Privacy Policy immerGallery, immerGallery Demo and immerGallery Business (PICO XR Store version)

Data protection information

Protecting your data is very important to us. To ensure transparent cooperation, we draw your attention to important processing activities and special features.

To be able to use our services, please purchase and download our app immerGallery, immerGallery Demo and/or immerGallery Business from the PICO XR Store (PICO). Data processing and payment procedures (including purchase, download and billing) are carried out exclusively via PICO. We do not collect or receive any personal data from you in connection with the purchase/payment process in the PICO XR Store.

PICO XR Store (PICO)

• Operator: PICO Immersive Pte. Ltd., 1 Raffles Quay, #26-10, South Tower, Singapore 048583
• Privacy Policy: https://www.picoxr.com/global/legal/privacy-policy
• Terms of Service: https://www.picoxr.com/global/legal/terms-of-service

Further information on data protection from PICO can be found in PICO’s Privacy Policy.

Purpose and legal basis of data processing

Data processing at immerVR GmbH is carried out to provide apps and services for immersive media in accordance with Article 6 (1) (b) of the GDPR for pre-contractual or contractual measures. These include:

• answering enquiries
• administration
• offer preparation, contract processing and order processing
• providing the platform
• maintaining business relationships

As a company, we are subject to different legal obligations. In order to fulfil these obligations, it may be necessary to process personal data in the public interest pursuant to Article 6 (1c) of the GDPR or Article 6 (1e) of the GDPR.

• control and reporting obligations
• creditworthiness, age and identity checks
• prevention of criminal acts

Controller pursuant to Article 4(7) EU General Data Protection Regulation (GDPR)

immerVR GmbH
Im Zollstock 12
91093 Hessdorf
Germany

Daniel Pohl
support@immervr.com

If you have any questions about our data protection, please email us.

Collection of personal data in our apps: immerGallery, immerGallery Demo and immerGallery Business

Our app is located in the PICO XR Store. We collect, process and store the following data from you and use it for the purpose of improving our apps, e.g. fixing a bug or creating a better user experience.

In our apps, you can submit an internal developer log file, e.g. in the case a failure happens inside the app and you want to notify us about it. The legal basis is Article 6 (1) (b) of the GDPR.

The data submitted for developer log files is:

• IP address (last segment anonymized), for the purpose of knowing if the report comes from the same user within keeping the same IP address
• submission date, time and time zone for the purpose of knowing when incidents/bugs happened
• data in the app log file might reveal used path and file names on the system where the app is running for the purpose of understanding as developer from which location which files were loaded. It contains the used version number of the app for the purpose of knowing in which app version the incident/bug happened. It might contain which buttons and interactions happened during the app usage, which virtual reality system is used with what kind of input controllers for the purpose of reconstructing what lead to the incident/bug. Furthermore, the used screen frequency is shown and the status of relevant Android permissions to run the app for reconstructing the environment settings for the incident/bug. HMD-specific events like HMDAcquired, HMDMounted, VrFocusAquired, TrackingAquired, and according lost events are stored in the log file for reconstructing the scenario of the incident/bug. Recentering events and the result of the PICO user entitlement check are stored for reconstructing the events. Information about the local settings used for the app with their values of that config file are transmitted, e.g. keeping the rotation in 360° content enabled during program restarts for the purpose of replicating the same settings when the incident/bug happened. System memory statistics like the total amount of reserved memory, texture memory, texture count, frame rate, frame time, draw call, number of triangles, amount of mesh memory, CPU and GPU levels over time and the status of the internal garbage collection can be included in the log files for giving the developers an overview of the system status and resources. Results of the recognition of the voice control might be included in the log files, but no audio data for the purpose of improving voice control with wrongly detected inputs. Statistics about the app usage, e.g. the number of app starts or the usage time of the app over multiple sessions might be included when sending the log file for the purpose of giving further information for debugging issues. A list of purchased addons and/or unlocked rewards can be included.

During run-time, the app itself is not using user-specific data by itself (excluding of course user inputs or content provided by the user). However, the required call to the PICO entitlement check / entitlement verification may internally use PICO account data to verify the entitlement status. We do not have access to that user-specific store/platform data; please refer to the PICO XR Store, PICO’s Terms of Service and PICO’s Privacy Policy for further information.

PICO User IDs / OpenID and authentication: PICO user identifiers (e.g., a PICO User ID / OpenID) and/or hashed versions of these may be used to authenticate you as a valid user of our apps. Note: depending on the PICO platform service used, a user may have different OpenIDs in different apps.
Your reward gallery status is synced externally to guarantee that after a reinstall of the app, you still have access to this content.

Voice control in the app is executed locally. No audio is submitted to a cloud or another server. As mentioned above, we might store the recognized voice controls as text in the log file, which is only sent upon the user's explicit and voluntary command to us.

In the case where we have user-specific data from you, you can request that data by contacting us at the address (see email above or postal address) above while providing evidence of your user identity. Furthermore, you can request that your user-specific data is deleted through contacting us through the email address mentioned above.

As determined by the PICO XR Store, PICO’s Terms of Service and PICO’s Privacy Policy, PICO may collect data from you automatically while you use our app and/or the PICO platform services. We do not have influence on this and cannot enable or disable this. Please refer to PICO’s policies for details on what PICO collects and how PICO processes it.

PICO platform features (PICO devices)

For PICO devices, we may use platform features / services such as:

• User ID / Account identity (OpenID) (to enable various platform-related features)
• User Profile / user info (e.g., nickname/display name and profile picture URL, where available and where permissions are granted)
• PICO Avatars (allowing users to use OS/avatar system features in apps that integrate PICO’s avatar capabilities)

These features will be used in accordance with applicable PICO policies/terms for developers and PICO’s privacy documentation.

