Effective Date: 6 May 2022
Aperion XR Ltd is a company registered under the laws of Switzerland and is subject to Swiss data protection regulations, such as the Federal Act on Data Protection (“FADP”). As an internationally operating company, the EU General Data Protection Regulation (“GDPR”) is important to us in addition to the Swiss data protection regulations.
We are controller within the meaning of the FADP/GDPR, when we determine the purposes and means of processing personal data. This is usually the case, when you use our Services. If you have any questions regarding data protection, please do not hesitate to contact us:
Aperion XR Ltd
c/o Robert Walker Sumner
In case you have any questions related to data protection or your rights, you can also reach us via email at firstname.lastname@example.org .
We collect information and personal data directly from you, from devices and third-party services you connect, as well as automatically through your use of our Services.
The Artifact CMS offers a reusable, customizable platform that empowers museum curators to create their own augmented reality content and experiences. When using our CMS, we collect and process the following data:
(1) Information that you provide by filling in forms on our CMS. This includes information provided at the time of registering to use our CMS, while logging in, and while using the CMS thereafter. Information collected may include your name and email-address, subscribing to any of our services, creating, uploading, or downloading content or other material, or requesting further services.
(2) We may also ask you for information when you report a problem with our CMS.
(3) If you contact us, we may keep a record of that correspondence.
(4) Details of your visits to our CMS and the resources that you access, including the time and date of the access.
The Artifact app delivers interactive augmented reality experiences, authored by the museum curators, to the museum visitors. When using our app, we collect and process the following data:
(5) How you use the app and interact with it, including, but not limited to, which pages and artworks you view, which app settings you choose, and which media you download.
(6) Information about app crashes (opt-in).
When visiting our website on https://aperionxr.com/, we may collect and process the following data:
(7) Data transmitted by your browser and automatically recorded by our server, including date and time of the access, name of the accessed file as well as the transmitted data volume.
(8) The performance of the access, your web browser, browser language and requesting domain, and IP address.
When you contact us directly, we will receive the contents of your message or any attachments you may send to us, as well as any additional information you choose to provide.
We process your information, including your personal data, for the following purposes:
(1) When you create a profile to use the CMS, you provide us your personal data as described in Section 1 for the purpose of fulfilling the contract with the institution, which authorized you to use our CMS and improving the quality of the CMS.
(2) To provide you access to CMS or app, to communicate with you about your use of the CMS or app, to respond to your inquiries, and for other customer service purposes.
(3) To provide you the content you access through the app, to improve the quality of the app and/or to improve anonymous app usage analytics data to museum curators.
(4) To research and develop new products and features, to the extent permitted by law and, where required, with your consent.
(5) For marketing, promotional and informational purposes, to the extent permitted by law and, where required, with your consent. For example, we may use your information, such as your email address, to send you news and newsletters, special offers, and promotions, or to otherwise contact you about products or information we think may interest you. We also may use the information that we learn about you to assist us in advertising our services on third-party websites. You can opt-out of receiving these emails at any time as described below.
(6) To better understand how users access and use our Services, both on an aggregated and individualized basis, in order to improve our Services and respond to user desires and preferences, and for other analytical purposes.
(7) To tailor the content and information that we may send or display to you, to offer location customization, and personalized help and instructions, and to otherwise personalize your experiences while using our Services.To administer surveys and questionnaires.
(8) To comply with legal and regulatory obligations and responsibilities, as part of our general business operations, and for other business administration purposes.
Depending on the purpose of the processing activity (see Section 3 above), the processing of your information and personal data will be one of the following:
(1) necessary for the legitimate interests of us, without unduly affecting your interests or fundamental rights and freedoms (see below);
(2) necessary for taking steps to enter into or executing a contract with you for the Services (app, CMS or website) or products you or your employer request, or for carrying out our obligations under such a contract with you or your employer, such as when we use your data for some of the purposes in Section 3 (as well as certain of the data disclosures described in this Section 4);
(3) required to meet our legal or regulatory responsibilities, including when we conduct the checks to identify you and make the disclosures to authorities, regulators and government bodies referred to in Sections 5(5) and 5(6);
(4) in some cases, necessary for the performance of a task carried out in the public interest;
(5) when we use special categories of personal data, necessary for establishing, exercising or defending legal claims or where the processing relates to personal data manifestly in the public domain; and
(6) processed with your consent which we obtain from you from time to time (for instance where required by law), or processed with your explicit consent in the case of special categories of personal data.
