Privacy Policy

LINK FOR REFERENCES IN COMMENTS

1. How do we collect and use your personal data?

     The tables below outline clearly how we use your personal data:

   1. Personal data that you provide to us
      
      

1. 1. Data types	How we use your data	Legal Basis
      Notifications, Messages and Reminder When you adjust the notification settings, you provide us with personal information related to your notification preferences. This data is processed solely on your device and is not stored or transmitted to our servers.	To display and notify users for phone notifications on the glasses	Performance of contract
      Cheatsheet When you use the cheatsheet function, you provide us with personal information, such as your user configuration settings (e.g., content, font size, and auto scroll settings). The processing of this personal information occurs directly on your mobile device and is neither transmitted nor stored on our servers.	To display the giving content in user's set configuration on the glasses	Performance of contract
      Audio Memo When using the recording feature, you provide us with the voice content you input or record. The processing of this personal information (not including the AI transcript) occurs directly on your mobile device and is neither transmitted nor stored on our servers.	To provide the audio recording service	Performance of contract
      Translate When you use the translate function, you provide us with personal information, such as your user configuration settings (e.g., content, font size, and translation language type). The processing of this personal information occurs directly on your mobile device and is neither transmitted nor stored on our servers.	To convert the corresponding language translation according to the user's set configuration	Performance of contract
      AI Assistance When using the AI assistance feature, you provide us with the voice content you input.	To provide the AI assistance service	Performance of contract
      User Experience Survey When you participate in a user experience survey, you provide personal information, including your customized anonymous ID and the responses to the survey questions, which you voluntarily share with us.	To understand your experience, improve the product, and communicate with you through customer service with your consent.	Legitimate interests & Legal obligations
      Customer Service or Support If you contact our customer service team via email, app or other communication methods regarding an order, support request, or feedback. You need to provide us with personal data related to your Halliday account, such as your name, email address, birthday, and and the details of your inquiry or issue. In the case of submitting feedback, we may ask you to provide additional information, including your Glasses model, phone model, issue logs (which may include voice recordings from the voice assistant or translation feature), and feedback images/videos.	To communicate with you about your access to our services, resolve the issue and provide you with processing suggestions.	Performance of contract
      Requests for Exercising Personal Information Rights When you exercise your rights related to personal information, such as requesting access, copies, or deletion, you need to provide personal data related to your Halliday account, such as your name, email address, birthday, and any other relevant information related to your request.	To verify and to respond the request made by you	Legal obligations

   2. Personal data that we collect for using our services and products
      
      

