Last Updated: October 22, 2021
Who Is Who
Third-Party Services. Our Services may contain links to or enable services provided by Third-Party Services. Our Services may be provided through, integrated with, access and/or utilize content, features, functionalities, and services operated by these Third-Party Services. We may share and receive information about you from these third parties in order to provide you with access to the Third-Party Services, our Services , or for support of our Services. We do not control these Third-Party Services and their policies regarding the handling of information may be different from ours. You are responsible for reviewing the privacy statements and policies of the Third-Party Service providers you choose to link to or from the Service, so that you can understand how those third parties collect, use, share and store your information.
If you disagree with the practices described in this policy, you should (a) take the necessary steps to remove cookies from your computer after leaving our Website, and (b) discontinue your use of our Services.
Information We Collect
Personal Information. We call information that identifies, or that could reasonably be used to identify, you as an individual “Personal Data”. Personal Data does not include information that has been aggregated or made anonymous such that it can no longer be reasonably associated with a specific person. The information that we collect automatically, including statistical data, may not include Personal Data, but we may maintain it or associate it with Personal Information that we have collected or received from third parties.
The Personal Information that we may collect includes:
- Identity Data including personal contact details such as name and title.
- Contact Data including postal addresses and/or physical locations, telephone numbers, Skype numbers, and email addresses.
- Technical Data including usernames, passwords and login credentials, IP addresses, URLs, geographic location, and language preferences.
- Payment Data such as your billing address, credit or debit card numbers, bank account information, or payment processor account information, or tax identification numbers.
- Transaction Data including your billing and payment history, products and services you use, purchase and or access, and other information related to your User Account.
- Marketing and Communication Data including information you provide when signing up for our mailing list or newsletters and your requests to receive information, marketing materials, promotions, feedback, blog or comment posts, or other communications regarding ArborXR and/or the Services.
- Third Party Information including information about you from third party service providers such as vendors, resellers, partners, or social media platforms, including information provided to us when you use your third party account credentials to sign up for or login to our Services, or when you post content from the Services to a social network, or use various social media features.
- Employment Data, including your date of birth, photo, resume, education credentials, passport information, job history, referrals and Identity and Contact Data as described above if you are, for example, an ArborXR employee, contractor or job candidate.
Non-Personal Information. We also collect information that is not Personal Data, and we call it Non-personal Data.
Non-personal Data that we may collect includes:
- Usage Data including but not limited to information regarding specific use of our Platform such as the dates, times, duration, status of the launcher.
- Content Usage Data including but not limited to information regarding the use of specific content, including Your Content, such as the dates, times, duration, revenue by title, and the devices or computers used to access the content.
- User Support Data including information regarding technical and administrative assistance.
- Content Data including information regarding virtual reality content accessed via the Platform, including Your Content, and its description, pricing, and associated marketing materials.
- Device and Software Data including information that cannot identify you individually and is related to your devices, computer hardware and software that may be automatically collected by us such as your internet protocol (IP) address, device type, operating system, browser type, domain name, access time, working directories, certain software installed or stored by you within the Services or on devices, computers, operating systems, and any referring website addresses.
- Cookie Data including information that cannot identify you individually and is technological data such as time spent on the Services, pages visited, and other anonymous traffic data.
- Business Data such as your business name and entity structure, jurisdiction, tax classifications, content or product offerings and materials, hours of operation, location, licensing agreements, license term, and the content titles you license.
How We Collect Information
Directly from You. The information we collect may come directly from you when you provide it to us:
- By filling in forms or creating User Accounts.
- By communicating with us through email, text, phone calls, business cards, chat features and other communications.
- By submitting a customer or tech support request
As You Use Our Services. As you use or interact with our Services, we may collect certain information that may contain Personal Data or Non-Personal Data that we may tie to Personal Information collected from other sources.
- When you interact with any of our Services. For example, we collect device and connection information such as your device type, your operating system, browser type, and IP address.
From Others. We may receive Personal Data and Non-Personal Data from third parties such as Third-Party Services (e.g., Chargebee, HelpScout, Facebook, Twitter, etc.), our channel partners, or publicly available sources or databases.
We may also use a web beacon to collect information. A web beacon is a small electronic file that may be contained on pages of our website and our emails that allow us, for example, to count users who have visited those pages or opened an email and to gather other related website statistics.
If You Fail to Provide Personal Information. Where we need to collect Personal Data under the terms of a contract we have with you or by law, and you fail to provide that information when requested, we may not be able to perform the contract we are trying to enter into with you. In that event, we may have to cancel a product or service you have with us, but we will notify you if this is the case at that time. It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.
