Privacy Policy immerGallery and immerGallery Demo
Data protection information
Protecting your data is very important to us. To ensure transparent cooperation,
we draw your attention to important processing activities and special features.
To be able to use our services, please purchase and download our app
immerGallery and immerGallery Demo from the Meta Horizon Store from Meta. Data
processing and payment procedures are carried out exclusively via Meta. We do
not collect or receive any personal data from you here. Further information on
data protection from Oculus can be found at
https://www.meta.com/legal/privacy-policy/.
Purpose and legal basis of data processing
Data processing at immerVR GmbH is carried out to provide apps and services for
immersive media in accordance with Article 6 (1) (b) of the GDPR for
pre-contractual or contractual measures. These include:
• answering enquiries
• administration
• offer preparation, contract processing and order processing
• providing the platform
• maintaining business relationships
As a company, we are subject to different legal obligations. In order to
fulfil these obligations, it may be necessary to process personal data in the
public interest pursuant to Article 6 (1c) of the GDPR or Article 6 (1e) of the
GDPR.
• control and reporting obligations
• creditworthiness, age and identity checks
• prevention of criminal acts
Controller pursuant to Article 4(7) EU General Data Protection
Regulation (GDPR)
immerVR GmbH
Im Zollstock 12
91093 Hessdorf
Germany
Daniel Pohl
support@immervr.com
If you have any questions about our data protection, please email us.
Collection of personal data in our apps: immerGallery and
immerGallery Demo
Our app is located in the Meta Horizon Store. We collect, process and store the
following data from you and use it for the purpose of improving our apps, e.g.
fixing a bug or creating a better user experience. In our apps, you can submit
an internal developer log file, e.g. in the case a failure happens inside the
app and you want to notify us about it. The legal basis is Article 6 (1) (b) of
the GDPR. The data submitted for developer log files is:
• IP address (last segment anonymized), for the purpose of knowing if the
report comes from the same user within keeping the same IP address
• submission date, time and time zone for the purpose of knowing when
incidents/bugs happened
• data in the app log file might reveal used path and file names on the system
where the app is running for the purpose of understanding as developer from
which location which files were loaded. It contains the used version number of
the app for the purpose of knowing in which app version the incident/bug
happened. It might contain which buttons and interactions happened during the
app usage, which virtual reality system is used with what kind of input
controllers for the purpose of reconstructing what lead to the incident/bug.
Furthermore, the used screen frequency is shown and the status of relevant
Android permissions to run the app for reconstructing the environment settings
for the incident/bug. HMD-specific events like HMDAcquired, HMDMounted,
VrFocusAquired, TrackingAquired, and according lost events are stored in the
log file for reconstructing the scenario of the incident/bug. Recentering
events and the result of the Meta user entitlement check are stored for
reconstructing the events. Information about the local settings used for the
app with their values of that config file are transmitted, e.g. keeping the
rotation in 360° content enabled during program restarts for the purpose of
replicating the same settings when the incident/bug happened. System memory
statistics like the total amount of reserved memory, texture memory, texture
count, frame rate, frame time, draw call, number of triangles, amount of mesh
memory, CPU and GPU levels over time and the status of the internal garbage
collection can be included in the log files for giving the developers an
overview of the system status and resources. Results of the recognition of the
voice control might be included in the log files, but no audio data for the
purpose of improving voice control with wrongly detected inputs. Statistics
about the app usage, e.g. the number of app starts or the usage time of the app
over multiple sessions might be included when sending the log file for the
purpose of giving further information for debugging issues. A list of purchased
addons and/or unlocked rewards can be included.
During run-time, the app itself is not using user-specific data by itself
(excluding of course user inputs or content provided by the user). However, the
required call to the Meta Entitlement check might internally use user data to
verify the entitlement status. We do not have access to that user-specific
data, please refer to the Meta Horizon Store, Meta's Terms and Conditions and
Meta's Privacy Policy for further information. Meta IDs and/or hashed version
of these may be used to authenticate you as valid user of our apps. Your reward
gallery status is synced externally to guarantee that after a reinstall of the
app, you still have access to this content.
