Privacy Policy

Introduction

Hailo USA Inc. ("Hailo", "we" or "us") offers an online store platform . This privacy notice ("Notice") applies to personal data concerning Hailo, i.e. the parent company and its worldwide subsidiaries and affiliates within the Hailo family ("Affiliates") and other websites (individually a "Website" and collectively the "Websites"), products and services owned or controlled by Hailo, or websites that contain a link to this Notice. In this notice, the term "personal data" means information that (either individually or in combination with other information) directly or indirectly identifies you ("personal data"). Please note that this notice does not apply to the handling of personal data when Hailo or our affiliates process personal data on behalf of Hailo, i.e. personal data submitted by individuals for processing, via platforms hosted by Hailo or our affiliates for the purpose of providing a service to our customers, is not covered by this notice.

This notice is intended to inform you about how we collect, use, disclose and store personal data when you do so in our role as a data controller:

• Interacting with or using our websites, including downloading materials from our resources page.
• You are registering.
• Providing your personal information to administer our services and manage our relationship with you (collectively, the "Services"), such as setting up an account or collecting your personal information to process an invoice for accounting purposes.

Personal information that Hailo collects

Personal information you provide to us

From Websites: We may collect personal information that you send or provide to us, for example, through our online "contact us" form (or similar form) when you interact with a chatbot on one of our Websites. If you contact us through the Sites, we will keep a record of our correspondence.

From the Services: We receive and store the personal information that you provide directly to us. For example, when they register or place an order, we collect personal information such as name, email address, mailing address, phone number, etc. We may collect and store media, documents or other information you provide to us. We collect commercial information, such as records of products and services purchased or information related to inquiries.

We will generally act as the data controller for all personal data concerning them. Hailo will generally act as a data processor in accordance with applicable service and/or data processing agreements ("Agreement(s)"). Further information, including specific obligations of the Data Controller and the Data Processor, can be found in the Agreements.

Personal information that we collect automatically

When you use the Websites: When you visit our Websites, we collect information about Internet or other electronic network activity through the use of cookies and other trackers. Depending on your tracking preferences, the information we collect may include, but is not limited to, your device's Internet Protocol ("IP") address, referring website, pages visited by your device, and the time your device visited our Website. We may also rely on analytics and tools used to prevent spam and other security risks associated with the use of abusive automated software. You can choose your preferences regarding cookies and other trackers by accessing the preference center on our websites. For more information about the types of cookies and other trackers we use on our websites, please see our Cookie notice.

For more information, please see the Hailo Cookie notice.

When you use the Services: Information about Internet or other electronic network activity may also be collected when you use the Services:

Usage Information - we track user activity related to the types of Services our visitors use, the configuration of their computers, and performance metrics related to their use of the Services.

• Log Data - we log information about our visitors when they use any of our Services, including their IP addresses.
• Information collected through cookies and other similar technologies - we use various technologies to collect information, including storing cookies on users' computers.
• Customer Feedback - While using the Services, you may be asked to provide feedback (e.g. directly in the Portal/Shop or after receiving help from our support team). Submitting this feedback is completely voluntary.

Information we collect from trusted third parties

If your Personal Data was collected because you (i) interacted with or used our Website, (ii) registered and/or participated in our events, and/or (iii) were part of the Services, your Personal Data stored with our CRM service provider may be enriched or updated to ensure that it is accurate, current and serves the purpose for which it was originally collected. Please note that the information used to enrich and update your Personal Data that is derived from the use of third party records is not Personal Data, but only data elements related to the name, structure, industry and similar attributes of your business.

Please note that we may also obtain non-personal information relating to your organization's name, structure, industry and similar attributes through the use of third party records to supplement or update the personal information we already possess.

How and for what reasons do we use your personal data?

Personal information we collect directly from you on our websites or at events:

We will use the personal information we collect through our websites:

• To manage our websites, our events, and for internal operations, including troubleshooting, data analysis, testing, statistics, and surveys.
• To improve our websites to ensure that the content is displayed optimally for you and your device.
• For trend monitoring, marketing and advertising.
• For purposes disclosed to you at the time you submit your personal information, such as fulfilling your request for a demo, providing you with access to one of our webinars or whitepapers, or providing you with information about our services.
• As part of our efforts to keep our websites secure.

