Halpme

🇬🇧🇪🇪🇷🇺🇪🇸

HalpMe Global Privacy Policy

Effective Date: 25th March, 2025

HalpMe OÜ ("HalpMe," "we," "our," or "us") values your privacy and is committed to safeguarding your personal data. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you interact with our websites, mobile applications, and related services (the "Platform").

We adhere to the principles of the General Data Protection Regulation (GDPR), Estonian consumer protection laws, and other applicable laws.

1. Scope of This Privacy Policy

  • This Privacy Policy applies to all users of the HalpMe Platform, including both Customers (those requesting services "Halps") and Halpers (independent service providers).
  • By using the Platform, you confirm that you understand and accept the terms in this Privacy Policy and in our Terms of Service.
  • For interactions between Customers and Halpers (such as chats, address exchange, or service delivery), each party acts as an independent data controller. HalpMe does not process this data and is not a data processor for user-to-user communications.
  • If you do not agree with this Policy, please stop using the Platform immediately.

2. Data We Collect

We collect personal data to operate the Platform and deliver Halps. This includes:

Data You Provide Directly:

  • Full name, email address, phone number (for account creation)
  • Profile content (e.g., photos, bio, qualifications, service listings)
  • Messages or inquiries you send to our team (e.g., support tickets, emails)

Data Collected Automatically:

  • Platform usage (e.g., log-in times, page views, clicks)
  • Device and browser information (e.g., IP, OS, browser type)
  • Approximate location, if you enable location services

Data from External Sources:

  • Analytics services (e.g., Google Analytics, Mixpanel)
  • Linked social media platforms (if you choose to connect)
  • Identity verification or background check providers (e.g., Onfido), if applicable and with your consent

Device and System Access:

  • Device identifiers (device model, operating system, unique device tokens) to provide personalized services, send notifications, and improve app functionality
  • Camera and photo library access to enable image capture and uploads within the app
  • Calendar access to help schedule and manage appointments (used solely for this functionality)

📱 Important Note on Media and Calendar Access:

  • Media files accessed through our app are used solely within the app and are not shared with third parties
  • Calendar information is strictly used for appointment management and is not shared externally
  • All data access permissions can be managed through your device settings

3. How We Use Your Data

We use your personal data to operate and improve the Platform in accordance with applicable laws. Our purposes include:

To Provide Core Services:

  • Create and manage your account
  • Facilitate bookings, payments, and user communication

To Improve the Platform:

  • Monitor usage trends to enhance performance and usability
  • Identify bugs and resolve technical issues

For Security and Legal Obligations:

  • Verify identities, prevent fraud, and detect abuse
  • Fulfill legal duties (e.g., accounting, tax, anti-money laundering)

To Personalise Your Experience (with consent):

  • Recommend content or Halpers based on preferences
  • Show targeted offers, promotions, or messages (only if opted in)

To Communicate with You:

  • Send confirmations, policy updates, service reminders, and marketing (where permitted)

4. Legal Bases for Processing

We process your personal data only where there is a valid legal basis under Article 6 of the GDPR. These bases include:

Performance of a Contract

  • To provide and manage your HalpMe account
  • To facilitate bookings, payments, and user communication

Legal Obligations

  • To comply with tax, accounting, AML, or consumer protection laws
  • To respond to lawful requests from public authorities

Legitimate Interest

  • To operate, maintain, and secure the Platform
  • To prevent abuse, fraud, or technical issues
  • To analyse performance and improve services (without profiling)

Consent (when required)

  • For sending marketing emails or notifications
  • For using optional cookies or third-party integrations

You can withdraw your consent at any time via your account or by contacting [email protected].

5. Data Sharing

We share your personal data only when necessary and in accordance with this Privacy Policy.

With Other Users (Halpers and Customers):

  • Limited personal details (e.g., name, contact number, address) are shared once a booking is confirmed to enable the Halp.
  • HalpMe does not monitor or process the personal data exchanged between Users. In such cases, each party is an independent data controller.

With Regulatory or Legal Authorities

  • When required by law (e.g., fraud investigation, court orders, tax obligations).

In Case of Business Transfers

  • If HalpMe is involved in a merger, acquisition, restructuring, or asset sale, your personal data may be transferred to the successor entity.

We do not sell or rent your personal data to third parties. Any data shared is strictly limited to the purpose it was collected for.

5.1 Service Providers

We work with trusted third-party service providers ("subprocessors") who help us operate and improve the Platform. These subprocessors act on our behalf under strict contractual terms and only process your data for the purposes described below.

All subprocessors are bound by Data Processing Agreements (DPAs) in compliance with Article 28 of the GDPR and are subject to audits or assessments to ensure continued compliance.

