Privacy Statement for holoride Creator Space

This Privacy Statement for EU Residents applies solely to all visitors, users, and others who reside in the European Union (“you”). We adopt this privacy statement to comply with the European General Data Protection Regulation (GDPR) and any terms defined in the GDPR have the same meaning when used in this privacy statement.

Nevertheless, even if you are a non-EU Resident we process and protect your personal data to the same extent as that of EU Residents.

This privacy statement serves to explain the type, scope and purpose of the processing of personal data (hereinafter referred to as 'data') within the framework of our holoride Creator Space,developer.holoride.com (hereinafter referred to as 'online service').

We are responsible in the sense of Art. 4 General Data Protection Regulation (GDPR). The terms used in this data protection declaration correspond to Art. 4 GDPR.

Name and address of the controller

holoride GmbH

Schellingstraße 45

80799 München

email: info@holoride.com

(hereinafter also referred to as "we" or "us")

Types of data processed

  • Inventory data (e.g. person master data, names, addresses, company data).
  • Contact data (e.g. e-mail, telephone numbers).
  • Content data (e.g. text input, photographs, videos).
  • Usage data (e.g. websites visited, interest in content, access times).
  • Meta/communication data (e.g. device information, IP addresses).

Categories of data subjects

Visitors and users of the online service (hereinafter referred to collectively as "users").

Purpose of processing

  • Provision of the online service, its functions and contents.
  • Answer contact requests and communicate with users.
  • Security measures.
  • Reach measurement/Marketing

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content that you send to us, our website uses SSL or TLS encryption. This means that data that you transmit via this website cannot be read by third parties. You can recognize an encrypted connection by the "https://" address line of your browser and by the lock symbol in the browser line.

Transmission within the group

Insofar as we pass on, transfer or otherwise make available data to other companies in our group of companies, this is done in particular for administrative purposes as a legitimate interest (Art. 6 Para. 1 S. 1 lit. f GDPR).

Transfer to third countries

If we process data in a third country or if this happens in the context of the use of services of third parties or the passing on or transfer of data to other persons or companies, this only occurs if this happens to fulfil our (pre)contractual obligations, due to your consent, a legal obligation or due to our legitimate interests. Subject to legal or contractual approvals, we process or leave the data in a third country only if the legal requirements are met (cf. Art. 45 GDPR). This means that processing takes place, for example, on the basis of special guarantees, such as the recognised determination of a data protection level corresponding to that of the EU or compliance with officially recognised special contractual obligations (so called Standard Contractual Clauses) and in appliance, to the extent necessary, of additional protective measures, e.g. pseudonymization, encryption or other technical means.

Cookies

Cookies are small files that are stored on the user's computer. Various data can be stored in the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after the user's visit to an online service. Temporary cookies or "session cookies" or "transient cookies" are cookies that are deleted after a user has left an online service and closed his browser. In such a cookie, for example, the content of a shopping cart in an online shop or a login status can be stored. Cookies are referred to as "permanent" or "persistent" if they remain stored even after the browser is closed. For example, the login status can be saved if users visit it after several days. In such a cookie, the interests of the user can also be stored, which are used for range measurement or marketing purposes. "Third party cookies" are cookies offered by providers other than the responsible person who operates the online service (otherwise, only their cookies are referred to as "first party cookies").

We may use temporary and permanent cookies that are necessary for the functioning of the holoride Creator Space. We do not use any marketing or tracking cookies that would require your consent.

Our legitimate interest in processing this data lies in improving the functionality of our website (Art. 6 Para. 1 S. 1 lit. f GDPR).

In addition, cookies can be stored by switching them off in the browser settings. Please note that in this case not all functions of this online service can be used.

Deletion of data

The data processed by us will be deleted in accordance with the statutory provisions or their processing restricted. Unless expressly stated in this privacy statement, the data stored by us will be deleted as soon as they are no longer required for the intended purpose and there are no legal storage obligations.

If the data are not deleted because they are required for other and legally permissible purposes, their processing is restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be stored for economic or tax reasons.

