PRIVACY
POLICY
concerning the AR Generation Service including the New Layer Application
The Controller encourages you to read this document.
⇽ Get BackThis document explains in particular
- Who is the Controller of data/information;
- What data/information is processed by the Controller;
- The place of data/information processing, personal data recipients, the transfer outside the EEC
- The grounds for processing of data/information. *
- For how long data/information is stored.
- What are the User’s rights with regard to such data.
- Other relevant information.
Controller of personal data
AR Generation Sp. z o. o. having its registered office in Warsaw ( Aleja Gen. Antoniego Chruściela "Montera", No. 88A, 04-412 Warsaw, Poland) entered into the Register of Entrepreneurs of the National Court Register [KRS] under number 000874920. contact: ar@ar-generation.com hereinafter referred to as AR Generation or the Controller.
This privacy policy concerns the mobile application New Layer of the Controller’s websites argeneration.com and newlayer.ar-generation.com., and also any other products and services of the Controller, including official forums, blogs, etc.
The term "Services” of the Controller is used in this Policy to discuss all matters.
We also inform that the New Layer User Agreement contains more information on what Service/Application is provided.
What data/information is processed by the Controller
While the User is downloading, proceeding with the registration, using the Services; the Controller is collecting the User’s data, depending on the purposes for which the data will be processed. They may include:
User’s phone number
Purpose download, registration, use of Controller’s Services, enabling the Controller to provide the Services, implementing an agreement, other purposes permitted by law, including legitimate interest pursuedby the Controller.
User’s electronic mail address
Purpose registration on Controller’s forum, contact in connection with the Service provided by the Controller, other purposes permitted by law, including legitimate interest pursued by the Controller.
Data/information on User’s location (coordinates, geographical position, elevation above sea level)
Purpose use of Controller’s Services, enabling the Controller to provide the Services, implementing an agreement, in case of the Application for navigation in augmented reality AR, other purposes permitted by law, including legitimate interest pursued by the Controller.
User’s contacts
Purpose use of Controller’s Services, enabling the Controller to provide the Services, implementing an agreement, sending information to the User, implementing the contract between Users, other purposes permitted by law, including legitimate interest pursued by the Controller.
Analytic data/information (analysing behaviours of the Service/Application’s Users)
Purpose improvement of the interface, bug tracking, adjusting the Service to the User’s needs, marketing, carrying out A/B testing (Google analytics, Google firebase), other purposes permitted by law, including legitimate interest pursued by the Controller.
Communication data/information (text messages/email)
Purpose use of Controller’s Services, enabling the Controller to provide the Services, sending text messages between Users, email messages (if the User contacts the Controller by electronic mail), other purposes permitted by law, including legitimate interest pursued by the Controller.
Photos and Videos made by the User and uploaded to the Service/Application
Purpose use of Controller’s Services, enabling the Controller to provide the Services, sending photos/videos between Users, other purposes permitted by law, including legitimate interest pursued by the Controller.
Readings from a compass, barometer, accelerometer of the Service/Application
Purpose use of Controller’s Services, enabling the Controller to provide the Services, for the purpose of navigation in augmented reality AR, other purposes permitted by law, including legitimate interest pursued by the Controller.
User’s files uploaded to the Service/Application (e.g. objects, 3D Models)
Opinions (likes/dislikes) about objects/3D models uploaded to the Service/Application
Purpose use of Controller’s Services, enabling the Controller to provide the Services, other purposes permitted by law, including legitimate interest pursued by the Controller.
Technical data concerning the User’s device including internet and/or network connection, operating system, unique user’s ID or other technical details etc.
Purpose use of Controller’s Services, enabling the Controller to provide the Services, other purposes permitted by law, including legitimate interest pursued by the Controller.
User’s activities, including the information on how you use the Controller’s services, including
measurement data concerning time and the manner of using the application, data on the movement,
language preferences, information on activation/update of the application - for the purpose of the
provision of services by the Controller;
Purpose: use of Controller’s Services, enabling the Controller to provide the Services, other purposes
permitted by law, including legitimate interest pursued by the Controller.
