INTRODUCTION

1. Eyeora Ltd, a company registered in England under company number 10825902 and whose registered office is 7 Bell Yard, London, England, WC2A 2JR, and its affiliate companies (“EYEORA”, “we”, “us” or “our” in this policy), operates the Eyeora platforms (including the virtual reality technologies, applications, products, software and other materials under the “EYEORA” brand) (“Services”). This policy explains how we will process the personal data relating to users of the Services.

   "If you have any questions or comments about this policy please contact us here (please categorise your message as “Privacy”)"

2. EYEORA is committed to protecting and respecting your privacy. This policy explains the basis on which personal data we collect from you will be processed by us. Where we decide the purpose or means for which Personal Data you supply through these Services is processed, we are the “data controller” for the purposes of the General Data Protection Regulation 2016/679 (as may be amended or replaced by equivalent legislation in the UK from time to time).

3. This policy explains the following:

   1. What information EYEORA may collect about you;
   2. How EYEORA will use information we collect about you;
   3. Whether EYEORA will disclose your details to anyone else;
   4. Your choices and rights regarding the personal data you have provided to us; and
   5. The main cookies we use and why.
4. Our online services contain hyperlinks to websites owned and operated by third parties. These third-party websites may have their own privacy policies and we recommend that you review them. We do not accept any responsibility or liability for the privacy practices of such third parties and your use of their services is at your own risk.

WHAT INFORMATION WILL EYEORA COLLECT ABOUT ME?

1. We collect and process the following information which may include your Personal Data.

Information provided by you when using our Services

You may give us information about you by filling in forms when setting up an account with us, using our Services, signing up to our newsletter or contacting us with enquiries. Such information may include:

1) Identity and log-in data: including your name, username, virtual avatar, profession, profile picture, e-mail address and password;

2) Transaction data: where you host, upload, attend, or access paid virtual content or event, purchase a subscription or access other paid-for items, we will keep information related to your purchases and transactions relating to you (see the section on Payment Information below);

3) XR rooms/Event data: this is information related to the XR rooms and events that you host or attend, including any content, audio and visual recordings of those events, actions that you take and copies of chat logs and interactions between you and other users;

4) Your enquiry: if you contact us about your account and/or our Services, we may keep the content of such enquiry. You are under no obligation to provide us with any details, but if you do not provide all relevant information, we may not be able to help.

Payment Information

When you pay for access to virtual events or other Services, we use the third party payment system provided by Stripe & 2Checkout, which transacts all our payments. Where you make a payment, 2Checkout and Stripe will collect your name, credit card, billing address, delivery address (if applicable) and email address for payment processing. Card payment information is collected by 2Checkout and Stripe directly through their APIs which means that Eyeora has no access to your card payment information. For further details of how 2Checkout collects and uses personal data please see their privacy policy here and for Stripe please click here.

How you use the Services (Analytics)

When you use the Services, we collect the following information:

1) How often you use our Services and how you use our Services;

2) Your IP address; and

3) Device and browser operating system, version, make and model.

Please see Part 2 of this Privacy and Cookie Policy for further details.

DATA SHARING

1. As reasonably necessary for the purposes set out in this privacy policy, we may share your personal information with carefully-selected third parties (including suppliers and subcontractors), who are engaged to help us run, market, manage and improve the quality of the services that we offer. The third party service providers include the following:
   1. Stripe (https://stripe.com/)
   2. 2Checkout (https://www.2checkout.com/)
   3. Pusher (https://pusher.com/)
   4. AWS (https://aws.amazon.com/)
   5. Google Firebase (https://firebase.google.com/)
   6. Google Analytics (https://analytics.google.com/)
   7. Amazon, to participate in the Amazon associate marketing program (https://affiliate-program.amazon.co.uk/)
2. We may disclose personal data to members of our group of companies (which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the Companies Act 2006), our personnel, suppliers or subcontractors insofar as it is reasonably necessary for the purposes set out in this policy. However, this is on the basis that they do not make independent use of the information and have agreed to safeguard this information. Activities which are carried out by or in collaboration with third party service providers include hosting & IT infrastructure.
3. If we are involved in a merger, acquisition, transfer or sale of all or a portion of our assets, you will be notified via email, account message and/or a prominent notice on our website of any change in ownership or uses of this information, as well as any choices you may have regarding this information.
4. In addition, we may disclose your information to the extent that we are required to do so by law or regulation (which may include to government bodies, regulators and law enforcement agencies); in connection with any legal proceedings or prospective legal proceedings; and in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention).