Collection of access data and log files (server log files)

We and/or our hosting providers collect on the basis of our legitimate interests in the sense of Art. 6 Para. 1 S. 1 lit. f. GDPR, i.e. the improvement, stability, functionality and security of our Internet presence, via each access to the server on which this service is located (so-called server log files). The access data includes the

  • Name of the called website, file,
  • Amount of data transferred,
  • Message about successful access,
  • Browser type and version,
  • Operating system of the user,
  • Referrer URL (the previously visited page),
  • IP address and the requesting provider.

Logfile information is stored as long as required for security reasons (e.g. to clarify abuse or fraud actions) and then deleted. Data, the further storage of which is necessary for evidence purposes, will not be deleted until the respective incident has been finally clarified. The data shall not be merged with other data sources.

Newsletter

With the following information we inform you about the content of our newsletter (once integrated in our online service) as well as about the registration, dispatch and statistical evaluation procedures and your rights of objection. By subscribing to our newsletter, you agree to the receipt and procedures described.

Content of the newsletter

We send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter referred to as "newsletters") only with the consent of the recipient or legal permission. Insofar as the contents of the newsletter are expressly described during registration, they are decisive for the user's consent. In addition, our newsletters contain information about our services and ourselves.

Double-Opt-In and Log-In

The registration to our newsletter takes place in a so-called Double-Opt-In procedure. To do this, you must first enter your e-mail address on our online service. After registration you will receive an e-mail asking you to confirm your registration (verification). This confirmation is necessary so that nobody can register with external e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation times as well as the IP address. Likewise the changes of your data stored with the dispatch service provider are logged.

Registration data

To subscribe to the newsletter, simply enter your e-mail address. Optionally, we ask you to enter a name in the newsletter in order to address you personally. However, this information is voluntary.

The data provided in the newsletter will be processed exclusively on the basis of your consent (Art. 6 para. 1 s. 1 lit. a GDPR). The same applies to the dispatch of the newsletter and the associated performance measurement.

Revocation and objection

You can unsubscribe from our newsletter at any time, i.e. revoke your consent. At the end of each newsletter you will find a link to unsubscribe. You can also withdraw your consent by sending us an informal e-mail. Due to our legitimate interests, we may store unsubscribed e-mail addresses for up to three years before deleting them in order to prove prior consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the earlier existence of consent is confirmed at the same time.

You may object to the receipt of direct mail and data processing for this purpose at any time without stating reasons (Art. 21 para. 2 GDPR).

Hosting and 3rd party tools

SendGrid

We use the e-mail service "SendGrid" by the US provider Twilio . Twilio's privacy statement can be viewed here https://www.twilio.com/legal/privacy#twilio-privacy-statement.

Twilio processes the data transmitted by you, your name and e-mail address, to send you e-mails on our behalf, especially confirmation e-mails when you are using our services. The legal basis for the processing of your personal data is our legitimate interest (Art. 6 Para. 1 s. 1 lit. f) GDPR). Basis for the passing on of the data to Twilio is the data processing agreement according to art. 28 Para. 3 GDPR that we concluded with Twilio. The legal basis for the transfer of your personal data to Twilio (USA) are Standard Contractual Clauses adopted by the European Commission according to Art. 46 Para. 2 lit. c) GDPR that we concluded with Twilio.

AWS

We use hosting services of Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxemburg (“AWS”) to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use to operate this online service. According to AWS all AWS services comply with GDPR. Your data is stored on servers of AWS in Frankfurt (Germany). According to AWS’s information, AWS will not move your personal data outside of this region, unless to comply with the law or the binding order of a governmental body.

We or AWS process inventory data, contact data, content data, contract data, usage data, metadata and communication data of customers, interested parties and visitors to this online service on the basis of our legitimate interest in the efficient and secure provision of this online service pursuant to Art. 6 Para. 1 s. 1 lit. f GDPR in conjunction with Art. 28 Para. 3 GDPR (order data processing). If your personal data is transferred outside the European Economic Area (EEA), the legal basis of this transfer are Standard Contractual Clauses adopted by the European Commission according to Art. 46 Para. 2 lit. c) GDPR.

