Privacy Policy

In this Privacy Policy we explain which data including personal data of users of our Avatar Cloud Services (“our service”) we collect, how we use it and for which purposes.

1) Controller

The party responsible for the collection, processing and use of your personal data is NeXR Technologies SE, Charlottenstraße 4, 10969 Berlin, (hereinafter ”NeXR“ or ”we“). E-Mail: privacy@avatar.cloud

 

2) Data Protection Officer

activeMind AG

Kurfürstendamm 56
10707 Berlin
Tel.: +49 (0)30 / 770 19 10 70
dataprotect@nexr-technologies.com

 

3) Definitions

“BDSG“ means the German Data Protection Act.

”GDPR“ means the General Data Protection Regulation, Regulation (EU) 2016/679

“TMG” means the German Tele Media Act.

“UWG” means the German Unfair Competition Act.

“Personal Data” is any information relating to an identified or identifiable natural person; This includes, for example, your name, address as well as the data that you provide when creating a user account for our service. Personal data does not include statistical data that we may collect from your use of our service in a way that it is not connected to your Personal Data, for example, general information about which features of our service are most used of for which content there is general interest among our users.

“Data Subject“ means you, the user whose personal data is being processed.

 

4) Legal Basis

When we process personal data with your consent, the legal basis is Art. 6 (1) lit. a GDPR.

When we process personal data to prepare, enter into or to perform a contract with the person to which the data belongs, the legal basis is Art. 6 (1) lit. b GDPR, 11-15a TMG).

We may also process personal data to the extent necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which may require the protection of your personal data. In this case, the legal basis is Art. 6 (1) lit. f GDPR.

 

5) Erasure & Duration of Storage

Your personal data will be deleted, anonymized or blocked as soon as the purpose of the storage no longer applies.
Insofar as data processing is based on your consent, the purpose ceases to apply when you withdraw your consent. Insofar as data processing is carried out on the basis of legitimate interests, the purpose of storage ceases to apply when the legitimate interest no longer exists. Insofar as data processing is carried out for the purpose of initiating or implementing a contractual relationship, the purpose ceases to apply as soon it has been achieved.
Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Blocking, anonymization or deletion of data will also take place if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract. Blocking means that the data is archived and can no longer be used for operational purposes.

 

6) Right to Object

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you on the basis of Art. 6(1)(f) GDPR (data processing on the basis of a weighing of interests); this also applies to profiling based on this provision within the meaning of Art. 4(4) GDPR. Objections can be filed via Email or letter to the Controller indicated above.

If you file an objection, we will no longer process your personal data unless we can prove compelling reasons for the processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.

7) Data we collect and how we process it

1. User Account

To use our service, you have to create a user account. This requires that we collect your date of birth, sex and your email address. We may offer the option to voluntarily provide additional information. We use the information provided by you to enable your use of our Service and to communicate with you about our Service and your use of our Service.

Legal basis: Entering into and the performance of a contract, or to take steps prior to entering into a contract (Art. 6 (1) lit. b GDPR, 11-15a TMG).

2. Service Provision & Logfiles

Each time you access our service, your user account data is matched for authentication.
Legal basis: Entering into and the performance of a contract, or to take steps prior to entering into a contract (Art. 6 (1) lit. b GDPR, 11-15a TMG).

Logfiles. We also collect and store the following information from your terminal device in so-called log files: device model and hardware and software versions, if provided by your device. Operating system. Mobile carrier, signal strength. Frequency and duration of your use, and which functions you use. If you use our service on multiple devices, we aggregate the data collected on those devices. The log files are deleted or anonymized at the latest at the end of the contract.

We use this data to test, further develop and improve our service. We also use this data to ensure the security of our systems.

Legal basis: Legitimate interest (Art. 6 (1) lit. f GDPR).