Purpose use of Controller’s Services, enabling the Controller to provide the Services, other purposes permitted by law, including legitimate interest pursued by the Controller.
Other data/information
Purpose Only in situations when it is necessary due to legitimate interest pursued by the Controller or/and it is in compliance with the binding legal regulations (e.g. for the purpose of protection of Controller’s rights).
We inform that user’s files, contacts, location may be also transferred between users within the application.
Some types of a/m information/data may be gathered in an aggregated or anonymised (encrypted) manner or the Controller may make them available in such manner for testing or analysing of the mode of operation and use of the Services.
Data concerning payments
The Controller doesn’t process the personal data concerning payments. Payment transactions are realised through appropriate platforms, e.g. Apple Store, through user’s account linked with the platform’s account. If the User makes a transaction on the platform, the Controller will be notified by the payment processor of the transaction made, but it will not receive any factual payment details.
Cookies
The Controller and third parties collect information on the User through cookies. Any usage of cookies by the Service/Application, except for other purposes described in this document, serves for the provision of the Service required by the User. For more information on usage of cookies refer to the Cookies policy, which constitutes an integral part of this Privacy policy.
Processing of children’s personal data
The Controller informs that in accordance with the law the User should be have a correct age to use the Service/Application. Children,s should request his/her parent to give consent to usage of the Application/Service. For more information on usage children’s personal data refer to the Terms of Services. Should the parent or carer have any questions as to the processing of personal data of the child, he/she may contact ar@ar-generation.com.
Place of processing of data/information
Personal data recipients
Transfer of personal data outside the EEC
Data are processed in operations control facilities of the Controller and in any other place, in which the parties engaged in processing are situated. Depending on the User’s location, data transfers may involve transferring of the User’s data to other country than their own one.
The Controller applies appropriate security measures to prevent an unauthorised access, disclosure, modification or unauthorised destruction of data/information. Data are processed with the use of IT and technological tools, with the observance of organisational procedures and modes strictly connected with the purposes indicated herein.
User’s personal data may be provided only to authorities entitled to receive them under the binding legal regulations (e.g. at the request of authorised bodies) or to external companies engaged by the Controlled in the provision of services (e.g. data storage, server hosting, technical support, analytic support). The entities, referred to above, may request for access to data on behalf of the Controller. The Controller selects the said entities with due diligence and commits to comply with Article 28 of the GDPR. Relevant arrangements have been made orally with such providers of services to protect the User’s data.
Data/information will be mainly stored and processed in the EU (e.g. servers in Germany), but there might occur circumstances, under which the Controller will cooperate with trusted third parties from outside the EU, so as to provide a fully professional service (e.g. servers in the USA).
The Controller transfers personal data outside the European Economic Area only when it is necessary and with the assurance of appropriate protection level, most importantly through the cooperation with professional data processing entities, the application of standard industry procedures and security standards, the compliance with the principles determined by the European Union institutions. By sending your personal data you explicitly agree to such data transfer, storage or processing outside the EU.
Data and information may be provided by the User in connection with usage of the Services to other parties. The Controller’s services may from time to time contain the contents or services of third parties or may link the User with them. The principles of data processing in such case are regulated by their own privacy policies. This privacy policy doesn’t comprise external websites and companies, therefore the Controller recommends reading the privacy policies of third parties.
Grounds for processing of data/information
Article 6 sec. 1 b) of the GDPR - processing is necessary for the performance of an agreement to which the User is party or in order to take steps at the request of the User prior to entering into an agreement;
Article 6 sec. 1 f) of the GDPR - processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party,
Processing is carried out in order to enable the User to use one of our Services on the one hand, and in order to enable the Controller to ensure that Services will be performed in an optimal and professional manner on the other hand, including the possibility to participate in interactive functions of the Service, the possibility to take advantage of the communication systems between the Users.
The Controller monitors the Service efficiency in order to ensure that the Services are performed in the manner that is most effective for the User and his/her device and for enforcement of the agreement/principles determined with the user, to notify of any changes in the Service, and to protect the Service Users.
