Privacy Policy

Intro
Please note that all mentions to "Facebook" apply the same to Facebook's new company name "Meta". Oculus belongs to Meta as well.

Data protection information 
Protecting your data is very important to us. To ensure transparent cooperation, we draw your attention to important processing activities and special features. To be able to use our services, please purchase and download our apps, once available, from the Oculus Store and/or App Lab from Meta. Data processing and payment procedures are carried out exclusively via Oculus/Facebook. We do not collect or receive any personal data from you here. Further information on data protection from Oculus can be found at https://www.oculus.com/legal/privacy-policy and https://www.meta.com/legal/privacy-policy/.       

Purpose and legal basis of data processing 
Data processing at immerVR GmbH is carried out to provide apps and services for immersive media in accordance with Article 6 (1) (b) of the GDPR for pre-contractual or contractual measures. These include: 
• answering enquiries 
• administration
• offer preparation, contract processing and order processing 
• providing the platform 
• maintaining business relationships      

  As a company, we are subject to different legal obligations. In order to fulfil these obligations, it may be necessary to process personal data in the public interest pursuant to Article 6 (1c) of the GDPR or Article 6 (1e) of the GDPR. 
• control and reporting obligations 
• creditworthiness, age and identity checks 
• prevention of criminal acts   

  Controller pursuant to Article 4(7) EU General Data Protection Regulation (GDPR)
immerVR GmbH 
Im Zollstock 12
91093 Hessdorf
Germany
Daniel Pohl
su  ort@immervr.com (first word is "support")
If you have any questions about our data protection, please email us.   

  Scope 
These data protection information shall apply to the following offers and relevant subpages: 
https://www.immerVR.com
https://www.imrVR.com
https://www.linkedin.com/company/immerVR
https://twitter.com/immerVR 
https://www.youtube.com/immerVR
https://www.facebook.com/immerVR
https://instagram.com/immervr
https://www.tiktok.com/@immervr    

- whenever reference is made to this data protection information from one of our services, regardless of how you access or use it.    

Collection of personal data in our apps: immerGallery, immerGallery Demo and future apps
We are working with Meta's Oculus Store and Meta's App Lab. We collect, process and store the following data from you and use it for the purpose of improving our apps, e.g. fixing a bug or creating a better user experience. In our apps, you can submit an internal developer log file with a current screenshot of the usage of our app to us, e.g. in the case a failure happens inside the app and you want to notify us about it. The legal basis is Article 6 (1) (b) of the GDPR.  
• IP address, for the purpose of knowing if the report comes from the same user within keeping the same IP address    
• submission date, time and time zone for the purpose of knowing when incidents/bugs happened
• data in the app log file might reveal used path and file names on the system where the app is running for the purpose of understanding as developer from which location which files were loaded. It contains the used version number of the app for the purpose of knowing in which app version the incident/bug happened. It might contain which buttons and interactions happened during the app usage, which virtual reality system is used with what kind of input controllers for the purpose of reconstructing what lead to the incident/bug. Furthermore, the used screen frequency is shown and the status of relevant Android permissions to run the app for reconstructing the environment settings for the incident/bug. HMD-specific events like HMDAcquired, HMDMounted, VrFocusAquired, TrackingAquired, and according lost events are stored in the log file for reconstructing the scenario of the incident/bug. Recentering events and the result of the Oculus user entitlement check are stored for reconstructing the events. If a local config file is used for the app, the values of that config file are transmitted, e.g. keeping the option "FloorFor2D" enabled during program restarts for the purpose of replicating the same settings when the incident/bug happened. System memory statistics like the total amount of reserved memory, texture memory, texture count, frame rate, frame time, draw call, number of triangles, amount of mesh memory, CPU and GPU levels over time and the status of the internal garbage collection can be included in the log files for giving the developers an overview of the system status and resources. Results of the recognition of the voice control might be included in the log files, but no audio data for the purpose of improving voice control with wrongly detected inputs. Statistics about the app usage, e.g. the number of app starts or the usage time of the app over multiple sessions might be included when sending the log file for the purpose of giving further information for debugging issues.
• the screenshot shows what the user is currently seeing, e.g. a photo, for the purpose of having a visual representation of what the user saw during the bug/incident


