GDPR Statement

INTRODUCTION

Seneca Holdings, LLC, dba Holo Discovery, (together "Holo," "we," "our," and "us"), complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Holo has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Holo has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

DEFINITIONS

Data Subject "Data Subject" means the individual to whom any given Personal Data covered by this DPF Policy refers.

Personal Data "Personal Data" means any information relating to an individual residing in the European Union, the United Kingdom, and Switzerland that can be used to identify that individual either on its own or in combination with other readily available data.

Sensitive Personal Data "Sensitive Personal Data" means Personal Data regarding an individual's racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, physical or mental health, or sexual life.

SCOPE AND RESPONSIBILITY

This DPF Policy applies to Personal Data transferred from European Union member countries, the United Kingdom, and Switzerland to Holo's operations in the U.S. in reliance on the respective DPF framework and does not apply to Personal Data transferred under Standard Contractual Clauses or any approved derogation from the EU Directive.

Some types of Personal Data may be subject to other privacy-related requirements and policies. For example:

  • - Some Holo websites have their own privacy policies.
  • - Personal Data regarding and/or received from a client is also subject to any specific agreement with, or notice to, the client, as well as additional applicable laws and professional standards.
  • - Employee Personal Information is subject to internal human resource policies including the Employee Data Privacy Notice.

All employees of Holo that have access in the U.S. to Personal Data covered by this DPF Policy are responsible for conducting themselves in accordance with this DPF Policy. Adherence by Holo to this DPF Policy may be limited to the extent required to meet legal, regulatory, governmental, or national security obligations, but Personal Data covered by this DPF Policy shall not be collected, used, or disclosed in a manner contrary to this policy without the prior written permission of Holo's Chief Privacy Officer.

Holo employees responsible for engaging third parties to which Personal Data covered by this DPF Policy will be transferred are responsible for obtaining appropriate assurances that such third parties have an obligation to conduct themselves in accordance with the applicable provisions of this DPF Principles, including any applicable contractual assurances required by DPF.

COLLECTED INFORMATION

At times, particularly when you request information in response to an e-mail advertising products or services from the holo-discovery.com Web site, Holo may ask you to provide certain information about yourself by filling out and submitting an online form. It is completely optional for you to participate in these programs. If you elect to participate in these programs, however, Holo may require that you provide your contact information, which may include your name, mailing address, e-mail address, and other personal identifying information.

When you submit personal information to Holo, you understand and agree that Holo and its affiliates may transfer, store, and process your customer profile in any of the countries in which Holo and its affiliates maintain offices, including without limitation the United States. Holo will not release your information to non-affiliated third parties except as described below. Holo may also store your information indefinitely.

Holo collects this information in order to record and support your participation in the programs you select. If you order a product, for example, the information is used to register your license and rights, if any, to technical support, upgrade discounts, or other benefits that may be made available to registered users. Holo also uses information that you provide as part of our effort to keep you informed about product upgrades, special offers, upcoming events and other Holo products and services.

If Holo shares your information with non-affiliated third parties, it will only do so in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. In addition, federal law permits Holo to share your information as necessary with parties who provide services to us such as computer maintenance personnel, auditors, attorneys, accountants, regulators, law enforcement, and so on.

Holo uses safe and secure systems, physical and electronic, to safeguard the information that is provided on the holo-discovery.com Web site.

Cookies

When you visit holo-discovery.com, we send one or more cookies – a small file containing a string of characters – to your computer that uniquely identifies your browser. We use cookies to improve the quality of our service by storing user preferences and tracking user trends. Holo also allows other companies that provide services on some of our pages to set and access their cookies on your computer. Other companies' use of their cookies is subject to their own privacy policies. Other companies do not have access to Holo's cookies.

Third-party cookies are those which are inserted by using web code from other sites around the web and do not belong to the site initially visited; for example, Google Analytics tracking cookies or YouTube embed tracking. Below you can find a list of third-party cookies used on this site and a description of what information they collect.

Site features are often programmatically enabled and disabled on a per-page and per-session basis and subsequent cookies that may or may not be loaded are subject to change.

  • - Google - Type: Analytical
  • - YouTube.com - Type: Analytical

Server Log Information

When you use the Holo's services, Holo's servers automatically record information that your browser sends whenever you visit a website. These server logs may include information such as your Internet Protocol address, cookie information, and the pages you request.

User Communication

When you send email or other communications to Holo, Holo may retain those communications indefinitely.

Additional Services

In addition to the above, Holo processes personal information for purposes which include:

  • - Providing our litigation support services to users
  • - Ensuring the technical functioning of our network
  • - Developing new services

DPF PRINCIPLES

Holo commits to subject to the DPFs' Principles all Personal Data received by Holo in the U.S. from European Union member countries, the United Kingdom, and Switzerland in reliance on the respective DPF framework.

