Products Privacy Statement

Last Updated: February 2, 2022

Your privacy is important to us. The purpose of this Products Privacy Statement (“Privacy Statement”) is to make you aware of what personal data Hologram collects from you through your use of our products and services and how we use that data. Our “Products and Services” include:

1. Our Services include all services and hosted software applications provided by Hologram, including but not limited to, the Hologram API, the Hologram Cloud, cellular connectivity via Hologram’s Global SIM, and any other software services offered by Hologram;
   ‍
2. Our Products include both the physical products produced and sold by Hologram, including, for example, the Hologram Dash, all Shields and accessories, and any kits such as the Solar Kit; and the firmware, provided by Hologram, that is programmed onto certain of these physical products.

This Privacy Statement describes how Hologram, Inc. ("Hologram," "we," “us,” or “our”) collects, uses, discloses and otherwise processes personal data regarding (i) the personnel and other representatives of our business customers (“Customer Personnel”) and (ii) the end users of such business customers (“End Users”) (such Customer Personnel and End Users referred to collectively herein as “you” or “your”) through the Products and Services. This Privacy Statement applies to personal data that we collect through the Products and Services as a controller (such as when we process your personal data in order to improve our Products and Services and for our own analytics purposes), and personal data that we collect through the Products and Services and process on behalf of our business customers as a processor or service provider (such as when we collect personal data from End Users through our business customers’ implementation of our Products and Services and on the behalf of such business customers).

Hologram’s processing of personal data on behalf of Hologram’s business customers in connection with the Products and Services is governed by this Privacy Statement and the relevant agreement with our business customer. In the event of any conflict between this Privacy Statement and the relevant business customer agreement, the relevant business customer agreement will control to the extent permitted by law. This Privacy Statement does not apply to the processing of personal data by our business customers. Hologram does not control the privacy practices of our business customers. If you have questions or concerns regarding the processing of your personal data by our business customers, please contact the relevant business customer. This Privacy Statement also does not apply to information collected through the use of cookies and other tracking technologies. For information concerning our processing of personal data in connection with such cookies and other tracking technologies, please see our Cookie Notice (/privacy-policy).

If you are located in the European Economic Area (“EEA”) or the United Kingdom (“UK”), please also consult the EEA/UK GDPR supplemental notice below.

Contact us

Information that you provide or information about you provided to us by our business customers may include:

1. When you create an account, information we obtain may include your email address, first name, last name, your company, and password.
2. When you activate our Products and Services for the first time, information we obtain may include network data (including network password), product ID, payment method details, and billing address.
3. When you use our Products and Services, information we obtain may include device usage data, SIM card name, IMSI (International Mobile Subscriber Identity), IMEI (International Mobile Equipment Identity), time and date of usage, and detail of the cell tower that the device was connected to for the session and the location of that tower, and any other information you may choose to provide to us.

How we use your personal data

AS A PROCESSOR:

1. To provide our Products and Services: We use your personal data to provide you with our Products and Services, in accordance with the terms of the relevant contract with our business customer, including to create and maintain any account you may have through the Products or Services and to respond to inquiries, complaints or requests for customer support.
2. For security and maintenance of our Products and Services: We process your personal data for security and maintenance purposes, in accordance with the terms of the relevant contract with our business customer, including to measure the performance of our Products and Services; to enforce applicable terms and conditions; to protect our rights, privacy, safety or property and/or that of you or others; and to protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

AS A PROCESSOR:

1. To analyze and improve our Products and Services and develop new products and services: We may use personal data, including through the use of analytics, to improve our Products and Services and to assist us with the development of other products and services, to better understand how our Products and Services are used, to understand what products and services may be of interest to you and to deliver relevant web content to you and to measure or understand the effectiveness of the content we serve to you.
2. To comply with any legal or regulatory requirements: We may use personal data to comply with legal or regulatory requirements, lawful requests and legal process (such as to respond to subpoenas or requests from government authorities) and to audit our internal processes for compliance with such requirements or with our internal policies.
3. To establish, exercise and defend ourselves in the context of legal claims: We may process personal data as we in good faith believe is necessary or appropriate to defend our legal interests.
4. To disclose your personal data to a prospective or actual purchaser or seller: We may disclose your personal data if Hologram is involved in, or is contemplating, a business transaction, including in the context of a merger, acquisition, sale of all or a portion of our business or assets, bankruptcy, reorganization or similar event.
5. To create anonymous, aggregated or deidentified data: We may use your personal data to create anonymous, aggregated or deidentified data that Hologram may then use for its lawful business purposes.