During run-time, the app itself is not using user-specific data by itself (excluding of course user inputs or content provided by the user). However, the requried call to the Oculus Entitlement check might internally use user data to verify the entitlement status. We do not have access to that user-specific data, please refer to the Oculus Store, Oculus Terms and Conditions and Oculus Privacy Policy for further information. Oculus/Meta IDs and/or hashed version of these may be used to authenticate you as valid user of our apps. Your reward gallery status may be synced externally to guarantee that after a reinstall of the app, you still have access to this content.

Voice control in the apps are executed locally. No audio is submitted to a cloud or another server. As mentioned above, we might store the recognized voice controls as text in the log file, which is only sent upon the user's explicit and voluntary command to us.

In the case where we have user-specific data from you, you can request that data by contacting us at the address (see email above or postal address) above while providing evidence of your user identity. Furthermore, you can request that your user-specific data is deleted through contacting us through the email address mentioned above.

As determined by the Oculus Store, Oculus Terms and Conditions and Oculus Privacy Policy, Oculus/Facebook/Meta might collect data from you automatically while using our app. We do not have influence on this and cannot enable or disable this. Data might include: user ratings of the app, time spent in the app, if user has been using the app within the last 28 days, averaged data over multipe users regarding age, gender, country, region and similiar properties. Furthermore, crash statistics might be automatically created by Oculus/Facebook/Meta and include information about the used devices (e.g. Quest, Quest 2), regions of the user and so on. We do not have influence on this and cannot enable or disable this. 

For Meta Quest devices, we may use platform features such as User ID (grants an app access to the user id to enable various features), User Profile (grants an app access to the Oculus username and profile photo) and Avatars (grants an app access to Oculus Avatars, a persistent identity across the Oculus ecosystem. With Oculus avatars, users can bring their own visual identities into our app). These will be used in accordance with the Oculus Developer Data Use Policy (https://developer.oculus.com/policy/data-use/).

Our virtual reality apps are based on the Unity game engine. We do not have influence on this or access to the data, but Unity might do the following: Unity has collected some or all of the following information about your device: unique device identifiers (e.g., IDFV for iOS devices and Android ID for Android devices); IP address; country of install (mapped from IP address); device manufacturer and model platform type (iOS, Android, Mac, Windows, etc.) and the operating system and version running on your system or device; language; CPU information such as model, the number of CPUs present, frequency, and instruction set support flags; the graphics card type and vendor name; graphics card driver name and version (e.g., “nv4disp.dll 6.10.93.71”); which graphics API is in use (e.g., “OpenGL 2.1” or “Direct3D 9.0c”); amount of system and video RAM present; current screen resolution; version of the Unity Editor used to create the game; sensor flags (e.g., device support for gyroscope, touch pressure or accelerometer); application or bundle identification (“app ID”) of the game installed; unique advertising identifiers provided for iOS and Android devices (e.g., IDFA or Android Ad ID); and a checksum of all the data that gets sent to verify that it transmitted correctly.

Our application integrates Photon Fusion and Photon Voice for multiplayer interaction and voice communication functionalities. These services are provided by Exit Games GmbH, located at Hongkongstr. 7, 20457 Hamburg, Germany (hereinafter referred to as "Photon"). This section outlines the nature, scope, and purpose of data processing within our app in relation to Photon's services, in compliance with the General Data Protection Regulation (GDPR).
Photon Fusion and Photon Voice, as components of our app, involve the processing of data on servers managed and operated by Photon. The data processing is carried out on the basis of a Data Processing Agreement (DPA) between us and Photon, in accordance with Article 28 GDPR. Location and Transfer of Data: Photon's server infrastructure is globally distributed to ensure minimal latency and optimal performance. Personal data processed through Photon services may be transferred to, and stored at, a destination outside the European Economic Area (EEA). Photon takes all steps reasonably necessary to ensure that your data is treated securely and in accordance with GDPR standards.

