under applicable law (including non-waivable consumer protection rights). Notwithstanding the foregoing, Halo Lab may seek temporary, preliminary, or permanent injunctive or other equitable relief in any court of competent jurisdiction to protect its intellectual property rights or to prevent unauthorized access to or misuse of the Website.
Changes to These Terms
Halo Lab reserves the right, in its sole discretion, to modify or replace these Terms at any time without prior notice to users. The updated version of the Terms will be posted on our website and it is your responsibility to review the Terms periodically. Your continued access to or use of our Services after any revisions become effective constitutes your acceptance of the new Terms. If you do not agree to the new Terms, you must stop using the Services.
Miscellaneous
These Terms constitute the entire agreement between you and Halo Lab concerning your access to and use of the Website and if any provision of these Terms is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that the Terms will otherwise remain in full force and effect.
The failure of Halo Lab to exercise or enforce any right or provision of these Terms shall not constitute a waiver of such right or provision.
If you have any questions or concerns about these terms of use, please contact us at mail@halo-lab.com. We will make every effort to respond as soon as possible, but please note that it may take up to 30 days to receive a response.
Last updated: September 16, 2025
Halo Lab
Privacy Policy
Definitions
"Controller" means the organization that determines the purposes and means of processing Personal Data. The Controller is HALO LAB, SL (Societat Limitada), registered address: Av. de les Nacions Unides, 40, 6-1, Edifici A Tower, Escala A, AD700 Escaldes-Engordany, Principat d’Andorra.
"EU/EEA Representative" means the person designated under Article 27 GDPR to act on behalf of the Controller in the EU/EEA for data protection matters.
"Processor" means any third party that processes Personal Data on behalf of the Controller.
"Personal Data" means any information relating to an identified or identifiable natural person, such as name, email address, phone number, IP address, or other online identifier, as well as any other information that is linked or linkable to an identified or identifiable natural person.
General
At Halo Lab, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and protect your personal data in connection with our website, services, products, and any related software, documentation, and other materials provided by us (collectively, the "Services"). We collect personal data from you when you submit a request for services through our website or email, and such collection is based on our legitimate interest in providing our services, improving our service, and customer relationship management (CRM).
Your use of the Services is subject to this Privacy Policy; however, where consent is required by law (e.g., for cookies/marketing in the EEA/UK), we will request it separately and not rely on implied/blanket consent. If you do not agree with any of the terms of this Privacy Policy, please do not use our Services.
Collection and Use of Personal Data
We may collect personal data from you in connection with your use of our Services. Personal data is information that identifies or relates to you as an individual. The types of personal data we may collect include:
- Contact information, such as your name, email address, and phone number;
- Usage information, such as your IP address, browser type, operating system, and pages visited on our website;
- Communications, such as messages you send to us or information you provide when you participate in a survey or promotion; and
- Other information you choose to provide to us.
We use the personal data we collect for the following purposes:
| Purpose of processing | What we do | Special conditions and notes |
|---|---|---|
| Provide and operate the Services | Provide, configure, and deliver our business-to-business Services; fulfill requests you submit | Processing necessary to perform a contract or to take steps at your request prior to entering into a contract; no consent is required for this purpose |
| Communicate with you and respond to inquiries | Respond to messages, meeting requests, proposals, support tickets, and follow-ups; send service-related notices | Processing necessary to perform a contract or based on legitimate interests to operate and improve our Services |
| Personalize website experience and tailor our Services | Remember preferences; adapt content and offers on the website; improve navigation and usability | We obtain consent before setting non-essential cookies and similar technologies for personalization |
| Research, measurement, and service improvement | Measure performance; analyze aggregated trends; test and enhance features; debug and improve stability and security | In the European Economic Area and the United Kingdom, non-essential analytics requires prior consent; elsewhere we rely on legitimate interests where permitted by law |
| Marketing, advertising, and remarketing | Run and measure advertising and remarketing campaigns; manage audience lists; evaluate campaign effectiveness | You can grant, refuse, or withdraw consent at any time via the cookie banner or the “Manage cookies” link |