1. 1. Data types	How we use your data	Legal Basis
      For Registration and Login When you use our services with a Halliday account, we collect your name, email address, birthday. Please review the Privacy Policy before registering your Halliday account.	To provide you access our services through your Halliday account	Performance of contract
      Local Data Protection Local data generated by your smart devices and related apps (including Notifications, Messages, Audio Memo, Translate, Cheatsheet, Music, Phone and AI Assistance) will be linked to your Halliday account but stored in isolation locally. Data from different accounts will not be accessible to each other.	To provide you access to all available features on your Halliday Glasses	Performance of contract
      Device Connection During the device connection process, we collect personal data including your device's Bluetooth MAC address, Serial Number, phone model, Android ID (if applicable), and a customized ID. Bluetooth and location permissions may be requested to identify and connect devices. This data is processed locally.	To enable the discovery, pairing, and maintaining the connection status between Glasses and connected devices	Performance of contract
      Ring Touchpad We collect your touchpad interactions when you are using your Glasses for correctly recieving your gestures. This information is automatically collected by the system and is essential for your using experience.	To operate the Glasses via the touchpad on the Ring	Performance of contract
      Device Status We collect glasses data including connection status, battery level, device name, and volume/brightness settings for showing the correct information on the display. This data is automatically collected and processed by the system locally.	To display the correct status of the connected Glasses	Performance of contract
      Audio and Video Playback When using Glasses for audio and video playback, we collect data generally including titles, lyrics, artist information, song duration, playback progress, playback status. This data is processed locally and transmitted via Bluetooth. We may request Bluetooth permissions for this process.	To stream audio through the Glasses and display associated details about the audio and video content.	Performance of contract
      Notifications, Messages and Reminder We collect personal information when you use the notifications, messages, or reminder function. This typically includes your notification data, which is automatically collected by the system once you grant the necessary permissions. To enable this feature, we may request your consent to access notification permissions. Your notification data is used exclusively for display on the Glasses, and we do not store this information.	To display and notify users for phone notifications on the glasses	Performance of contract
      Cheatsheet When you use the cheatsheet function, you provide us with personal information, such as your user configuration settings (e.g., content, font size, and auto scroll settings). The processing of this personal data This data is collected through a combination of your active provision and automation after your granted permissions. This data is processed locally.	To display the giving content in user's set configuration on the glasses	Performance of contract
      Audio Memo When using the audio memo feature, we collect personal data including recorded audio, meeting duration, and timestamps. For transcription, we share data with these services provided by third-party language models and indirectly collect generated text. The content you provide will not be used for model training.	To provide the audio recording and transcription services	Performance of contract
      Translation We collect voice data, transcription results, and translation logs when using the real-time translation feature. Data is processed automatically, including information from third-party translation services. Location data may be collected to display the location of translation records.	To convert the corresponding language translation according to the user's set configuration	Performance of contract
      AI Assistance When using the AI assistance feature, you provide us with the voice content you input. We share transcription data with these services provided by third-party language models and indirectly collect generated text. The content you provide will not be used for model training.	To provide the AI assistance service	Performance of contract
      Speech to Text When using the speech to text feature, you provide us with the voice content you input. For transcription, we share data with these services provided by third-party language models and indirectly collect generated text. The content you provide will not be used for model training.	To provide the Speech to Text services	Performance of contract
      Version Compatibility We collect glasses firmware version number, Glasses model, Glasses connection status, the current version number of the App, and phone model to ensure compatibility between Glasses and your phone. This data is automatically collected and processed by the system locally.	To verify the compatibility between the Glasses version and the phone app version, and notify the user to update if the versions are incompatible.	Performance of contract
      Software & Firmware Updates We collect information including device model, app version, and storage status to facilitate software updates. We collect information including Glasses’s serial number, model, system version, storage space, and battery level to facilitate Glasses firmware updates. We collect information including Ring's serial number, model, system version, MAC address and battery level to facilitate Ring firmware updates. This data is processed locally and used only for update purposes.	To detect and update the application or the firmware	Performance of contract
      Data Synchronization We synchronize device settings and personal data with your account to provide a seamless experience: (1) Glasses device information: device name, model, firmware version, serial number; (2) Glasses settings information: brightness, volume, ringtone and alerts, gadgets, rapid button, silence mode, mute notifications (3) App settings information: Notifications, Messages, Audio Memo, Translate, Cheatsheet, Music, Phone and AI Assistance;	To enable synchronization of your settings and data across devices, ensuring a seamless and consistent experience.	Performance of contract
      Actions regarding consents When you review and choose to confirm, agree, decline, or withdraw consent to this policy via the interactive interface, we automatically collect and use your device information (including the device ID) along with log data (including timestamp and relevant system, application, and protocol version information). This information is collected by the system automatically.	To adhere to legal requirements and determine the applicable version of this policy for you, safeguarding your legal rights and interests.	Performance of contract

   2. Personal data that we collect for internal use
      
      

1. 1. Data types	How we use your data	Legal Basis
      Personal Information (Anonymized and/or aggregated) This part of personal information may involve the data mentioned above, such as hardware details, operating system information, performance metrics, and usage data related to devices and applications collected about you.	To develop new products and to enhance, improve or modify our current product and services.	Legitimate interests
      Fraud and Security Our monitoring processes for fraud prevention and security may involve any of the personal data collected from you that mentioned above.	To carry out fraud and security monitoring, and to enforce our Terms of Service	Legitimate interests
      Legal Our legal claim process may involve any of the personal data collected from you that mentioned above.	To effectively protect or assert our legal rights, and to meet governmental and institutional policy obligations	Legitimate interests