To participate with other users in multiplayer, your chosen player name will be shared. As you require the same galleries to view them together, the gallery names, the number of content files and potiental file paths on the local device may be shared internally in the app for synchronization. Common album titles will be displayed on each client. It will be shared which app version you use and how many galleries you have on your system. An admin status can be exchanged between users to control the multiplayer experience.


Collection of personal data upon contact
 
If you email us or contact us via the contact form, we process and store the following data from you and use it to answer your enquiry. The legal basis is Article 6 (1) sentence 1 (b) of the GDPR: 
• first name, surname 
• email address 
• email receipt date 
• time and time zone difference to Greewich Mean Time    

Collection of personal data upon visit to our website 
(1) When using the website merely for information purposes, i.e. if you do not register or otherwise provide us with information, we shall collect only the personal data that your browser sends to our server. If you would like to look at our website, we will collect the following data, which are technically necessary for us to notify you of our website and to ensure stability and security (the legal basis is Article 6 (1) sentence 1 (f) of the GDPR): 
– IP address 
– date and time of the request 
– time zone difference to Greenwich Mean time (GMT) 
– content of the request (specific page) 
– access status/HTTP status code 
– data transferred in each case 
– the website from which the request originates 
– browser 
– operating system and its surface 
– language and version of browser software. 
(2) We do not use cookies for our website. 
(3) We do not use tracking technologies. 
(4) No automated decision-making, known as profiling, takes place during the visit to our website. 
(5) We process your personal data only for the purpose specified here. Any further processing for other purposes requires your prior consent.       

  Collection of personal data under Submit your photo 
Under “Submit your photo”, you can submit your photo using the form provided at that site. We might select it and publish it either in our apps or on this website or on our image servers. Please note our content guidelines and copyright requirements. The legal basis is Article 6 (1) (b) of the GDPR. 
• IP address 
• email address 
• name or pseudonym 
• GPS data, if applicable
• other image or audio meta data, if applicable
• submission date, time and time zone

You can choose whether your name should be displayed before publication. We inform you that all the images you make available to immerVR GmbH are handed over to us with their rights to commercial use including advertisements and usage in our apps. You are responsible for clarifying the image rights in advance. Please take note of our content guidelines.   

  Collection of personal data in the application procedure 
Personal data you submit to us as part of an application will be collected and processed for the purpose of processing the application procedure. Your personal data will only be processed for processing your application and not for other purposes. Processing is carried out for the purpose of fulfilling the contract or for legitimate reasons pursuant to Article 6 (1) sentence 1 (b) or (f) of the GDPR. Should you voluntarily inform us of special categories of personal data pursuant to Article 9 of the GDPR, such as severely disabled status, processing will be carried out on the basis of Article 9(2)(b) of the GDPR, as the processing of such data is necessary for the exercise of the profession. If we ask you for special categories of personal data pursuant to Article 9 of the GDPR, the processing will be carried out on the basis of your consent pursuant to Article 9(2)(a) of the GDPR. Electronic processing is possible, especially for applications received by electronic means such as e-mail or the contact form on the website. If the application is transferred to an employment relationship, the application documents will be stored for the purpose of processing the employment contract. In the event of no employment relationship, the application documents shall be automatically deleted three months after the application procedure has been completed, unless justified interests under Article 6 (1) sentence 1 (f) of the GDPR preclude their erasure. Such a legitimate interest exists, for example, where proceedings are pending under the General equal treatment Act (AGG). In this case, we will store the data until the procedure is completed. You can also give us your consent for an extended storage period for your applicant data so that we can take you into account for the future when awarding a job.   

  
Transmission of data 
Our hosting provider Strato, based in Germany, and those divisions and employees of immerVR GmbH will receive the data they need to fulfil their contractual and statutory obligations and legitimate interests. In addition, processors commissioned by us (especially it service providers) receive your data if and to the extent that they need the data to perform their respective services. Where there are legal obligations or legitimate interests, public bodies (e.g. courts, authorities) may be recipients of their personal data. Recipients may also be third parties to whom we have referred to the above. Your data will only be passed on to third parties on the basis of the above legal basis. Furthermore, no data will be passed on to third countries. 

