ANYVISION BY VR GLOBAL DATA PROTECTION POLICY
Last update: 25 May 2018
The protection of your personal data as well as your privacy is of utmost importance for us – the VR Global Inc. Thus, for the purposes of providing you with our website services and software-as-a-services, we decided to be bound by the principles included in this Data Protection Policy. We kindly invite you to read this Policy carefully as it defines basic principles and mechanisms of how we process your personal information. This is a legal document, yet, we have tried to prepare it in a clear and transparent manner in order to enhance protection of your rights, which is one of the top priorities of the VR Global.
This Data Protection Policy ("Policy") is subject to the laws of the New York State, the United States of America and has been prepared by the VR Global, Inc. 335 Madison Avenue 4th Floor, New York, NY 10017 ("VR Global", "us", "we", or "our").
The hereby Data Protection Policy applies to:
Our SaaS service is available to customers from other countries of the World, including states which are part of the European Union (the EU) or the European Economic Area (the EEA). In accordance with the so-called General Data Protection Regulation (the GDPR), which is an act forming part of the European Union law, in order to provide services to our Clients from Europe, we are obliged to inform about a number of issues, this is directly required of us by the law.
We would like to indicate that you could use the principles of the GDPR if you use the SaaS in the EEA, or if you are a citizen of one of the EEA states. In the following part of this Policy, all persons covered by the GDPR principles on processing of personal data are going to be jointly referred to as “the EU persons”. Should you have any doubts on your rights - please do not hesitate to contact us.
If the GDPR does not concern you, we strongly invite you to carefully read the entire Data Protection Policy document. Even if the GDPR does not apply in your case (as, for example, due to the fact that you are the citizen and resident of the US and you use our SaaS service there), we would like to protect your privacy and personal information just as well and safely.
In the relevant legal acts, our Data Protection Policy, as well as in other documents that we may apply while processing data, there are a number of concepts important to the protection of your rights. Depending on the country in which you use our SaaS, the manner to understand the following concepts, essential for the protection of your privacy, may vary. By processing of your personal data for the SaaS purposes, we understand the following key concepts as follows:
The term 'personal information' is most commonly used in the US and Canada in order to indicate personal data. Further in this document, we would like to use the term 'personal data' or simply 'data' uniformly.
Typical examples of personal data are as follows: home and work addresses, telephone number, e-mail address, social security number, birth date, gender, marital status, mother's maiden name, and health data.
The controller processing personal data for the purpose of providing our website and SaaS services is the VR Global Inc. with its registered office in New York, the United States of America, 335 Madison Avenue 4th Floor, New York, NY 10017. In all matters concerning the protection of your privacy and personal data you are welcome to contact us through the following contact details: email@example.com
At the same time, we would like to kindly inform persons from the EU that we have not appointed a data protection officer (see: Articles 37-39 of GDPR).
In principle, we process your data on the basis of your consent, or because we need it to provide you with the website or SaaS service or in order to make a settlement of the agreement we concluded.
It may happen that we would be forced by law to transfer your personal data to public services - yet we always remain committed to act in accordance with the law. We are allowed to use your data to develop the VR Global through, for example, customer profile analysis, preparation of marketing strategies. In this case, the basis for the processing of your data are our legitimate business interests - the possibility to make market analysis, advertising, implementation of sales strategies, etc. as it remains a part of the fundamental right of economic freedom and the freedom to conduct a business. Nevertheless, we renounce such processing which would excessively interfere your rights and freedoms.
In the case of EU citizens, the legal grounds for data processing of personal data are explicitly set forth in the GDPR. In the case of our SaaS, depending on the circumstances that would be the following:
Currently we do not use your personal data to make automated decisions using the available technologies. If we change it in the future, we will update this Policy to let you know more.
Acting in compliance with the law, we may transfer your personal data to our contractors and service providers. We always provide at least the same level of security of your data and are constantly committed to choose our contractors who can guarantee a high level of protection of your privacy.
The controller of your personal data is the VR Global, however it may transfer personal data to its affiliates, primarily to the company incorporated under the Polish law, the VR Global Europe Sp. z o.o. (LLC) with its registered office in Wroclaw, Poland. We are also allowed to transfer data to entities such as companies providing accounting and tax services, our lawyers, payment companies, banks, companies providing analytical services (e.g. for the purposes of market analysis) or marketing and PR services.
Please remember that your consent to the processing of your personal data by us is and would always remain voluntary. You can also withdraw your consent at any time, however without your consent to data processing we might be unable to provide you with our website and SaaS services.
The principles of protection of your personal data and privacy may result from both state as well as federal law.
In case of the EU citizens, the principles for the processing of personal data arise primarily from the so-called General Data Protection Regulation. It is an act of the EU law, which means that it is a regulation common to all of the EU Members. The same principles apply to all of the EU entrepreneurs. The full name of this act is as follows: Regulation of the European Parliament and of The Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (GDPR).
