PRIVACY POLICY
This privacy policy explains how Holo A/S (“we” or “us”) processes your personal data when visit our website www.letsholo.com or in connection with other Holo services.
1. Data controller
The legal entity responsible for the processing of your personal data:
Holo A/S
Company reg. (VAT) no.: 38151681
Banevingen 14A
2200 København N
Phone: +45 2063 31 33
Email: persondata@semler.dk
2. Introduction
It is important to Holo that your personal data is collected and processed in a secure and lawful manner.
We have prepared this privacy policy (the “Privacy Policy”), which describes how we collect and process your personal data.
Please read the Privacy Policy carefully.
3. Description of the processing
3.1 Holo Support
3.1.1 Purpose
We process your personal data for the following purposes:
If a passenger request support while in the vehicle, a live video stream will be connected to our support team. We also live stream the surroundings in the cabin, so if you are using our vehicle or are close by, you therefore risk being live streamed on video.
3.1.2 Categorizing personal data
We process the following categories of personal data about you:
General personal data – live stream video
3.1.3 Sources
We collect personal data from the following sources:
Directly from you via the live stream video
3.1.4 Basis for processing
We process personal data for this purpose on the following basis:
Legitimate interests
Article 6.1.f necessary for the pursuit of our legitimate interests to provide our support services to you and to optimize the safety and functionality of the vehicles.
3.1.5 Recipients
We share personal data with:
Suppliers
We share the recordings with suppliers with whom we cooperate and who assist our business (meaning service providers, technical support companies and vendors such as Mobileye and Moovit, who manufactures and supplies the driverless vehicle and application).
Public authorities e.g. Police
3.1.6 Storage
We process personal data for as long as is necessary to fulfil the above-mentioned purposes. This means that we will process the following personal data as described below:
Video stream
The live video stream is not recorded nor stored.
Log files
Log files containing the vehicle’s technical data and video recordings are stored in encrypted form in the vehicle and will only be decrypted in the event of accidents or other unintended incidents. Log files are deleted after three months.
3.2 Marketing
3.2.1 Purpose
We process your personal data for the following purposes:
Optimization of user experience on the website
We collect personal data when you visit our website. We use the data, for instance, to optimize the user experience on our website and the services we offer. You can read more about this in our Cookie Policy.
Business and product development
Preparation of statistics regarding our services and improvement of our services. You can read more about this in our Cookie Policy.
3.2.2 Categorizing personal data
We process the following categories of personal data about you:
Information collected via your use of our website
IP address, cookies and other information about your use of our website.
3.2.3 Sources
We collect personal data from the following sources:
Directly from you when you accept cookies on our website
3.2.4 Basis for processing
We process personal data for this purpose on the following basis:
Consent
Article 6(1)(a) (consent).
Legitimate interests
Article 6(1)(f) (necessary for the pursuit of our legitimate interests to be able to improve our website and to optimize the user experience, to optimize business operations and to ensure the quality of the services we provide.
3.2.5 Recipients
We share personal data with:
None
3.2.6 Storage
We process personal data for as long as is necessary to fulfil the above-mentioned purposes. This means that we will process the following personal data as described below:
We will keep your personal data for up to two years from the time of withdrawal of your cookie consent.
3.3 Recruitment of employees
3.3.1 Purpose
This includes the following:
We process personal data, when you apply for a position at HOLO.
3.3.2 Categorizing personal data
We process the following categories of personal data about you:
General personal data
Name, email address, phone number, home address, date of birth, marital status, information about next of kin, CPR number or similar, nationality, gender, information about previous employment and references, educational information, professional qualifications, language and other competencies, results from a personality type and skill set test, photos and video clips, linguistic and business preferences, as well as other personal information which is included in applications, statements and CVs.
In addition, for applicants under the age of 18, information on custodian or guardian is processed.
For certain positions in the Group, security clearance is required. Therefore, we will prompt such a clearance process, if you have to do a job that requires it.
Sensitive information:
Information regarding trade union affiliation and health information. Personal information regarding offenses and penalties:
Information on violation of criminal law and information on criminal record.
Sensitive information:
Information regarding trade union affiliation and health information.
Personal information regarding offenses and penalties:
Information on violation of criminal law and information on criminal record.
3.3.3 Sources
We collect personal data from the following sources:
Directly from you
From third parties, which may include the following:
References, previous employers, government authorities in connection with security clearance as well as recruitment bureaus.
3.3.4 Basis for processing
We process personal data for this purpose on the following basis:
Consent
Article 6(1)(a) (consent).
Legitimate interests
Article 6(1)(f) necessary for the pursuit of our legitimate interests to be able to provide our services.
Conclusion and fulfillment of a contract
Article 6(1)(b) necessary for the performance of a contract which you are a party or for the implementation of measures taken at the request of the data subject prior to the conclusion of a contract.
