Last modified: September 14, 2018
Halo Neuro, Inc., doing business as Halo Neuroscience ("we", "our", "us") is committed to protecting and respecting your privacy. We are a company incorporated in Delaware, US, with a registered office at 735 Market Street, 4th Floor, San Francisco, CA 94103, US. For the purpose of the General Data Protection Regulation (the "GDPR"), we are the data controller.
Information We Collect and How We Collect It
When you use the Service you provide us with three types of information: (i) information you submit via the Service; (ii) information regarding your use of the Service collected by us as you interact with the Service; and (iii) information about your use of third party mobile applications available through your mobile device.
We collect and/or request information in two ways:
· Information you give us —
Purchase and Account Information
You must register for an account in order to access the Halo Sport App. By registering for the Halo Sport App, you agree that we will have access to your email address. By purchasing a Halo Device, you agree that we will have access to your purchase information comprising your name, shipping address, country, language and other necessary information to provide you with the Halo Device.
We may also collect from you the following personal information about your contacts: name and address in order to fulfill a purchase order. When you provide us with personal information about your contacts, we will only use this information for the specific reason for which it is provided.
If you believe that one of your contacts has provided us with your personal information and you would like to request that it be removed from our database, please contact us at email@example.com.
As it is in our legitimate interests to be responsive to you and to ensure the proper functioning of the Service, we will use your account and purchase information to:
- provide the Service to you;
- communicate with you about the Service;
- personalize the Service for you; provide technical support;
- secure your account and protect against fraud;
- enforce our Terms of Service; and
- if you have opted in to marketing, invite you to test future versions of the Service and communicate with you about products, services, promotions, events and other news and information we think will be of interest to you.
· Information we get from your use of the Service —
Halo Device Data
When you access and use the Service, we collect the data you submit to or through the Service. This data includes information on the amount or type of Neuropriming delivered, impedance and other device performance information. When you sync your Halo Device through the Halo Sport App, data recorded on your Halo Device about your activity is transferred from your Halo Device to our servers in the US. This data is stored and used to provide the Service and is associated with your account. Each time a sync occurs, we log data about the transmission. Some examples of the log data are the sync time and date, device battery level, and the IP address used when syncing.
When you access and use the Service, we automatically collect the data sent to us by your computer, mobile phone, or other access device. This information includes your IP address, browser type, Internet service provider (ISP), hardware model, referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system version, unique device identifiers, mobile network information, date/time stamp and/or clickstream data to analyze trends in the aggregate and administer the Halo Site..
We also automatically collect usage information, such as the number and frequency of visitors to the Halo Site. We may use this data in aggregate form—that is, as a statistical measure—but not in a manner that would identify you personally. This type of aggregate data enables us, and third parties authorized by us, to figure out how individuals use the Service so that we can improve it accordingly.
As it is in our legitimate interests to process your data to provide an effective Service and useful content to you, we collect the data from your Halo Device and the technical information in order to:
- customize and optimize the content you receive when you use the Service and otherwise improve your experience on the Service;
- troubleshoot the Service and provide technical support;
- detect and protect against error, fraud or other criminal activity;
- monitor and analyze trends, usage and activity in connection with the Service; and
- conduct data analysis, testing, research and statistical analysis.
Information Collected Using Cookies and Web Beacons
"Cookies" are small data files that are sent to your web browser when you access a website. The files are stored on your device's hard drive. We use "session" cookies to keep you logged in while you use our Service, to track your preferences and to track trends and monitor usage and web traffic information on our Service. We use "persistent" cookies to relate your use of our Service to other information about you and store information about your preferences to make your user experience consistent and customized.
We may also use "clear GIFs" (also known as "web beacons" or "pixel tags") or similar technologies on our Service or in our communications with you to enable us to know whether you have visited a part of our Service or received a message. A clear GIF is typically a one-pixel, transparent image (although it can be a visible image as well), located on a website or in an email or other type of message, which is retrieved from a remote website on the Internet enabling the verification of an individual's viewing or receipt of a website or message. We may also log information using digital images called web beacons on our Service or in our emails. We may use web beacons to manage cookies, count visits, and to learn what marketing works and what does not. We may also use web beacons to tell if you open or act on our emails. We do not track our users across third party websites and thus do not respond to Do Not Track ("DNT") signals.