2. How do we retain and protect your data?

   1. Data Storage Locations Your personal data is processed on servers located in the United States. We may transfer your data to our partners, service providers, and other third parties when necessary. In these cases, your data may be stored or processed on the servers of these third parties.
   2. Data Retention Period We retain your personal data only for as long as necessary to fulfill the intended purpose, in compliance with our retention policies. Different types of data may be retained for varying periods based on service needs and legal requirements. Once the retention period expires, we will either delete or anonymize your personal data, taking steps to ensure it becomes irrecoverable or irreproducible.
          When determining retention periods, we consider factors such as:
      1. The nature of the data and the activities involved.
      2. The duration and frequency of your use of the products.
      3. Our legitimate interests and legal obligations.
   3. Data Protection Measures We implement appropriate technical and organizational security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized access, or disclosure, in line with applicable laws. When using an App account, please ensure you choose a strong password and keep it confidential. If you suspect that your App account or personal data may have been compromised, please contact us using the information in Section 11.

     Please note that while we take all reasonable measures to secure your data, the internet is not a completely secure environment. Any data transmitted over the internet is at your own risk, and we cannot guarantee its security. You are responsible for ensuring that any personal data you send to us is transmitted securely.

3. How will we disclose your data?

     To provide you with more comprehensive and high-quality products and services, we may share certain personal data with our trusted commercial partners, who may help us deliver specific services. We will only share your data for lawful, necessary, and explicit purposes, ensuring that only the data required to provide those services is shared. We require our partners to retain data only for as long as necessary and to implement adequate security measures to safeguard your information.

     We may disclose your personal data to the following categories of third parties for the purposes described in this policy:

   • Affiliates and Corporate Partners: We may share personal data between our affiliates and related entities for legitimate business purposes and to support the operation of our services, in compliance with applicable laws.
   • Service Providers and Business Partners: Third-party service providers who assist with technology (e.g., cloud storage, voice-to-text service) and business support (e.g., real-time translation, AI assistance) may process your personal data on our behalf under relevant contracts.
   • Law Enforcement, Public Authorities, or Judicial Bodies: We may disclose your data if required by law, or if we believe it is necessary to comply with a legal obligation, enforce our Terms of Service, address security or fraud issues, or protect the rights, property, or safety of us, our users, or the public. This may include exchanging information with other organizations for fraud protection.
   • Change of Corporate Ownership: In the event of a merger, acquisition, bankruptcy, reorganization, or other significant transaction, we may disclose your personal data as part of the process.

4. How will we transfer your data around the world?

     Since our servers' location is in the United States, your personal data may be processed outside your country of residence. Additionally, your personal data may be accessed or transferred to our affiliates, third-party service providers, and business partners for the purposes outlined in this Privacy Policy. As a result, your data may be transferred to jurisdictions with different data protection laws than those in your home country.

     When transferring personal data internationally, we ensure an adequate level of protection, as required by applicable laws. This includes using legal mechanisms such as the European Commission-approved Standard Contractual Clauses and the UK International Data Transfer Agreement, where applicable, to ensure lawful data transfers. In cases where the personal data of European Union residents is transferred to countries without equivalent data protection standards, we take additional measures, such as obtaining consent or anonymizing the data, to protect your information in compliance with relevant laws.

     Please note that any personal information explicitly stated in this Privacy Policy to be processed locally will not be transmitted or stored on our servers. We also ensure that when transferring personal data to third-party service providers or business partners in other countries or regions, we take steps to safeguard your data in accordance with this policy and applicable laws, even if the data protection standards differ from those in your location.

5. What are your data subject rights and choices?

     Depending on the applicable laws in your location, you may have certain rights regarding your personal data as outlined below. Some of these rights can be exercised directly in the App. For other requests regarding your personal data, please contact us.