In our organization, we process variety of data and different categories of personal data – all for specific purposes. If we ask you for consent to process information, we inform you about the processing principles. Please do not hesitate to familiarize yourself with them carefully.
Please remember that your consent is always voluntary and you can withdraw your consent at any time without stating any reason. Please note, however, that occasionally it may turn out to be impossible to provide you with services, fulfill your order or provide some SaaS functionalities - as it might not be possible without your personal data. Therefore, you are kindly asked to fully consider whether you consciously would like to authorize us to process your personal data.
By using the VR Global website and SaaS services, you consent to the processing of your personal data for the purpose of providing services by us. However, taking care of your privacy, while executing any SaaS Agreement we always request for your consent.
In the case of our website and SaaS services, we collect and process the following data for the purposes indicated below:
SOURCE OF DATA
TYPE OF DATA THAT CAN BE COLLECTED AND PROCESSED
website contact form, any other communications between us
required: name, surname, e-mail address; optional: telephone number
communications with you, negotiations of contracts, presentation of our offers and services, handling your requests
any agreement between you and VR Global
name and surname (if applicable), business name, contact address, email address, tax ID
execution and performance of an agreement
data collected during the use of website and SaaS services
IP address, number of pages visited at the website, time spent on particular pages, any server requests, cursor position
cookies files (please see the information below)
identity of website and SaaS users
user identification, authentication and authorization during the session
Processing of your personal data may each time look different, depending on what data we process, for what purpose, by what means, on what legal basis, etc. In each case, however, we are guided by a few fundamental values and principles:
The GDPR regulation confer persons from the European Union with a number of rights that they can use while we process their personal data. If you are the person from the EU or EEA you are vested in with the following rights:
In order to exercise your rights, you must first let us know. As a first step you are kindly requested to contact in a convenient way for you with the VR Global - the controller of your personal data. To facilitate this process, we have prepared a form of your request (or statement) that you can use to communicate with us - you will find this form at the very end of this Data Protection Policy.
Regardless of how, when and in what form you would like to contact VR Global in matters relating to your privacy, please do not hesitate to read the following information, containing the rules for handling inquiries from people from the European Union resulting from the provisions of the GDPR, which we would use:
Information shall be provided in writing or otherwise, including, where appropriate, electronically. In case of explicit request of the data subject, the information shall be given orally, provided that the identity of the data subject is confirmed by other means. The controller shall refuse to request if the identification of the data subject is not possible. The controller without undue delay – and in any case within one month from receipt of the request – provides the data subject with the information on actions taken in conjunction with the request. If necessary, this period may be extended by another two months due to the complex nature of the request or the number of requests. Within one month from the receipt of the request, the controller shall inform the data subject about such extension, stating the reasons for the delay. If the data subject has forwarded his request electronically, if possible, the information is also transmitted electronically, unless the data subject requests a different form. If the controller fails to take action in relation to the request of the data subject, the controller shall immediately – no later than within one month from the receipt of the request – inform the data subject of the reasons for failure to take action and the possibility of lodging a complaint to the supervisory authority and to exercise available legal remedies before the court. Information provided by the controller as well as communication and actions taken in conjunction with handling requests are free of charge. If the data subjects' requests are manifestly unjustified or excessive, in particular, because of their continuing nature, the controller shall charge a reasonable fee, including administrative costs of providing information, communication or undertaking specific actions, or refusing to take actions in relation to the request. If the controller has reasonable doubts regarding the identity of the natural person submitting the request, the additional information necessary to confirm the identity of the data subject shall be requested.
We would like to look after the security of all our Clients, website visitors and SaaS users equally. If the provisions of GDPR do not apply to you, you can still request that your personal data to be rectified if they are incorrect; to abandon processing them - if there is no grounds for it; to amend personal data - if they are changed. Should you like to amend anything or you simply wish to find out more, please do not hesitate to contact VR Global.
Our website and SaaS services are designed and reserved for adults only. It is the law of the country you are a citizen of which determines if you are an adult. Usually, depending on the country you are the citizen of, you must be at least 18 or 21 years old in order to be able to use our services. If you are not an adult – you are not allowed to enter into any SaaS Agreement with us on the basis of which you would be provided with SaaS services. Under no circumstances such agreements shall be concluded by persons who are not at least 16 years old. We do not collect or process personal data of children, including, in particular, personal data of persons under 16 years of age.