3. Avatar

At the heart of our service is a three-dimensional image, a so-called Avatar, which is created when you have yourself scanned in one of our 3D body scanners. The Avatar contains your body measurements, such as your height and shape, eye color, body weight if applicable, and other characteristics unique to you. When you are scanned again, this data will be collected again.

We are aware that especially body measurements in the facial area are particularly sensitive data. We do not use this data to identify a person.

Legal basis: Entering into and the performance of a contract, or to take steps prior to entering into a contract (Art. 6 (1) lit. b GDPR, 11-15a TMG).

4. Customer Service

When you contact our customer service, we collect the information provided by you, for example information about your use of our service and any problems you encountered while using it. We also collect the contact information you provide in order to process and respond to your request.

Legal basis: Legitimate interest in processing your request (Art. 6 (1) lit. f GDPR) and Entering into and the performance of a contract, or to take steps prior to entering into a contract (Art. 6 (1) lit. b GDPR, 11-15a TMG).

5. News Letter

If you have subscribed to our news letter, we use your contact data to send it to you. In order to subscribe to the news letter, you have to order it and confirm your order by clicking on a confirmation link that we will send to you following your order. All our news letters contain an easy un-subscribe link.
Legal Basis: Your consent (Art. 6 (1) lit. a, 7, 8 GDPR; § 13 Abs. 2 TMG)

6. Direct Marketing

We use your contact data to send information about similar products and services offered by us e.g. via E-mail, SMS or Push Notification). You have the right to object to this use of your data at any time, and we will inform you about this tight to object in every message.
Legal basis: Art. 6 (1) lit. f GDPR in conj. with §7 Abs. 3 UWG

Subject to your consent, we will use your contact details to send you information about goods and services listings of our partners, for example via email, SMS or so-called push notification. Your consent is voluntary and can be revoked at any time. We point this out when obtaining your consent. The revocation can be made via our mobile app or by sending an informal message to privacy@avatar.cloud.
Legal Basis: Your consent (Art. 6 (1) lit. a, 7, 8 GDPR; § 13 Abs. 2 TMG)

7. Advertising and other Sponsored Content

We may use your information to display selected advertisements, offers and other sponsored content to you.

Legal basis: Entering into and the performance of a contract, or to take steps prior to entering into a contract (Art. 6 (1) lit. b GDPR, 11-15a TMG).

In the settings of our service, you can specify which characteristics we may use for this selection, or you can completely disable personalized advertising. The selection of the displayed advertising is then no longer based on your personal data.

Legal Basis: Your consent (Art. 6 (1) lit. a, 7, 8 GDPR; § 13 Abs. 2 TMG)

8. Anonymisation

We anonymize Avatars and Avatar data in order to use this anonymized data for commercial purposes. By anonymizing this data, it can no longer be traced back to you.

Legal basis: Entering into and the performance of a contract, or to take steps prior to entering into a contract (Art. 6 (1) lit. b GDPR, 11-15a TMG).

9. Location Data

We only use location-based information such as your current whereabouts if you use a localization function of our service, for example, to show you nearby scanner locations. We only do this if you have revocably consented to this via the settings on your end device, for example, by activating the GPS information of your end device (GPS) for our service. We do not permanently collect your location data.

Legal Basis: Your consent (Art. 6 (1) lit. a, 7, 8 GDPR; § 13 Abs. 2 TMG)

10. Cooperation Partners

If you want, you can use your avatar for third-party services!

NeXR cooperates with other companies so that you can use our service together with the offers of our cooperation partners.

This is only possible with your consent. Your consent given to NeXR will be requested separately and is freely revocable. You can manage the consents granted to us in the settings of our service.

Legal Basis: Your consent (Art. 6 (1) lit. a, 7, 8 GDPR; § 13 Abs. 2 TMG)

If you give consent to our cooperation partner, as well as for the use of data collected by cooperation partners themselves, their privacy statements and any other agreements you may have with the cooperation partner apply.

