Privacy policy

1.0 Introduction

We are committed to ensuring privacy in processing personal and business data and offering accurate, complete, and timely data at all times. Therefore, the data privacy policy is designed for Hoalani Group and its affiliates, hereinafter referred to as “Hoalani”, in compliance with the requirements of the General Data Protection Regulation (GDPR) and the US data laws and regulations.

The term Affiliates refer to the companies under the Hoalani Group. These are CuroGens Company and Eleqtus Company.

1.1 Objective

The data privacy policy sets out the general principles of privacy, protection, and ethics for Hoalani. It is also essential for cultivating an organization-wide privacy culture to protect the privacy and rights of our stakeholders who are essential to our business.

1.2 Scope

This policy applies to all online and offline personal data collected, received, processed, stored, controlled and disclosed by Hoalani regarding its past, current and prospective interested parties (i.e., Personnel, Clients, Suppliers, Contractors, Shareholders and Business Associates).

1.3 Responsibility

All interested parties shall be accountable for upholding the requirements of the policy.

1.4 Accountability

• All systems are being maintained to comply with the GDPR and the US Data Protection Act Standards among others.

• The Data Protection and Compliance Officers shall be responsible for ensuring compliance with the policy.

• Where necessary, audits will be performed in accordance with regulatory requirements.

2.0 Guidelines

2.1 Sources of personal data

Personal data from or about interested parties is obtained through methods described below;

• Website: Stakeholder-directed websites operated by Hoalani under its domains.

• Mobile app: Customer-directed mobile apps operated by Hoalani.

• Email, text and other electronic messages: Includes electronic interactions between Hoalani and interested parties

• Service desk: Includes information received from live interactions with customers regarding contractual services. Offline registration forms: Includes printed or digital forms such as postal mails, in-store demos, promotions and other events.

• Offline registration forms: Includes printed or digital forms such as postal mails, in-store demos, promotions and other events.

• Interactions from advertising: Information on interactions with our advertisement on third- party websites may be received.

• Other sources: This includes third-party social networks (e.g., Google, LinkedIn, Facebook etc.).

2.2 Personal data collected

Depending on the interaction of interested parties with Hoalani as stated in 2.1 Sources of personal data, the various types of information collected are; • Personal contact information: Information that enables Hoalani to stay in touch with its interested parties. This includes the name, email address, postal address, mobile phone number and social networks of interested parties.

• Professional information: Includes job title, employer name and industry.

• Account login information: Information required to give interested parties access to specific account profiles. This includes a login ID, email address, user name, password and security questions with answers.

• Demographics: Information that describes the behavioral (American English) characteristics of interested parties. This includes gender, date of birth, age/ age range, location (postcode or zip code), interests etc.

• Website information: Refers to information obtained as one interacts with our website or newsletters. Automated data collection technologies (server log files) are used to collect information about the actions of interested parties including the links clicked, content viewed, duration of viewing and the response times. This includes cookies and web beacons.

• Information from computers and mobile devices: Includes information about the technological device used to access the website. This includes the Internet Protocol (IP) address, type of operating system, web browser and version.

• Stakeholder-generated content: Includes content created by stakeholders and shared with Hoalani via third-party social networks such as LinkedIn. Content includes videos, photos, or personalized stories.

• Third-party information: Refers to information shared publicly via third-party social networks, and access granted for the third-party social network to share such information with Hoalani. E.g., name, gender, email address, birthday, profile picture, friends list etc.

• Payment/ financial information: Refers to payment details including debit or credit card details (e.g. cardholder name, card number, card expiration date etc.) of interested parties.

• Service desk information: Includes recordings of interactions with interested parties in accordance with applicable laws for business needs. Stakeholders will be informed about such recordings where required before starting a recording.

2.3 How we use personal information

Personal data is used for the following purposes, including but not limited to; • New customer and project creation.

• Products and services updates.

• Business referrals.

• Product and service sales and purchase (e.g. invoice, Service Level Agreements (SLA), Statement of Work (SOW).

• Compliance with legal, statutory and regulatory requirements.

• Transparency in communication with interested parties.

• Continual improvement of products, services, resources, and information flow.

• Review and notification of business operations and documentation.

• Resolve any disputes that may arise while executing business function/ processes.

Calling and visiting the Hoalani website: server log files

For the website’s technical provision, we must process specific data automatically transmitted by your browser so that our website can be displayed on your browser for use. When you access our website, our web server automatically collects data in a server log file. Data includes; the type and version of the browser and the operating system used, the website from which you accessed the domain name of the Internet service provider, the IP address of your computer, the pages you visit on our website, as well as the date and duration of your visit. The storage of the aforementioned access data is necessary for technical reasons to provide a functioning website and to ensure system security. This also applies to the storage of your IP address, without which you cannot visit our website. In theory, it would be possible to establish a personal reference. Furthermore, we process this data from server log files solely for statistical purposes, to optimize our website and improve upon its user-friendliness. The legal basis for data processing is Article 6 (1) (f) of the GDPR.

Contact Form

When you contact us as a customer or as an employee of a customer through our online contact form, personal data is collected to the extent that you provide. The following required fields are default: First name, Surname, Company Name, Job title and Email. The email address is only used to process your request. Your data will then be deleted unless you consented to further processing and use. The legal basis for data processing is Article 6 (1) (b) of the GDPR (for an existing contractual relationship) and Article 6 (1) (f) of the GDPR (for other contact requests).

Newsletters

You can sign up for our newsletters if you would like to receive our newsletter with information on current developments, studies, reports, events and webinars. Your email address will be required in a mandatory field during the request and this is used solely to get you registered for the newsletter. An option to unsubscribe is available at all times when you no longer wish to receive our newsletters. The legal basis for data processing is Article 6 (1) (a) of the GDPR.