Our use of your personal information may be based on our legitimate interests in maintaining the network, information security, and improving business performance. Our direct marketing purposes are based on your consent (for example, when you request a demo, contact us directly, provide us with your business card, consent to receive communications after an event, and in similar circumstances). We may also rely on our legitimate interests to improve our business and marketing practices or to contact you to offer you similar services or products that you have purchased from us, requested a demo, or negotiated with us.

Personal data that we collect directly from you as part of the administration of our services:

We may use the personal information we collect from our customers and their users in connection with the services we provide for a number of reasons, including to:

• Set up a user account.
• Provision, operation and maintenance of the Services.
• Process and close transactions and send related information, including transaction confirmations and invoices.
• Manage our customers' use of the Services, respond to inquiries and comments, and provide customer service and support.
• Send your customers technical alerts, updates, security notifications, and administrative messages.
• Investigate and prevent fraudulent activity, unauthorized access to the Services, and other illegal activity.
• For all other purposes about which we inform customers and users.
• Cookies: When Hailo customers access their cloud-hosted tenants, we use strictly necessary cookies and other trackers to provide authentication tools, enhance security, and prevent fraud. The Hailo apps (the "Apps") are the subdomains of our websites. Therefore, the preferences you specify on our websites (via the Cookie Banner and the Settings Center) are also reflected in the Apps. For example, if you choose to accept analytics cookies on one of our websites, they will also be active in the Apps unless you change your choice by accessing the Settings Center again. For more information about our use of cookies and other trackers, please see the Hailo Cookie notice.

We use your personal data in this context on the basis of the agreement we have with you or on the basis of our legitimate interests, usually either for security purposes or to improve business practices (e.g. to prevent and investigate fraudulent activities).

The provision of personal data may be necessary in these cases to enable the proper execution of the contract. Failure to provide personal data may result in some services becoming unavailable. Personal data will be deleted based on the terms of the agreement we have with you.

Enterprise Data Analysis:

If your Personal Information has been collected (i) directly from you on our Sites and/or (ii) as part of the administration of our Services, your Personal Information may be used for the purposes of Company Data Analytics, depending on the scope and purpose of the analysis.

How do we share personal information with third parties?

We share, disclose and receive information, including personally identifiable information, about our customers in the following limited circumstances:

Vendors, consultants and other service providers:

We may share your personal information with third-party vendors, consultants, and other service providers that we hire to perform tasks on our behalf. These companies include (for example) our payment processing providers, website analytics companies (e.g. Google Analytics), tools to prevent spam and other security risks related to the use of abusive automated software (e.g. Google reCAPTCHA), online activities, product feedback or help desk software providers (e.g. Salesforce), CRM service providers (e.g. Salesforce), email service providers (e.g. SendGrid) and others.

If Hailo receives your personal data in the United States and subsequently transfers that data to a third party agent or service provider for processing, Hailo remains responsible for ensuring that such third party agent or service provider processes your personal data in accordance with applicable data protection laws, including the GDPR. These transfers will usually be based on our legitimate interests or as part of the agreement. For more information, please see the International Data Transmission section below.

Sponsors of the event:

If you participate in PrivacyConnect, we will share your contact information with the event sponsor(s) unless you opt out. You may opt out at any time by submitting a request.

Business transfers:

We may decide to buy or sell assets and may share and/or transfer customer information, including personal information, in connection with evaluating and entering into such transactions and based on our legitimate interests. Also, if we or our assets are acquired, or if we go out of business, go bankrupt, or experience another change in control, Personal Data may be among the assets transferred to or acquired by a third party.

Company of the Hailo Group:

We may also share your personal information within the Hailo group of companies for purposes consistent with this notice and based on our legitimate interests.

Protection from Hailo and others:

We reserve the right to access, read, retain and disclose personal information as necessary to i) comply with any law or court order, ii) enforce or apply our agreements with you and other agreements, or iii) protect the rights, property or safety of Hailo, our employees, our users or others.