   1. Access to Data You may have the right to know what personal data we process about you, including the types of data, the purposes for which it is collected, and the third parties with whom it is shared.
   2. Data Correction You may request that we correct any inaccurate personal data we hold about you, subject to certain exceptions.
   3. Data Portability You may contact us to request a copy of the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transfer it to another controller, where applicable.
   4. Data Deletion You have the right to delete your account and erase your personal data from Me - Profile - Delete Your Account. When your account is deleted, all associated personal data will also be erased. Additionally, you can request the deletion of the personal data you have provided by contacting us. If some data cannot be deleted, we will inform you of the reasons why.
          Please note that we may retain certain personal data if required by applicable laws.
   5. Withdrawal of Consent If we process your personal data based on your consent, you can withdraw that consent by contacting us. The withdrawal will not affect the lawfulness of any processing done before the withdrawal.
   6. Objection to Processing Depending on applicable laws, you may object to the processing of your personal data based on our legitimate interests, where there are specific grounds related to your situation, by contacting us. Please note that we may have an overriding legitimate interest to continue processing your data, in which case we will inform you.
   7. Restriction on Processing You can request that we limit the processing of your personal data under certain conditions. You may request this if:
      1. You believe the processing is unlawful but do not want your personal data deleted.
      2. You need your personal data to establish, exercise, or defend legal claims.
      3. You are challenging the accuracy of your personal data, and we are verifying it.
      4. You are objecting to the processing of your personal data, and we are reviewing your request.
   8. Other Rights Depending on your jurisdiction, you may have additional rights regarding your personal data. California residents can find more details about their rights in Section 9. Users from other countries can find related information about specific terms in Section 10.

     To exercise any of these rights, ask questions about your rights or this Policy, or file a complaint about our processing of your personal data, please contact us using the information in Section 11. When submitting a request, please provide the scope and basis of your request and any necessary information to verify your identity. We may reach out to confirm your identity before addressing your request. We will respond to your request or complaint as required by applicable data protection laws.

6. How do Halliday and Gyges Labs work together?

     GYGES LABS INC (“Gyges Labs”) manufactures the Glasses, and any information you provide to them is governed by their terms and policies. We share information with Gyges Labs to handle customer service requests and collaborate to resolve technical problems. Additionally, we exchange aggregated data and insights on marketing, usage, sales, and post-sale activities. Gyges Labs does not collect data directly from your use of the Glasses or the App.

7. Children's Privacy

     Our Services are not intended for children, and we do not knowingly collect, sell, or share Personal Information from minors. If you become aware that a child has provided Personal Information through our Services, please notify us immediately using the contact information in Section 11. We will investigate and, if confirmed, delete the information.

8. Conflict

     If any discrepancies arise between the English version of this Privacy Policy and its official translations in your jurisdiction, the English version should prevail.

9. Notice to California Residents

     If you are a California resident, the California Privacy Rights Act (CPRA) and other applicable California privacy laws require us to provide you with the following additional information:

   1. Collection and Use of Your Personal Data We have collected personal data from and about you over the past 12 months as described in Section 1 above.
   2. Disclosure of Personal Data We share personal data with third parties for business purposes. In the past 12 months, we have disclosed the following categories of personal data:
      
      

9. 1. Categories of Personal Data	Disclosed to Which Categories of Third Parties
      All categories detailed in Section 1	Cloud storage and computing providers and our affiliates
      Location information	Navigation service providers and weather service providers
      Voiceprints and audio recordings	Real-time translation service providers and voice recognition service providers
      Other interaction information	AI service providers

