Aperion Privacy Policy

Effective Date: 6 May 2022

Version: 1.0

This Privacy Policy (“Policy”) describes how Aperion XR Ltd (“we,” “us,” or “our”) collects, uses, and discloses information that we obtain about your use of Aperion XR’s website (https://aperionxr.com/), use of our Artifact app or other apps we provide (together “apps”) and our Artifact Content Management System (“CMS").

This Privacy Policy applies to all uses of our website, apps and/or CMS (collectively “Services”) globally.


By using our Services, you understand and explicitly agree that your personal data, including any personal data that you provide directly to us or that we collect through your use of our Services, will be processed by us in accordance with this Privacy Policy and may be transferred to and stored in Switzerland or any country of the European Economic Area or in accordance with Section 6 below. If our client such as museums or other institutions are located outside Switzerland and the European Economic area, we may store the personal data in the country or region in compliance with the laws of the jurisdiction where our client is located.

Aperion XR Ltd is a company registered under the laws of Switzerland and is subject to Swiss data protection regulations, such as the Federal Act on Data Protection (“FADP”). As an internationally operating company, the EU General Data Protection Regulation (“GDPR”) is important to us in addition to the Swiss data protection regulations.

We are controller within the meaning of the FADP/GDPR, when we determine the purposes and means of processing personal data. This is usually the case, when you use our Services. If you have any questions regarding data protection, please do not hesitate to contact us:

Aperion XR Ltd
c/o Robert Walker Sumner
Limmatstrasse 73
8005 Zürich

In case you have any questions related to data protection or your rights, you can also reach us via email at dataprotection@aperionxr.com .

1. What types of personal data do we collect?

We collect information and personal data directly from you, from devices and third-party services you connect, as well as automatically through your use of our Services.

The Artifact CMS offers a reusable, customizable platform that empowers museum curators to create their own augmented reality content and experiences. When using our CMS, we collect and process the following data:

(1) Information that you provide by filling in forms on our CMS. This includes information provided at the time of registering to use our CMS, while logging in, and while using the CMS thereafter. Information collected may include your name and email-address, subscribing to any of our services, creating, uploading, or downloading content or other material, or requesting further services.

(2) We may also ask you for information when you report a problem with our CMS.

(3) If you contact us, we may keep a record of that correspondence.

(4) Details of your visits to our CMS and the resources that you access, including the time and date of the access.

The Artifact app delivers interactive augmented reality experiences, authored by the museum curators, to the museum visitors. When using our app, we collect and process the following data:

(5) How you use the app and interact with it, including, but not limited to, which pages and artworks you view, which app settings you choose, and which media you download.

(6) Information about app crashes (opt-in).

When visiting our website on https://aperionxr.com/, we may collect and process the following data:

(7) Data transmitted by your browser and automatically recorded by our server, including date and time of the access, name of the accessed file as well as the transmitted data volume.

(8) The performance of the access, your web browser, browser language and requesting domain, and IP address.

2. Communication

When you contact us directly, we will receive the contents of your message or any attachments you may send to us, as well as any additional information you choose to provide.

3. For which purposes do we process personal data?

We process your information, including your personal data, for the following purposes:

(1) When you create a profile to use the CMS, you provide us your personal data as described in Section 1 for the purpose of fulfilling the contract with the institution, which authorized you to use our CMS and improving the quality of the CMS.

(2) To provide you access to CMS or app, to communicate with you about your use of the CMS or app, to respond to your inquiries, and for other customer service purposes.

(3) To provide you the content you access through the app, to improve the quality of the app and/or to improve anonymous app usage analytics data to museum curators.

(4) To research and develop new products and features, to the extent permitted by law and, where required, with your consent.

(5) For marketing, promotional and informational purposes, to the extent permitted by law and, where required, with your consent. For example, we may use your information, such as your email address, to send you news and newsletters, special offers, and promotions, or to otherwise contact you about products or information we think may interest you. We also may use the information that we learn about you to assist us in advertising our services on third-party websites. You can opt-out of receiving these emails at any time as described below.