| Security, fraud prevention, and misuse detection | Monitor, prevent, and investigate suspicious or malicious activity; protect accounts and systems; maintain audit logs | Based on legitimate interests to keep our Services secure and to protect against fraud and abuse; in some cases we process to comply with legal obligations |
| Compliance with laws and protection of rights and interests | Comply with accounting, tax, and other legal requirements; establish, exercise, or defend legal claims; respond to lawful requests | Processing necessary to comply with legal obligations and for our legitimate interests in protecting and enforcing rights |
| Customer relationship management and lead management | Capture form submissions; qualify and manage leads; track interactions; schedule calls and demos; maintain accurate records | Based on legitimate interests to manage business relationships; where you ask us to contact you, processing may be necessary to take steps prior to entering into a contract |
| Other purposes with your consent | Any additional purpose described at the point of collection and for which we request your explicit consent | Performed only where you have given valid consent; you may withdraw consent at any time |
We use the collected personal data under the following legal bases:
| Purpose of processing | Primary legal basis | Details |
|---|---|---|
| Provide and operate the Services | Performance of a contract or taking steps at your request prior to entering into a contract (European Union General Data Protection Regulation Article 6(1)(b)); in limited cases, legitimate interests (Article 6(1)(f)) | Operating and improving business-to-business Services; efficient service delivery |
| Communicate with you and respond to inquiries | Performance of a contract or taking steps at your request prior to entering into a contract (Article 6(1)(b)); legitimate interests (Article 6(1)(f)) | Responding efficiently to requests; maintaining customer satisfaction |
| Personalize website experience and tailor our Services | Consent for non-essential cookies and similar technologies (Article 6(1)(a)); outside the European Economic Area and the United Kingdom where permitted, legitimate interests (Article 6(1)(f)) | Providing a more relevant and usable experience |
| Research, measurement, and service improvement | Consent for non-essential analytics (Article 6(1)(a)) in the European Economic Area and the United Kingdom; otherwise legitimate interests (Article 6(1)(f)) where permitted by law | Understanding how the website is used; improving performance and stability |
| Marketing, advertising, and remarketing | Consent (Article 6(1)(a)) in the European Economic Area and the United Kingdom; legitimate interests (Article 6(1)(f)) in other regions where permitted by law, with opt-out controls | Promoting our Services to business prospects; measuring effectiveness of campaigns |
| Security, fraud prevention, and misuse detection | Legitimate interests (Article 6(1)(f)); in some cases legal obligation (Article 6(1)(c)) | Keeping our Services secure; preventing fraud and abuse; protecting users |
| Compliance with laws and protection of rights and interests | Legal obligation (Article 6(1)(c)); legitimate interests (Article 6(1)(f)) | Protecting and enforcing legal rights; managing risk |
| Customer relationship management and lead management | Legitimate interests (Article 6(1)(f)); where you ask us to contact you or request a demo, performance of a contract or taking steps prior to entering into a contract (Article 6(1)(b)) | Managing leads and client relationships efficiently; ensuring accurate records |
| Other purposes with your consent | Consent (Article 6(1)(a)) |
We may also use your contact information to send you marketing materials about our products, services, and promotions. If you do not wish to receive these materials, you can unsubscribe at any time by clicking the "unsubscribe" link in the email or by contacting us.
Disclosure of Personal Data
We may disclose your personal data to the following types of third parties:
- Service Providers / Processors: We may share your personal data with third-party service providers who help us operate our business, such as website hosts, marketing partners, analytics providers (e.g., Google Analytics 4, Microsoft Clarity, Crazy Egg), advertising/remarketing platforms (e.g., Google Ads), and customer relationship management tools (e.g., HubSpot). These service providers may use your personal data only as necessary to provide their services to us and are contractually obligated to protect your personal data, and are prohibited from using personal data for their own purposes. Where required by law, non-essential analytics and advertising technologies are activated only with your consent.
- Affiliates / Intra-group recipients: We may share your personal data with our affiliates for the purposes described in this Privacy Policy, including with our affiliated company located in the United Arab Emirates (UAE) acting as an intra-group processor for internal hosting, support, and administrative purposes.
- Business Partners: We may share your personal data with our business partners when we collaborate with them to provide you with certain products or services.
- Professional Advisors: We may disclose personal data to our lawyers, auditors, accountants, and other professional advisors where necessary for the provision of their services and subject to confidentiality obligations.