   2. Your California Rights and Choices As a California resident, you may have the right to:
      1. Know any or all of the following information regarding your personal data collected and disclosed in the past 12 months, upon verification of your identity:
         • The specific pieces of personal data we have collected about you
         • The categories of personal data we have collected
         • The sources from which the data was collected
         • The categories of personal data disclosed for business purposes and the recipients of that information
         • The categories of personal data sold and the recipients of that information
         • The business or commercial purpose for collecting or selling personal data
      2. Request correction of any inaccurate personal data we hold about you.
      3. Request deletion of personal data collected from you, subject to certain exceptions.
      4. Opt out of the sale and/or sharing of your personal data and sensitive personal data with third parties, now or in the future.
          You also have the right to be free from discrimination for exercising these rights. However, please note that exercising these rights may limit our ability to process your personal data. For instance, if you request deletion, we may no longer be able to provide certain services.
   3. Limit the Use of Sensitive Personal Data You have the right to request limitations on the use and disclosure of your sensitive personal data, subject to certain exceptions. To request such limitations, please contact us using the details provided in Section 11.
          Sensitive personal data under the CPRA includes location data, biometric information, and verification codes. We use and disclose this data strictly for providing services, managing your account, and enabling key features of our smart glasses, such as navigation and real-time translation. We do not "sell" or "share" your sensitive personal data as defined by the CPRA.
   4. Do Not Sell or Share My Personal Data Based on the CPRA’s definitions of "sell" and "share," we do not believe we engage in such activities and have not done so in the past 12 months from the effective date of this policy.
   5. Submitting Your California Consumer Rights Requests To exercise your California Consumer Rights, you may submit a request using the contact details provided in Section 11. We will need to verify your identity before processing your request, which may require additional personal data or account login verification. In some cases, we may deny or limit your request, particularly if we cannot verify your identity, locate your information, or as permitted by law.
          You may authorize an agent to exercise your rights on your behalf. If so, you must provide written authorization. We reserve the right to deny an agent’s request if we cannot verify proper authorization and/or confirm your identity.
   6. Appeal If we refuse to take action on a request, you may appeal by contacting us via the details in Section 11. If your appeal is denied, you may contact the California Attorney General to file a complaint: https://oag.ca.gov/contact/consumer-complaint-against-business-or-company.
   7. California’s "Shine the Light" Law California’s "Shine the Light" law (Civil Code Section §1798.83) grants California residents with an established business relationship with us the right to request information about personal data disclosed to third parties for direct marketing purposes. We do not disclose personal data to third parties for their direct marketing purposes.

10. Country Specific Terms

    1.   United Kingdom and European Economic Area

       1. Scope and Applicability This section outlines our data handling practices in the United Kingdom (UK) and the European Economic Area (EEA) regarding personal data collected from you in person or through the use of our products and services, including smart glasses, mobile apps, and websites. The Privacy Policy should be read in conjunction with this section.
       2. Transfers Outside of the UK and EEA If UK and/or EU data protection laws apply, we only transfer your personal data to a country outside the UK or EEA when:
                (a) The UK government (under the UK GDPR) or the European Commission (under the EU GDPR) has determined that the country ensures an adequate level of data protection (Adequacy Regulation/Decision).
                (b) If no adequate decision exists, we rely on legal mechanisms such as Standard Contractual Clauses (SCCs) approved by the UK or EU, obtaining your consent, or implementing additional security measures like data anonymization.
                (c) Where applicable, exceptions under relevant data protection laws may apply.
       3. Your UK and EEA Privacy Rights Under UK and EU data protection laws, you have the right to:
          1. Access: Obtain a copy of your personal data.
          2. Rectification: Request correction of inaccurate personal data.
          3. Erasure: Request deletion of personal data in certain situations (Right to be Forgotten).
          4. Restriction of Processing: Limit processing of your personal data under specific conditions.
          5. Data Portability: Receive your data in a structured format and transfer it to another service.
          6. Object: Oppose processing for direct marketing and, in some cases, other purposes.
          7. Withdraw Consent: Revoke consent for processing personal data at any time, without affecting prior lawful processing.
                To exercise these rights, please contact us as outlined in Section 11. We may request verification of your identity before processing requests.
                If you have concerns about our handling of your data, you may file a complaint with the UK’s Information Commissioner’s Office (ICO) or the appropriate EEA data protection authority. However, we encourage you to contact us first to resolve any concerns.