Labor, health and social law obligations and rights
Article 9(2)(b) necessary for the purpose of complying with or enforcing labor, health and social law obligations and rights, cf. Section 12 of the Danish Data Protection Act.
§ 8 in the Danish Data Protection Act
Article 10, cf. Section 8 of the Data Protection Act concerning information on criminal offences and criminal convictions.
§ 11 in the Danish Data Protection Act
Section 11 of the Data Protection Act regarding CPR numbers.
3.3.5 Recipients
We share personal data with:
Business partners and suppliers, including IT suppliers. Group companies. Referents. Public authorities, including the police in relation to security clearance.
3.3.6 Storage
We process personal data for as long as is necessary to fulfil the above-mentioned purposes. This means that we will process the following personal data as described below:
Data on applicants, who are not hired, is stored for up to six months after final rejection, unless the applicant has given consent to a longer storage time.
Data on applicants who are hired, is transferred to the personal file of the person in question and stored in accordance with the deadlines described in our privacy policy for employees.
4. Joint data responsibility
HOLO has company profiles and pages on “Social media”, “SoMe” platforms and as such we are joint data controllers with the below mentioned SoMe platform providers for the processing of personal data solely pertaining to the initial collection of personal data on our company profiles or page on the SoMe platforms.
HOLO complies with the European Data Protection Board (EDPB) guidelines on joint data controllership and strives to ensure that you receive adequate information about the processing of your personal data when visiting HOLO’s profiles or pages on SoMe platforms.
LinkedIn (LinkedIn Ireland Unlimited Company)
LinkedIn’s privacy policy is available here.
You can customize your privacy settings on LinkedIn here.
4.1 Purpose
We process your personal data for the following purposes:
Improving our services and marketing, including our SoMe profiles and pages.
To communicate with you if you comment on a post, leave a review or send us a message. Please note that HOLO has chosen to limit its use of SoMe platforms to only receive simple inquiries that contain minimal information. This is implemented by encouraging our visitors on the SoMe platforms to refrain from sending private information to us. Instead, we direct them to maiv@letsholo.com for such purposes.
4.2 Categories of personal data
We process the following personal data about you:
Information available on your profile.
Any communication you have with us through our pages or profiles, such as questions and comments on our posts.
IP address.
4.3 Sources
We collect information from the following sources:
Directly from you.
Public sources, e.g. social media.
4.4 Legal basis for processing
We process personal data on the following legal basis:
GDPR art. 6.1.a. Consent.
GDPR art. 6.1.f. Our legitimate interest in being able to efficiently communicate and market our services to you.
4.5 Recipients
We share the personal data with the following parties:
Affiliated group companies.
Suppliers e.g. IT support
The SoMe platforms may, among other things, share your personal data with the following categories of recipients:
Other entities in the group of companies of which the SoMe platform is a part.
External partners providing analysis and survey services.
Advertisers.
Other individuals who visit our profile or page (to the extent your information is publicly available).
Scientists and other academics.
You can find more information about sharing of your personal data in the privacy policy of the respective SoMe platform provider.
SoMe platform providers may transfer your personal data to recipients outside the EU/EEA in accordance with applicable data protection legislation. You can read more in the respective privacy policies.
4.6 Retention
We process the personal data as long as it is deemed necessary for the purposes stated.
We will retain personal data for as long as necessary for the purposes mentioned.
4.7 Your rights
As the SoMe platform providers are functionally able to take the necessary steps to meet your requests regarding your GDPR rights, we encourage you to contact the respective SoMe platform providers. However, if you believe that Holo can meet your request better than the social media providers, then please contact us via pesondata@semler.dk.
5. Transfer to countries outside the EU/EEA
We may transfer your personal data to countries outside the EU/EEA, including:
We use the service from Google as such your personal data may be transferred to countries outside the EU e.g. USA. You can see the list of locations where Google may process your personal data from here.
In some cases, the European Commission has recognised the country as a so-called “secure third country”, and otherwise the transfer is made on the basis of the European Commission’s standard contractual clauses. You can obtain a copy of the standard contractual clauses by contacting us using the contact details stated above.
6. Your rights
You have the following rights:
You have the right to request access to, rectification of or erasure of your personal data.
You also have the right to object to the processing of your personal data and to have the processing of your personal data restricted.
In particular, you have an unconditional right to object to processing of your personal data for direct marketing purposes.
If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. The withdrawal of your consent will not affect the lawfulness of processing the data before your withdrawal.
You have the right to receive the personal data you have provided in a structured, commonly used, machine-readable format (data portability).
You may file a complaint with a data protection supervisory authority at any time, e.g. the Danish Data Protection Agency.
You can exercise your rights through the website at https://gdpr.semler.dk, and you can withdraw your consent by contacting us using the contact details stated above.
These rights may be subject to conditions or restrictions. Accordingly, you may not have the right to data portability in a given case – it depends on the specific circumstances of the processing activities.
7. Changes
All changes to this privacy policy will be made available on our website.
Last update: 15’th of January 2025