Disclosure for national security or law enforcement reasons:

In certain circumstances, we may need to disclose your personal information in response to legitimate requests from public authorities, including to meet national security or law enforcement requirements based on our legitimate interests or legal obligations.

How long do we store your personal data?

We store your personal information for different periods of time depending on the category of personal information. Some information may be automatically deleted after certain schedules, such as marketing information. Other information, such as account information, may be retained for a longer period of time depending on the agreement you have with us. Finally, we may retain information for business practices based on our legitimate interests or for legal purposes, such as network improvement, fraud prevention, record retention, or to enforce our legal rights.

Your right to privacy

What choices do I have?

You can always choose not to share information with us, but keep in mind that some information may be required to register with us or to use some features of our services or products.

Marketing Communications:

You may opt out of receiving certain promotional or marketing communications from us at any time by using the unsubscribe link in the emails we send you or by completing this form. Please note that if you have an account with us and opt out of receiving promotional and marketing communications from us, we may continue to send you non-promotional communications, such as service-related emails.

Cookies:

You can change your preferences regarding cookies and other trackers at any time by clicking on the persistent cookie icon at the bottom of the screen on all of our websites.

How can I exercise my data protection rights?

If you wish to access, review, update, correct or delete the personal data we hold about you, or exercise any other rights you have under the EU General Data Protection Regulation (GDPR), including the right to request a copy of the standard contractual clauses, you can either click on the "Exercise your rights" link located in the upper left corner of this notice or complete this request form. Our privacy team will review your request and respond to you as soon as possible. Please note that we may continue to use any aggregated and de-identified personal information that does not identify an individual, and we may retain and use your personal information to comply with our legal obligations, resolve disputes, and enforce our agreements.

We remind you that you have the right to lodge a complaint with a supervisory authority if you are dissatisfied with our treatment of your personal data. For more information, please visit the Information Commissioner's Office website at www.ico.org.uk.

California Residents: California residents have specific rights under the California Consumer Privacy Act ("CCPA"). For more information and to exercise your rights, please read "The California Consumer Privacy Act" below.

Residents of the European Economic Area or the United Kingdom: If you are a resident of the European Economic Area or the United Kingdom, please refer to the section "Additional Information for Users in the European Economic Area and the United Kingdom" for more information about your data protection rights.

International data transmission

Hailo is a globally active company. Therefore, personal data of individuals who visit our websites and/or use our services or otherwise interact with us may be transferred and accessed from all over the world, e.g. from countries in which Hailo, its affiliates or our service providers operate.

We will always protect your personal data in accordance with this notice, regardless of where it is processed. Hailo does not voluntarily or actively disclose our customers' personal data to government or law enforcement authorities (the "Authorities") and/or otherwise provide Authorities with access to your personal data.

Information for users in the European Economic Area ("EEA") or the United Kingdom ("UK"):

Hailo operates globally and may transfer Personal Information from the EEA or the United Kingdom to the United States and other countries, including Personal Information we receive from individuals residing in the EEA or the United Kingdom who visit our websites and/or use our services or otherwise interact with us. Please note that the term "Personal Information" as used in this Notice corresponds to the term "Personal Data" under applicable European and UK data protection laws for individuals residing in the EEA or the United Kingdom.

When Hailo makes such transfers of personal data, it relies on them:

• Adequacy resolutions adopted by: o European Commission, based on Article 45 of Regulation (EU) 2016/679 (GDPR). o Secretary of State of the United Kingdom on the basis of Article 45 of the United Kingdom General Data Protection Regulation and section 17A of the Data Protection Act 2018; or
• Standard Contractual Clauses as issued:
  - European Commission
  - Information Commissioner's Office (ICO)

The European Commission and the ICO have determined that the above standard contractual clauses provide sufficient safeguards for the protection of personal data transferred outside the EEA and the United Kingdom. For more information, please visit https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en and https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-data-transfer-agreement-and-guidance/. Hailo conducts impact assessments for transfers and continuously monitors the circumstances of such transfers to ensure that they maintain a level of protection in practice that is substantially equivalent to that guaranteed by European and UK data protection laws.