Voice control in the app is executed locally. No audio is submitted to a cloud
or another server. As mentioned above, we might store the recognized voice
controls as text in the log file, which is only sent upon the user's explicit
and voluntary command to us.
In the case where we have user-specific data from you, you can request that
data by contacting us at the address (see email above or postal address) above
while providing evidence of your user identity. Furthermore, you can request
that your user-specific data is deleted through contacting us through the email
address mentioned above.
As determined by the Meta Horizon Store, Meta's Terms and Conditions and Meta
Privacy Policy, Meta might collect data from you automatically while using our
app. We do not have influence on this and cannot enable or disable this. Data
might include: user ratings of the app, time spent in the app, if user has been
using the app within the last 28 days, averaged data over multiple users regarding
age, gender, country, region and similar properties. Furthermore, crash
statistics might be automatically created by Meta and include information about
the used devices (e.g. Quest, Quest 2), regions of the user and so on. We
do not have influence on this and cannot enable or disable this.
For Meta Quest devices, we may use platform features such as User ID (grants an
app access to the user id to enable various features), User Profile (grants an
app access to the Meta username and profile photo) and Avatars (grants an app
access to Meta Avatars, a persistent identity across the Meta ecosystem. With
Meta avatars, users can bring their own visual identities into our app). These
will be used in accordance with the Oculus Developer Data Use Policy
(https://developer.oculus.com/policy/data-use/).
Our virtual reality app immerGallery is based on the Unity game engine. We do
not have influence on this or access to the data, but Unity might do the
following: Unity has collected some or all of the following information
about your device: unique device identifiers (e.g., IDFV for iOS devices and
Android ID for Android devices); IP address; country of install (mapped from IP
address); device manufacturer and model platform type (iOS, Android, Mac,
Windows, etc.) and the operating system and version running on your system or
device; language; CPU information such as model, the number of CPUs present,
frequency, and instruction set support flags; the graphics card type and vendor
name; graphics card driver name and version (e.g., “nv4disp.dll 6.10.93.71”);
which graphics API is in use (e.g., “OpenGL 2.1” or “Direct3D 9.0c”); amount of
system and video RAM present; current screen resolution; version of the Unity
Editor used to create the game; sensor flags (e.g., device support for
gyroscope, touch pressure or accelerometer); application or bundle
identification (“app ID”) of the game installed; unique advertising identifiers
provided for iOS and Android devices (e.g., IDFA or Android Ad ID); and a
checksum of all the data that gets sent to verify that it transmitted
correctly.
Our application integrates Photon Fusion and Photon Voice for multiplayer
interaction and voice communication functionalities. These services are
provided by Exit Games GmbH, located at Hongkongstr. 7, 20457 Hamburg, Germany
(hereinafter referred to as "Photon"). This section outlines the
nature, scope, and purpose of data processing within our app in relation to
Photon's services, in compliance with the General Data Protection Regulation
(GDPR).
Photon Fusion and Photon Voice, as components of our app, involve the
processing of data on servers managed and operated by Photon. The data
processing is carried out on the basis of a Data Processing Agreement (DPA)
between us and Photon, in accordance with Article 28 GDPR. Location and
Transfer of Data: Photon's server infrastructure is globally distributed to
ensure minimal latency and optimal performance. Personal data processed through
Photon services may be transferred to, and stored at, a destination outside the
European Economic Area (EEA). Photon takes all steps reasonably necessary to
ensure that your data is treated securely and in accordance with GDPR
standards.
To participate with other users in multiplayer, your chosen player name will be
shared. As you require the same galleries to view them together, the gallery
names, the number of content files and potential file paths on the local device
may be shared internally in the app for synchronization. Common album titles
will be displayed on each client. It will be shared which app version you use
and how many galleries you have on your system. An admin status can be
exchanged between users to control the multiplayer experience.
