XMReality AB (publ) is considered Data Controller of your personal data. XMReality AB is a Swedish company, listed on Nasdaq First North Growth Market, with registration number 556722-7284. The registered address is at Gränden Duvan 3, 582 22 Linköping, Sweden. firstname.lastname@example.org
On XMRealtiy websites we offer you to subscribe to our newsletters, be notified about events, receive occasional news, insights and best practices, receive commercial offerings as well as fill in a contact request as well as register to access educational content. The type of personal data that XMReality processes about you may be:
We may also collect information about you from other sources, including publicly available databases or third parties from whom we have purchased data or to whom you have provided your data, and combine this data with information we already have about you. This helps us to update, expand and analyze our records, identify new prospects for marketing, and provide information about our products and services that may be of interest to you.
Your personal data may be saved and processed by XMReality for the following purposes:
In accordance with XMReality’ assessment, the processing is necessary for the purposes of XMReality’ legitimate interest in answering a contact request, and administering newsletters, information and invitations to you in accordance with your wishes to be contacted or to receive requested information, respectively.
In addition, XMReality’s processing of your personal data for marketing purposes, for market research, for market and customer analysis, business and product development and statistics, is based on a legitimate interest. According to XMReality’ assessment, the processing is necessary for XMReality’ legitimate interest to market its products and services, and to analyze and develop its business and operations.
In general, XMReality will only retain your personal data for as long as necessary for the stated purpose, while also taking into account our need to answer queries or resolve problems and to comply with legal requirements under applicable law. This means that we may retain your personal data for a reasonable period after your last interaction with us (normally for a period of three calendar years from your last interaction with us). When the personal data that we collect is no longer required in this way, we destroy or delete it in a secure manner.
Personal data provided in connection with newsletter subscriptions, event registrations or information requests are stored by XMReality until you unsubscribe from the applicable service. However, if you unsubscribe, XMReality will continue to process your personal data to the extent necessary to ensure by technical means that no further posting of newsletters, event invitations, educational information and similar are sent to you. If XMReality does not save your personal data in this respect, XMReality will not be able to ensure that no further newsletters, invitations or information will be sent to you. The continued processing of your personal data is, according to XMReality’ assessment, necessary for the purposes of XMReality’ legitimate interest in preventing sending of newsletters, information and invitations to you in accordance with your expressed desire.
To exercise the aforementioned rights in relation to us, or if you have any questions about our sharing practices, your rights under Applicable Data Protection Laws, or wish to have your Personal Data removed, please contact us at the following address: XMReality AB, Gränden Duvan 3, 582 22 Linköping, Sweden. In order to ensure that you receive a swift response, please state in your letter your full name and, if applicable, your address and user name. Please note that you should sign the request in order to receive information of the processing of your Personal Data, and that you may be asked to verify your identity before any Personal Data is disclosed or information given. You can also contact XMReality at email@example.com for more information about these rights.
XMReality may also share your personal data with consultants. When sharing your personal data with third parties we take appropriate technical, organizational and legal measures in accordance with applicable data protection legislation. When required by applicable law, XMReality has established Data Processing Addendums with any third party with which your personal data is shared.
XMReality takes security seriously. We take various steps to protect information you provide to us from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the information we collect, process and store, and the current state of technology.
This policy was last updated on 7 Maj 2018. We may change this policy from time to time and if we do we will post any changes on this page. If you continue to interact with us after those changes are in effect, you are agreeing to the revised policy.
Welcome to XMReality Remote GuidanceTM (the “Service”), which is provided by XMReality AB (publ), company registration number 556722-7284 having its registered address at Gränden Duvan 3, 582 22 Linköping, Sweden (“we” or “us”), offered to companies (with each such legal person having entered into an agreement with us regarding use of said solution being a “Customer”).
