Privacy Policy

Last modified: September 14, 2018

Introduction

Halo Neuro, Inc., doing business as Halo Neuroscience ("we", "our", "us") is committed to protecting and respecting your privacy. We are a company incorporated in Delaware, US, with a registered office at 735 Market Street, 4th Floor, San Francisco, CA 94103, US. For the purpose of the General Data Protection Regulation (the "GDPR"), we are the data controller.

This privacy policy ("Privacy Policy") describes how we collect and use the personal information you provide when using our Service. The term "Service" includes the Halo products and devices (a "Halo Device"), the Halo website currently available at www.haloneuro.com (and any successor site) (the "Halo Site"), the Halo mobile application (the "Halo Sport App") and related content, software, applications, widgets, materials and/or services made available by us. For the purposes of this Privacy Policy the term "you" refers to you, as a user of the Service. Capitalized terms not defined in this Privacy Policy have the meanings set forth in the Terms of Service. This Privacy Policy adheres to the Privacy Shield Principles.

This Privacy Policy also describes the choices available to you regarding our use of your personal data and usage information, how you can access and update this data, and what we will retain even if you decide to delete the Service or stop using the Service. Your use of the Service indicates that you acknowledge our collection, storage, use and disclosure of your personal data and other information as described in this Privacy Policy and agree to our Terms of Service. Please read this Privacy Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with this Privacy Policy in general or any part of it or do not agree to the Terms of Service, you should not use the Service.

Information We Collect and How We Collect It

When you use the Service you provide us with three types of information: (i) information you submit via the Service; (ii) information regarding your use of the Service collected by us as you interact with the Service; and (iii) information about your use of third party mobile applications available through your mobile device.

We collect and/or request information in two ways:

· Information you give us —

Purchase and Account Information

You must register for an account in order to access the Halo Sport App. By registering for the Halo Sport App, you agree that we will have access to your email address. By purchasing a Halo Device, you agree that we will have access to your purchase information comprising your name, shipping address, country, language and other necessary information to provide you with the Halo Device.

We may also collect from you the following personal information about your contacts: name and address in order to fulfill a purchase order. When you provide us with personal information about your contacts, we will only use this information for the specific reason for which it is provided.

If you believe that one of your contacts has provided us with your personal information and you would like to request that it be removed from our database, please contact us at support@haloneuro.com.

As it is in our legitimate interests to be responsive to you and to ensure the proper functioning of the Service, we will use your account and purchase information to:

· Information we get from your use of the Service —

Halo Device Data

When you access and use the Service, we collect the data you submit to or through the Service. This data includes information on the amount or type of Neuropriming delivered, impedance and other device performance information. When you sync your Halo Device through the Halo Sport App, data recorded on your Halo Device about your activity is transferred from your Halo Device to our servers in the US. This data is stored and used to provide the Service and is associated with your account. Each time a sync occurs, we log data about the transmission. Some examples of the log data are the sync time and date, device battery level, and the IP address used when syncing.

Technical Information

When you access and use the Service, we automatically collect the data sent to us by your computer, mobile phone, or other access device. This information includes your IP address, browser type, Internet service provider (ISP), hardware model, referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system version, unique device identifiers, mobile network information, date/time stamp and/or clickstream data to analyze trends in the aggregate and administer the Halo Site..

We also automatically collect usage information, such as the number and frequency of visitors to the Halo Site. We may use this data in aggregate form—that is, as a statistical measure—but not in a manner that would identify you personally. This type of aggregate data enables us, and third parties authorized by us, to figure out how individuals use the Service so that we can improve it accordingly.

As it is in our legitimate interests to process your data to provide an effective Service and useful content to you, we collect the data from your Halo Device and the technical information in order to:

Information Collected Using Cookies and Web Beacons

We use cookies or similar technologies to analyze trends, administer the Halo Site, track users' movements around the Halo Site, and to gather demographic information about our user base as a whole. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on the Halo Site or Service.

"Cookies" are small data files that are sent to your web browser when you access a website. The files are stored on your device's hard drive. We use "session" cookies to keep you logged in while you use our Service, to track your preferences and to track trends and monitor usage and web traffic information on our Service. We use "persistent" cookies to relate your use of our Service to other information about you and store information about your preferences to make your user experience consistent and customized.

Cookies help us to improve the Service. You can change your settings on your browser settings to refuse cookies or prompt you before accepting cookies.

