Last Updated: August 4, 2023

ArborXR Privacy Policy

Unless defined differently, all terms in this Privacy Policy will have the meaning ascribed to them in our Terms of Service.

This Privacy Policy will explain our privacy practices, including how we collect, use, share and store your personal information and your rights and choices with regard to controlling your personal information in connection with the use of ArborXR Services, including our Website. 

In this Privacy Policy, we sometimes refer to “you,” which includes all users of the Services such as a Customer, an Authorized User, or an End Users, or someone engaged in a business relationship with ArborXR such as existing or potential employees, contractors, investors or shareholders, vendors or suppliers, business contacts, or website visitors (collectively, “Data Subjects”). 

Third-Party Services. Our Services may contain links to or enable services provided by Third-Party Services. Our Services may be provided through, integrated with, access and/or utilize content, features, functionalities, and services operated by these Third-Party Services. We may share and receive information about you from these third parties in order to provide you with access to the Third-Party Services, our Services , or for support of our Services. We do not control these Third-Party Services and their policies regarding the handling of information may be different from ours. You are responsible for reviewing the privacy statements and policies of the Third-Party Service providers you choose to link to or from the Service, so that you can understand how those third parties collect, use, share and store your information.

By accessing or using the Services you agree to this Privacy Policy.

If you disagree with the practices described in this policy, you should (a) take the necessary steps to remove cookies from your computer after leaving our Website, and (b) discontinue your use of our Services.

You must be of legal age in your jurisdiction for entering into a binding contract, and in any event, at least 16 years of age. If you are between the ages of sixteen (16) and eighteen (18) years of age, please review this Privacy Policy with your parent or guardian. Your parent or guardian should agree to the collection and use of your personal information in accordance with this Privacy Policy on your behalf.

Information We Collect

Personal Information. We call information that identifies, or that could reasonably be used to identify, you as an individual “Personal Data”. Personal Data does not include information that has been aggregated or made anonymous such that it can no longer be reasonably associated with a specific person. The information that we collect automatically, including statistical data, may not include Personal Data, but we may maintain it or associate it with Personal Information that we have collected or received from third parties.

The Personal Data that we may collect includes:

  • Identity Data including personal contact details such as name and title.
  • Contact Data including postal addresses and/or physical locations, telephone numbers, Skype numbers, and email addresses.
  • Technical Data including usernames, passwords and login credentials, IP addresses, SSID, MAC addresses, URLs, geographic location, and language preferences.
  • Payment Data such as your billing address, credit or debit card numbers, bank account information, or payment processor account information, or tax identification numbers.
  • Transaction Data including your billing and payment history, products and services you use, purchase and or access, and other information related to your User Account.
  • Marketing and Communication Data including information you provide when signing up for our mailing list or newsletters and your requests to receive information, marketing materials, promotions, feedback, blog or comment posts, or other communications regarding ArborXR and/or the Services, such as your social media handle or other online identifiers, blogs, online postings by an individual or which may mention an individual, photograph, images and recordings captured during marketing events or product discovery calls.
  • Cookie Data including information about your activities on the Services which can be used to identify you and is gathered through the use of technologies such as cookies, web beacons and other tracking technologies as further described in our Cookie Policy.
  • Third Party Information including information about you from third party service providers such as vendors, resellers, partners, or social media platforms, including information provided to us when you use your third party account credentials to sign up for or login to our Services, or when you post content from the Services to a social network, or use various social media features.
  • Employment Data, if you are an existing or potential ArborXR employee or contractor, including your date of birth, photo, resume, education credentials, passport information, job history, cover letters, employment recommendations or referrals, social security numbers, driver’s license numbers, compensation details, insurance information, marital/civil partnership status, dependent information, emergency contact information,  background check information, diversity-related information, citizenship information, residency or work permit details, banking information, information requested by our online HR platform, and Identity and Contact Data as described above.