11. Service Providers

For the provision of our services we partly use service providers, for example for the provision of technical (infrastructure) services, analysis and design services and payment providers. Insofar as the processing of personal data is part of the service, we oblige our partners to comply with applicable data protection law and conclude agreements, so-called data processing agreements pursuant to Art. 28 GDPR, to ensure our control over the data and the protection of your rights.

Where we use service providers outside the EU and EEA, we ensure that an adequacy decision and/or appropriate safeguards (for example, standard contractual clauses) are in place.

If we offer chargeable services as part of our service, the required transaction data of your purchases will be collected by us and the payment will be processed by external payment service providers. In doing so, they process the required transaction data in accordance with their applicable data protection policies.

12. Google Analytics for Firebase and Firebase Crashlytics
Subject to the consent of our users, we use Google Analytics for Firebase and Firebase Crashlytics. We ask for your consent to our use of Google Analytics for Firebase and Firebase Crashlytics when you first open our app. You are free to grant your consent oro not. You can disable the use of Google Analytics for Firebase and Firebase Crashlytics at any time in the app.
The information generated by using Google Analytics for Firebase and Firebase Crashlytics about the use of our app is transmitted to a Google server in the USA with an anonymized IP address and stored there. The IP anonymization function in Analytics sets the last octet to zero for user IP addresses of type IPv4 and the last 80 bits in memory for IPv6 addresses. Therefore, exact IP addresses of our users will not be stored.

Google uses the transmitted information to evaluate your use of our app and provides summaries of their findings to us. Google reserves the right to transfer this information to third parties. If you agree to the use of Google Analytics for Firebase and Firebase Crashlytics in our app, you consent to the use and processing of the data collected by Google about your use for the purposes described in this Section 11.

The usage data collected in this way forms the basis for statistical, anonymous evaluations from which trends can be identified. Based on these trends the services offered can be improved.

The legal basis for the integration of Google Analytics for Firebase and Firebase Crashlytics is your express consent pursuant to Article 6 (1) p. 1 lit. a and Article 6 (1) p. 1 lit. f GDPR. It is done for the purpose of, and out of our legitimate interest within the meaning of the GDPR, to make our service more user-friendly and interesting.

13. Cookies

We only use data from cookies stored on your device, such as cookie IDs and settings, when you access our website, for example to read this privacy policy or our TOS. For more information on how we use cookies on our website, please see the privacy policy for our website website.

14. No automated decision-making, no Profiling

We do not use fully automated decision-making within the meaning of Article 22 GDPR. Should we use these procedures in individual cases, we will inform you separately about this and about your rights in this regard, insofar as this is required by law.

Except as in connection with the display of personalized advertising as described above, we do not process your data with the aim of automatically evaluating certain personal aspects.

 

8) YOUR RIGHTS AS A DATA SUBJECT

Subject to statutory conditions, you have the following rights under Article 15 to 22 GDPR:

  • The right to receive information about your personal data;
  • The right to have your personal data corrected;
  • The right to restrict the processing of personal data or to object;
  • The right to have your personal data erased or blocked. Subject to statutory storage duties, data may only be blocked for the duration of these duties;
  • The right to data portability;
  • The right to object to the sale of your data.

You can exercise your rights by mail or email to the address of the data controller indicated in this privacy policy. We will generally respond in the form you choose for your request. To the extent that there are doubts about the identity of the person asserting rights, we reserve the right to request additional information or evidence necessary to confirm their identity.

You may also contact the competent supervisory authority:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
10969 Berlin
Tel.: +49 (0)30 13889-0
Fax: +49 (0)30 2155050
mailbox@datenschutz-berlin.de

Current version date: 14.10.2021

Privacy Policy

In this Privacy Policy we explain which data including personal data of users of our Avatar Cloud Services (“our Service”) we collect, how we use it and for which purposes.