We may also use "clear GIFs" (also known as "web beacons" or "pixel tags") or similar technologies on our Service or in our communications with you to enable us to know whether you have visited a part of our Service or received a message. A clear GIF is typically a one-pixel, transparent image (although it can be a visible image as well), located on a website or in an email or other type of message, which is retrieved from a remote website on the Internet enabling the verification of an individual's viewing or receipt of a website or message. We may also log information using digital images called web beacons on our Service or in our emails. We may use web beacons to manage cookies, count visits, and to learn what marketing works and what does not. We may also use web beacons to tell if you open or act on our emails. We do not track our users across third party websites and thus do not respond to Do Not Track ("DNT") signals.

We use Google Analytics, which is a web analytics tool that helps us understand how users engage with the Halo Site. Like many services, Google Analytics uses first-party cookies to track user interactions, as in our case, where they are used to collect information about how users use the Halo Site. This information is used to compile reports and to help us improve the Halo Site. The reports disclose website trends without identifying individual visitors. You can opt out of Google Analytics without affecting how you visit the Halo Site – for more information on opting out of being tracked by Google Analytics across all websites you use, visit this Google page: https://tools.google.com/dlpage/gaoptout.

This Privacy Policy only covers our use of cookies and does not cover the use of cookies by third parties. We do not control when or how third parties place cookies on your computer. For example, third party websites to which a link points may set cookies on your computer.

Mobile Application

When you download and use our Halo Sport App, we may automatically collect information on the type of device you use, operating system version and the device identifier (or "UDID").

Push Notification

When you access the Halo Sport App, you may also be asked to allow push messages to be sent to you outside or inside of the Halo Sport App. If you do so a device token will be generated, which is associated with you until you log out. We will collect and store these device tokens on our servers in the US.

You have control over any settings related to the push messages, and can opt in or out of any push messages.

We do not ask for access or track any location-based information from your mobile device at any time while downloading or using the Service.

We use mobile analytics software to allow us to better understand the functionality of the Halo Sport App on your phone. This software may record information such as how often you use the Halo Sport App, the events that occur within the Halo Sport App, aggregated usage, performance data, and where the Halo Sport Appwas downloaded from. We do not link the information we store within the analytics to any personal information you submit within the Halo Sport App.

Behavioral Advertising

We partner with a third party to [display advertising on the Halo Site and to manage our advertising on other sites]. Our third party partner may use cookies or similar technologies in order to provide you advertising based upon your browsing activities and interests. If you wish to opt out of interest-based advertising click here [or if located in the European Union click here]. Please note you will continue to receive generic ads.

Our Use of Your Aggregated Information

We are committed to furthering scientific research in the fields of neuromodulation, sports science, and human performance. Consequently, we may share, analyze, publish or sell aggregated data, with partners and the public in a variety of ways, such as by publishing scientific papers on topics related to Neuropriming, publishing reports about athletic performance, or providing guidance to consumers or partners regarding best practices.

IMPORTANT: Even if you delete the Halo Sport App, close your account or stop using the Service, we will retain the data collected from your use of the Halo Device, including data recorded on your Halo Device about your activity. However, we will use such information only in aggregated form.

Sharing your Data with Third Parties

We do not sell, rent or lease your personal data to others except as described in this Privacy Policy. We only share your information with our third party vendors who support us in providing the Service. These companies are authorized to use your personal information only as necessary to provide their services to us. These recipients include:

We also use third-party payment providers to process payments you make in respect of the Service. These third parties will have their own privacy policies addressing their use of your personal data in order to process your payments. Please check these policies before you submit any information to those third parties.

We will share your personal data if legally required in response to a valid law enforcement request or legal process, to protect our rights and property or those of third parties, or as otherwise permitted or required by law.

Additionally, we may disclose your personal data:

Business Transfers

As we continue to develop our business, we may sell, transfer or otherwise share your personal data in connection with a merger, reorganization, bankruptcy or sale of our company. In such transactions, customer information generally is one of the transferred business assets but remains subject to the promises made in any pre-existing Privacy Policy (unless the customer agrees otherwise). Also, in the event that we are acquired or substantially all of our assets are acquired, customer information will likely be one of the transferred assets. Any acquirer of ours or that acquirer's assets may continue to receive, store, and process your information as set forth in this Privacy Policy. We may provide access to your information as part of diligence or review processes conducted by potential acquirers, entities providing financing to them or us and their advisors. It is within our legitimate interests to share data in this manner and we will take the necessary steps to ensure the ongoing protection of your data in accordance with the terms of this Privacy Policy.

Transfer of your Personal Data outside the European Economic Area

The information that we collect from you will be transferred to and stored at/processed in the United States by us or our third party vendors (see "Sharing your Data with Third Parties"). The people processing your personal data are engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy Policy.