We use Google Analytics, which is a web analytics tool that helps us understand how users engage with the Halo Site. Like many services, Google Analytics uses first-party cookies to track user interactions, as in our case, where they are used to collect information about how users use the Halo Site. This information is used to compile reports and to help us improve the Halo Site. The reports disclose website trends without identifying individual visitors. You can opt out of Google Analytics without affecting how you visit the Halo Site – for more information on opting out of being tracked by Google Analytics across all websites you use, visit this Google page: https://tools.google.com/dlpage/gaoptout.
When you download and use our Halo Sport App, we may automatically collect information on the type of device you use, operating system version and the device identifier (or "UDID").
When you access the Halo Sport App, you may also be asked to allow push messages to be sent to you outside or inside of the Halo Sport App. If you do so a device token will be generated, which is associated with you until you log out. We will collect and store these device tokens on our servers in the US.
You have control over any settings related to the push messages, and can opt in or out of any push messages.
We do not ask for access or track any location-based information from your mobile device at any time while downloading or using the Service.
We use mobile analytics software to allow us to better understand the functionality of the Halo Sport App on your phone. This software may record information such as how often you use the Halo Sport App, the events that occur within the Halo Sport App, aggregated usage, performance data, and where the Halo Sport Appwas downloaded from. We do not link the information we store within the analytics to any personal information you submit within the Halo Sport App.
Our Use of Your Aggregated Information
We are committed to furthering scientific research in the fields of neuromodulation, sports science, and human performance. Consequently, we may share, analyze, publish or sell aggregated data, with partners and the public in a variety of ways, such as by publishing scientific papers on topics related to Neuropriming, publishing reports about athletic performance, or providing guidance to consumers or partners regarding best practices.
IMPORTANT: Even if you delete the Halo Sport App, close your account or stop using the Service, we will retain the data collected from your use of the Halo Device, including data recorded on your Halo Device about your activity. However, we will use such information only in aggregated form.
Sharing your Data with Third Parties
- Amazon Redshift, a data warehousing service provided by Amazon Web Services that is located in the US and stores your data in the US, in order to store the personal data and other information you provide and for disaster recovery services;
- Heroku, an IT and mobile app service provided by Salesforce that is located in the US and stores your data in the US, in order to receive SaaS services and to store our customer relationship management information; and
- MixPanel, a user analytics service that is located in the US and stores your data in the US in aggregated form, which tracks events in the performance of the Service such as log errors in order to assist us in the improvement and optimization of the Service.
We also use third-party payment providers to process payments you make in respect of the Service. These third parties will have their own privacy policies addressing their use of your personal data in order to process your payments. Please check these policies before you submit any information to those third parties.
We will share your personal data if legally required in response to a valid law enforcement request or legal process, to protect our rights and property or those of third parties, or as otherwise permitted or required by law.
Additionally, we may disclose your personal data:
- if we believe there is a serious and imminent threat to the life, health or safety of yourself or another person;
- to investigate or report on activity which we believe on reasonable grounds to be unlawful;
- if disclosure is required or authorized by law (for example, in response to a subpoena or where a regulatory authority has the power to request the provision of certain records or information);
- if disclosure is reasonably necessary to enable an enforcement body to perform its functions, for example the prevention, detection, investigation, prosecution or punishment of criminal offenses, or the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of the orders of a court or tribunal; or
- if we have a good faith belief that such use is reasonably necessary to protect our legal and legitimate business interests.
Transfer of your Personal Data outside the European Economic Area
As we are a US based company, we require the transfer of your personal data to the US in order for us to provide you with our Service. By using the Halo Site and/or Halo Sport App, you acknowledge this use of your data for the purpose of our performance of the contract with you. If you are based in the European Union and you do not agree to the transfer of your data outside of the European Economic Area (the "EEA"), please stop using our Halo Site and Halo Sport App. If you order a Halo Device, we will need to transfer your data outside of the EEA in order to fulfil your order and meet our contractual obligations to you.
When we transfer your personal data to third parties located outside of the EEA, such transfers will either (i) be under the European Commission's model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses), pursuant to Decision 2004/915/EC and 2010/87/EU; or (ii) in reliance on the EU-US Privacy Shield Framework. Please contact firstname.lastname@example.org if you would like to see a copy of the standard contractual clauses. .
