withVR Privacy Policy

Version 1.0, last changed Friday the 6th of October, 2022.

Please read this Privacy Policy, which is a legally binding agreement between you, the end user ("you"), and withVR BV and/or its affiliates (collectively, "withVR", "we" or"us"), carefully before using any withVR products and sharing your data.

withVR produces customizable virtual reality software for speaking situations. To do this, we create virtual reality environments that enable individuals to be exposed into speaking situations that they might fear or become anxious in. For withVR to function, we use state-of-the-art technology that communicates with devices across different physical and virtual (e.g. cloud) platforms. To make this all possible we collect and share some of your personal data. We are committed to your privacy. This statement informs you of the types of personal data we collect when you visit our websites and how we process them. With this privacy statement we also fulfill our duty to inform you pursuant to Art. 13 GDPR.

This implies that:

• we process your personal data in accordance with the purpose for which it was provided, these goals and type of personal data are described in this Privacy Statement;

• the processing of your personal data is limited to only those data that are minimally required for the purposes for which they are processed;

• we ask for your explicit consent if we need it for the processing of your personal data;

• we have taken appropriate technical and organizational measures to ensure the security of your personal data;

• we do not share personal data with other parties, unless this is necessary to fulfill the purposes for which they were provided;

• we are aware of your rights regarding your personal data, we want to respect them and inform you about them.

As withVR, we are responsible for the processing of your personal data. If after reviewing our Privacy Statement you have questions about the processing of your personal data or the exercise of your rights, you can contact us via the information below:

withVR BV

Jozef Hebbelynckstraat 21

Merelbeke 9820

hello@withvr.app

1. What is the scope of this privacy statement

This privacy statement applies to the personal data that we process as a data controller. It applies to the processing of personal data of our customers, consumers, suppliers, personnel, business partners … in relation to our products and services, as well as to the personal data of third parties that we have to process for the implementation of an agreement. This privacy statement applies when you visit our office or our website, when you subscribe to our newsletter, have an appointment with our representatives, or in any other way when using our products and services. We also try to process and secure the personal data of our prospects as carefully as possible, in accordance with our privacy statement.

2. Which data do we collect and how?

It is not obligatory to communicate your personal data, but to provide you with the best experience we need you to create an account that contains your personal information. This way you can identify yourself to other users and claim your and your clients’ progress in your own name.

This account data includes private data that we will never share like your email address. Password, and date of birth. It also includes data that we will show to other users, like your first name and last name, country, etc.

This data is provided by you when creating and filling in your account. We also collect data that comes from you using the application. This includes private data like your clients and session reports that we will not share with other players unless you first give permission. You are of course free to share this with whomever you want.

Public data that we will share consists of for example total sessions, duration in sessions, goal progress, avatars and spawn locations used, which commands (Animations, Emotions, Speaking, Sounds, etc.) were used, etc. We also collect anonymous data for analytical purposes on both our website and withVR application. This data is not used to identify users or clients, but to analyze and improve our services.

It is not our intention to process personal data of minors (persons under the age of 16)

3. What do we do with that collected data?

We use the collected data to provide you with the best speaking situation experience possible. To do this, we give you an online identity with the data you provide us, so you can identify yourself and your clients. This helps us to differentiate user accounts and for you to differentiate your clients. You can also use this data to monitor your clients’ progress with the possibility to improve their experience using withVR. The anonymous data we collect is used for analytic purposes to keep improving our services.

Lastly, your private data will always remain private and is not shared in any way, shape or form.

We process your personal data for various purposes, but in every situation we only process the data that is minimally necessary to achieve the relevant goal. For example, the processing of your personal data is necessary:

• for the preparation, execution or termination of our agreement or cooperation;

• to comply with the legal or regulatory provisions to which we are subject;

• for defending our legitimate interests, in which case we always aim for a balance between our interest and your privacy.

• If the processing of your personal data is not necessary for one of these three reasons, we will always request your permission to process your data.

4. Do we share data with third parties?

We are in the computer software business, not the data selling business. Therefore, we will never sell your data to any third parties.

We do use third party solutions to support our services, like Google Analytics for analytics, or Stripe for payments.