For more information on the collection and use of your personal data by AWS and your rights in this regard, please refer to the following links: https://d1.awsstatic.com/whitepapers/compliance/Using_AWS_in_the_context_of_Common_Privacy_and_Data_Protection_Considerations.pdf

JFrog

We use the Artifactory services of JFrog Ltd. 3, HaMahshev Street PO Box 8187 Netanya, 4250465 Israel (“JFrog”), an online software-as-a-services platform to host the holoride Elastic SDK and the holoride Experience Tools and sample files. In order for you to download the holoride Elastic SDK and the holoride Experience Tools and sample files in the development environment of the unity engine (www.unity.com) we need to send JFrog your credentials.

Here we or JFrog process your personal data on the basis of our legitimate interest in the efficient and secure provision of this online service pursuant to Art. 6 Para. 1 s. 1 lit. f GDPR in conjunction with Art. 28 Para. 3 GDPR (order data processing).

JFrog stores information primarily in the USA and the EU. The legal basis for the transfer of your personal data to JFrog are Standard Contractual Clauses adopted by the European Commission according to Art. 46 Para. 2 lit. c) GDPR that we concluded with JFrog.

For more information on the collection and use of your personal data by JFrog and your rights in this regard, please refer to JFrog’s privacy policy at https://jfrog.com/privacy-policy/.

Vimeo

We embed videos in our online services via vimeo.com. This is a service of Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA (“Vimeo”). For this purpose, a connection is established to the servers of Vimeo in the USA. This transmits certain information (e.g. your I P address) to Vimeo. Through the integration, Vimeo can also receive the information that your browser has accessed the corresponding page of this website, even if you do not have a user account with Vimeo or are not logged in to Vimeo.

The legal basis for the processing of your personal data is Art. 6 Para. 1 s. 1 lit. f) GDPR, as we have a legitimate interest in using third-party content and services for the economic operation and optimization of our website. The legal basis regarding the use of cookies is Art. 6 Para. 1 s. 1 lit. a) GDPR, as the data processing in this regard is based on your consent.

The legal basis for the transfer of your personal data to Vimeo (USA) are Standard Contractual Clauses adopted by the European Commission according to Art. 46 Para. 2 lit. c) GDPR that we concluded with Vimeo.

For more information on the collection and use of your personal data by Vimeo and your rights in this regard, please refer to Vimeo’s privacy policy at https://vimeo.com/privacy.

Rights of data subjects

Right of access

You have the right to request from us free confirmation of the processing of the data in question and to be informed of such data and to receive further information and a copy of the data in accordance with the provisions of the law. The subject of the information is the stored personal data themselves, the origin of the data, their recipients and the purpose of the data processing (cf. Art. 15 GDPR).

Right of rectification

You have the right, in accordance with the law, to ask us, the data controller, to complete the data concerning you or to rectify the false data concerning you (cf. art. 16 DSGVO).

Right to cancellation or blocking

In accordance with the statutory provisions, you have the right to demand from us as the responsible party the immediate deletion of the data concerned or, alternatively, to demand that the processing of the data be restricted in accordance with the statutory provisions (cf. Art. 17, 18 DSGVO).

Right to data transfer

You have the right to demand from us that we hand over to you or pass on to third parties the data concerning you which you have made available to us in accordance with the statutory provisions (cf. Art. 20 GDPR). Direct transfer to another responsible party is subject to technical feasibility.

Right to lodge a complaint with the competent supervisory authority

You also have the right to file a complaint with the competent supervisory authority in accordance with the statutory provisions (cf. Art. 77 GDPR).

Right of withdrawal

You have the right to revoke your consent with effect for the future (cf. Art. 7 GDPR). Some data processing operations are only permitted with your express consent. You can object to the future processing of the data concerning you at any time within the framework of the statutory provisions. An informal e-mail notification send to us is sufficient for this purpose. The revocation only applies to the future, and therefore does not affect the legality based on the prior consent of data processing already carried out.

Right to object

Pursuant to Art. 21 Para. 1 GDPR, you are generally entitled to object at any time for reasons arising from your particular situation. The objection must be addressed to us.

The objection may also be raised pursuant to Art. 21 Para. 2 GDPR, in particular against processing for the purpose of direct marketing. After your objection, the data will no longer be processed for the purpose of direct marketing.

Changes and Updates to the Privacy Statement

We ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

20 July 2021