How We Use Information
How we use the information collected depends on how you use the Services and any preferences you have set.
- Where we need to perform the contract we have entered into with you;
- Where we need to comply with a legal obligation;
- Where we have your consent;
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and/or
- And in rare cases, where we need to protect your interests or it is needed in the public interest.
Some of the legal bases or grounds for processing information will overlap and there may be several grounds to justify the processing of your Personal Data.
The purposes for which we will use your Personal Information and the lawful bases for processing that information are listed in the table below:
|Use or Purpose||Type of Personal Data Processed||Lawful Bases for Processing|
|To provide and maintain our Services||Identity, Contact, Technical, Payment, Transaction, Third-Party Services, Employment, Marketing and Communication||Performance of a contract; Your consent; Necessary for our legitimate interest|
|Monitor and analyze use and functionality of our Services||Technical, Transaction, Marketing and Communications||Performance of a contract; Necessary for our legitimate interest|
|Gain a better understanding of your usage patterns for our Services||Identity, Technical, Transaction, Cookie, Marketing and Communications||Performance of a contract; Your consent; Necessary for our legitimate interest|
|Improve your user experience with our Services||Identity, Contact, Technical, Payment, Transaction, Marketing and Communication||Consent; Necessary for our legitimate interest|
|Provide customer, technical and administrative support||Identity, Contact, Technical, Payment, Transaction, Employment, Marketing and Communication||Performance of a contract; Necessary for our legitimate interest|
|Process e-commerce transactions||Identity, Contact, Payment, Transaction, Technical, Employment||Performance of a contract; Necessary for our legitimate interest|
|To market, promote and communicate information about us and our Services||Identity, Contact, Technical, Marketing and Communication||Performance of a contract; Your consent; Necessary for our legitimate interest|
|To notify you about changes to our Services and to make recommendations to you about products or services that may be of interest to you based on your interaction with the Services and/or our other products and services||Identity, Contact, Technical, Transaction, Marketing and Communication||Performance of a contract; Necessary for our legitimate interest|
|Streamline your onboarding process and the use of our Services||Identity, Contact, Technical, Payment, Third-Party Services, Marketing and Communication||Performance of a contract; Your consent|
|For the administration of files, records, and reporting, including accounting||Identity, Contact, Technical, Payment, Transaction, Employment||Performance of a contract; Necessary for our legitimate interest; Necessary to comply with a legal obligation|
|To engage, hire and onboard consultants, contractors and employees||Identity, Contact, Technical, Payment, Employment||Performance of a contract; Necessary for our legitimate interest; Necessary to comply with a legal obligation|
|To detect and prevent fraud, to respond to potential or actual security incidents, or comply with applicable laws, regulations, and enforcement agency requests||Identity, Contact, Payment, Transaction, Technical||Necessary for our legitimate interest; Necessary to comply with a legal obligation|
|To fulfill any purpose described with your consent||Identity, Contact, Payment, Transaction, Technical, Marketing and Communication||Your consent|
How We Share Information
- Our subsidiaries and affiliates;
- Our Third-Party Service providers, contractors, consultants, vendors, suppliers, employees, and third parties we use to support our business;
- Third-Party Services that you have elected to use in connection with your use of the Services;
- Our business partners and/or Third-Party Services that we have reciprocal arrangements with in connection with our provision of the Services or content and delivery of additional features and functions within the Services or content;
- Our Customers and their Users to fulfill our contractual reporting obligations;
- A buyer of our company or a division of our company or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets;
- Lawful authorities in order to comply with the law or a legal process or cooperate with investigations;
- Appropriate authorities if we believe disclosure is necessary to protect the rights, property, or safety of you, ArborXR or others;
- We do not give away, sell, rent or lease Personal Data to any merchant, advertiser, or web publisher. Without restriction, we may disclose aggregated information about you and the use of our Services, and anonymized information that does not identify any individual. We may disclose information relating to the use, performance, sales, downloads, uploads, installations of our Services and content accessible through our Services without restriction, as long as such information does not include your Personal Data.
How We Store and Secure Information
Security. We have implemented reasonable organizational, technical, and administrative safeguards designed to protect your Personal Information within our organization. These safeguards will include an industry standard information and security program and procedures to help ensure the protection of Personal Data. We limit access to your Personal Data to those employees, contractors, consultants, or third parties who have a business need to know such information. They are contractually bound to only process your Personal Data on our instructions and they are subject to a duty of confidentiality. Unfortunately, even with these measures, no data transmission or storage system can be guaranteed to be totally secure. By using our Services, you acknowledge and agree that we make no such guarantee, and that you use our Services at your own risk. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately at [email protected].