(6) To better understand how users access and use our Services, both on an aggregated and individualized basis, in order to improve our Services and respond to user desires and preferences, and for other analytical purposes.

(7) To tailor the content and information that we may send or display to you, to offer location customization, and personalized help and instructions, and to otherwise personalize your experiences while using our Services.To administer surveys and questionnaires.

(8) To comply with legal and regulatory obligations and responsibilities, as part of our general business operations, and for other business administration purposes.

(9) Where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of our terms of use or this Privacy Policy.

4. On which legal basis and for which purposes do we process personal data?

Depending on the purpose of the processing activity (see Section 3 above), the processing of your information and personal data will be one of the following:

(1) necessary for the legitimate interests of us, without unduly affecting your interests or fundamental rights and freedoms (see below);

(2) necessary for taking steps to enter into or executing a contract with you for the Services (app, CMS or website) or products you or your employer request, or for carrying out our obligations under such a contract with you or your employer, such as when we use your data for some of the purposes in Section 3 (as well as certain of the data disclosures described in this Section 4);

(3) required to meet our legal or regulatory responsibilities, including when we conduct the checks to identify you and make the disclosures to authorities, regulators and government bodies referred to in Sections 5(5) and 5(6);

(4) in some cases, necessary for the performance of a task carried out in the public interest;

(5) when we use special categories of personal data, necessary for establishing, exercising or defending legal claims or where the processing relates to personal data manifestly in the public domain; and

(6) processed with your consent which we obtain from you from time to time (for instance where required by law), or processed with your explicit consent in the case of special categories of personal data.

Examples of the 'legitimate interests ' referred to above are:

(7) pursuing certain of the purposes in Sections 3(5) - 3(7);

(8) exercising our rights under Articles 16 and 17 of the Charter of Fundamental Rights, including our freedom to conduct a business and right to property;

(9) when we make the disclosures referred to in Section 5 below, providing products and services and assuring a consistently high service standard, and keeping our customers, employees and other stakeholders satisfied; and

(10) meeting our accountability and regulatory requirements around the world,

in each case provided such interests are not overridden by your privacy interests.

5. Who has access to personal data and with whom are they shared?

We may share your information, including without limitation personal data, as follows:

(1) Aggregate and De-Identified Information. We may share aggregate or de-identified information—so that it cannot reasonably be used to identify an individual—with third parties for marketing, advertising, research or similar purposes.

(2) Affiliates. We may disclose the information we collect from you to our affiliates or subsidiaries; however, if we do so, their use and disclosure of your personal information will be subject to this Policy.

(3) Service Providers. We may share your information with third party vendors, service providers, contractors or agents who perform service functions needed by us to run the business, such as providers of hosting, email communication, customer support services, analytics, marketing, and advertising, based on our instructions, and in compliance with this Policy and any other appropriate confidentiality and security measures.

(4) Business Transfers. If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding or reorganization, we will give affected users notice before transferring any personal information to a new entity.

(5) In Response to Legal Process. We may disclose the information we collect from you in order to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena.

Please note: Our policy is to notify you of legal process seeking access to your information, such as search warrants, court orders, or subpoenas, unless we are prohibited by law from doing so. In cases where a court order specifies a non-disclosure period, we provide delayed notice after the expiration of the non-disclosure period. Exceptions to our notice policy include exigent or counterproductive circumstances, for example, when there is an emergency involving a danger of death or serious physical injury to a person.

(6) In response of regulatory or legal obligation: If required from time to time, we disclose personal data to public and judicial authorities, regulators or governmental bodies and in proceedings, including when required by law or regulation, under a code of practice or conduct, or when these authorities or bodies require us to do so.

(7) To Protect Us and Others, we may disclose the information we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our terms of use or this Policy, or as evidence in litigation in which we are involved.