Categories of Service Providers:

Category Purpose Examples
Cloud Hosting Providers Infrastructure, server management Fly.io, AWS
Customer Support Platforms Ticketing, chat, helpdesk functions Intercom, Zendesk
Analytics Services Measure platform usage, events, behavior Google Analytics, Mixpanel
Marketing Tools CRM, campaigns, remarketing, engagement Twilio, Meta Platforms, Inc. (Facebook Pixel), Pipedrive
Automation Tools Workflow automation and task linking Zapier, Pipedrive
Document/ID Verification KYC, identity verification Onfido, Veriff
Communication Tools Internal collaboration and service alerts Google Workspace, Slack, Notion

These subprocessors are granted access only to the minimum data required to perform their tasks and are subject to encryption, access control, and data minimisation protocols.

⚠️ User-to-user data (e.g., addresses, messages between Halpers and Customers) is never accessed, stored, or processed by these providers. Each party is individually responsible for GDPR compliance in such exchanges.

We update our list of subprocessors as our operations evolve. Users will be notified via email or Platform notice if legally required.

6. Your Choices and Controls

As a user, you are in control of your personal data. HalpMe provides the following rights and tools under the GDPR:

Access & Portability

You can request a copy of your personal data at any time in a machine-readable format.

Correction (Rectification)

You may edit or correct your account details directly via your profile settings.

Deletion (Right to be Forgotten)

You may request account deletion by contacting [email protected]. We will delete your data unless we are legally required to retain certain records (e.g. for tax or fraud prevention).

Marketing Preferences

You can unsubscribe from marketing emails via links in the messages or your notification settings in the app.

Cookie Preferences

You can adjust or withdraw consent via our Cookie Policy at any time.

To exercise any of these rights, email [email protected]. We will respond within 30 calendar days, in line with GDPR obligations.

7. Data Retention

We retain your personal data only for as long as it is necessary to:

  • Deliver the Platform and services
  • Comply with legal, regulatory, or contractual obligations
  • Resolve disputes and enforce our Terms

Retention Periods:

  • Account Data: Stored while your account is active. If you deactivate your account, we retain only what is legally required.
  • Payment & Transaction Data: Retained for up to 7 years for tax, accounting, and anti-fraud compliance.
  • Support Communications & Logs: Retained for up to 24 months for quality and dispute resolution.

After these periods:

  • Data is securely deleted, or
  • Anonymised and used only for statistical or service improvement purposes.

Inactive accounts may be flagged for anonymisation or deletion after 24 months of inactivity, unless linked to unresolved issues or required by law.

8. Data Security

We take data protection seriously and implement strong technical and organisational measures to safeguard your personal data. These include:

  • 🔒
    Encryption: Sensitive data (e.g., passwords, payment info) is encrypted both in transit and at rest.
  • 🔐
    Access Controls: Only authorised personnel can access personal data, based on role and necessity.
  • 🛡
    Infrastructure Security: Our servers are hosted in certified, secure data centres with firewalls and continuous monitoring.
  • 🔁
    Monitoring & Audits: We regularly test systems, perform internal audits, and assess third-party security standards.
  • 🚫
    Incident Response: We have a response protocol in place for suspected data breaches. Affected users will be notified as required under GDPR (Articles 33–34).

🔒 Data Transmission Security:

All data, including device identifiers, media files, and calendar information, is transmitted using industry-standard encryption protocols. We employ end-to-end encryption for sensitive data transfers and secure storage systems for all user information.

9. Children's Privacy

The HalpMe Platform is intended for use only by individuals who are 18 years or older.

We do not knowingly collect or process personal data from individuals under 18. If we discover that we have inadvertently collected such data, we will:

  • Delete it without delay; and
  • Take steps to prevent future collection.

Parents or guardians who believe their child's data has been submitted in error should contact us immediately at [email protected].

10. Automated Decision-Making

HalpMe does not currently use personal data to make decisions based solely on automated processing that produce legal or similarly significant effects, as defined in Article 22 of the GDPR.

If we introduce such automated features (e.g. risk scoring, task-matching algorithms, fraud flags), you will be informed in advance. In such cases, you will have the right to:

  • Request human intervention
  • Express your point of view
  • Contest the automated decision

To exercise these rights, contact us at [email protected]. We will respond within 30 calendar days as required by GDPR.

11. Updates to This Policy

We may revise this Privacy Policy from time to time to reflect:

  • Changes in law (e.g. GDPR, ePrivacy updates)
  • Improvements to our services or security practices
  • New features or third-party services

How we notify you:

  • Material changes will be communicated via email and/or prominent notice on the Platform.
  • Minor updates may be reflected directly in the Policy.

Continued use of the Platform after updates means you accept the revised Policy. We recommend reviewing this page periodically to stay informed.

12. Contact Us

If you have any questions, concerns, or would like to exercise your rights under this Privacy Policy, you can reach us at:

  • 📧
  • 🏢
    Mailing Address: HalpMe OÜ, Merivälja tee 50, 1191 Tallinn, Estonia

We respond to all requests within 30 calendar days, as required by GDPR.

Supervisory Authority Contact: If you are not satisfied with our response, you may file a complaint with:

  • Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon): https://www.aki.ee
  • Or your local EU data protection authority if outside Estonia.

We are committed to resolving privacy concerns fairly and transparently.