- Legal Requirements: We may disclose your personal data when we believe in good faith that such disclosure is necessary to comply with applicable laws, regulations, or legal processes, or to respond to a subpoena or court order.
- Protect Our Rights and Interests: We may disclose your personal data when we believe in good faith that such disclosure is necessary to protect our rights or interests or the rights or interests of others.
- Aggregated or De-identified Information: We may share aggregated or de-identified information that cannot reasonably be used to identify you.
We do not sell, rent, or lease your personal data to third parties. In particular, we do not “sell” personal information as that term may be defined under applicable U.S. state privacy laws, and we do not “share” personal information for cross-context behavioral advertising without providing applicable opt-out or consent mechanisms.
Third-Party Links
Our Services may contain links to third-party websites, products, and services that are not owned or controlled by us. We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review the privacy policies and terms of use of any third-party sites that you access.
You further acknowledge and agree that Halo Lab shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any such content, goods or services available on or through any such web sites or services.
Security
We take reasonable measures to protect your personal data from unauthorized access, use, or disclosure. This includes appropriate technical and organizational measures such as encryption in transit, access controls based on least privilege, network and application monitoring, vulnerability management, employee confidentiality and security training, and incident response procedures. However, no data transmission over the internet or electronic storage can be guaranteed to be completely secure. To the extent permitted by law, we cannot guarantee absolute security of your personal data.
Principles of Processing
We process Personal Data in accordance with the GDPR/UK GDPR and commit to the principles set out in Article 5. In particular, Personal Data we process will be:
- Lawfulness, fairness & transparency. We process Personal Data on a valid legal basis (e.g., contract, legitimate interests, legal obligation, or consent) and provide clear, accessible notices about our processing activities. In the EEA/UK, non-essential analytics/advertising cookies are deployed only with your consent (no implied/blanket consent).
- Purpose limitation. We collect Personal Data for specified, explicit, and legitimate purposes and do not further process it in a manner incompatible with those purposes. If we intend to use Personal Data for a new purpose, we will provide prior notice and identify the applicable legal basis.
- Data minimisation. We limit Personal Data to what is adequate, relevant, and necessary in relation to the purposes (e.g., minimal form fields; pseudonymisation/aggregation where feasible).
- Accuracy. We keep Personal Data accurate and, where necessary, up to date, and we provide mechanisms for you to request correction or update of your data.
- Storage limitation. We retain Personal Data no longer than necessary for the purposes for which it is processed and then delete or irreversibly anonymise it.
- Integrity & confidentiality (security). We process Personal Data using appropriate technical and organisational measures (e.g., encryption in transit, least-privilege access controls, logging/monitoring, vulnerability management, incident response) and require equivalent protections from our processors and partners.
- Data protection by design and by default. We implement appropriate technical and organisational measures designed to ensure that, by default, only Personal Data necessary for each specific purpose is processed, and we continuously review controls in line with Article 25 GDPR.
Data Retention
Unless a longer retention period is required or permitted by law (e.g., tax, accounting, litigation hold), we retain personal data for the periods below and then delete or irreversibly anonymize it. Where consent is the legal basis, we delete the data after consent is withdrawn unless another legal ground applies.