(8) Third Party Analytic tools. We use or may use automated devices and applications, such as Google Analytics, to evaluate usage of our Service. We also may use other analytic means to evaluate our websites. We use these tools to help us improve our Services, performance, and user experiences.

6. International transfers of personal data

The Recipients referred to in Section 5 above can be located outside Switzerland. In those cases, except where the relevant country has been determined by the EU or Switzerland to provide an adequate level of protection, we put in place suitable safeguards to ensure that such transfer is carried out in compliance with applicable data protection rules.

You may request additional information in this respect and obtain a copy of the relevant safeguard by contacting us at the address at the end of this notice. Where we transfer personal data to service providers located in countries which do not provide an adequate level of protection, we rely on the standard contractual clauses approved by the European Commission or Switzerland.

7. How long do we store your data?

We will only retain your information, including without limitation personal data, for as long as necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements. To help us do this, we apply criteria to determine the appropriate periods for retaining your personal data depending on its purpose, such as proper account maintenance, facilitating client relationship management, and responding to legal claims or regulatory requests. Please note that for bookkeeping purposes, a company domiciled in Switzerland has to archive relevant files during 10 years.

8. Cookies

Cookies are small text files stored on your device and used by web browsers to deliver personalized content and remember logins and account settings. In addition to improving user experience, we use or may use cookies and similar technologies for analytic and advertising purposes. You can manage your cookies locally by adjusting your browser settings, or you can opt-out of targeted advertising through cookies by visiting networkadvertising.org/choices or aboutads.info/choices. Because there is not yet a common understanding of how to interpret Do Not Track signals, we are unable to respond to Do Not Track requests from browsers, however we are monitoring for updates and will revisit this policy once a common standard is established.

9. Third-Party Links

Our Service may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Privacy Policy, but instead is governed by the privacy policies of those third-party websites. We are not responsible for the information practices of such third-party websites.

10. Security of My Personal Information

We have implemented reasonable precautions to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our best efforts, no data security measures can guarantee security.

We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.

11. Access to, Storage of and Deleting My Personal Information

You may access and modify personal information that you have submitted by going into your profile and updating your profile information. Your personal data are stored and accessible on your device as well as in the cloud.

We store information associated with your account until your account is deleted. Please note that it may take a bit of time to delete your account information, and we may preserve it for legal reasons or to prevent harm, including as described in the How Information Is Shared section.

12. Users Under 16

Our services are not designed for users under 16.

13. Your Rights

13.1. What Rights Do I Have?

Individuals located in Switzerland or the European Economic Area (EEA) have certain rights in respect of your personal information. We will provide the capabilities to exercise these certain rights to all our worldwide users, including:

(1) the right of access to your personal data;

(2) the right to correct or rectify any inaccurate personal data;

(3) the right to restrict or oppose processing of personal data;

(4) the right to erase your personal data; and

(5) the right to personal data portability.

This Privacy Policy does not apply to persons if our customer uses our Services and where our customer and the person have an agreement between them covering the use our Services and the processing of personal data related to such person; in such a case the customer controls data collected from/by us, and the customer's privacy policy will apply, not this Privacy Policy.

13.2. How May I Exercise My Individual Rights?

The users whose data is governed by this Privacy Policy located worldwide may access and update their personal information as follows: You may exercise your rights by contacting us as set forth in the beginning of this Privacy Policy.

Please note that we may request additional information from you to verify your identity before we disclose any personal or account information.

14. Contact Us

If you have questions about our privacy practices, please contact us as set forth in the beginning of this Privacy Policy.

If you are unable to reach us at the contact information provided above regarding your issue, you have the right to contact your local Data Protection Authority.

15. Changes to this Policy

This Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on our Service. If we make any changes to this Policy that materially affect our practices with regard to the personal information we have previously collected from you, we will endeavor to provide you with notice in advance of such change.