Non-Personal Information. We also collect information that is not Personal Data, and we call it Non-personal Data. Non-personal Data that we may collect includes:

  • Usage Data including but not limited to information regarding specific use of our Platform such as the dates, times, duration, status of the launcher.
  • Content Usage Data including but not limited to information regarding the use of specific content, including Your Content, such as the dates, times, duration, revenue by title, and the devices or computers used to access the content.
  • User Support Data including information regarding technical and administrative assistance.
  • Content Data including information regarding virtual reality content accessed via the Platform, including Your Content, and its description, pricing, and associated marketing materials.
  • Device and Software Data including information that cannot identify you individually and is related to your devices, computer hardware and software that may be automatically collected by us such as your internet protocol (IP) address, device type, operating system, browser type, domain name, access time, working directories, certain software installed or stored by you within the Services or on devices, computers, operating systems, and any referring website addresses.
  • Cookie Data including information that cannot identify you individually and is technological data such as time spent on the Services, pages visited, and other anonymous traffic data.

Business Data such as your business name and entity structure, jurisdiction, tax classifications, content or product offerings and materials, hours of operation, location, licensing agreements, license term, and the content titles you license.

How We Collect Information

Directly from You. The information we collect may come directly from you when you provide it to us:

  • By filling in forms or creating User Accounts.
  • By communicating with us through email, text, phone calls, business cards, chat features and other communications.
  • By submitting a customer or tech support request
  • By posting, submitting or publishing information on public areas of our Services or transmitting information to other users of the Services or to other third parties. Information that you choose to make public is not subject to the restrictions on use or disclosure under this Privacy Policy and is transmitted to others at your own risk.

As You Use Our Services. As you use or interact with our Services, we may collect certain information that may contain Personal Data or Non-Personal Data that we may tie to Personal Information collected from other sources.

  • Through our Website. Automatic Data Collection Technologies. Tracking technologies such as browser cookies and web beacons. This information will be collected in accordance with our Cookie Policy.
  • When you interact with any of our Services. For example, we collect device and connection information such as your device type, your operating system, browser type, and IP address.

From Others. We may receive Personal Data and Non-Personal Data from third parties such as Third-Party Services, our channel partners, or publicly available sources or databases.

From Cookies and Other Technologies. Please review our Cookie Policy for more information on the cookies and other technologies which may capture and provide us with Personal Data and Non-Personal Data. 

If You Fail to Provide Personal Information. Where we need to collect Personal Data under the terms of a contract we have with you or by law, and you fail to provide that information when requested, we may not be able to perform the contract we are trying to enter into with you. In that event, we may have to cancel a product or service you have with us, but we will notify you if this is the case at that time. It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.

How We Use Information

How we use the information collected depends on how you use the Services and any preferences you have set.

We will only process your Personal Data when the law allows us to do so, in accordance with this Privacy Policy and on the following legal bases:

  • Where we need to perform the contract we have entered into with you;
  • Where we need to comply with a legal obligation;
  • Where we have your consent;
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and/or
  • And in rare cases, where we need to protect your interests or it is needed in the public interest.

Some of the legal bases or grounds for processing information will overlap and there may be several grounds to justify the processing of your Personal Data.

The purposes for which we will use your Personal Information and the lawful bases for processing that information are listed in the table below:

Use or Purpose Type of Personal Data Processed Lawful Bases for Processing
To provide and maintain our Services Identity, Contact, Technical, Payment, Transaction, Third-Party Services, Employment, Marketing and Communication Performance of a contract your consent; Necessary for our legitimate interest
Monitor and analyze use and functionality of our Services Technical, Transaction, Marketing and Communications Performance of a contract; Necessary for our legitimate interest
Gain a better understanding of your usage patterns for our Services Identity, Technical, Transaction, Cookie, Marketing and Communications Performance of a contract;Your consent; Necessary for our legitimate interest
Improve your user experience with our Services Identity, Contact, Technical, Payment, Transaction, Marketing and Communication Consent; Necessary for our legitimate interest
Provide customer, technical and administrative support Identity, Contact, Technical, Payment, Transaction, Employment, Marketing and Communication Performance of a contract; Necessary for our legitimate interest
Process e-commerce transactions Identity, Contact, Payment, Transaction, Technical, Employment Performance of a contract; Necessary for our legitimate interest
To market, promote and communicate information about us and our Services Identity, Contact, Technical, Marketing and Communication Performance of a contract; Your consent; Necessary for our legitimate interest
To notify you about changes to our Services and to make recommendations to you about products or services that may be of interest to you based on your interaction with the Services and/or our other products and services Identity, Contact, Technical, Transaction, Marketing and Communication Performance of a contract; Necessary for our legitimate interest
Streamline your onboarding process and the use of our Services Identity, Contact, Technical, Payment, Third-Party Services, Marketing and Communication Performance of a contract; Your consent
For the administration of files, records, and reporting, including accounting Identity, Contact, Technical, Payment, Transaction, Employment Performance of a contract; Necessary for our legitimate interest; Necessary to comply with a legal obligation
To engage, hire and onboard consultants, contractors and employees Identity, Contact, Technical, Payment, Employment Performance of a contract; Necessary for our legitimate interest; Necessary to comply with a legal obligation
To ensure compliance with this Privacy Policy and our other terms of use regarding our Services Identity, Contact, Technical, Payment, Third-Party Services, Transaction, Marketing and Communications Performance of a contract; Your consent; Necessary for our legitimate interest
To detect and prevent fraud, to respond to potential or actual security incidents, or comply with applicable laws, regulations, and enforcement agency requests Identity, Contact, Payment, Transaction, Technical Necessary for our legitimate interest; Necessary to comply with a legal obligation
To fulfill any purpose described with your consent Identity, Contact, Payment, Transaction, Technical, Marketing and Communication Your consent