5. How long do we store your data?

We store and process the personal data for a period that is necessary in function of the purposes of the processing and in function of the (whether or not contractual) relationship that we have with you. Customer data and data from suppliers or subcontractors will in any case be removed from our systems after a period of ten years after the termination of the agreement or the project, except for personal data that we have to keep for a longer period of time on the basis of specific legislation or in case of an ongoing dispute for which we still need the personal data.

6. How do we protect your data?

We take the necessary technical and organizational measures to process your personal data with an adequate level of security and to protect it against destruction, loss, forgery, modification, unauthorized access or notification by mistake to third parties, as well as any other unauthorized processing of this data. In no case can withVR be held liable for any direct or indirect damage resulting from incorrect or unlawful use of the personal data by a third party.

7. Your rights

In accordance with and under the terms of the Belgian privacy legislation and the provisions of the General Data Protection Regulation, we inform you that you have the following rights:

7.1. Right to be informed and access

You have the right to know at any time whether or not we process your personal data, and if we process them, to view these data and to receive additional information about:

• the processing purposes;

• the concerned categories of personal data;

• recipients or categories of recipients (in particular recipients in third countries);

• if possible, the retention period, or if this is not possible, the criteria for determining this period;

• the existence of your privacy rights;

• the right to file a complaint with the supervisory authority;

• the information we possess about the source of the data in case we obtain personal data via a third party;

• the existence of automated decision-making.

7.2. Right of rectification

You have the right to have incomplete, incorrect, inappropriate or outdated personal data corrected. In order to keep your data up-to-date, we request you to report any change, such as a move or the change of your e-mail address.

7.3. Right to erasure

You have the right to have your personal data deleted in the following cases and without unreasonable delay:

• your personal data is no longer required for the purposes for which they were collected or otherwise processed by withVR;

• you withdraw your prior consent to the processing and there is no other legal basis that withVR can rely on for (further) processing;

• you object to the processing of your personal data and there are no more serious, justified grounds for the (further) processing by withVR;

• your personal data is processed unlawfully;

• your personal data must be deleted in order to comply with a legal obligation;

• your personal data was collected when you were still a minor.

Please note that we cannot always delete all requested personal data, e.g. when the processing is necessary for the notification, exercise or substantiation of a legal claim. We will inform you of this via an answer to your request.

7.4. Right to data portability

This gives you the right to ‘recover’ your personal data. This is only possible for personal data that you have provided to withVR yourself, based on your permission or after an agreement. In all other cases you cannot exercise this right (eg when the processing takes place on the basis of a legal obligation). For example, there are two aspects to this right:

• you can request withVR to recover your personal data in a structured, common and machine-readable form; and

• you can request withVR to pass the personal data directly to another controller. You are responsible for the correctness and security of the (email) address you provide for the transfer. If the transfer proves technically impossible, withVR has the right to refuse this.

7.5. Right to object the processing of your data

You have the right to object to the processing of your personal data for serious and legitimate reasons. Please note, however, that you cannot oppose the processing of personal data that is necessary for us to perform a legal obligation, the execution of the agreement or when it is in our legitimate interest, and this for as long as this information is necessary for the purposes for which they were collected.

7.6. Right to withdraw consent

If the processing of the personal data is based on the prior consent, you have the right to withdraw this permission. Your personal data will then only be processed if we have a different legal basis for this.

7.7. Automated individual decision-making, including profiling

We confirm that the processing of personal data does not include profiling and that you are not subject to fully automated decisions.

If you have a remark or complaint about the processing of your personal data or the exercise of your rights, we ask you to contact us directly. In addition, you always have the right to file a complaint with the Data Protection Authority (formerly Privacy Commission), which is the supervisory authority in the area of privacy protection.

Gegevensbeschermingsautoriteit

Drukpersstraat 35

1000 Brussel

Phone: +32 (0)2 274 48 00

e-mail: contact@apd-gba.be

8. What if the privacy policy changes?

We update this privacy policy to stay transparent with our users. Should major changes be made, we will send out an email detailing these changes. This policy was last edited on the date at the top of the policy.

9. Contact information

Please contact legal@withvr.app for any questions you have regarding our privacy policy.