Last modified: September 14, 2018
Halo Neuro, Inc., doing business as Halo Neuroscience ("we", "our", "us") is committed to protecting and respecting your privacy. We are a company incorporated in Delaware, US, with a registered office at 735 Market Street, 4th Floor, San Francisco, CA 94103, US. For the purpose of the General Data Protection Regulation (the "GDPR"), we are the data controller.
Information We Collect and How We Collect It
When you use the Service you provide us with three types of information: (i) information you submit via the Service; (ii) information regarding your use of the Service collected by us as you interact with the Service; and (iii) information about your use of third party mobile applications available through your mobile device.
We collect and/or request information in two ways:
· Information you give us —
Purchase and Account Information
You must register for an account in order to access the Halo Sport App. By registering for the Halo Sport App, you agree that we will have access to your email address. By purchasing a Halo Device, you agree that we will have access to your purchase information comprising your name, shipping address, country, language and other necessary information to provide you with the Halo Device.
We may also collect from you the following personal information about your contacts: name and address in order to fulfill a purchase order. When you provide us with personal information about your contacts, we will only use this information for the specific reason for which it is provided.
If you believe that one of your contacts has provided us with your personal information and you would like to request that it be removed from our database, please contact us at email@example.com.
As it is in our legitimate interests to be responsive to you and to ensure the proper functioning of the Service, we will use your account and purchase information to:
· Information we get from your use of the Service —
Halo Device Data
When you access and use the Service, we collect the data you submit to or through the Service. This data includes information on the amount or type of Neuropriming delivered, impedance and other device performance information. When you sync your Halo Device through the Halo Sport App, data recorded on your Halo Device about your activity is transferred from your Halo Device to our servers in the US. This data is stored and used to provide the Service and is associated with your account. Each time a sync occurs, we log data about the transmission. Some examples of the log data are the sync time and date, device battery level, and the IP address used when syncing.
When you access and use the Service, we automatically collect the data sent to us by your computer, mobile phone, or other access device. This information includes your IP address, browser type, Internet service provider (ISP), hardware model, referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system version, unique device identifiers, mobile network information, date/time stamp and/or clickstream data to analyze trends in the aggregate and administer the Halo Site..
We also automatically collect usage information, such as the number and frequency of visitors to the Halo Site. We may use this data in aggregate form—that is, as a statistical measure—but not in a manner that would identify you personally. This type of aggregate data enables us, and third parties authorized by us, to figure out how individuals use the Service so that we can improve it accordingly.
As it is in our legitimate interests to process your data to provide an effective Service and useful content to you, we collect the data from your Halo Device and the technical information in order to:
Information Collected Using Cookies and Web Beacons
"Cookies" are small data files that are sent to your web browser when you access a website. The files are stored on your device's hard drive. We use "session" cookies to keep you logged in while you use our Service, to track your preferences and to track trends and monitor usage and web traffic information on our Service. We use "persistent" cookies to relate your use of our Service to other information about you and store information about your preferences to make your user experience consistent and customized.
We may also use "clear GIFs" (also known as "web beacons" or "pixel tags") or similar technologies on our Service or in our communications with you to enable us to know whether you have visited a part of our Service or received a message. A clear GIF is typically a one-pixel, transparent image (although it can be a visible image as well), located on a website or in an email or other type of message, which is retrieved from a remote website on the Internet enabling the verification of an individual's viewing or receipt of a website or message. We may also log information using digital images called web beacons on our Service or in our emails. We may use web beacons to manage cookies, count visits, and to learn what marketing works and what does not. We may also use web beacons to tell if you open or act on our emails. We do not track our users across third party websites and thus do not respond to Do Not Track ("DNT") signals.
We use Google Analytics, which is a web analytics tool that helps us understand how users engage with the Halo Site. Like many services, Google Analytics uses first-party cookies to track user interactions, as in our case, where they are used to collect information about how users use the Halo Site. This information is used to compile reports and to help us improve the Halo Site. The reports disclose website trends without identifying individual visitors. You can opt out of Google Analytics without affecting how you visit the Halo Site – for more information on opting out of being tracked by Google Analytics across all websites you use, visit this Google page: https://tools.google.com/dlpage/gaoptout.
When you download and use our Halo Sport App, we may automatically collect information on the type of device you use, operating system version and the device identifier (or "UDID").
When you access the Halo Sport App, you may also be asked to allow push messages to be sent to you outside or inside of the Halo Sport App. If you do so a device token will be generated, which is associated with you until you log out. We will collect and store these device tokens on our servers in the US.
You have control over any settings related to the push messages, and can opt in or out of any push messages.
We do not ask for access or track any location-based information from your mobile device at any time while downloading or using the Service.
We use mobile analytics software to allow us to better understand the functionality of the Halo Sport App on your phone. This software may record information such as how often you use the Halo Sport App, the events that occur within the Halo Sport App, aggregated usage, performance data, and where the Halo Sport Appwas downloaded from. We do not link the information we store within the analytics to any personal information you submit within the Halo Sport App.