   Recipients of personal data 
Recipient category: 
External content providers providing content (e.g. images, videos, embedded posting from social networks, promotional banners, fonts, updates) required to display the service 
Data concerned: access data 
Legal basis: Article 6(1)(f) of the GDPR 
Legitimate interest: proper function of services; (accelerated) presentation of content 

Recipient category: 
IT security service providers 
Data concerned: access data 
Legal basis: Article 6(1)(f) of the GDPR 
Legitimate interest: Preventing attacks by exploiting security gaps/vulnerabilities    

Newsletter dispatch 
With your consent, you can subscribe to our newsletter informing you about news from immerVR GmbH. We use the double opt-in procedure to register for our newsletter. This means that after registering, we will send you an email to the email address in which we request confirmation that you wish to send the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. We also store your IP addresses and dates for logging in and confirmation. The purpose of the procedure is to provide evidence of your registration and, if necessary, to investigate possible misuse of your personal data. The only requirement for sending the newsletter is your email address. The provision of other separately marked data is voluntary and is used to address you in person. Once you have been confirmed, we will save your email address for the purpose of sending the newsletter. The legal basis is Article 6 (1) sentence 1 (a) of the GDPR. You can revoke your consent to sending the newsletter at any time and order it. You can explain the revocation by clicking on the link provided in each newsletter email or by sending an email to our email address mentioned above or by sending a message to the contact details specified in the publishing details. Please note that we will evaluate your user behaviour when sending the newsletter. For this evaluation, the emails sent contain web beacons or tracking pixels that represent one-pixel image files stored on our website. For the purposes of the evaluations, we link the data listed above under “visit to our website” and the web beacons with their email address and an individual ID. The data will only be collected in pseudonymised form, so IDs will not be linked to your other personal data, and direct personal connections will not be possible. You can object to this tracking at any time by clicking on the separate link provided in each email or displaying us about one that is not complete, and you may not be able to use all the functions. If you have the images displayed manually, the above-mentioned tracking takes place. Information from the provider: Sendinblue GmbH, Köpenicker Str. 126 in 10179 Berlin. Further information on the purpose and scope of data collection and its processing can be found in the data protection notices. You will also find further information on your rights and the protection of your privacy here: https://de.sendinblue.com/datenschutz-uebersicht/    

Facebook / Meta / Instagram 
Name and address of controllers pursuant to Article 26 of the GDPR 
Jointly responsible for the operation of this Facebook page are in the interests of the EU, Basic data Protection Regulation and other data protection provisions: ​Meta Platforms Ireland Ltd. (referred to as "Meta", “Facebook” or "Oculus"), 4 Grand Canal Square, Grand Canal Harbour in Dublin 2 Ireland and immerVR GmbH, Im Zollstock 12 in 91093 Hessdorf/Germany, Daniel Pohl - email address mentioned above. 

Below we will inform you about the processing of personal data specifically for our Facebook page. 
We operate this page to draw attention to our services and products, to have you as visitors and users of this Facebook page, and to enable contact through our website. Further information about us and you can find out more about our activities within the company on our website under www.immervr.com. As operators of the Facebook page, we have no interest in the survey and further processing of your individual personal data for analysis or marketing purposes. The operation of this Facebook page, including the processing of personal data is provided on the basis of our legitimate interests in contemporary and supportive information and interaction opportunities for and with our users and visitors in accordance with Article 6 (1) (f) of the GDPR. 