Downloading reports

You can sign up for reports if you would like to receive up-to-date reports on technological, strategic or changing customer expectations of Hoalani. The following required fields are predefined during the request: first name, surname, company name, country, and email address. The email address is only used to register Hoalani reports, send you a confirmation link, and subsequently send you reports as requested. An option to unsubscribe is available at all times when you no longer wish to receive our reports. The legal basis for data processing is Article 6 (1) (a) of the GDPR. The same applies for when you want to download white papers.

Downloading event publications

You can sign up to receive postings in case you missed any of our events. The following required fields are predefined during the request: first name, surname, company name, country, and email address. The email address is only used to register for reports to enable Hoalani to send you a confirmation link and subsequently send you reports as requested. An option to unsubscribe is available at all times for when you no longer wish to receive our reports. The legal basis for data processing is Article 6 (1) (a) of the GDPR.

Account/ Orders for the Hoalani Group online store

If you want to order in our online store, you will need a customer account. The following mandatory fields have been predefined for creating an account and registration: first name, surname, email address, and key code. Placing an order requires more information, including address, country and phone number. The legal basis for data processing is Article 6 (1) (b) of the GDPR.

Applications

Suppose you are interested in having us as an employer and wish to apply for a job with us. In that case, we collect various personal data that aid in reviewing your application. The following required fields are predefined: first name, surname, key code, user language, email address, phone number, salary expectations, possible start date, how you heard about us, data release approval, an application letter, and a curriculum vitae (CV). The legal basis for data processing is Article 6 (1) (b) of the GDPR.

Cookies

Hoalani uses different types of cookies. Some cookies that appear on our websites are placed by third-party services. Cookies (small text files that websites can use to make a user’s experience more efficient) are used to personalize content and advertisements, provide social media features and analyze traffic. Information shared also includes your use of the websites with our social media and analytics partners who may combine it with other information you may have provided them or received from your use of their services. Cookies of this type can be stored on your device if they are strictly necessary for the operation of this website. All other types of cookies can only be used after gaining your permission. You can withdraw your consent from a cookie declaration on our website at any time. Refer to the Cookie Policy for more details.

2.5 Data Disclosure

Hoalani may disclose personal information only in the following circumstances;

• Disclosure to employees, consultants, authorized agents, service providers and shareholders or business partners for business needs.

• Disclosure with the explicit stakeholder consent.

• Disclosure in response to legal requests.

• Compliance with legal, statutory and regulatory requirements.

• Protection of the rights, safety and property of Hoalani and its stakeholders.

• Data security measures.

2.6 Data Retention and minimization

Hoalani will retain all documents with personal information for the minimum period and for the period within which they are legally required to be maintained. Depending on the circumstances, this ranges from a few days to ten (10) years. After the retention period, all data will be destroyed or deleted appropriately and confidentially. For compliance purposes, we may retain an archive of personal information only accessible to limited persons.

2.7 Data security

Hoalani has implemented appropriate technical and organizational measures to protect the personal information of its stakeholders from loss, misuse, manipulation and unauthorized access, disclosure, alteration, and/ or destruction. Confidential information is stored in protective storage clouds, and Transport Layer Security (TLS) encryptions are used when collecting or transferring information. The information security measure in place also prevents external unauthorized access to information that the Group retains or discloses. You can recognize an encrypted connection by the fact that the address line of your browser changes from “http://” to “https://” and by the padlock symbol in your browser. Security assessments are conducted regularly by the Data Protection Officer to ensure compliance. However, we would like to point out that this does not represent complete protection against attackers.

2.8 Your rights as an interested party (stakeholder)

Under the GDPR, our stakeholders have the right to the following legal rights of data subjects, provided that the prerequisites are met; • Right to information about your data stored by in accordance with Article 15 of the GDPR.

• Right to rectify inaccurate data in accordance with Article 16 of the GDPR.

• Right to deletion of data stored by us in accordance with Article 17 of the GDPR.

• Right to limitation of data processing stored by us in accordance with Article 18 of the GDPR.

• Right to data portability in accordance with Article 20 of the GDPR.

• Right to revocation at any time provided for in Article 7(3) of the GDPR and per the consent you have given; this results in us not being allowed to continue data processing based on the consent given.

• Right to file a claim with a competent body or supervisory authority under Article 77 of the GDPR provided that you consider that processing your personal data violates the provisions of the GDPR. Claims may be made in any country or state where our offices are located or in the country or state where you are located.

• Right of opposition to the extent that your data is processed to protect legitimate interests. You have the right to object to this processing at any time using the contact details provided that your situation gives rise to reasons that prevent such data processing. With this, we will no longer process your data unless it is predominantly based on your own legitimate interests or other legal basis. If you would like to exercise your right of opposition, send an email to our data protection officers at legal@hoalani.com

2.9 Obligation to provide data

You are not required to provide us with your personal data. However, suppose you do not provide such data, we cannot provide you unrestricted access to our website and services. Personal data we do not need for the aforementioned processing purposes are marked accordingly as “voluntary information”.

2.10 Automated decision making/ profiling

Hoalani does not use automated decision-making or profiling (an automated analysis of your personal circumstances).

3.0 Policy Review

• This policy shall be reviewed annually to ensure the following:

• Information is accurate and up to date.

• Compliance with applicable directives and regulations.

• Adaptability to business demands.

• The Compliance Officer and the Director for International Operations shall be responsible for reviewing the policy.

Contact us

Please contact us (Hoalani Group, legal department) if you have any other questions about our data privacy policy.

14300 Clay Terrace Blvd. Suite 260
Carmel, IN 46032
USA
legal@hoalani.com