    2.   Singapore

       1. Scope and Applicability
                This Schedule supplements our Privacy Policy and details our data handling practices in Singapore. The Privacy Policy and this Schedule collectively govern the collection and processing of personal information when you use our products and services in Singapore.
       2. Personal Information and Sensitive Personal Information
                For Singapore, "Personal Information" refers to "personal data" as defined under the Personal Data Protection Act 2012 (PDPA). It includes data that identifies an individual, such as name, contact details, and financial information. "Sensitive Personal Information" includes national identity numbers, financial data, insurance information, sensitive medical conditions, and minors' data.
       3. How We Use Your Personal Information
                We collect personal information directly from you, third parties, or through automated means when you use our products and services. Our lawful basis for processing includes fulfilling contractual obligations, complying with legal requirements, legitimate business interests, and obtaining user consent.
                By sharing personal information with us, you:
          1. Consent to its collection, use, and disclosure as outlined in this policy.
          2. Acknowledged that we may transfer data outside Singapore where necessary.
          3. Represent that you have obtained consent when providing third-party data.
       4. Your Privacy Rights
                You have the right to access, correct, restrict processing, or request deletion of your personal information by contacting us as outlined in Section 11. Consent withdrawal is permitted with reasonable notice, which may impact service availability. We reserve the right to deny access under certain legal restrictions.
       5. Security Measures
                We implement security protocols to safeguard personal data against unauthorized access, misuse, or loss. However, we cannot guarantee complete security, especially for transactions conducted via personal devices.

    3.   Thailand

       1. Sensitive Personal Information
                We ask that you not send us, and you not disclose to us, any sensitive Personal Information (e.g., information related to racial or ethnic origin, sexual orientation or sex life, political opinions, religion or philosophical beliefs, health-related information, genetic information, disability information, criminal background, or trade union information) on or through our products and services or otherwise unless we expressly request this information. If we need to collect, use, or disclose your sensitive Personal Information, we will obtain your explicit consent or do so in compliance with applicable laws.
       2. Your Privacy Rights
                Subject to the legal requirements under the Personal Data Protection Act B.E. 2562 and other applicable laws concerning data protection, you have the following rights regarding your Personal Information:
          1. Right to access: You have the right to access or request a copy of the Personal Information we collect, use, or disclose about you.
          2. Right to data portability: You have the right to obtain Personal Information we hold about you, in a structured, electronic format, and to send or transfer such information to another party.
          3. Right to rectification: You have the right to have incomplete, inaccurate, misleading, or outdated Personal Information that we collect, use, or disclose about you corrected.
          4. Right to objection: You have the right to object to certain collection, use, or disclosure of your Personal Information in specific circumstances.
          5. Right to restriction: You have the right to restrict the use of your Personal Information in certain circumstances.
          6. Right to erasure: You have the right to request that we delete or anonymize the Personal Information that we collect, use, or disclose about you.
          7. Right to withdraw consent: You can withdraw your consent at any time when we collect, use, and disclose your Personal Information based on your consent.
          8. Right to complain: You have the right to complain with the competent authority under applicable data protection law.
                If you would like to exercise your rights concerning your Personal Information, you may contact us as outlined in Section 11.
       3. Transfer of your Personal Information to Places Outside Thailand
                (a) We may transfer your Personal Information to locations outside Thailand. If the transfer is to our facilities located outside Thailand, or if any of our service providers or strategic partners who are involved in providing part of our service, data storage, or data processing services for and on behalf of us is located outside Thailand or has servers and related equipment outside Thailand. This may also occur if you use our products and/or services from a country other than Thailand. By using our services, you consent to us transferring your Personal Information to places outside Thailand in these instances. We may also transfer your Personal Information to places outside Thailand where permitted by law.
                (b) By submitting or sharing your Personal Information with us (directly or indirectly) and/or by using our products and services, you agree to the terms and conditions set out in this Privacy Policy and consent to us collecting, using, disclosing, and processing your Personal Information. You hereby give us your consent to transfer your Personal Information to a location outside Thailand.

11. Contacting Us

      For more information about your data subject rights, or how we process your personal data, please do not hesitate to contact us by using the information below.

      Controller: HALLIDAY HOLDINGS PTE. LTD.

      Contact Details: Ste 100, 4500 Great America Parkway, Santa Clara, CA, United States

      Website: https://hallidayglobal.com/

12. How do we update this Policy?

      We will update this Policy as needed and advise you to periodically review the latest version through the App’s “Me - Legal” section. In the event of material updates, we will notify you beforehand via pop-ups, push notifications, emails, or other suitable channels, depending on the significance of the changes. You can also find the previous policy history below.