1) Controller

The party responsible for the collection, processing and use of your personal data is NeXR Technologies SE, Charlottenstraße 4, 10969 Berlin, (hereinafter ”NeXR“ or ”we“). E-Mail: privacy@avatar.cloud

2) Data Protection Officer

activeMind AG Kurfürstendamm 56 10707 Berlin Tel.: +49 (0)30 / 770 19 10 70 dataprotect@nexr-technologies.com

3) Definitions

“BDSG“ means the German Data Protection Act. ”GDPR“ means the General Data Protection Regulation, Regulation (EU) 2016/679 “TMG” means the German Tele Media Act. “UWG” means the German Unfair Competition Act. “Personal Data” is any information relating to an identified or identifiable natural person; This includes, for example, your name, address as well as the data that you provide when creating a user account for our service. Personal data does not include statistical data that we may collect from your use of our service in a way that it is not connected to your Personal Data, for example, general information about which features of our service are most used of for which content there is general interest among our users. “Data Subject“ means you, the user whose personal data is being processed.

4) Legal Basis

When we process personal data with your  consent, the legal basis is Art. 6 (1) lit. a GDPR. When we process personal data to prepare, enter into or to perform a contract with the person to which the data belongs, the legal basis is Art. 6 (1) lit. b GDPR, 11-15a TMG). We may also process personal data to the extent  necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which may require the protection of your personal data. In this case, the legal basis is Art. 6 (1) lit. f GDPR.

5) Erasure & Duration of Storage

Your personal data will be deleted, anonymized or blocked as soon as the purpose of the storage no longer applies. Insofar as data processing is based on your consent, the purpose ceases to apply when you withdraw your consent. Insofar as data processing is carried out on the basis of legitimate interests, the purpose of storage ceases to apply when the legitimate interest no longer exists.  Insofar as data processing is carried out for the purpose of initiating or implementing a contractual relationship, the purpose ceases to apply as soon it has been achieved. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Blocking, anonymization or deletion of data will also take place if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract. Blocking means that the data is archived and can no longer be used for operational purposes.

6) Right to Object

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you on the basis of Art. 6(1)(f) GDPR (data processing on the basis of a weighing of interests); this also applies to profiling based on this provision within the meaning of Art. 4(4) GDPR. Objections can be filed via Email or letter to the Controller indicated above. If you file an objection, we will no longer process your personal data unless we can prove compelling reasons for the processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.

7) Data we collect and how we process it

We collect data, when you are installing, using or otherwise access our service. The data we collect and how we process it, depends on your use of our Service. The making available of personal data is voluntary. However, the processing of data is required for the performance of our Service or parts of our Service, therefore, without certain data we cannot provide our Service or certain features cannot be used.

1. User Account
To use our service, you have to create a user account. This requires that we collect your date of birth, sex and your email address. We may offer the option to voluntarily provide additional information. We use the information provided by you to enable your use of our Service and to communicate with you about our Service and your use of our Service.  Legal basis: Entering into and the performance of a contract, or to take steps prior to entering into a contract (Art. 6 (1) lit. b GDPR, 11-15a TMG).

2. Service Provision & Logfiles
Each time you access our service, your user account data is matched for authentication. Legal basis: Entering into and the performance of a contract, or to take steps prior to entering into a contract (Art. 6 (1) lit. b GDPR, 11-15a TMG). Logfiles. We also collect and store the following information from your terminal device in so-called log files: device model and hardware and software versions, if provided by your device. Operating system. Mobile carrier, signal strength. Frequency and duration of your use, and which functions you use. If you use our service on multiple devices, we aggregate the data collected on those devices. The log files are deleted or anonymized at the latest at the end of the contract. We use this data to test, further develop and improve our service. We also use this data to ensure the security of our systems. Legal basis: Legitimate interest (Art. 6 (1) lit. f GDPR).