| Data category | Examples | Default retention | Provider notes (configuration) |
|---|---|---|---|
| Leads & CRM records | Contact & professional info submitted via Book a Call, Contact Us; interaction history; campaign attribution | 24 months after the last interaction (or until you object/withdraw consent, if applicable) | HubSpot (CRM): enable an automated deletion rule for inactive contacts at 730 days. Suppression lists are kept indefinitely to respect unsubscribe/opt-out. Legal holds override |
| Contract / billing files | Proposals, SOWs, invoices, payment records | 6 years after contract end | Stored in internal systems |
| Support & general communications | Email threads, contact form messages, call notes | 24 months after ticket/issue closure | Email & ticketing systems per our configuration |
| Website analytics (GA4) | Event/user-level analytics, aggregated usage metrics | 14 months (standard; option 2 months). GA4 360 may allow 26/38/50 months. Google Signals capped at 26 months | Google Analytics 4: data retention configured to 14 months; cookie TTLs may differ |
| Session analytics (Microsoft Clarity / Crazy Egg) | Heatmaps, session replays, scroll/click maps |
Session replays: 30 days; heatmaps / pinned items: up to 13 months
Plan-dependent: ~6 months → 24 months for recordings |
Uses Clarity’s built-in limits (cannot be shortened below vendor
defaults)
Deletion performed per client instruction; full purge may take up to 180 days. |
| Advertising / remarketing | Audience lists, conversion data, campaign performance | Up to 540 days for audience membership; conversion logs retained per platform defaults | Google Ads: audience membership duration up to 540 days (campaign-dependent) |
| Security & audit logs | Access logs, event logs, fraud/abuse indicators | 12 months (unless extended for investigation) | Stored in logging/monitoring tools under restricted access |
| Consent records (CMP) | Timestamped records of cookie/marketing consent | 5 years | Stored in CMP/consent-logging system |
Where We Store Personal Data
We use reputable cloud providers and subprocessors that may store and process personal data in the European Union, the United States, the United Arab Emirates (for intra-group processing), and other jurisdictions. When personal data is transferred internationally, we implement appropriate safeguards such as the European Commission’s Standard Contractual Clauses and, where applicable, rely on participation in the EU-U.S. Data Privacy Framework, together with supplementary measures consistent with regulatory guidance.
Service-specific storage information:
- Google Analytics (GA4). Analytics data may be stored on Google servers located in the EU and the US. Transfers are safeguarded via Standard Contractual Clauses and/or reliance on Google’s participation in the EU-U.S. Data Privacy Framework (where applicable).
- Microsoft Clarity. Session analytics data may be stored on Microsoft infrastructure in the EU and the US. International transfers are protected via Standard Contractual Clauses.
- Crazy Egg. Heatmap and session analytics data are primarily stored in the US on Crazy Egg’s infrastructure. International transfers are protected via Standard Contractual Clauses.
- Google Ads (advertising/remarketing). Campaign, audience, and conversion data may be stored on Google servers in the EU and the US. International transfers are safeguarded via Standard Contractual Clauses and/or the EU-U.S. Data Privacy Framework (where applicable).
- HubSpot (CRM). CRM records are typically stored in the US (with EU data hosting available on certain plans). International transfers are protected via Standard Contractual Clauses and/or the EU-U.S. Data Privacy Framework (where applicable).
If you would like more details about specific storage locations or transfer safeguards for a given vendor, please contact us (see Contact Us).
International Transfers
We are established in Andorra. For transfers of personal data from the European Economic Area (EEA) to Andorra, we rely on the European Commission’s adequacy decision recognizing Andorra as providing an adequate level of protection.
We also engage processors and partners that may process personal data outside your jurisdiction (for example, in the European Union, the United States, and the United Arab Emirates). In such cases, we implement appropriate safeguards to ensure a level of protection essentially equivalent to that in the EEA/UK. These safeguards include:
- Standard Contractual Clauses (SCCs). For EEA-origin data transferred to countries without an adequacy decision (e.g., the United States or the United Arab Emirates), we enter into the European Commission’s Standard Contractual Clauses (2021/914) with the relevant recipients, using the appropriate modules and ensuring onward transfer restrictions and audit rights.
- UK Addendum / International Data Transfer Agreement (IDTA). For transfers originating from the United Kingdom, where no UK adequacy regulation applies, we use the UK Addendum to the EU SCCs or the UK IDTA, as applicable.
- EU–U.S. Data Privacy Framework (DPF). Where a U.S. recipient (e.g., certain analytics, advertising, or CRM providers) participates in the EU–U.S. DPF, we may rely on that certification for EEA→U.S. transfers. If a recipient does not participate, we use SCCs (and the UK Addendum/IDTA where relevant).
- Supplementary measures and Transfer Risk Assessments. We adopt technical, organizational, and contractual measures (e.g., access controls, encryption in transit, data minimization, purpose limitation, and transparency commitments) and conduct transfer risk assessments, where appropriate, in line with regulatory guidance.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time in response to changing legal, technical, or business developments. When we update this Privacy Policy, we will revise the "Last updated" date at the top of this document. If we make significant changes to this Privacy Policy, we will provide notice through our Services or by other means.