Examples of the 'legitimate interests ' referred to above are:
(7) pursuing certain of the purposes in Sections 3(5) - 3(7);
(8) exercising our rights under Articles 16 and 17 of the Charter of Fundamental Rights, including our freedom to conduct a business and right to property;
(9) when we make the disclosures referred to in Section 5 below, providing products and services and assuring a consistently high service standard, and keeping our customers, employees and other stakeholders satisfied; and
(10) meeting our accountability and regulatory requirements around the world,
in each case provided such interests are not overridden by your privacy interests.
We may share your information, including without limitation personal data, as follows:
(1) Aggregate and De-Identified Information. We may share aggregate or de-identified information—so that it cannot reasonably be used to identify an individual—with third parties for marketing, advertising, research or similar purposes.
(2) Affiliates. We may disclose the information we collect from you to our affiliates or subsidiaries; however, if we do so, their use and disclosure of your personal information will be subject to this Policy.
(3) Service Providers. We may share your information with third party vendors, service providers, contractors or agents who perform service functions needed by us to run the business, such as providers of hosting, email communication, customer support services, analytics, marketing, and advertising, based on our instructions, and in compliance with this Policy and any other appropriate confidentiality and security measures.
(4) Business Transfers. If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding or reorganization, we will give affected users notice before transferring any personal information to a new entity.
(5) In Response to Legal Process. We may disclose the information we collect from you in order to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena.
Please note: Our policy is to notify you of legal process seeking access to your information, such as search warrants, court orders, or subpoenas, unless we are prohibited by law from doing so. In cases where a court order specifies a non-disclosure period, we provide delayed notice after the expiration of the non-disclosure period. Exceptions to our notice policy include exigent or counterproductive circumstances, for example, when there is an emergency involving a danger of death or serious physical injury to a person.
(6) In response of regulatory or legal obligation: If required from time to time, we disclose personal data to public and judicial authorities, regulators or governmental bodies and in proceedings, including when required by law or regulation, under a code of practice or conduct, or when these authorities or bodies require us to do so.
(8) Third Party Analytic tools. We use or may use automated devices and applications, such as Google Analytics, to evaluate usage of our Service. We also may use other analytic means to evaluate our websites. We use these tools to help us improve our Services, performance, and user experiences.
The Recipients referred to in Section 5 above can be located outside Switzerland. In those cases, except where the relevant country has been determined by the EU or Switzerland to provide an adequate level of protection, we put in place suitable safeguards to ensure that such transfer is carried out in compliance with applicable data protection rules.
You may request additional information in this respect and obtain a copy of the relevant safeguard by contacting us at the address at the end of this notice. Where we transfer personal data to service providers located in countries which do not provide an adequate level of protection, we rely on the standard contractual clauses approved by the European Commission or Switzerland.
We will only retain your information, including without limitation personal data, for as long as necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements. To help us do this, we apply criteria to determine the appropriate periods for retaining your personal data depending on its purpose, such as proper account maintenance, facilitating client relationship management, and responding to legal claims or regulatory requests. Please note that for bookkeeping purposes, a company domiciled in Switzerland has to archive relevant files during 10 years.
We have implemented reasonable precautions to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our best efforts, no data security measures can guarantee security.
We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.
You may access and modify personal information that you have submitted by going into your profile and updating your profile information. Your personal data are stored and accessible on your device as well as in the cloud.
We store information associated with your account until your account is deleted. Please note that it may take a bit of time to delete your account information, and we may preserve it for legal reasons or to prevent harm, including as described in the How Information Is Shared section.
Our services are not designed for users under 16.
Individuals located in Switzerland or the European Economic Area (EEA) have certain rights in respect of your personal information. We will provide the capabilities to exercise these certain rights to all our worldwide users, including:
(1) the right of access to your personal data;
(2) the right to correct or rectify any inaccurate personal data;
(3) the right to restrict or oppose processing of personal data;
(4) the right to erase your personal data; and
(5) the right to personal data portability.
Please note that we may request additional information from you to verify your identity before we disclose any personal or account information.
If you are unable to reach us at the contact information provided above regarding your issue, you have the right to contact your local Data Protection Authority.
This Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on our Service. If we make any changes to this Policy that materially affect our practices with regard to the personal information we have previously collected from you, we will endeavor to provide you with notice in advance of such change.