1. Notice

Holo notifies Data Subjects covered by this Choice DPF Policy about its data practices regarding Personal Data received by Holo in the U.S. from European Union member countries, the United Kingdom, and Switzerland in reliance on the respective DPF framework, including the types of Personal Data it collects about them, the purposes for which it collects and uses such Personal Data, the types of third parties to which it discloses such Personal Data and the purposes for which it does so, the rights of Data Subjects to access their Personal Data, the choices and means that Holo offers for limiting its use and disclosure of such Personal Data, how Holo's obligations under the DPF are enforced, and how Data Subjects can contact Holo with any inquiries or complaints.

2. Choice

If Personal Data covered by this DPF Policy is to be used for a new purpose that is materially different from that for which the Personal Data was originally collected or subsequently authorized, or is to be disclosed to a non-agent third party, Holo will provide Data Subjects with an opportunity to choose whether to have their Personal Data so used or disclosed. Requests to opt out of such uses or disclosures of Personal Data should be sent to: privacy@holo-discovery.com.

If Sensitive Personal Data covered by this DPF Policy is to be used for a new purpose that is different from that for which the Personal Data was originally collected or subsequently authorized, or is to be disclosed to a third party, Holo will obtain the Data Subject's explicit consent prior to such use or disclosure.

3. Accountability for Onward Transfer

In the event we transfer Personal Data covered by this DPF Policy to a third party acting as a controller, we will do so consistent with any notice provided to Data Subjects and any consent they have given, and only if the third party has given us contractual assurances that it will (i) process the Personal Data for limited and specified purposes consistent with any consent provided by the Data Subjects, (ii) provide at least the same level of protection as is required by the DPF Principles and notify us if it makes a determination that it cannot do so; and (iii) cease processing of the Personal Data or take other reasonable and appropriate steps to remediate if it makes such a determination. If Holo has knowledge that a third party acting as a controller is processing Personal Data covered by this DPF Policy in a way that is contrary to the DPF Principles, Holo will take reasonable steps to prevent or stop such processing.

With respect to our agents, we will transfer only the Personal Data covered by this DPF Policy needed for an agent to deliver to Holo the requested product or service. For example, we may use a third-party tool to analyze usage patterns of our websites. Furthermore, we will (i) permit the agent to process such Personal Data only for limited and specified purposes; (ii) require the agent to provide at least the same level of privacy protection as is required by the DPF Principles; (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the Personal Data transferred in a manner consistent with Holo's obligations under the DPF Principles; and (iv) require the agent to notify Holo if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the DPF Principles. Upon receiving notice from an agent that it can no longer meet its obligation to provide the same level of protection as is required by the DPF Principles, we will take reasonable and appropriate steps to stop and remediate unauthorized processing.

Holo remains liable under the DPF Principles if an agent processes Personal Data covered by this DPF Policy in a manner inconsistent with the Principles, except where Holo is not responsible for the event giving rise to the damage.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

4. Access

Data Subjects whose Personal Data is covered by this DPF Policy have the right to access such Personal Data and to correct, amend, or delete such Personal Data if it is inaccurate or has been processed in violation of the DPF Principles (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to the Data Subject's privacy, or where the rights of persons other than the Data Subject would be violated). Requests for access, correction, amendment, or deletion should be sent to: privacy@holo-discovery.com.

5. Security

Holo takes reasonable and appropriate measures to protect Personal Data covered by this DPF Policy from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into due account the risks involved in the processing and the nature of the Personal Data. These measures take into account the nature of the personal information and the risks involved in its processing, as well as best practices in the industry for security and data protection.

6. Data Integrity and Purpose Limitation

Holo limits the collection of Personal Data covered by this DPF Policy to information that is relevant for the purposes of processing. Holo does not process such Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the Data Subject.

Holo collects data as part of investigations into legal matters and litigation. Data can be collected from computers, mobile devices, cloud storage, and other sources.

Holo takes reasonable steps to ensure that such Personal Data is reliable for its intended use, accurate, complete, and current. Holo takes reasonable and appropriate measures to comply with the requirement under the DPF to retain Personal Data in identifiable form only for as long as it serves a purpose of processing, which includes Holo's obligations to comply with professional standards, Holo's business purposes and unless a longer retention period is permitted by law, and it adheres to the DPF Principles for as long as it retains such Personal Data.

7. Enforcement and Liability

Holo's participation in the EU-U.S. DPF Framework, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF Framework is subject to investigation and enforcement by the Federal Trade Commission.

In compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), Holo commits to resolve complaints about our collection or use of your personal information transferred to the U.S. pursuant to the EU-U.S. DPF, the UK extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. EU, UK, and Swiss individuals with inquiries or complaints should first contact Holo at: privacy@holo-discovery.com.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Holo commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner's Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.

Holo has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, DATA PRIVACY FRAMEWORK SERVICES, owned and operated in the United States by BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf.

CHANGES TO THIS DPF POLICY

This DPF Policy may be amended from time to time consistent with the requirements of the DPF. Appropriate notice regarding such amendments will be given.

Effective: September 15th, 2023