PRIVACY POLICY
This privacy policy explains how Holo A/S (“we” or “us”) processes your personal data when you use a Holo transportation service, use the Holo application (the “Application” or the “App”) or visit the website www.letsholo.com
1. Data controller
The legal entity responsible for the processing of your personal data:
Holo A/S
Company reg. (VAT) no.: 38151681
Banevingen 14A
2200 København N
Phone: +45 2063 31 33
Email: persondata@semler.dk
2. Introduction
It is important to Holo A/S that your personal data are collected and processed in a secure and lawful manner.
We have prepared this privacy policy (the “Privacy Policy”), which describes how we collect and process your personal data.
Please read the Privacy Policy carefully. If you want to use the App, you will be asked to confirm having read and understood the Privacy Policy before you can start using the App.
“You” means the person registered as a user in the App and registered with a user profile with Holo when you register as a user of the App or are in contact with us by other means, we record some of your personal data.
Below, you can read about how we collect and process your personal data.
3. Description of the processing
3.1 Provision of our services, operation and safety
3.1.1 Purpose
This includes the following:
Video recordings.
For purposes of safety and crime prevention, the driverless vehicle is monitored:
Personal data are collected in connection with monitoring of the cabin of the driverless vehicle. We also record the surroundings in front of and behind the vehicle. If you are using our vehicle or are close by, you therefore risk being recorded on video.
Optimizing safety and functionality in case of malfunction or accidents:
We process personal data in case of malfunctions or accidents, and the video recordings will be used and compared with the vehicle’s technical data in order to optimize the safety and functionality of the vehicle.
Investigating course of events:
We process personal data for the purpose of the potential use of the video recordings for investigation of the course of events in connection with a traffic accident, other unintended incidents or a crime.
3.1.2 Categorizing personal data
We process the following categories of personal data about you:
General personal data – pictures from video monitoring.
3.1.3 Sources
We collect personal data from the following sources:
Video recordings from the vehicle.
3.1.4 Basis for processing
We process personal data for this purpose on the following basis:
Legal obligation
Article 6(1)(c) (necessary for our compliance with a legal obligation). The legal obligations arise from sections 92g and 92h of the Danish Road Traffic Act.
Legitimate interests
Article 6(1)(f) (necessary for the purposes of the legitimate interests pursued by us). Legitimate interests are our interest in optimizing the safety and functionality of the vehicles.
3.1.5 Recipients
We share personal data with:
Suppliers
We share the recordings with suppliers with whom we cooperate and who assist our business (meaning service providers, technical support companies and vendors such as Navya SAS, who manufactures and supplies the driverless vehicle).
Public authorities
We disclose the recordings to the police and other relevant authorities for the purposes of their investigation or assessment of events of importance to road traffic safety.
3.1.6 Storage
We process personal data for as long as is necessary to fulfil the above-mentioned purposes. This means that we will process the following personal data as described below:
Video recordings
Generally, recordings are stored for a short period and deleted after about 100 hours.
Log files
Log files containing the vehicle’s technical data and video recordings are stored in encrypted form in the vehicle and will only be decrypted in the event of accidents or other unintended incidents. Log files are generally deleted after three months.
Storage periods in special cases
The following exceptions apply:
Accident or unintended incident
If the driverless vehicle gets involved in an accident or another unintended incident, the recordings may be stored for a longer period so that we will be able to document the actual course of events regarding the accident or incident. Personal data will be deleted when the data are no longer necessary to fulfil this purpose and not later than five years after the registration.
Crime
In the event of a crime, Holo will disclose the recordings to the police and will thendelete our own recordings.
3.2 Follow-up and other surveys
3.2.1 Purpose
This includes the following:
User surveys
Personal data may be used to follow up on your experience with using our vehicles and other driverless technology, for instance through user surveys and processing of other enquiries from you. We also use personal data when conducting interviews with or market surveys of potential users.
3.2.2 Categorizing personal data
We process the following categories of personal data about you:
General personal data
Contact information: Name*, address*, email*, telephone number* and other contact details provided by you. The reply* that you submit in connection with a user or market survey.
3.2.3 Sources
We collect personal data from the following sources:
Directly from you.
3.2.4 Basis for processing
We process personal data for this purpose on the following basis:
Legitimate interests
Article 6(1)(f) (necessary for the purposes of the legitimate interests pursued by us). Legitimate interests are to optimize the user experience, to optimize business operations and to ensure the quality of the services we provide.