Processing of personal data by Facebook 
In its judgment of 5 June 2018, the European Court of Justice (ECJ) ruled that: http://www.curia.europa.eu/juris/document/document.jsftext=&docid=202543&pageIndex=0&doclang=DE&mode=req&dir=&occ=first&part=1&cid=298398 that the operator of a Facebook page is jointly responsible with Facebook for processing personal data. We know that Facebook uses users’ data for advertising (analysis, production of personalised advertising), user profiling and market research. Facebook sets cookies for storing and further processing this information a, that is to say, small text files which appear on the various user devices be stored. If the user has a Facebook profile and if logged in, storage and analysis will also be carried out across all devices. The Facebook Privacy Policy contains further information on: Data processing: ​https://www.meta.com/about/privacy/ 
Options for objecting (so-called opt-out) can be found here: ​https://www.meta.com/settings?tab=ads and set http://www.youronlinechoices.com here. Facebook Inc., the US parent company Facebook Ireland Ltd., has been under the EU U.S. Privacy Shield since 2020-07-16 following a ruling by the European COURT of Justice. certified. It cannot be guaranteed that your data will not be transmitted to the United States and that it will be subject to our European level of data protection. We are currently examining the possibilities of other legal bases. The transmission and further processing of users’ personal data in third countries, such as the United States, and the possible risks to the users cannot be excluded from us as operators of the page. Data transmission to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.  

Statistical data 
Statistical data can be found on the Facebook’s "Insights".  Different categories can be accessed by us. These statistics shall be compiled by: Facebook created and provided. In terms of production and presentation, we Operator of side no influence. We cannot stop this function or prevent the production and processing of the data. The following data relating to our Facebook page will be made available to us by Facebook for an election period and for the categories fans, subscribers, people reached and interacting persons: total number of page calls, “favor me” information, page activities, contribution responses, reach, video views, range of contributions, comments, shared content, responses, proportion of men and women, background to land and city, language, appeals and clicks in the shop, clicks on route planners, clicks on telephone numbers. This also provides data on Facebook groups linked to our Facebook page. The constant development of Facebook is changing the availability and processing of the data, so that we can refer to the above details for further details. Refer to Facebook’s data protection statement. We use this data to make our contributions and activities more attractive to users. For example, we use the distribution by age and gender for an adapted approach and the preferred visiting times of users to optimise the timing of our contributions. Help provide information about the type of terminal equipment used by visitors we are adapting our contributions visually and structurally. In accordance with the Facebook terms and conditions of use to which each user subscribes when drawing up a Facebook profiles approved, we can access the website’s subscribers and fans, identify and view their profiles and other shared information including the total number of page views, “Like” information, Page activities, Post interactions, Range, Video views, Post reach, Comments, Shared content, Responses, proportion of men and women, Country and city origin, Language, Views and clicks in the shop, clicks on route planner, clicks on phone numbers..   

Instagram / Meta 
If you use the Instagram services to view content from our Instagram account, please be aware that Instagram, part of Meta Companies (https://www.facebook.com/help/111814505650678), might use the same infrastructure and algorithms as other Meta companies (e.g. Facebook). They will store user data (e.g., personal information, IP addresses, web browser used, hardware used, operating system used, when, where and so on) and may use it for their business. The privacy poliy of Instagram is described here: ​​https://help.instagram.com/519522125107875 

We are not responsible and cannot change what kind of data is collected on Instagram by Meta and how that data is handled. Instagram can be reached through the following physical address: Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland

  User rights 
Since only Meta / Facebook has complete access to user data, we recommend  to contact Meta / Facebook directly if you have any questions or requests for information to your rights as a user (e.g. right to erasure). You can contact Facebook’s data protection officer via the online contact form provided by Facebook under https://www.facebook.com/help/contact/540977946302970. If you need help or have any other questions, please contact us under at our email address mentioned above.    

Right to object 
If you no longer want the data processing described here, please remove the link between your user profile and our website by using the functions “I no longer like this page” and/or “no longer subscribe to this page”.   

  Videos and services on TikTok
We operate the TikTok site to pay attention to our services and products to make and with you as a visitor and user of this site, and contact our website. More information about us and about our activities in the company you can find on our website at www.immervr.com. As the operator of the TikTok site, we have no interest in the collection and further processing of your individual personal data for analysis or Marketing purposes. Further information on our handling of personal data Data can be found in our privacy policy on our website at www.immervr.com. The operation of this site, including the processing of personal data User data is based on our legitimate interests in up-to-date and supportive information and interaction possibilities for and with our users and visitors pursuant to Art. 6 para. 1 lit. f. GDPR. There is a shared responsibility. Provider is TikTok Technology Limited 10 Earlsfort Terrace, Dublin, D02 T380, Ireland More information can be found at https://support.tiktok.com/de/account-and-privacy

Right to object (TikTok) 
If you no longer want the data processing described here, please remove the connection of your user profile to our site by using the functions “I no longer like this page” and/or “No longer subscribe to this page”.  