Article 6 sec. 1 c) of the GDPR - processing is necessary for compliance with a legal obligation to which the controller is subject - i.e. when we are obliged to process under the generally binding legal regulations.
[Article 6 sec. 1 a) of the GDPR] - the legal basis for processing of personal data is the User’s consent given for a specific purpose.
Giving such consent is voluntary, nevertheless its lack may result in the lack of possibility to use the Service. A consent given is explicit and unambiguous.
AUTHORISATION OF THE DEVICE FOR ACCESS TO PERSONAL DATA
Depending on the User’s specific device, this Application may require certain authorisations, which enable it to access the User’s device Data, as described below.
The Controller informs you that it requires the User’s consent for the Service/Application access to:
1) Device camera/microphone - for the purpose of creation of photos and video recordings, including
video recordings with audio ;
2) Access to User’s files - for the purpose of sending files for the upload of 3D models generated by the
Service/Application and for the purpose of enabling the User to send and share
files/information/photos/videos and other files with others users.
3) Sending PUSH notifications to the device and other information about services/products.
By default such authorisations must be granted by the User, before an access to relevant information is provided. Any authorisation once granted can be at any time withdrawn by the User. You should remember that withdrawing any such authorisation may affect proper operation of the Service. If the User grants any of the authorisations specified below, relevant Personal Data can be processed (e.g. available, modified ones) by that Application.
In particular, we request the User for permission to send PUSH notifications. We need it to send the User notifications about the messages received, notifications about new functionalities of the application, notifications about new objects in user’s location and other information, which in our opinion must be delivered to users.
Data processing period:
Personal data will be processed and stored for as long as it is required by the purpose for which they were collected, in accordance with the binding law. Therefore, personal data will be processed for such a period which is necessary, so as to provide the User with services, prevent frauds, provide the user with IT and legal security, or for a longer period, if permitted by the law. Once the User has uninstalled the application, the Controller is authorised to retain the information that is necessary for fulfilment of its legal obligations, dispute settlement, protection of its rights [in principle for a period of 5 years]. The personal data provided by the User directly to third parties will be processed for a period determined by each such third party individually.
User’s rights:
The User holds a number of rights set out in the GDPR: The rights in question apply to all of our users.
- The right of access/to information: what personal data the Controller processes and why (this information);
- The right to rectify: if the available data are inaccurate, the right to rectify them;
- The right to erase: the right to erase your data under specific circumstances;
- The right to restrict the processing;
- The right to transfer data: you may require copies of your data in a machine readable form that can be sent to other provider;
- The right to object: under specific circumstances (including when data are processed based on legitimate interests or for marketing purposes);
- The right to withdraw the consent for processing of personal data.
In consequence of raising an objection or withdrawing the consent to processing of personal data some or all services of the Controller may become unavailable for the User.
- The rights related to automated decision-making, including profiling: there are some rights in this area, in which the processing in carried out in an automated way only, while decisions entail legal effects or effects significant for a natural person. Under such circumstances the User’s rights comprise the right to provide human intervention in decision-making process.
A/m rights are performed subject to Article 15-22 of the GDPR.
Any Users being residents of California (USA) also hold the following rights (apart from those mentioned above), which rights are set out in the California consumer privacy act:
- the right to request to disclose certain information and explain how the User’s personal data have been collected, used and provided for the last 12 months
- the right to request to erase the personal data that have been collected, subject to certain exceptions.
Should the User want to use any of the above-mentioned rights or have any questions concerning the same, he/she may contact ar@ar-generation.com
The Controller notes that any User’s communication through the service may disclose detailed information on the User. In addition, any information, which the User posts, will be available for other Users. The Controller is responsible neither for using by the User any private personal data, which the User provides, nor for actions of other Users or other third parties, to whom the User transfers or provides his/her information or contents.
The Controller may amend the Privacy policy. If it does so, it will post the amended version on the website. Should the User have any questions concerning the amendments, he/she may contact the Controller. The Principles regarding the processing of such data are set forth in the Cookies policy. The Controller encourages you to contact