The "Schrems II" ruling

Hailo is committed until further notice to maintain its self-certifications under the EU-US Privacy Shield and the Swiss-U.S. Privacy Shield Framework and to comply with their Privacy Shield Principles as an additional measure to protect the privacy of its users. In addition, Hailo relies on the implementation of the GDPR requirements.

Additional data protection measures for users in the European Economic Area ("EEA"), the United Kingdom ("UK") and Switzerland

Hailo adheres to the EU-US Privacy Shield and the Swiss-US Privacy Shield Framework, as set forth by the U.S. Department of Commerce, regarding the collection, use, and retention of personal information transferred from European Union member states, the United Kingdom, and Switzerland to the United States. Hailo certifies that it complies with the EU-U.S. and Switzerland-U.S. Privacy Shield Principles regarding notice, choice, accountability for disclosure, security, data integrity and purpose limitation, access and recourse, enforcement, and liability with respect to such personal information. In the event of a conflict between the policies in this notice and the Privacy Shield Principles, the Privacy Shield Principles will govern.

In accordance with the principles of the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield, we are committed to resolving complaints about your privacy and our collection or use of your personal information. Individuals residing within the EEA, the United Kingdom or Switzerland who have inquiries or complaints regarding this Notice should first contact Hailo at: orders@hailo.us. We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of personal data within 30 days of receipt of your complaint.

Hailo has also committed to refer unresolved privacy complaints under the EU-US Privacy Shield and Swiss-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider based in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/bbb-eu-privacy-shield-consumers for more information and to file a complaint. There is no charge to you for this service.

In certain limited circumstances, individuals in the EEA, the United Kingdom and Switzerland may have recourse to binding arbitration under the Privacy Shield as a last resort when all other forms of dispute resolution (see above) have been unsuccessful. To learn more about this arbitration method and its availability, please visit https://www.privacyshield.gov/. Hailo is subject to the jurisdiction of the U.S. Federal Trade Commission for purposes of enforcing the Privacy Shield.

Hailo is subject to the jurisdiction of the U.S. Federal Trade Commission for purposes of enforcing the Privacy Shield.

Additional Resources:

• For more information on the U.S. Department of Commerce's continued administration of the EU-U.S. Privacy Shield program, see https://www.privacyshield.gov/article?id=EU-U-S-Privacy-Shield-Program-Update.
• For more information about the U.S. Department of Commerce's continued administration of the Swiss-US Privacy Shield program, please visit https://www.privacyshield.gov/article?id=Swiss-U-S-Privacy-Shield-FAQs.
• For more information about the Privacy Shield program, visit the U.S. Department of Commerce's Privacy Shield website at https://www.privacyshield.gov.
• To view our certification on the Privacy Shield list, please visit https://www.privacyshield.gov/list.
  

Additional Information for California Consumers - The California Consumer Protection Act:

Under the California Consumer Privacy Act (CCPA), California residents have certain rights with respect to the personal information that companies have about them. These include the right to request access to or deletion of your personal information, and the right to order a company to stop selling your personal information.

Personal information shared for business purposes:

Hailo discloses and has disclosed personal information in the past 12 months to the extent necessary for certain "business purposes" as defined by the CCPA (Cal. Civ. Code 1798.140(d)) as defined and described in the section entitled "How do we share information with third parties?". This includes sharing personal identifiers, commercial information, internet or other electronic network activity with providers of payment processing, customer relationship management, consulting, email, product feedback and help desk services. While Hailo does not sell personal information in exchange for financial consideration, we do share personal information for other benefits that qualify as a "sale" under the CCPA (Cal. Civ. Code 1798.140(t)(1)). This includes sharing personal identifiers, commercial information, and Internet or other electronic networking activities with advertising networks, website analytics companies, and event sponsors. Hailo does not sell personal information of consumers who are under the age of 16.

The rights of the CCPA

Right to refuse the sale:

While Hailo does not sell personal information in exchange for financial consideration, we do share personal information for other benefits that qualify as a "sale" under the CCPA (Cal. Civ. Code 1798.140(t)(1)). We support the CCPA and want to give you control over how your personal information is collected and shared.

You have the right to instruct Hailo not to sell your personal data. As for cookies, you can adjust your settings at any time. Please note that we may still use aggregated and de-identified personal data that does not identify you or other individuals. We may also retain personal information when necessary to comply with legal obligations, enforce agreements, and resolve disputes.