How We Share Information

In connection with our operations, we may share Personal Data that we collect from you or you provide to us, as further described in this Privacy Policy, with the following trusted parties:

  • Our subsidiaries and affiliates;
  • Our Third-Party Service providers, contractors, consultants, vendors, suppliers, employees, and third parties we use to support our business;
  • Third-Party Services that you have elected to use in connection with your use of the Services;
  • Our business partners and/or Third-Party Services that we have reciprocal arrangements with in connection with our provision of the Services or content and delivery of additional features and functions within the Services or content;
  • Our Customers and their Users to fulfill our contractual reporting obligations;
  • A buyer of our company or a division of our company or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets;
  • Lawful authorities in order to comply with the law or a legal process or cooperate with investigations;
  • Appropriate authorities if we believe disclosure is necessary to protect the rights, property, or safety of you, ArborXR or others;
  • We do not give away, sell, rent or lease Personal Data to any merchant, advertiser, or web publisher. Without restriction, we may disclose aggregated information about you and the use of our Services, and anonymized information that does not identify any individual. We may disclose information relating to the use, performance, sales, downloads, uploads, installations of our Services and content accessible through our Services without restriction, as long as such information does not include your Personal Data.

How We Store and Secure Information

Security. We have implemented reasonable organizational, technical, and administrative safeguards designed to protect your Personal Information within our organization. These safeguards will include an industry standard information and security program and procedures to help ensure the protection of Personal Data. We limit access to your Personal Data to those employees, contractors, consultants, or third parties who have a business need to know such information. They are contractually bound to only process your Personal Data on our instructions and they are subject to a duty of confidentiality. Unfortunately, even with these measures, no data transmission or storage system can be guaranteed to be totally secure. By using our Services, you acknowledge and agree that we make no such guarantee, and that you use our Services at your own risk. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately at [email protected].

While we are dedicated to securing your Personal Data and our systems and the Services, you are responsible for securing and maintaining the privacy of your User Account information and for verifying that the Personal Data we maintain about you is accurate and current. It is your responsibility to give us current, complete, truthful and accurate information, and to keep such information up to date. We cannot and will not be responsible for any problems or liability that may arise if you do not give us accurate, truthful or complete information, or you fail to update such information. We will reject and delete any entry that we believe in good faith to be false, fraudulent or inconsistent with this Privacy Policy.

Retention. We will retain Personal Data for the period necessary to fulfill the purpose we collect it for unless a longer retention period is required or permitted by law. To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the data, and whether we can achieve those purposes through other means, and the applicable legal requirements.

Your Personal Data Rights and Choices

Right to Opt Out of Email Marketing and Promotional Offers. We may use your Personal Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). You will receive marketing communications from us if you have requested information from us or registered a User Account with us or if you provided us with details when you signed up for our mailing list, and in each case, you have not opted out of receiving that marketing.

You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time. Please note that we may still send you important administrative messages, notices or alerts that are required to provide you with our Services. ArborXR does not control the marketing communications or lists maintained by third parties not at the request of ArborXR. To opt-out of marketing communications sent by third parties not at the request of ArborXR you must use the third-party opt-out link contained within such marketing communication.