PayPal

On our website, we have implemented a PayPal donation button for our for-profit organization immerVR GmbH. Donating does not entitle to receiving any service or product. When you use PayPal to donate to us, you can click on the donation button. By using this button, a connection from your browser to servers from PayPal will be initialized through which PayPal will receive your IP address. For the donation process, data will be transferred to PayPal. We do not have access or influence on this process. We refer you to the Privacy Policy from PayPal at https://www.paypal.com/va/webapps/mpp/ua/privacy-full.

In our PayPal account statements we might be able to see the name and address of the donor. This will only be used, if required, for tax and finance processing.

  Inclusion of YouTube videos 
We may have integrated YouTube videos into our website, which are stored on https://www.YouTube.com and can be played directly from our website. These are all included in the extended data protection mode, i.e. no data about you as a user will be transferred to YouTube if you do not play the videos. Only when you play the videos will the data referred to in paragraph 2 be transferred. We have no influence on this data transfer. The legal basis for the inclusion of YouTube videos is Article 6 (1) sentence 1 (f) GDPR. By visiting the website, YouTube will be informed that you have consulted the relevant sub-page of our website. The data mentioned under “visit to our website”, this declaration, will also be transmitted. This is done regardless of whether YouTube provides a user account through which you have been logged or whether there is no user account. Once you have logged in to Google, your data will be allocated directly to your account. If you do not wish to be assigned to YouTube with your profile, you must log in before activating the button. YouTube stores your data as user profiles and uses them for advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (even for uninvited users) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have a right to object to the formation of these user profiles, and you must address this to YouTube in order to do so. Information from the provider: YouTube LLC, 901 Cherry Ave, San Bruno, APPROX. 94066, USA. Google Ireland limited, Gordon House, Barrow Street, Dublin 4, Ireland is responsible for data processing. Further information on the purpose and scope of the data collection and its processing by YouTube can be found in the Data Protection Declaration. You will also find further information on your rights and employment options to protect your privacy: https://www.google.de/intl/en/policies/privacy.   

  Chat platform: Discord 
We may offer our community the service of Discord so that our users can get in touch with the developers and other users of our products as easily as possible. Discord stores all entered sentences, images, username, email address and all messages, temporary VoIP data (to enable communication) and other content that you send via the chat function. Furthermore, we collect the IP address, device ID and your activities within the Services. “... this information is used by our services and supplemented with other information to understand, among other things, the number of visitors to our website, the number of messages sent, and the websites that refer their visitors to Discord...” (Discord) Legal basis is based on Art. 6 para. 1 lit f GDPR. Our legitimate interest lies in the fact that our community receives a platform for exchange. More information on data processing by Discord can be found at https://support.discord.com/hc/de/sections/115000344951-Datenschutz-und-Richtlinien Currently, we must point out that Discord Inc., based in 444 De Haro St Suite 200, San Francisc, CA 94107, USA, does not operate an adequate level of data protection based on the GDPR. The chats are not end-to-end encrypted and are stored on Discord’s server. If you have any questions, please contact Discord Inc. at privacy@discord.com or https://discord.com/.

Reddit
If you decide to use our Reddit channels, please be aware of the privacy policy of Reddit (https://www.reddit.com/policies/privacy-policy). Reddit may use your user information, login data, content you post, actions you take and other information in order to at least provide, maintain, and improve the services; Personalize services, content, and features that match your activities, preferences, and settings, help protect the safety of Reddit and their users, which includes blocking suspected spammers, addressing abuse, and enforcing the Reddit User Agreement and other policies; Provide, optimize, target, and measure the effectiveness of ads shown on their Services; Research and develop new services; Send you technical notices, updates, security alerts, invoices, and other support and administrative messages; Provide customer service; Communicate with you about products, services, offers, promotions, and events, and provide other news and information Reddit thinks will be of interest to you; and Monitor and analyze trends, usage, and activities in connection with Reddit's services. Reddit, Inc. is located at 548 Market St. #16093, San Francisco, California 94104, USA and Reddit Ireland Limited, Attn: Reddit EU Data Inquiries, Georges Quay Plaza, Floor 2 - 101, Dublin D02 F856, Ireland.