Right to Disclose:

You have the right to request information about which categories of personal data Hailo has sold or disclosed about you for a business purpose and about the categories of third parties to whom the personal data has been sold or disclosed. You have the right to request disclosure of certain personal data. Below is a complete list of the personal data you may include in your request.

• The categories of personal data that Hailo has collected about you.
• The categories of sources from which Hailo has collected the personal data.
• The business or commercial purpose for collecting or selling personal information.
• The categories of third parties to whom Hailo discloses personal data.
• The specific personal information that Hailo has collected about you.
• The categories of personal data that Hailo has disclosed about you for business purposes.
• The categories of personal data Hailo has sold about you and the categories of third parties to whom Hailo has sold your personal data.
  

If you wish to exercise your right to disclosure, please complete this form. Our privacy team will review your request and respond to you as soon as possible.

Right to request deletion:

You have the right to request Hailo to delete all personal data that Hailo has collected from you. Please note that there are exceptions in which Hailo does not have to comply with a request to delete personal data, e.g. if the deletion of information would lead to problems in processing a transaction or complying with a legal obligation. If you wish to exercise your right to erasure, please fill out this request form. Our privacy team will review your request and respond to you as soon as possible.

Right to non-discrimination:

Hailo will not discriminate against you (e.g., by refusing to provide goods or services or by providing a different level or quality of goods or services) if you exercise any of the rights granted to you.

How do we process your requests?

We will endeavor to respond to a verifiable request from a consumer within the prescribed time limits. If we need more time, we will notify you in writing of the reason and the extension period. If you submit your privacy request electronically through our request form, we will send our written response to the verified email associated with the request. If you did not submit the request through the online form, we will send you our written response by mail or electronically, at your option. Any information we provide will relate only to the 12-month period prior to receipt of the verifiable consumer request. In our response, we will also explain, if applicable, why we cannot comply with a request. We do not charge for processing or responding to your verifiable consumer inquiry unless it is excessive, repetitive, or clearly unfounded. If we conclude that the request warrants a fee, we will tell you the reasons for that decision and provide you with a cost estimate before we process your request.

California and Delaware "Do Not Track" notices

Under California and Delaware law, Hailo must indicate whether it respects your browser's "Do Not Track" settings regarding targeted advertising. Hailo adheres to the standards set forth in this notice and does not monitor or respond to "Do Not Track" browser requests.

Children

We do not knowingly collect or solicit Personal Information from anyone under the age of 13. If you are under 13, please do not attempt to register for the Services or submit any Personal Information about yourself to us. If we learn that we have collected Personal Information from a child under 13, we will delete that information as soon as possible. If you believe that a child under 13 may have provided us with his or her Personal Information, please contact us at orders@hailo.us.

Linked websites

For your convenience, hyperlinks to other websites (the "Linked Sites") may be posted on the Websites. We are not responsible for, and this notice does not apply to, the privacy practices of Linked Sites or companies that we do not own or control. Linked websites may collect information in addition to the information we collect on the websites. We do not endorse any of these linked sites, the services or products described or offered on these linked sites, or the content contained on the linked sites. We encourage you to read the privacy notices of each linked site to understand how personal information about you is used and protected.

Changes to this notice

We are constantly striving to improve our websites and services, so we may need to change this notice from time to time. We will notify you of material changes, for example, by posting a notice on our websites and/or sending you an email (if you have registered your email with us) when we are required to do so by applicable law. The date at the top of this page indicates when this notice was last updated. You are responsible for reviewing this notice on a regular basis.

Contact

For customers: Please contact the Hailo office indicated on your order form.

Contact information of the controller:

Hailo USA Inc.
14500 Lochridge Boulevard, STE K,
Covington Georgia 30014,
United States
Phone: +1 706-286-8484
E-Mail: orders@hailo.us

HAILO-Werk
Rudolf Loh GmbH & Co. KG
Daimlerstraße 8
D-35708 Haiger
Phone: +49 (0) 2773 / 82 - 0

If you have any questions, requests or concerns about your privacy and rights, please let us know how we can help.