General Data Protection Regulation (GDPR) and UK GDPR
If you are a resident of the European Economic Area (EEA) or the United Kingdom, you have certain data protection rights. Halo Lab is committed to complying with the General Data Protection Regulation (GDPR) and the UK GDPR and Data Protection Act and other applicable data protection laws.
Under the GDPR/UK GDPR, you have the following rights:
- Right to be informed. You have the right to clear, transparent information about how we process your Personal Data
- Right of access to Your Personal Data. You can access, update, or request the deletion of Your Personal Data.
- Right to request rectification of Personal Data that We hold about You.
- Right to restriction of Processing of Personal Data. You can request restriction (e.g., while we verify accuracy, where processing is unlawful and you oppose erasure, or where you need the data for legal claims).
- Right to object to Processing of Your Personal Data. You also have the right to object where We are Processing Your Personal Data for direct marketing purposes.
- Right to request the erasure of Your Personal Data (“right to be forgotten”).
- Right to request the transfer of Your Personal Data (“right to data portability”).
- Right to withdraw Your Consent. You have the right to withdraw Your Consent to the use of Your Personal Data. If You withdraw Your Consent, We may not be able to provide You with access to certain specific functionalities of the Website.
- Rights related to automated decision-making. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you. We do not use such automated decision-making in relation to our Services.
To exercise any of these rights, please contact us at mail@halo-lab.com or via the contact details provided below. You may also contact our EU/EEA Representative at data-security@halo-lab.health (Serhiy Sumnikov (Oleksandrovych), Genewska 6, 03-963, Warsaw, Poland). We may need to verify your identity before fulfilling your request. Requests are free of charge unless manifestly unfounded or excessive.
We will respond without undue delay and within one month of receipt. Where necessary due to complexity or number of requests, we may extend by up to two further months and will inform you of the reasons.
If you are not satisfied with our response or believe that we are processing your personal data not in accordance with the law, you have the right to lodge a complaint with a supervisory authority.
ADDITIONAL INFORMATION FOR RESIDENTS OF THE UNITED STATES OF AMERICA
This section applies only if You are a resident of certain U.S. states that have implemented state-level privacy laws. You, as a Subject of Personal Data, have some special privacy rights. To use them, please contact Us.
Please note! Depending on the state and legislative requirements, We have from 30 (thirty) to 60 (sixty) days to exercise Your request, with the right to postpone it for 30 (thirty) days more.
If Your complaint is not satisfied, You can file a complaint with the Federal Trade Commission.
Also, You may submit a complaint as follows:
- For Colorado residents, to the Colorado AG at: https://coag.gov/file-complaint/
- For Connecticut residents, to the Connecticut AG at: https://www.dir.ct.gov/ag/complaint/
- For Montana residents: https://dojmt.gov/consumer/
- For Oregon residents: https://justice.oregon.gov/consumercomplaints/
- For Texas residents: https://oag.my.salesforce-sites.com/CPDOnlineForm
- For Utah residents: https://attorneygeneral.utah.gov/contact/complaint-form/
- For Virginia residents, to the Virginia Attorney General at: https://www.oag.state.va.us/consumercomplaintform
- For residents of Florida at: https://www.myfloridalegal.com/consumer-protection/consumer-complaint-form
Your rights vary depending on the laws that apply to You, but may include:
| Right | Description | Area | |
|---|---|---|---|
| Right to access | You can request an explanation of the Processing of Your Personal Data. |
|
|
| Right to correct | You can change the Data if it is inaccurate or incomplete. |
|
|
| Right to delete | You can send Us a request to delete Your Personal Data from Our systems. |
|
|
| Right to portability | You can request all the Personal Data You provided to Us and request to transfer Data to another Controller. |
|
|
| Right to opt out of sales | The right to opt out of the sale of Personal Data to Third Parties. |
|
|
| Right to opt out of certain purposes | The right to opt-out of Processing for profiling / targeted advertising purposes. |
|
|
| Right to opt out of Processing of sensitive Data | The right to opt-out of Processing of sensitive Data. |
|
|
| Right to opt in for sensitive Data Processing | The right to opt in before Processing of sensitive Data. |
|
|
| Right against automated decision-making | A prohibition against a business making decisions about a consumer based solely on an automated Process without human input. |
|
|
| Private right of action | The right to seek civil damages from a Controller for violations of a statute. |
|
|
| Please note! Some states do not have privacy laws. The rights of residents of such states are governed by U.S. federal law. If Your state is not on the list, please contact Us. | |||
Access to specific Data and the right to transfer Data
With certain exceptions, if You are a resident of the state of California, USA, You have the right to request a copy of the Personal Data (defined as Personal information for the purposes of this section) We have collected about You in the 12 (twelve) months prior to Your request. After receiving Your request and establishing Your identity, We will inform You of:
- categories of Personal information that We have collected about You,
- Our business or commercial purpose for collecting such Personal information,
- categories of Third Parties with whom We share this Personal information.