Meta
Name and address of controllers pursuant to Article 26 of the GDPR
In case of any questions or enquiries regarding data collection and usage on
the Meta platform, please contact:Meta Platforms Ireland Ltd. (referred
to as "Meta"), 4 Grand Canal Square, Grand Canal Harbour in Dublin 2
Ireland.
OpenStreetMap usage in immerGallery and immerGallery Demo
In order to provide you with a dynamic map image from your image's meta data or
settings you used in the corresponding .immerVR files, we may use the services
from the map image provider OpenStreetMap. In order to generate the dynamic
map, information like GPS data from the image content or GPS data mapped to
certain tiles in a zoomable map might be transmitted. To be able to receive
image data, the IP address of the client needs to be used. The privacy policy
(e.g., regarding GDPR) of OpenStreetMap can be found
here: https://wiki.osmfoundation.org/wiki/GDPR_Privacy_Statement and
https://wiki.osmfoundation.org/wiki/Privacy_Policy. The OpenStreetMap
Foundation is located at St John’s Innovation Centre, Cowley Road, Cambridge,
CB4 0WS, United Kingdom.
Pastebin usage in immerGallery and immerGallery Demo
Services from Pastebin may be used to allow you to access information posted
from yourself or others directly inside our app. For example, if you want to
send yourself an URL that is long to type, you can instead type it on a PC with
a keyboard, paste it to Pastebin and then recover the URL in immerGallery.
Pastebin collects data as they explain in their Privacy Statement
(https://pastebin.com/doc_privacy_statement): Much of Pastebin is
public-facing. If Your Content is public-facing, third parties may access and
use it in compliance with Pastebin's Terms of Service. Pastebin does not sell
that content; it is yours. However, Pastebin does allow third parties, such as
research organizations or archives, to compile public-facing Pastebin
information, excluding User Personal Information, per Pastebin's Terms and
Agreements (https://pastebin.com/doc_terms_of_service). Furthermore Pastebin
states that your Personal Information, associated with your content, may be
gathered by third parties in these compilations of Pastebin data. If you do not
want your Personal Information to appear in third parties’ compilations of
Pastebin data, please do not make your Personal Information publicly available.
Pastebin is located at 3000 C St Ste 301, Anchorage, Alaska, 99503, United
States.
No obligation to provide and consequences of non-provision
The provision of personal data is not legally or contractually prescribed and
you are not obliged to provide data. We will inform you in the course of the
input process if the provision of personal data is required for the relevant
service (e.g. by calling it a “mandatory field”). In the case of necessary
data, non-provision means that the service in question cannot be
provided.
Storage time of your data
We process your personal data, where necessary, for the duration of the
business relationship and as long as it is necessary for the aforementioned
purposes, as well as in accordance with the statutory retention and
documentation obligations arising in particular from the fiscal code and the
commercial code, which usually amount to 10 years. In addition, personal data
may be stored and stored for as long as the data are relevant to pending
judicial or administrative proceedings in which the controller has a party
status.
Your rights
(1) You have the following rights with regard to personal data concerning
you:
• the right to information,
• the right to rectification or erasure,
• the right to restrict processing,
• the right to object to the processing,
• the right to data portability.
(2) You also have the right to complain to a data protection supervisory
authority about the processing of your personal data by us. Please address this
complaint to the competent supervisory authority under www.lda.bayern.de If you
need help in implementing your rights, please contact us.
Objection
You have the right to object to the processing of your personal data at any
time. Please send this in writing by email or by post to the address of the
ImmerVR GmbH. We kindly point out that the exercise of their rights may, in individual
cases, be subject to certain conditions.
Ensuring data security and data protection
To ensure the protection and security of your personal data, we are
implementing a large number of technical and organisational security measures,
the effectiveness of which we regularly review.
8th July, 2024