  Use of Google Adwords Conversion 
We use the offer of Google Adwords Conversion to draw attention to our attractive offers with the help of advertising materials (so-called Google Adwords) on external websites. In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. We thus pursue the interest to show you advertisements that are of interest to you, to make our website more interesting for you and to achieve a fair calculation of advertising costs. The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. a GDPR. These advertising materials are delivered by Google via so-called “Ad Server”. For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as displaying ads or clicks by users, can be measured. If you reach our website via a Google ad, Google Adwords stores a cookie on your PC. These cookies usually lose their validity after 30 days and are not intended to identify you personally. For this cookie, as a rule, the unique cookie ID, the number of ad impressions per placement (frequency of the insertions), last impression (relevant for post-view conversions, i.e. the number of advertisements before clicking on them) and opt-out information (marking that the user no longer wants to be addressed) are stored as analysis values. These cookies allow Google to recognise your Internet browser. If a user visits certain pages of the website of an Adwords customer and the cookie stored on his computer has not yet expired, Google and the customer can recognise that the user has clicked on the ad and has been redirected to this page. Each Adwords customer is assigned a different cookie. Cookies cannot therefore be tracked through the websites of Adwords customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations provided by Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of advertising material, in particular we cannot identify the users on the basis of this information. Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: By integrating AdWords Conversion, Google receives the information that you have accessed the corresponding part of our website or clicked on an ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will know and save your IP address. You can prevent participation in this tracking procedure in several ways: a) by setting your browser software accordingly, in particular, suppressing third-party cookies will prevent you from receiving third-party advertisements; B) by disabling the conversion tracking cookies by setting your browser to block cookies from the domain “www.googleadservices.com”, https://www.google.de/settings/ads, where this setting is deleted when you delete your cookies; C) by disabling the interest-based advertisements of the providers that are part of the “About Ads” self-regulatory campaign via https://www.aboutads.info/choices , where this setting is deleted when you delete your cookies; D) by permanently deactivating your browsers Firefox, Internet Explorer or Google Chrome under https://www.google.com/settings/ads/plugin. We would like to point out that in this case, you may not be able to make full use of all the functions of this offer. Information from the provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further information on data protection at Google can be found here: https://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html.   

Twitter Ads 
We may use the ads for marketing and optimisation purposes in order to serve you relevant and interesting ads and thus to improve our offer, to make it more interesting for you as a user and to avoid annoying ads. The legal basis is Art. 6 para. 1 sentence 1 lit. a) GDPR. The provider is: Twitter International Company, One Cumberland Place, Fenian Street, D02 AX07 Dublin 2 in Ireland. More information can be found at https://gdpr.twitter.com/de/faq.html. 

Facebook Ads 
We may use the ads for marketing and optimisation purposes in order to serve you relevant and interesting ads and thus to improve our offer, to make it more interesting for you as a user and to avoid annoying ads. The legal basis is Art. 6 para. 1 sentence 1 lit. a) GDPR. The provider is: Meta-Platforms Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. 