3.2.5 Recipients
We share personal data with:
Suppliers
We share the information with suppliers with whom we cooperate and who assist our business (meaning service providers, IT providers, support companies and market analysis businesses)
Business partners
We disclose personal data in anonymized form to business partners, including universities, organisations, transport operators and public authorities.
3.2.6 Storage
We process personal data for as long as is necessary to fulfil the above-mentioned purposes. This means that we will process the following personal data as described below:
Results of satisfaction surveys, including sound recordings:
The information will be stored for three months and will then be anonymized.
3.3 Creation of a user profile and ordinary use of the App
3.3.1 Purpose
This includes the following:
Creation of a user profile and collection of master data
Creation of your user profile so that you can use the App and we can communicate with you about the App.
Optimization of user experience in the App
Personal data are collected when you use the App. We use the data to improve and optimize the user experience in the App. You can read more about this in our Cookie Policy.
Business and product development
Preparation of statistics regarding our services and improvement of our services. You can read more about this in our Cookie Policy.
3.3.2 Categorizing personal data
We process the following categories of personal data about you:
General personal data*
Name, email address, access code to App profile, Facebook account if login with Facebook, Google account if login with Google. You can read about data on use of the App in our Cookie Policy.
3.3.3 Sources
We collect personal data from the following sources:
Directly from you
Facebook if login with Facebook account
Google if login with Google account
3.3.4 Basis for processing
We process personal data for this purpose on the following basis:
Consent
Article 6(1)(a)
Legitimate interests
Article 6(1)(f) (necessary for the purposes of the legitimate interests pursued by us). Legitimate interests are to be able to provide the services requested by you and to improve the services, on both the user side (App) and the system side (functionality etc.)
3.3.5 Recipients
We share personal data with:
Business partners and suppliers, including IT suppliers and support companies with whom we cooperate in order to operate the activity.
3.3.6 Storage
We process personal data for as long as is necessary to fulfil the above-mentioned purposes. This means that we will process the following personal data as described below:
We process your master data for as long as you have a user profile in the App.
If you close your user profile, all information about you will be deleted within one month.
3.4 Delivery of Holo’s App functions
3.4.1 Purpose
This includes the following:
Delivery of a service requested by you
We collect your personal data when you request information about your nearest Holo transportation service.
Business and product development
Preparation of statistics regarding our services and improvement of our services.
3.4.2 Categorizing personal data
We process the following categories of personal data about you:
General personal data*
Name, email address and GPS position on your App device (e.g. your smartphone).
3.4.3 Sources
We collect personal data from the following sources:
Directly from you
3.4.4 Basis for processing
We process personal data for this purpose on the following basis:
Legitimate interests
Article 6(1)(f) (necessary for the purposes of the legitimate interests pursued by us). Legitimate interests are to be able to provide the services requested by you and to improve Holo’s services.
3.4.5 Recipients
We share personal data with:
Business partners and suppliers, including IT suppliers and support companies with whom we cooperate in order to operate the activity.
3.4.6 Storage
We process personal data for as long as is necessary to fulfil the above-mentioned purposes. This means that we will process the following personal data as described below:
We process your master data for as long as you have a user profile in the App.
If you close your user profile, all information about you will be deleted within one month.
We do not store the GPS position from your App device (e.g. your smartphone).
3.5 Marketing
3.5.1 Purpose
This includes the following:
Subscription to and distribution of newsletters
We use personal data for marketing purposes, including to target our communication with you based on your interests and focus areas and to send you relevant marketing information in the form of newsletters etc.
Optimization of user experience on the website
We collect personal data when you visit our website. We use the data, for instance, to optimize the user experience on our website and the services we offer. You can read more about this in our Cookie Policy.
Business and product development
Preparation of statistics regarding our services and improvement of our services. You can read more about this in our Cookie Policy.
3.5.2 Categorizing personal data
We process the following categories of personal data about you:
General personal data
Contact details in the form of first name*, last name* and email address*.
Information collected in connection with your use of our website
IP address, cookies and other information about your use of our website.
3.5.3 Sources
We collect personal data from the following sources:
Directly from you on subscription to our newsletter
In connection with your use of the website
3.5.4 Basis for processing
We process personal data for this purpose on the following basis:
Consent
Article 6(1)(a) (consent).
Legitimate interests
Article 6(1)(f) (necessary for the purposes of the legitimate interests pursued by us). Legitimate interests are to be able to provide the services requested by you, to distribute marketing information and to improve the services, on both the user side (website) and the system side (functionality etc.)
3.5.5 Recipients
We share personal data with:
Suppliers
We disclose personal data to suppliers and distributors, including IT suppliers, support companies, hosting businesses, communication platform providers and advertising agencies.