As we are a US based company, we require the transfer of your personal data to the US in order for us to provide you with our Service. By using the Halo Site and/or Halo Sport App, you acknowledge this use of your data for the purpose of our performance of the contract with you. If you are based in the European Union and you do not agree to the transfer of your data outside of the European Economic Area (the "EEA"), please stop using our Halo Site and Halo Sport App. If you order a Halo Device, we will need to transfer your data outside of the EEA in order to fulfil your order and meet our contractual obligations to you.

When we transfer your personal data to third parties located outside of the EEA, such transfers will either (i) be under the European Commission's model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses), pursuant to Decision 2004/915/EC and 2010/87/EU; or (ii) in reliance on the EU-US Privacy Shield Framework. Please contact support@haloneuro.com if you would like to see a copy of the standard contractual clauses. .

EU-US Privacy Shield and Swiss-US Privacy Shield

Halo Neuro, Inc. participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European (EU) member countries and Swizerland, respectively, in reliance on each Privacy Shield Framework, to the Framework's applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce's Privacy Shield List.

Halo Neuro, Inc. is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Halo Neuro, Inc. complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Halo Neuro, Inc. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

Protecting Your Information

We have implemented policies and procedures, including technical and organizational measures, that are designed to help safeguard your information from unauthorized access, use or modification. However, unfortunately the transmission of information via the internet or email is not completely secure and we cannot guarantee the security of your information transmitted through the Service or over email; any transmission is at your own risk. We advise you that we believe a persistent attacker with sufficient resources would be able to defeat the security measures we have in place.

We will, from time to time, host links to and from the websites of our affiliates or third parties. If you follow a link to any of these websites, these websites will have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any information to those websites.

Retention of your Personal Data

We will retain your personal data as follows:

As explained above under "Our Use of Your Non-Identifiable Information", after you have terminated your use of the Service we will store your information in a non-identifiable, aggregated form.

Your rights

You have the right to ask us to access the personal data we hold about you and be provided with certain information about how we use your personal data and who we share it with. You also have the right to ask us to correct your personal data where it is inaccurate or incomplete and we will endeavor to do so without undue delay.

In certain circumstances, you have the right to ask us to delete the personal data we hold about you:

In certain circumstances, you have the right to ask us to restrict (or stop any active) processing of your personal data:

To exercise any of these rights above, please contact us at support@haloneuro.com. In addition, you have the right to complain to the data protection supervisory authority in your country.

Please note that these rights are limited, for example, where fulfilling your request would adversely affect other individuals, where there are overriding public interest reasons or where we are required by law to retain your personal data.

Email/Newsletter Preferences

You may sign up to receive email, newsletters or other communications from us. If you would like to discontinue receiving such communications, you may update your email preferences by [using the unsubscribe link found in emails we send to you or at your member profile on our website or by contacting us at support@haloneuro.com.

Children's Information

The Service is not directed to children and is not intended for any persons under 18 years of age. Moreover, we do not knowingly collect personal data from subjects under 13 years of age. If a parent or guardian becomes aware that his or her child has provided us with personal data without their consent, please contact us at support@haloneuro.com. If we become aware that a member is under the age of 13 and has provided us with personal data, we will delete such information from our file.

California Residents

California residents may choose to request certain information regarding our disclosure of Personally Identifiable Information to third parties for their direct marketing purposes or choose to opt out of such disclosure. Personally Identifiable Information is defined under US law and is information that, taken alone, identifies you and can be used to contact you online or offline. To make a request or to opt out at any time, please contact us at support@haloneuro.com or the other contact information provided below. Our policy is not to disclose Personally Identifiable Information collected online to a third party for directing marketing without your approval.

Complaints

In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at support@haloneuro.com and we will endeavor to deal with your request. This is without prejudice to your right to lodge a complaint with the data protection supervisory authority in your country.

Changes to Privacy Policy

This Privacy Policy is effective as of the date stated at the top of this Privacy Policy. It may be necessary from time to time for us to modify this Privacy Policy to reflect changes in the way we collect and use information or changes in privacy-related laws, regulations, and industry standards. Accordingly, we reserve the right to change this policy at any time by posting the revised policy on the Service and updating the "last modified" date at the top of this page. If the changes are material, we will include "recently updated" next to the link to this policy on the Service. We encourage you to refer to this Privacy Policy on an ongoing basis so that you understand our current privacy policy. If revisions to the Privacy Policy are unacceptable to you, you must cease using the Service (including the Halo Device).

Contact Us

Questions, comments and requests regarding this policy are welcomed and should be addressed to support@haloneuro.com or Halo Neuro, Inc., 735 Market Street, 4th Floor, San Francisco, CA 94103, US.

TRUSTe