Rights of Access, Correction, Erasure and Restriction. In regard to your Personal Data, under certain circumstances, by law you may have the right to:

  • Request access to your Personal Data This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
  • Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
  • Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example, if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your Personal Data to another party.
  • Withdraw consents that you have previously provided to us to process your Personal Data.

If you want to review, verify, correct or request erasure of your Personal Data, object to the processing of your Personal Data, or request that we transfer a copy of your Personal Data to another party, please contact us by email at [email protected] to submit a Data Subject Request.

We may need to verify your identity before acting upon your request and we may have to retain certain information for legitimate business or legal purposes. In addition, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems. Generally, we will respond to your request within 30 days from the date you contact us or sooner if otherwise required by applicable law.

Right to Withdraw Consent. In limited circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Information for a specific purpose, you have the right to withdraw your consent for processing at any time. To withdraw your consent, please contact us at [email protected]Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Children Under the Age of 16. Our Services are not intended for children under 16 years of age and we do not knowingly collect Personal Data from children under 16. No one under age 16 may provide any Personal Data to the Services. You shall not disclose to us any personally identifiable information from anyone under the age of 16 unless you have express parental permission to do so. If we learn we have collected or received Personal Data from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at [email protected].

How We Transfer Personal Data Across Borders

Jurisdiction and Cross-Border Transfers. Our Services are global so please be aware that your Personal Data and communications may be processed and stored in any country where we have operations or where we engage service providers, and we may transfer information to countries outside of your state, province, or country of residence, including the United States, which may be located outside of the European Economic Area (“EEA”) and/or have data protection rules that are different from those of your country. We will take measures to ensure that your information remains protected to the standards described in this Privacy Policy.

European Union Data Protection. If you are located in the European Union (“EU”) or the EEA, transfer of personal customer data outside of the EU or EEA is regulated by certain EU data protection laws. When required in order to effectuate the transfer of personal data, ArborXR has entered into a Data Processing Agreement (“DPA”) with its Customers that includes EU Model Clauses which are standardized contractual clauses used to ensure that personal data leaving the EEA will be transferred in compliance with these laws.

Data Supervisory Authority. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concern before you approach the ICO so please contact us in the first instance.

Data Privacy Representative for the UK. Under Article 27 of the UK Data Privacy Act, we have appointed a UK Representative to act as our data protection agent. Our nominated UK Representative is:

GDPR Local Ltd.
Adam Brogden: [email protected]
Tel +44 1772 217800
1st Floor Front Suite
27-29 North Street, Brighton
England
BN1 1EB

Data Privacy Representative for the EU. Under Article 27 of the GDPR , we have appointed an EU Representative to act as our data protection agent. Our nominated EU Representative is:

Instant EU GDPR Representative Ltd.
Adam Brogden: [email protected]
Tel +35315549700
INSTANT EU GDPR REPRESENTATIVE LTD
Office 2, 12A Lower Main Street, Lucan Co. Dublin
K78 X5P8
Ireland

Other Important Information

Notice to Authorized Users and End Users. Many of our products are intended for use by business entities or organizations. Where the Services are made available to you through an entity, our Customer, (e.g., your employer or your service provider), that entity is the administrator of the Services and is responsible for the User Accounts and/or Service sites over which it has control. If this is the case, please direct your data privacy questions to your entity’s administrator, as your use of the Services is subject to that entity’s policies. We are not responsible for the privacy or security practices of an administrator’s organization, which may be different than this policy.

Changes to This Privacy Policy. We may change this Privacy Policy. The “Last Updated” legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised. The new version will become effective on the date it’s posted. Your continued use of the Services after we make changes is deemed to be acceptance of those changes, so please check the Privacy Policy periodically for updates. If the changes are significant, we may notify you by posting an alert on our website, or if you are a user, contacting you through our Services or by email listed on your User Account. You are responsible for ensuring we have an up-to-date deliverable email address for you and/or for periodically visiting the Services and this Privacy Policy to check for any changes.

Contact Information. To ask questions or comment about this Privacy Policy and our privacy practices, contact us at: [email protected] or at:

ABXR Labs, Inc.
3750 West Main Street, Suite AA
Norman, Oklahoma 73072
Attention: Legal