3.5.6 Storage
We process personal data for as long as is necessary to fulfil the above-mentioned purposes. This means that we will process the following personal data as described below:
We will keep your personal data for up to two years from the time of withdrawal of your consent.
3.6. Recruitment of employees
3.6.1. Purpose
This includes the following:
We process personal data, when you aooly for a position at HOLO.
3.6.2. Categorizing personal data
We process the following categories of personal data about you:
General personal data
Name, email address, phone number, home address, date of birth, marital status, information about next of kin, CPR number or similar, nationality, gender, information about previous employment and references, educational information, professional qualifications, language and other competencies, results from a personality type and skill set test, photos and video clips, linguistic and business preferences, as well as other personal information which is included in applications, statements and CVs.
In addition, for applicants under the age of 18, information on custodian or guardian is processed.
For certain positions in the Group, security clearance is required. Therefore, we will prompt such a clearance process, if you have to do a job that requires it.
Sensitive information:
Information regarding trade union affiliation and health information. Personal information regarding offenses and penalties:
Information on violation of criminal law and information on criminal record.
Sensitive information:
Information regarding trade union affiliation and health information.
Personal information regarding offenses and penalties:
Information on violation of criminal law and information on criminal record.
3.6.3. Sources
We collect personal data from the following sources:
Directly from you
From third parties, which may include the following:
References, previous employers, government authorities in connection with security clearance as well as recruitment bureaus.
3.6.4. Basis for processing
We process personal data for this purpose on the following basis:
Consent
Article 6(1)(a) (consent).
Legitimate interests
Article 6(1)(f) (necessary for the purposes of the legitimate interests pursued by us). Legitimate interests are to be able to provide the services.
Conclusion and fulfillment of a contract
Article 6(1)(b) (necessary for the performance of a contract which you are a party or for the implementation of measures taken at the request of the data subject prior to the conclusion of a contract).
Labor, health and social law obligations and rights
Article 9(2)(b) (necessary for the purpose of complying with or enforcing labor, health and social law obligations and rights), cf. Section 12 of the Danish Data Protection Act.
§ 8 in the Danish Data Protection Act
Article 10, cf. Section 8 of the Data Protection Act concerning information on criminal offences and criminal convictions.
§ 11 in the Danish Data Protection Act
Section 11 of the Data Protection Act regarding CPR numbers.
3.6.5. Recipients
We share personal data with:
Business partners and suppliers, including IT suppliers. Group companies. Referents. Public authorities, including the police in relation to security clearance.
3.6.5. Storage
We process personal data for as long as is necessary to fulfil the above-mentioned purposes. This means that we will process the following personal data as described below:
We store personal data for as long as is necessary to fulfil the above mentioned purposes.
Data on applicants, who are not hired, is stored for up to six months after final rejection, unless the applicant has given consent to a longer storage time.
Data on applicants who are hired, is transferred to the personal file of the person in question and stored in accordance with the deadlines described in our privacy policy for employees.
4. Transfer to countries outside the EU/EEA
We may transfer your personal data to countries outside the EU/EEA, including:
USA
As we use Google G Suite, personal data may be transferred to countries outside the EU. You can see the list of locations where Google may process your personal data [here].
In some cases, the European Commission has recognised the country as a so-called “secure third country”, and otherwise the transfer is made on the basis of the European Commission’s standard contractual clauses. You can obtain a copy of the standard contractual clauses by contacting us using the contact details stated above.
5. Mandatory information
The information marked with * is mandatory. If you do not provide such information, you will not be able to participate in our satisfaction surveys or receive marketing information from us.
6. Your rights
You have the following rights:
You have the right to request access to, rectification of or erasure of your personal data.
You also have the right to object to the processing of your personal data and to have the processing of your personal data restricted.
In particular, you have an unconditional right to object to processing of your personal data for direct marketing purposes.
If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. The withdrawal of your consent will not affect the lawfulness of processing the data before your withdrawal.
You have the right to receive the personal data you have provided in a structured, commonly used, machine-readable format (data portability).
You may file a complaint with a data protection supervisory authority at any time, e.g. the Danish Data Protection Agency.
You can exercise your rights through the website at https://gdpr.semler.dk, and you can withdraw your consent by contacting us using the contact details stated above.
These rights may be subject to conditions or restrictions. Accordingly, you may not have the right to data portability in a given case – it depends on the specific circumstances of the processing activities.
7. Changes
In the event of changes to the Privacy Policy, you will be notified through push messages to your smartphone and/or other specified digital contact point as well as when you log on with the App.
Last update: 02nd of June 2022