Information about the cookies we use on our website and in our SaaS services:
If we would like to make changes to operation of the SaaS or website, we commence to offer new products, services, we are willing to change the way we process your personal data, there may appear a need to review our existing data protection principles. We monitor how our activities may affect the security of your privacy. In particular, if we predict that our activities may in some way affect your privacy, we carry out appropriate risk assessments (Privacy Risk Assessment). If we create new products, services and implementations of new configurations and settings of the SaaS – we accept such configurations and settings that do not expose you to the processing of personal data beyond what is necessary to use our solutions (Privacy by Default), whereas the products and services themselves are created according to the same principle (Privacy by Design). If we make changes to our functioning, and if there exist such a need, we also audit our data protection principles - in order to enhance protection of information about you.
We strive to familiarize all our staff with this policy, in particular those who have access to any personal data. Our employees and fellows are obliged to observe rules and principles which we apply in order to protect your data and we are committed to process your data with full respect of the law and in accordance with the main principles of our Policy indicated above. Only selected employees of the VR Global have access to your data.
We follow these principles, you use them. Just like we created our SaaS services for you.
The VR Global, Inc. is the company incorporated under the US law. The data you provide to us shall be processed primarily in the United States. VR Global may also have affiliates in various countries around the World, including in Wroclaw, Poland. In this case, your data shall also be processed in the country in which we have affiliates. In addition, the SaaS is a technologically complex service. For its correct or enhanced operation, we can take advantage of various possibilities offered by technology and IT infrastructure, which may involve the temporary transfer of your data to servers, end devices, etc. located in other countries.
No matter where your data is processed, we are striving to provide equal level of data security everywhere. In particular, we select our contractors - providers of infrastructure and IT services - choosing only those who can guarantee the high level of protection of your privacy.
We protect your data best as we can. We use appropriate to the level of risk (which may involve processing of your data) technological, organizational and physical safeguards. Depending on the circumstances, we may use different types of security: IT security, encryption, pseudo anonymization, physical security or well-organized internal principles of processing of personal data only by concretely authorized persons. We protect your data in particular against accidental loss, modification or unauthorized disclosure to third parties.
We store and process your data for as long as it is necessary for the purposes for which we do it. We might be obliged by law to keep data for a specific minimum period - we comply with such requirements. In principle, we process your data as long as it is necessary to provide and settle the SaaS or other services.
In the case where there would be a breach of the personal data protection of a person from the European Union, we would inform this person if this breach may actually have a serious impact on his/her rights, freedoms as well as privacy. In principle, legal provisions require us to inform two entities in the event of the breach of personal data protection: the appropriate supervisory authority and the personal data subject. At the same time, if the privacy of such a person and its other rights are not at risk (the law directly indicates the following cases: the controller implemented appropriate technical and organizational protection measures and these measures have been applied to the personal data the breach relates to, in particular measures such as encryption, preventing from reading by persons without authorized access to these personal data; the controller applied measures to eliminate the probability of the high risk of violation of the rights or freedoms of the data subject) there is no need to worry and in accordance with provisions of law we do not have to inform this person separately.
If a notification of the breach of data protection which concerns person from the European Union would involve a disproportionate effort, a public communication is issued or a similar measure whereby the data subjects are informed about the breach in an equally effective manner.
This Policy is effective as of 25 May 2018 and will remain in effect in its current wording until we amend or change it in any manner. In case of any changes – we will let you know about, either by email message or by posting the new Policy on our website, as reasonably practicable. We reserve the right to update or change our Policy at any time. If you continue to use our services after any change of Policy, it means that you agree with such changes.
INFORMATION FOR PERSONS FROM THE EUROPEAN UNION WITHIN THE MEANING OF THE VR GLOBAL SAAS DATA PROTECTION POLICY
Information shall be provided in writing or otherwise, including, where appropriate, electronically. In case of explicit request of the data subject, the information shall be given orally, provided that the identity of the data subject is confirmed by other means. The controller shall refuse to request if the identification of the data subject is not possible. The controller without undue delay – and in any case within one month from receipt of the request – provides the data subject with the information on actions taken in conjunction with the request. If necessary, this period may be extended by another two months due to the complex nature of the request or the number of requests. Within one month from the receipt of the request, the controller shall inform the data subject about such extension, stating the reasons for the delay. If the data subject has forwarded his request electronically, if possible, the information is also transmitted electronically, unless the data subject requests the different form. If the controller fails to take action in relation to the request of the data subject, the controller shall immediately – no later than within one month from the receipt of the request – inform the data subject of the reasons for failure to take action and the possibility of lodging a complaint to the supervisory authority and to exercise available legal remedies before the court. Information provided by the controller as well as communication and actions taken in conjunction with handling requests are free of charge. If the data subjects' requests are manifestly unjustified or excessive, in particular, because of their continuing nature, the controller shall charge a reasonable fee, including administrative costs of providing information, communication or undertaking specific actions, or refusing to take actions in relation to the request. If the controller has reasonable doubts regarding the identity of the natural person submitting the request, the additional information necessary to confirm the identity of the data subject shall be requested.