Our Use of Your Aggregated Information
We are committed to furthering scientific research in the fields of neuromodulation, sports science, and human performance. Consequently, we may share, analyze, publish or sell aggregated data, with partners and the public in a variety of ways, such as by publishing scientific papers on topics related to Neuropriming, publishing reports about athletic performance, or providing guidance to consumers or partners regarding best practices.
IMPORTANT: Even if you delete the Halo Sport App, close your account or stop using the Service, we will retain the data collected from your use of the Halo Device, including data recorded on your Halo Device about your activity. However, we will use such information only in aggregated form.
Sharing your Data with Third Parties
We also use third-party payment providers to process payments you make in respect of the Service. These third parties will have their own privacy policies addressing their use of your personal data in order to process your payments. Please check these policies before you submit any information to those third parties.
We will share your personal data if legally required in response to a valid law enforcement request or legal process, to protect our rights and property or those of third parties, or as otherwise permitted or required by law.
Additionally, we may disclose your personal data:
Transfer of your Personal Data outside the European Economic Area
As we are a US based company, we require the transfer of your personal data to the US in order for us to provide you with our Service. By using the Halo Site and/or Halo Sport App, you acknowledge this use of your data for the purpose of our performance of the contract with you. If you are based in the European Union and you do not agree to the transfer of your data outside of the European Economic Area (the "EEA"), please stop using our Halo Site and Halo Sport App. If you order a Halo Device, we will need to transfer your data outside of the EEA in order to fulfil your order and meet our contractual obligations to you.
When we transfer your personal data to third parties located outside of the EEA, such transfers will either (i) be under the European Commission's model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses), pursuant to Decision 2004/915/EC and 2010/87/EU; or (ii) in reliance on the EU-US Privacy Shield Framework. Please contact firstname.lastname@example.org if you would like to see a copy of the standard contractual clauses. .
EU-US Privacy Shield and Swiss-US Privacy Shield
Halo Neuro, Inc. participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European (EU) member countries and Swizerland, respectively, in reliance on each Privacy Shield Framework, to the Framework's applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce's Privacy Shield List.
Halo Neuro, Inc. is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Halo Neuro, Inc. complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Halo Neuro, Inc. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Protecting Your Information
We have implemented policies and procedures, including technical and organizational measures, that are designed to help safeguard your information from unauthorized access, use or modification. However, unfortunately the transmission of information via the internet or email is not completely secure and we cannot guarantee the security of your information transmitted through the Service or over email; any transmission is at your own risk. We advise you that we believe a persistent attacker with sufficient resources would be able to defeat the security measures we have in place.
We will, from time to time, host links to and from the websites of our affiliates or third parties. If you follow a link to any of these websites, these websites will have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any information to those websites.
Retention of your Personal Data
We will retain your personal data as follows:
As explained above under "Our Use of Your Non-Identifiable Information", after you have terminated your use of the Service we will store your information in a non-identifiable, aggregated form.
You have the right to ask us to access the personal data we hold about you and be provided with certain information about how we use your personal data and who we share it with. You also have the right to ask us to correct your personal data where it is inaccurate or incomplete and we will endeavor to do so without undue delay.
In certain circumstances, you have the right to ask us to delete the personal data we hold about you:
In certain circumstances, you have the right to ask us to restrict (or stop any active) processing of your personal data:
To exercise any of these rights above, please contact us at email@example.com. In addition, you have the right to complain to the data protection supervisory authority in your country.
Please note that these rights are limited, for example, where fulfilling your request would adversely affect other individuals, where there are overriding public interest reasons or where we are required by law to retain your personal data.
You may sign up to receive email, newsletters or other communications from us. If you would like to discontinue receiving such communications, you may update your email preferences by [using the unsubscribe link found in emails we send to you or at your member profile on our website or by contacting us at firstname.lastname@example.org.
The Service is not directed to children and is not intended for any persons under 18 years of age. Moreover, we do not knowingly collect personal data from subjects under 13 years of age. If a parent or guardian becomes aware that his or her child has provided us with personal data without their consent, please contact us at email@example.com. If we become aware that a member is under the age of 13 and has provided us with personal data, we will delete such information from our file.
California residents may choose to request certain information regarding our disclosure of Personally Identifiable Information to third parties for their direct marketing purposes or choose to opt out of such disclosure. Personally Identifiable Information is defined under US law and is information that, taken alone, identifies you and can be used to contact you online or offline. To make a request or to opt out at any time, please contact us at firstname.lastname@example.org or the other contact information provided below. Our policy is not to disclose Personally Identifiable Information collected online to a third party for directing marketing without your approval.
In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at email@example.com and we will endeavor to deal with your request. This is without prejudice to your right to lodge a complaint with the data protection supervisory authority in your country.
Questions, comments and requests regarding this policy are welcomed and should be addressed to firstname.lastname@example.org or Halo Neuro, Inc., 735 Market Street, 4th Floor, San Francisco, CA 94103, US.