Also, if You are an Oregon resident, Delaware, Minnesota (effective from 31/07/2025), Maryland (effective from 01/10/2025) You also have the right to receive a list of the specific Third Parties to which We have disclosed Personal Data in Our capacity as a Controller, provided that We are not required to disclose its trade secrets.
To exercise Your rights, You may submit the request by sending an email to: mail@halo-lab.com. We will ensure that Your request is processed in accordance with the relevant legal requirements. We may require specific information from You to help Us confirm Your identity and process Your request. You have the right not to be discriminated against for exercising any of Your rights.
Non-discrimination
We will not discriminate against You for exercising Your rights related to the Processing of Your Personal information, as well as Your right to refuse to receive Our Features in the future, or for refusing to receive further marketing, informational / advertising materials from Us.
California Consumer Privacy Act (CCPA)
If you are a California resident, you have the right to request that we disclose certain information to you about our collection, use, disclosure, and sale of your personal data over the past 12 months. You also have the right to request that we delete your personal data, subject to certain exceptions. To make a request, please contact us using the contact information provided below.
We may deny your request if we are unable to verify your identity or if we are unable to comply with your request due to a legal obligation or exception. We will respond to your request within the timeframes required by applicable law.
We do not sell personal data of California consumers, and we have not sold such information in the preceding 12 months.
If you have any questions or concerns about our privacy practices or your rights under the CCPA, please contact us using the contact information provided below.
Do not sell and share my Personal information
Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have the right to opt out of the “sale” or “sharing” of their Personal information. “Sale” refers to the disclosure of Personal information to a Third Party for monetary or other valuable consideration. “Sharing” refers to the disclosure of personal information for cross-context behavioral advertising.
We use third-party analytics (Google Analytics 4, Microsoft Clarity, Crazy Egg) and advertising platforms (Google Ads). Where required by law, these operate only after consent in the EEA/UK. For certain U.S. states, this may constitute “sharing” for cross-context behavioral advertising; you may opt out via the “Do Not Sell or Share My Personal Information” controls.
If You are a resident of California or any U.S. state that grants similar rights, and You would like to ensure Your preference is recorded, You may contact us at mail@halo-lab.com. We will log Your request and confirm that Your information is not being sold or shared.
We do not collect sensitive Personal information as defined under the CCPA.
Children's Online Privacy Protection Act (COPPA)
Our Services are not directed to children under the age of 13, and we do not knowingly collect personal data from children under the age of 13. If you are under 13 years of age, do not use or provide any information on our Services or provide any personal data about yourself to us.
If we learn that we have collected personal data from a child under the age of 13 without verification of parental consent, we will delete that data. If you believe we might have any information from or about a child under 13, please contact us at the address provided below.
We encourage parents and legal guardians to monitor their children's internet usage and to help enforce our Privacy Policy by instructing their children to never provide personal data on our Services without their permission.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States, and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect Personal Data.
In order to be in line with Fair Information Practices We will take the following responsive action, should a data breach occur:
- We will notify the Users via Platform notification within 7 (seven) business days.
We also agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data Collectors and Processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and / or prosecute non-compliance by Data Processors.
Contact Us
If you have any questions or concerns about this Privacy Policy, please contact us mail@halo-lab.com.
Last updated: September 16, 2025
Halo Lab Cookie Policy
your project with us?
Based on 80+ reviews
with 100% Job Success
AgencY IN UAE
WORLDWIDE