HOW WE WILL USE INFORMATION WE COLLECT ABOUT YOU

Providing the Services to you as a Use

We may use and retain your personal data where we need to perform the contract we are about to enter into or have entered into with you, such as to:

- Register you as a new user;

- Enable your purchase of a ticket to an event hosted on our platform or other paid-for content or items;

- Administer your subscription; and

- Deliver our Services to you or to ensure that the Services function properly and deliver the features promised.

We may also use and retain the personal data that you provide to us when requesting our Services, to pursue our legitimate interest of providing our Services to you, such as to:

- Respond to your enquiries;

- Understand your usage of our Services;

- Analyse and improve our Services; and

- Provide you with information and updates about the Services we offer.

We may also use and retain your personal data where we rely upon your prior consent for us to process it, such as to understand your usage of our Services and to compile statistical reports regarding that activity. You can withdraw your consent at any time by contacting us here (please categorise your message as “Privacy”)

Prevention of Harassment, Fraud and other Unacceptable Activity

We may process your information for the legitimate interests of ensuring that use of our Services is in line with our EULA, lawful and non-fraudulent, does not disrupt the operation of our Services, does not harass our staff or other individuals, and to enforce our legal rights and comply with our legal and regulatory obligations, including compliance with anti-money laundering regulations (if and where applicable).

Where we suspect that you have breached our EULA, we may investigate and keep a record of such investigation and its conclusion. Where such investigation concludes in a ban from our Services, we will keep details of such ban to ensure that it can be enforced.

We process information for the legitimate interest of complying with HMRC requirements by retaining records of customer purchases and transactions.

Where we reasonably believe that you are or may be in breach of any of the applicable laws or regulations, we may use your personal data to inform relevant third parties, your email/internet provider or law enforcement agencies about the content.

YOUR RIGHTS IN RELATION TO PERSONAL DATA WHICH WE PROCESS RELATING TO YOU

1. You have the following rights over the way we process personal data relating to you. We aim to comply without undue delay to any requests by you:

   1. For a copy of data we are processing about you and to have inaccuracies corrected;
   2. To ask us to restrict, stop processing or to delete your personal data;
   3. For a machine-readable copy of your personal data, which you can use with another service provider. Where it is technically feasible, you can ask us to send this information directly to another provider if you prefer; and
   4. To make a complaint to a data protection regulator.
2. Please send your requests to us here (please categorise your message as “Privacy”).

DATA RETENTION

1. We will hold your personal data on our systems for as long as is necessary for the relevant purpose and to maintain business records for tax, legal and regulatory reasons, or as otherwise described in this policy.
2. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal and regulatory requirements.
3. Where we have banned a user from our Services due to their breach of our EULA, we keep information to enforce such a ban. This information is held by us indefinitely, consistent with our legitimate interest and reviewed periodically.
4. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

CHILDREN

We do not knowingly solicit data from or market to children under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us here (please categorise your message as “Legal”). We will delete such information from our files within a reasonable time.

SECURITY

1. We will take all reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal data.
2. Please be aware that, although we endeavour to provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.

CHANGES

We will notify you of any changes to this policy by email, notice on the website and/or account message.

INTERNATIONAL DATA TRANSFERS

Where we transfer your data outside of the EEA in respect of the transfer to the above affiliates, we have agreements in place with those parties which include standard data protection clauses adopted by a data protection regulator and approved by the European Commission to ensure that appropriate safeguards are in place to protect your Personal Data. If you would like to find out more about these safeguards, please let us know by writing to us here (please categorise your message as “Privacy”).