At Halo Support Ltd, we value transparency and take data privacy seriously. This policy explains how and when we may use Artificial Intelligence (AI) tools in relation to customer data. It applies to Halo Support Ltd and its directors, Tom Lewis and Mark Haycock, as well as any future employees or contractors.

We always adopt the “Human in the loop” approach, meaning we never share AI generated or AI Processed content of any kind without strictly reviewing the contents first. Before any AI-generated or AI-processed content is used or shared externally, it is reviewed by either Tom Lewis (Director) or Mark Haycock (Director) to check for accuracy, appropriateness, and data compliance. Ensuring these checks are carried out is the responsibility of the DPO.

AI is now embedded in many everyday software tools, and it's not always possible to identify or list every instance. We commit to being open about our deliberate use of AI wherever we can.

1. Purpose of Using AI

From time to time, we may use AI platforms such as (but not limited to) Google Gemini, ChatGPT, Claude, Apple Intelligence, or other similar technologies to assist with routine tasks like drafting responses, checking spelling and grammar, assisting with day-to-day tasks, or improving the clarity of images.

The platforms listed above are examples only and do not represent a formal endorsement. Their inclusion reflects current usage at the time of publication and is subject to change. All platforms are assessed against our data protection requirements before use.

AI is only used to enhance the quality or presentation of materials - not to make decisions about customers, analyse personal data, or share information with third parties. To be clear, AI is not used to autonomously make or influence decisions that directly affect customers, such as eligibility, pricing, or service access.

2. What This Policy Covers

This policy applies only to customer data that Halo Support may handle as part of our services or communications.

It does not apply to:

• Any marketing or internal company materials.
  

• Any data stored or processed on Halo Sign-in Systems.
  

Visitor records and other information held within Halo Sign-in systems are strictly governed by our GDPR Policy and are never accessed, transferred, or uploaded to AI tools for any reason. Should we ever need to view such data for troubleshooting or updates, this will only be done with prior customer approval and strictly in line with our GDPR commitments.

3. Image Enhancements

In some cases, a school or organisation may ask us to improve the quality of staff photos prior to them being used on the Halo Sign-in System (for example, to increase clarity or resolution).

In these situations:

• We will only use AI tools after receiving written permission from the organisation in the form of an email and that correspondence will be retained.
  

• Any altered images will be shared with the customer for review and approval before they are used. The person in the image has final say on its suitability.

• Any images processed or enhanced by AI will be stored in line with our general data retention policy found in our GDPR Policy.
  
  

4. Responsible Use and Data Minimisation

When using AI platforms, we take steps to protect privacy and confidentiality at all times:

• Only the minimum amount of information needed to complete a task is ever entered into an AI tool.
  

• Wherever possible, data is anonymised or redacted before being used.
  

• For business activities, we will only use licensed AI platforms that ensure the safety of data and do not use any supplied data to train their underlying models. We review vendor Data Processing Agreements prior to using any platform for business activities. We periodically re-check these agreements and will cease using any platform that no longer meets our data protection standards.

• If other, free systems are used, either for internal trials or evaluation etc, we will never upload any customer data to those services to ensure your data remains safe.
  

5. Oversight and Accountability

All AI use within Halo Support is authorised and monitored by Tom Lewis, in his role as Data Protection Officer (DPO).

We ensure that any use of AI aligns fully with our GDPR Policy and our wider commitment to data security, integrity, and customer trust.

We recognise that AI-related incidents may be more difficult to detect or scope than traditional data breaches. Any suspected incident involving AI tools will be escalated immediately to the DPO for assessment, and investigated in line with our GDPR Policy.

6. Ongoing Review

AI technologies continue to evolve, and this policy may be updated periodically to reflect best practices or operational changes. Any updates will be published on this page, and we encourage customers to check back for the latest version.

7. Questions or Concerns

If you have any questions about how Halo Support uses AI, please contact:

info@halo.support

This policy was last reviewed on 8th June 2026 by Tom Lewis (Director and DPO) V1.1