Retention. We will retain Personal Data for the period necessary to fulfill the purpose we collect it for unless a longer retention period is required or permitted by law. To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the data, and whether we can achieve those purposes through other means, and the applicable legal requirements.
Your Personal Data Rights and Choices
Right to Opt Out of Email Marketing and Promotional Offers. We may use your Personal Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). You will receive marketing communications from us if you have requested information from us or registered a User Account with us or if you provided us with details when you signed up for our mailing list, and in each case, you have not opted out of receiving that marketing.
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time. Please note that we may still send you important administrative messages, notices or alerts that are required to provide you with our Services. ArborXR does not control the marketing communications or lists maintained by third parties not at the request of ArborXR. To opt-out of marketing communications sent by third parties not at the request of ArborXR you must use the third-party opt-out link contained within such marketing communication.
Rights of Access, Correction, Erasure and Restriction. In regard to your Personal Data, under certain circumstances, by law you have the right to:
- Request access to your Personal Data This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
- Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
- Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example, if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your Personal Data to another party.
- Withdraw consents that you have previously provided to us to process your Personal Data.
If you want to review, verify, correct or request erasure of your Personal Data, object to the processing of your Personal Data, or request that we transfer a copy of your Personal Data to another party, please contact us by email at [email protected] to submit a Data Subject Request.
We may need to verify your identity before acting upon your request and we may have to retain certain information for legitimate business or legal purposes. In addition, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems. Generally, we will respond to your request within 30 days from the date you contact us or sooner if otherwise required by applicable law.
Right to Withdraw Consent. In limited circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Information for a specific purpose, you have the right to withdraw your consent for processing at any time. To withdraw your consent, please contact us at [email protected]. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Children Under the Age of 16. Our Services are not intended for children under 16 years of age and we do not knowingly collect Personal Data from children under 16. No one under age 16 may provide any Personal Data to the Services. You shall not disclose to us any personally identifiable information from anyone under the age of 16 unless you have express parental permission to do so. If we learn we have collected or received Personal Data from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at [email protected].
How We Transfer Personal Data Across Borders
European Union Data Protection. If you are located in the European Union (“EU”) or the EEA, transfer of personal customer data outside of the EU or EEA is regulated by certain EU data protection laws. When required in order to effectuate the transfer of personal data, ArborXR has entered into a Data Processing Agreement (“DPA”) with its Customers that includes EU Model Clauses which are standardized contractual clauses used to ensure that personal data leaving the EEA will be transferred in compliance with these laws.
Data Supervisory Authority. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concern before you approach the ICO so please contact us in the first instance.
Other Important Information
Notice to California Residents/Your California Privacy Rights. If you are a resident of the State of California, we provide you with information on how to exercise your disclosure choice options such as your right to opt-out (which we may sometimes refer to as “unsubscribe”) or opt-in for use of your information by third parties for marketing purposes. Therefore, pursuant to the California Civil Code, we are not required to maintain or disclose a list of the third parties that received your information for marketing purposes during the preceding year. If you are a California resident and you wish to request information about how to exercise your third party disclosure choices, please submit your request at [email protected] or by postal mail to 3750 West Main Street, Suite AA, Norman, Oklahoma 73072, Attn: Your California Privacy Rights. All requests must be labeled “Your California Privacy Rights” on the email subject line or envelope or postcard. For all requests, please clearly state that the request is related to “Your California Privacy Rights”, include your name, street address, city, state, zip code and email address (your street address is optional if you wish to receive a response to your request via email) and indicate your preference on how our response to your request should be sent (email or postal mail). We will not accept requests via the telephone or by fax. We are not responsible for notices that are not labeled or sent properly, or do not have complete information.
Notice to Authorized Users and End Users. Many of our products are intended for use by business entities or organizations. Where the Services are made available to you through an entity, our Customer, (e.g., your employer or your service provider), that entity is the administrator of the Services and is responsible for the User Accounts and/or Service sites over which it has control. If this is the case, please direct your data privacy questions to your entity’s administrator, as your use of the Services is subject to that entity’s policies. We are not responsible for the privacy or security practices of an administrator’s organization, which may be different than this policy.
ABXR Labs, Inc.
3750 West Main Street, Suite AA
Norman, Oklahoma 73072