EU-US Privacy Shield and Swiss-US Privacy Shield
Halo Neuro, Inc. participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European (EU) member countries and Swizerland, respectively, in reliance on each Privacy Shield Framework, to the Framework's applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce's Privacy Shield List.
Halo Neuro, Inc. is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Halo Neuro, Inc. complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Halo Neuro, Inc. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Protecting Your Information
We have implemented policies and procedures, including technical and organizational measures, that are designed to help safeguard your information from unauthorized access, use or modification. However, unfortunately the transmission of information via the internet or email is not completely secure and we cannot guarantee the security of your information transmitted through the Service or over email; any transmission is at your own risk. We advise you that we believe a persistent attacker with sufficient resources would be able to defeat the security measures we have in place.
We will, from time to time, host links to and from the websites of our affiliates or third parties. If you follow a link to any of these websites, these websites will have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any information to those websites.
Retention of your Personal Data
We will retain your personal data as follows:
- purchase and account information: for the period that you are using the Service as an active user and as reasonably necessary to comply with our legal obligations, allow us to resolve and litigate disputes, and to enforce our Terms of Service; and
- the Halo Device data that you submit to or through the Service: for as long as your account is active and a reasonable period thereafter in case you decide to re-activate the Service.
As explained above under "Our Use of Your Non-Identifiable Information", after you have terminated your use of the Service we will store your information in a non-identifiable, aggregated form.
You have the right to ask us to access the personal data we hold about you and be provided with certain information about how we use your personal data and who we share it with. You also have the right to ask us to correct your personal data where it is inaccurate or incomplete and we will endeavor to do so without undue delay.
In certain circumstances, you have the right to ask us to delete the personal data we hold about you:
- where you believe that it is no longer necessary for us to hold your personal data;
- where we are processing your personal data on the basis of legitimate interests and you object to such processing and we cannot demonstrate an overriding legitimate ground for the processing; or
- where you believe the personal data we hold about you is being unlawfully processed by us.
In certain circumstances, you have the right to ask us to restrict (or stop any active) processing of your personal data:
- where you believe the personal data we hold about you is inaccurate and while we verify its accuracy;
- where we want to erase your personal data as the processing is unlawful but you want us to continue to store it;
- where we no longer need your personal data for the purposes of our processing but you require us to retain the data for the establishment, exercise or defense of legal claims; or
- where you have objected to us processing your personal data based on our legitimate interests and we are considering your objection.
To exercise any of these rights above, please contact us at email@example.com. In addition, you have the right to complain to the data protection supervisory authority in your country.
Please note that these rights are limited, for example, where fulfilling your request would adversely affect other individuals, where there are overriding public interest reasons or where we are required by law to retain your personal data.
You may sign up to receive email, newsletters or other communications from us. If you would like to discontinue receiving such communications, you may update your email preferences by [using the unsubscribe link found in emails we send to you or at your member profile on our website or by contacting us at firstname.lastname@example.org.
The Service is not directed to children and is not intended for any persons under 18 years of age. Moreover, we do not knowingly collect personal data from subjects under 13 years of age. If a parent or guardian becomes aware that his or her child has provided us with personal data without their consent, please contact us at email@example.com. If we become aware that a member is under the age of 13 and has provided us with personal data, we will delete such information from our file.
California residents may choose to request certain information regarding our disclosure of Personally Identifiable Information to third parties for their direct marketing purposes or choose to opt out of such disclosure. Personally Identifiable Information is defined under US law and is information that, taken alone, identifies you and can be used to contact you online or offline. To make a request or to opt out at any time, please contact us at firstname.lastname@example.org or the other contact information provided below. Our policy is not to disclose Personally Identifiable Information collected online to a third party for directing marketing without your approval.
In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at email@example.com and we will endeavor to deal with your request. This is without prejudice to your right to lodge a complaint with the data protection supervisory authority in your country.
Questions, comments and requests regarding this policy are welcomed and should be addressed to firstname.lastname@example.org or Halo Neuro, Inc., 735 Market Street, 4th Floor, San Francisco, CA 94103, US.