Who we share your personal data with

We may share your personal data with the following categories of third parties:

1. Affiliates: We may share your personal data with our subsidiaries and affiliates.
2. Business Customers: We may share your personal data with the relevant business customer.
3. Service providers / Sub-processors: We may share your personal data with, or transfer your personal data to, our service providers / sub-processors to help us operate the Products and Services (e.g., payment processors, customer support, hosting, information technology, marketing and analytics).
4. Authorities and others: We may share your personal data with government, law enforcement officials or private parties as required by law, when we believe such disclosure is necessary or appropriate to (a) comply with applicable law; (b) enforce applicable terms and conditions; (c) protect our rights, privacy, safety or property, and/or that of you or others; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
5. Organizations Involved in Business Transfers or Potential Business Transfers: We may disclose or transfer your personal data in connection with an actual or potential business transaction, including in the context of a merger, acquisition, sale of all or a portion of our business or assets, bankruptcy, reorganization or similar event

Cross border data transfer

We are headquartered in the United States and may use service providers / sub-processors that operate in other countries. Your personal data may be transferred to the United States or other locations where privacy laws may be different from those in your state, province, or country.

If you are located in the EEA or the UK, we will transfer your personal data outside the EEA/UK in accordance with the provisions on data transfers in the EEA/UK GDPR supplementary notice below.

Your privacy rights

Under certain circumstances, if and to the extent provided by any law applicable to your personal data, you may have certain rights with respect to your personal data. Such rights may include the right to access, update, rectify, or erase certain personal data that we have about you or restrict or object to certain activities with respect to your personal data. To the extent you have such rights, you may exercise them as described herein.

AS A PROCESSOR:

In all circumstances where we process your personal data on behalf of a business customer, our business customer is the data controller or data owner and is responsible for receiving and responding to your request to exercise any rights afforded to you under any such applicable law. In these circumstances, you will have to address your request to the relevant business customer in the first instance. In this case Hologram will not assist you directly but will assist our business customer in answering your request, if and to the extent required by applicable law or by our agreement with such business customer.

AS A CONTROLLER:

Where we process your personal data as a data controller or data owner, you may exercise any rights you may have under applicable privacy laws by contacting us using the details in the “Contact Us” section above. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Data retention

We may retain your personal data as long as necessary for the purpose for which it was collected, including to comply with and enforce the terms of our agreements with our business customers, and beyond such time to the extent legally permitted and based on our legal obligations or legitimate interests (e.g. in retaining data for the purposes of responding to possible disputes or complaints).

Information security

Hologram uses technical, organizational and physical safeguards designed to protect information from loss, theft, misuse, and unauthorized access, disclosure, alteration and destruction. We cannot, however, guarantee that any safeguards or security measures will be sufficient to prevent a security issue.

Age limitations

The Products and Services are not intended for children under the age of sixteen (16) and we do not knowingly collect data relating to such children. If we learn that we have collected personal data through our Products or Services from a child under 16 without the consent of the child’s parent or guardian as required by law, we will comply with applicable legal requirements to delete the information. We encourage parents or guardians with concerns to contact us.

Third-party Products and Services

Our Products and Services may integrate with or enable access to third party tools. If you register, install or access any third-party tools, you may be required to accept privacy notices provided by those third parties. Please review any applicable third-party notices carefully. Hologram does not control and is not responsible for these third parties’ privacy or information security practices.

Changes to this Privacy Statement

Hologram reserves the right to modify this Privacy Statement at any time. We thus advise you to check this Privacy Statement regularly. Any material changes will be announced via our homepage or by other appropriate means.

EEA/UK GDPR supplemental notice

If you are located in the EEA or the UK, this EEA/UK GDPR supplemental notice applies to you.

Section 1: The controller of your personal data

Hologram, Inc. (“Hologram”), established at: 1608 S. Ashland Ave 25937, Chicago, IL 60608, United States is the controller of your personal data for the purposes referred to in Section 4 of the Privacy Statement.
Hologram has appointed PLANIT//LEGAL as its EEA representative, which can be contacted at PLANIT//LEGAL, Attn: Hologram, Inc., EU Representative, Jungfernstieg 1, 20095 Hamburg, Germany, E-Mail: hologram_eu_representative@planit.legal and Sapphire Consulting Group as its UK representative, which can be contacted at Sapphire – Data Protection Consultants, Attn: Hologram, Inc., Central Point, Beech Street, London EC2Y 8AD, England, E-Mail: info@sapphireconsulting.co.uk.