Unity game engine

Our virtual reality app immerGallery is based on the Unity game engine. We do not have influence on this or access to the data, but Unity might do the following:

Unity has collected some or all of the following information about your device: unique device identifiers (e.g., IDFV for iOS devices and Android ID for Android devices); IP address; country of install (mapped from IP address); device manufacturer and model platform type (iOS, Android, Mac, Windows, etc.) and the operating system and version running on your system or device; language; CPU information such as model, the number of CPUs present, frequency, and instruction set support flags; the graphics card type and vendor name; graphics card driver name and version (e.g., “nv4disp.dll 6.10.93.71”); which graphics API is in use (e.g., “OpenGL 2.1” or “Direct3D 9.0c”); amount of system and video RAM present; current screen resolution; version of the Unity Editor used to create the game; sensor flags (e.g., device support for gyroscope, touch pressure or accelerometer); application or bundle identification (“app ID”) of the game installed; unique advertising identifiers provided for iOS and Android devices (e.g., IDFA or Android Ad ID); and a checksum of all the data that gets sent to verify that it transmitted correctly.

Photon Fusion and Photon Voice (multiplayer and voice)

Our application integrates Photon Fusion and Photon Voice for multiplayer interaction and voice communication functionalities. These services are provided by Exit Games GmbH, located at Hongkongstr. 7, 20457 Hamburg, Germany (hereinafter referred to as "Photon").

This section outlines the nature, scope, and purpose of data processing within our app in relation to Photon's services, in compliance with the General Data Protection Regulation (GDPR).

Photon Fusion and Photon Voice, as components of our app, involve the processing of data on servers managed and operated by Photon. The data processing is carried out on the basis of a Data Processing Agreement (DPA) between us and Photon, in accordance with Article 28 GDPR.

Location and Transfer of Data: Photon's server infrastructure is globally distributed to ensure minimal latency and optimal performance. Personal data processed through Photon services may be transferred to, and stored at, a destination outside the European Economic Area (EEA). Photon takes all steps reasonably necessary to ensure that your data is treated securely and in accordance with GDPR standards.

To participate with other users in multiplayer, your chosen player name will be shared. As you require the same galleries to view them together, the gallery names, the number of content files and potential file paths on the local device may be shared internally in the app for synchronization. Common album titles will be displayed on each client. It will be shared which app version you use and how many galleries you have on your system. An admin status can be exchanged between users to control the multiplayer experience.

PICO (store/platform operator contact)

In case of any questions or enquiries regarding data collection and usage on the PICO platform (including the PICO XR Store and PICO platform services), please contact:

PICO Immersive Pte. Ltd.
1 Raffles Quay, #26-10, South Tower, Singapore 048583
(Privacy contact referenced by PICO: privacy@picoxr.com)

OpenStreetMap usage in immerGallery, immerGallery Demo and immerGallery Business

In order to provide you with a dynamic map image from your image's meta data or settings you used in the corresponding .immerVR files, we may use the services from the map image provider OpenStreetMap. In order to generate the dynamic map, information like GPS data from the image content or GPS data mapped to certain tiles in a zoomable map might be transmitted. To be able to receive image data, the IP address of the client needs to be used.

The privacy policy (e.g., regarding GDPR) of OpenStreetMap can be found here:

• https://wiki.osmfoundation.org/wiki/GDPR_Privacy_Statement
• https://wiki.osmfoundation.org/wiki/Privacy_Policy

The OpenStreetMap Foundation is located at St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom.

Pastebin usage in immerGallery, immerGallery Demo and immerGallery Business

Services from Pastebin may be used to allow you to access information posted from yourself or others directly inside our app. For example, if you want to send yourself an URL that is long to type, you can instead type it on a PC with a keyboard, paste it to Pastebin and then recover the URL in immerGallery.

Pastebin collects data as they explain in their Privacy Statement (https://pastebin.com/doc_privacy_statement). Much of Pastebin is public-facing. If Your Content is public-facing, third parties may access and use it in compliance with Pastebin's Terms of Service (https://pastebin.com/doc_terms_of_service). Furthermore Pastebin states that your Personal Information, associated with your content, may be gathered by third parties in these compilations of Pastebin data. If you do not want your Personal Information to appear in third parties’ compilations of Pastebin data, please do not make your Personal Information publicly available.

Pastebin is located at 3000 C St Ste 301, Anchorage, Alaska, 99503, United States.

No obligation to provide and consequences of non-provision

The provision of personal data is not legally or contractually prescribed and you are not obliged to provide data. We will inform you in the course of the input process if the provision of personal data is required for the relevant service (e.g. by calling it a “mandatory field”). In the case of necessary data, non-provision means that the service in question cannot be provided.

Storage time of your data

We process your personal data, where necessary, for the duration of the business relationship and as long as it is necessary for the aforementioned purposes, as well as in accordance with the statutory retention and documentation obligations arising in particular from the fiscal code and the commercial code, which usually amount to 10 years. In addition, personal data may be stored and stored for as long as the data are relevant to pending judicial or administrative proceedings in which the controller has a party status.

Your rights

(1) You have the following rights with regard to personal data concerning you:

• the right to information,
• the right to rectification or erasure,
• the right to restrict processing,
• the right to object to the processing,
• the right to data portability.

(2) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us. Please address this complaint to the competent supervisory authority under www.lda.bayern.de If you need help in implementing your rights, please contact us.

Objection

You have the right to object to the processing of your personal data at any time. Please send this in writing by email or by post to the address of the ImmerVR GmbH. We kindly point out that the exercise of their rights may, in individual cases, be subject to certain conditions.

Ensuring data security and data protection

To ensure the protection and security of your personal data, we are implementing a large number of technical and organisational security measures, the effectiveness of which we regularly review.

18th December, 2025