You may use the Service acting as an authorized employee or consultant of a Customer and you acknowledge that the Service is not provided to you as a consumer. Reference is also made to our End User License Agreement (the “EULA”). Personal data provided in association with the licensed use of XMReality Remote Guidance will be treated as per the EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016. This on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the Directive 2002/58/EC of the European Parliament and of the Council concerning the processing of Personal Data and the protection of privacy in the electronic communications sector (ePrivacy Directive) and the subsequent directives and regulations and the national implementations thereof and related national legislation, applicable to the processing of personal data under this Agreement (collectively “Applicable Data Protection Laws”). It is the entity deciding the purposes and the means of processing that is the personal data controller for the processing. When you use the Service, the Customer having authorized your use is the personal data controller for the processing of your Personal Data (as defined below), and we are the personal data processor of the Customer, processing such data on behalf of and according to the instructions of said Customer. Nevertheless, we collect and process certain and limited information, to the extent necessary for the functioning of the Service and your use thereof, and we are the data controller in relation to this processing of Personal Data. Your privacy is important to us. This document contains a policy statement regarding the collection, use and processing of Personal Data within the Service and your rights in relation to your Personal Data, as well as information about with whom we share such information with. With “Personal Data” we mean information which is directly or indirectly referable to a natural living person, e.g. name and address but also possibly, device ID, location data or IP addresses. We collect the information set out below, which include your Personal Data.
The following Personal Data is collected and processed when you use the Service:
PURPOSES OF PROCESSING
The Customer that has authorized your use of the Service processes the Personal Data for the purpose of carrying out activities involving the use of XMReality Remote GuidanceTM. Use of the Personal Data collected for other purposes, if applicable, are to be communicated to you by each such Customer in their capacity of personal data controllers.
We will process the information set out above for the following purposes:
The processing of Personal Data is based on our legitimate interests, which serves as the legal ground for the processing.
Our legitimate interests are (i) to provide our services to the Customer; and (ii) to continually offer, improve and develop the Service. We are not able to fulfill our legitimate interests without processing some Personal Data.
In the balancing of interests between our legitimate interests, and your interests and rights and freedoms, it is considered that in your position as an employee of the Customer it is expected of you to use the tools and services that you are directed to use by your employer. Therefore, since you have not objected to such processing of Personal Data, we assume that you are not opposing to our processing of Personal Data when providing the Service. Furthermore, we respect the value and integrity of Personal Data – therefore, we have implemented technical and organizational security measures to ensure the integrity and
grounds than what we have set out here.
DISCLOSURE OF PERSONAL DATA
We may share and disclose your Personal Data to our sub-contractors within the EU/EEA.
Your e-mail address may be disclosed to other users of the Servicesthat you choose to connect within the Service.
RETENTION OF PERSONAL DATA
The Personal Data is processed for the period during which the Service is provided to you. Upon termination of a user account, the Personal Data relating to such an account will be deleted within 3 months after the termination of the applicable customer agreement or within reasonable time after the 3 months period.
RESPONDING TO LEGAL REQUESTS AND PREVENTING HARM
We can access, preserve and share your information in response to a legal request (like a search warrant, court order or a subpoena or the like), or when necessary to detect, prevent and address fraud and other illegal activity, to protect ourselves, you and other users, including as part of investigations, if we have a good faith belief that the applicable law require us to do so.
This includes responding to legal requests from jurisdictions outside of the EU/EEA when we have a good faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognized standards.
Information that we receive about you when you use our Service, can be accessed, preserved and retained for an extended period of time when it is the subject of a legal request or obligation, government investigation, or investigations concerning possible violations of our EULA or policies, or otherwise to prevent harm.
SOME OTHER THINGS YOU NEED TO KNOW
Change of Control
Notice of changes
Your Privacy Rights under Applicable Data Protection Laws
Applicable Data Protection Laws permits residents of the Member States to request details about what Personal Data is stored with us, the source of the data and the identity of parties to whom the data has been provided free of charge, as well as other information, without indicating any reasons.
To exercise the aforementioned rights in relation to us, or if you have any questions about our sharing practices, your rights under Applicable Data Protection Laws, or wish to have your Personal Data removed, please contact us at the following address: Gränden Duvan 3, 582 22 Linköping, Sweden. In order to ensure that you receive a swift response, please state in your letter your full name and, if applicable, your address and user name. Please note that you should sign the request in order to receive information of the processing of your Personal Data, and that you may be asked to verify your identity before any Personal Data is disclosed or information given.