Reddit Ads and Reddit Conversion Tracking 
We may place advertisements on Reddit (Reddit Ads). We also use Reddit’s analytics and conversion tracking technology to assess the effectiveness of this advertising. Responsible for data processing is: Reddit, Inc., 548 Market St. #16093, San Francisco, California 94104. Reddit places a cookie on your computer if you have accessed our website via a Reddit advertisement. These cookies lose their validity after 30 days and are not used for personal identification. If you visit certain pages of the website of a Reddit Ads customer and the cookie has not yet expired, Reddit and the customer can recognise that you have clicked on the ad and have been redirected to this page. Each Reddit Ads customer receives a different cookie. Cookies cannot therefore be tracked through the websites of Reddit Ads customers. The information obtained with the help of the conversion cookie is used to create conversion statistics for Reddit Ads customers who have opted for conversion tracking. Reddit Ads customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information with which users can be personally identified. The legal basis for data processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. The purpose of data processing is to inform you about our offer and to make it clear and user-friendly for you. This cookie expires after 30 days and is not used for personal identification. You have the possibility to revoke your consent to data processing at any time. Please contact us under the above data. As a logged in user of reddit, you can object to the storage and use of data in a Reddit cookie by visiting https://www.reddit.com/personalization and selecting your preferred settings. If you choose this option, a new cookie (opt-out cookie) is set in your browser, which informs Reddit that no data relating to your browsing behaviour may be stored. Please note that the setting must be made for all browsers you are using. If all your cookies are deleted in a browser, this also affects the opt-out cookie of Reddit. In summary, we would like to say that we do not evaluate user data, IP addresses are always anonymised. We can evaluate search terms, expected age and pages visited. If you have any questions, please contact us. 


OpenStreetMap
In order to provide you with a dynamic map image from your image's meta data or settings you used in the corresponding .immerVR files, we may use the services from the map image provider OpenStreetMap. In order to genrate the dynamic map, information like GPS data from the image content or GPS data mapped to certain tiles in a zoomable map might be transmitted. To be able to receive image data, the IP address of the client needs to be used. The privacy policy (e.g., regarding GDPR) of OpenStreetMap can be found here: https://wiki.osmfoundation.org/wiki/GDPR_Privacy_Statement and https://wiki.osmfoundation.org/wiki/Privacy_Policy. The OpenStreetMap Foundation is located at St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom.

Pastebin
Services from Pastebin may be used to allow you to access information posted from yourself or others directly inside our app. For example, if you want to send yourself an URL that is long to type, you can instead type it on a PC with a keyboard, paste it to Pastebin and then recover the URL in immerGallery. Pastebin collects data as they explain in their Privacy Statement (https://pastebin.com/doc_privacy_statement): Much of Pastebin is public-facing. If Your Content is public-facing, third parties may access and use it in compliance with Pastebin's Terms of Service. Pastebin does not sell that content; it is yours. However, Pastebin does allow third parties, such as research organizations or archives, to compile public-facing Pastebin information, excluding User Personal Information, per Pastebin's Terms and Agreements (https://pastebin.com/doc_terms_of_service). Furthemore Pastebin states that your Personal Information, associated with your content, may be gathered by third parties in these compilations of Pastebin data. If you do not want your Personal Information to appear in third parties’ compilations of Pastebin data, please do not make your Personal Information publicly available. Pastebin is located at 3000 C St Ste 301, Anchorage, Alaska, 99503, United States.

  No obligation to provide and consequences of non-provision
The provision of personal data is not legally or contractually prescribed and you are not obliged to provide data. We will inform you in the course of the input process if the provision of personal data is required for the relevant service (e.g. by calling it a “mandatory field”). In the case of necessary data, non-provision means that the service in question cannot be provided.    

Storage time of your data
We process your personal data, where necessary, for the duration of the business relationship and as long as it is necessary for the aforementioned purposes, as well as in accordance with the statutory retention and documentation obligations arising in particular from the fiscal code and the commercial code, which usually amount to 10 years. In addition, personal data may be stored and stored for as long as the data are relevant to pending judicial or administrative proceedings in which the controller has a party status.    

Your rights 
(1) You have the following rights with regard to personal data concerning you: 
• the right to information, 
• the right to rectification or erasure, 
• the right to restrict processing, 
• the right to object to the processing,
• the right to data portability. 
(2) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us. Please address this complaint to the competent supervisory authority under www.lda.bayern.de If you need help in implementing your rights, please contact us.   

  Objection 
You have the right to object to the processing of your personal data at any time. Please send this in writing by email or by post to the address of the ImmerVR GmbH. We kindly point out that the exercise of their rights may, in individual cases, be subject to certain conditions.    

Ensuring data security and data protection 
To ensure the protection and security of your personal data, we are implementing a large number of technical and organisational security measures, the effectiveness of which we regularly review.       

November 2022