Section 2: Legal basis

AS A PROCESSOR: We process your personal based on contractual necessity:

1. To provide our Products and Services.
2. For security and maintenance of our Products and Services.
   

AS A CONTROLLER: We process your personal data based on compliance with our legal obligations:

1. To comply with any legal or regulatory requirements.
   

We process your personal data based on our legitimate interests:

1. To conduct analytics activities related to the use of our Products and Services.
2. To establish, exercise and defend ourselves in the context of legal claims: we rely on our legitimate interests to defend our legal rights or interests in courts.
3. To disclose your personal data to a prospective or actual purchaser or seller: we rely on our legitimate interests to ensure the sustainability of our business.
4. When we disclose your personal data to third party business partners / services providers, the lawful bases listed above apply to any disclosure necessary to further the corresponding purpose.
   

Section 3: How to access your personal data and your other rights

AS A PROCESSOR: Please refer to Section 7 “Your Privacy Rights” of the Privacy Statement.

AS A CONTROLLER: You have the following rights in relation to the personal data we hold about you:

1. Your right of access: If you ask us, we will confirm whether we are processing your personal data and, if necessary, provide you with a copy of that personal data (along with certain other details). If you require additional copies, we may need to charge a reasonable fee.
2. Your right to rectification: If the personal data we hold about you is inaccurate or incomplete, you are entitled to request to have it rectified. If you are entitled to rectification and if we have shared your personal data with others, we will let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you who we have shared your personal data with so that you can contact them directly.
3. Your right to erasure: You can ask us to delete or remove your personal data in some circumstances such as where we no longer need it or if you withdraw your consent (where applicable). If you are entitled to erasure and if we have shared your personal data with others, we will let them know about the erasure where possible. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we've shared your personal data with so that you can contact them directly.
4. Your right to restrict processing: You can ask us to “block” or suppress the processing of your personal data in certain circumstances, such as where you contest the accuracy of that personal data or you object to us. If you are entitled to restriction and if we have shared your personal data with others, we will let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your personal data with so that you can contact them directly.
5. Your right to data portability: You have the right, in certain circumstances, to obtain personal data you have provided us with (in a structured, commonly used and machine readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
6. Your right to object: You can ask us to stop processing your personal data, and we will do so, if we are:
   relying on our own or someone else's legitimate interests to process your personal data, except if we can demonstrate compelling legal grounds for the processing;
   or processing your personal data for direct marketing purposes.
7. Your right to withdraw consent: If we rely on your consent (or explicit consent) as our legal basis for processing your personal data, you have the right to withdraw that consent at any time. ‍
8. Your right to lodge a complaint with the supervisory authority: If you have a concern about any aspect of our privacy practices, including the way we have handled your personal data, you can report it to the relevant supervisory authority.

Please note that some of these rights may be limited where we have an overriding interest or legal obligation to continue to process the data or where data may be exempt from disclosure due to reasons of legal professional privilege or professional secrecy obligations

Section 4: International data transfers

We may transfer your personal data outside of the EEA and/or UK. Some of these recipients are located in countries in respect of which either the European Commission and/or UK Government (as and where applicable) has issued adequacy decisions, in which case, the recipient’s country is recognized as providing an adequate level of data protection under UK and/or European data protection laws (as applicable) and the transfer is therefore permitted under Article 45 of the GDPR.

Some recipients of your personal data may be located in countries outside the EEA and/or the UK for which the European Commission or UK Government (as and where applicable) has not issued adequacy decisions in respect of the level of data protection in such countries (“Restricted Countries”). For example, the United States is a Restricted Country. Where we transfer your personal data to a recipient in a Restricted Country, we will either:

1. enter into appropriate data transfer agreements based on so-called Standard Contractual Clauses approved from time-to-time under GDPR Art. 46 by the European Commission, the UK Information Commissioner’s Office or UK Government (as and where applicable); or
2. rely on other appropriate means permitted by the EU/UK GDPR, which establish that such recipients will provide an adequate level of data protection and that appropriate technical and organizational security measures are in place to protect personal data against accidental or unlawful destruction, loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing.

You may ask for a copy of such appropriate data transfer agreements by contacting us using the contact details above.

Where we receive requests for information from law enforcement or regulators, we carefully validate these requests before disclosing any personal data.