3. Avatar
At the heart of our service is a three-dimensional image, a so-called Avatar, which is created when you have yourself scanned in one of our 3D body scanners. The Avatar contains your body measurements, such as your height and shape, eye color, body weight if applicable, and other characteristics unique to you. When you are scanned again, this data will be collected again. We are aware that especially body measurements in the facial area are particularly sensitive data. We do not use this data to identify a person. Legal basis: Entering into and the performance of a contract, or to take steps prior to entering into a contract (Art. 6 (1) lit. b GDPR, 11-15a TMG).

4. Customer Service
When you contact our customer service, we collect the information provided by you, for example information about your use of our service and any problems you encountered while using it. We also collect the contact information you provide in order to process and respond to your request. Legal basis: Legitimate interest in processing your request (Art. 6 (1) lit. f GDPR) and Entering into and the performance of a contract, or to take steps prior to entering into a contract (Art. 6 (1) lit. b GDPR, 11-15a TMG).

5. News Letter
If you have subscribed to our news letter, we use your contact data to send it to you. In order to subscribe to the news letter, you have to order it and confirm your order by clicking on a confirmation link that we will send to you following your order. All our news letters contain an easy un-subscribe link. Legal Basis: Your consent (Art. 6 (1) lit. a, 7, 8 GDPR; § 13 Abs. 2 TMG)

6. Direct Marketing
We use your contact data to send information about similar products and services offered by us e.g. via E-mail, SMS or Push Notification). You have the right to object to this use of your data at any time, and we will inform you about this tight to object in every message. Legal basis: Art. 6 (1) lit. f GDPR in conj. with §7 Abs. 3 UWG Subject to your consent, we will use your contact details to send you information about goods and services listings of our partners, for example via email, SMS or so-called push notification. Your consent is voluntary and can be revoked at any time. We point this out when obtaining your consent. The revocation can be made via our mobile app or by sending an informal message to privacy@avatar.cloud. Legal Basis: Your consent (Art. 6 (1) lit. a, 7, 8 GDPR; § 13 Abs. 2 TMG)

7. Advertising and other Sponsored Content
We may use your information to display selected advertisements, offers and other sponsored content to you. Legal basis: Entering into and the performance of a contract, or to take steps prior to entering into a contract (Art. 6 (1) lit. b GDPR, 11-15a TMG). In the settings of our service, you can specify which characteristics we may use for this selection, or you can completely disable personalized advertising. The selection of the displayed advertising is then no longer based on your personal data. Legal Basis: Your consent (Art. 6 (1) lit. a, 7, 8 GDPR; § 13 Abs. 2 TMG)

8. Anonymisation
We anonymize Avatars and Avatar data in order to use this anonymized data for commercial purposes. By anonymizing this data, it can no longer be traced back to you. Legal basis: Entering into and the performance of a contract, or to take steps prior to entering into a contract (Art. 6 (1) lit. b GDPR, 11-15a TMG).

9. Location Data
We only use location-based information such as your current whereabouts if you use a localization function of our service, for example, to show you nearby scanner locations. We only do this if you have revocably consented to this via the settings on your end device, for example, by activating the GPS information of your end device (GPS) for our service. We do not permanently collect your location data. Legal Basis: Your consent (Art. 6 (1) lit. a, 7, 8 GDPR; § 13 Abs. 2 TMG)

10. Cooperation Partners
If you want, you can use your avatar for third-party services! NeXR cooperates with other companies so that you can use our service together with the offers of our cooperation partners. This is only possible with your consent. Your consent given to NeXR will be requested separately and is freely revocable. You can manage the consents granted to us in the settings of our service. Legal Basis: Your consent (Art. 6 (1) lit. a, 7, 8 GDPR; § 13 Abs. 2 TMG) If you give consent to our cooperation partner, as well as for the use of data collected by cooperation partners themselves, their privacy statements and any other agreements you may have with the cooperation partner apply.

11. Service Providers
For the provision of our services we partly use service providers, for example for the provision of technical (infrastructure) services, analysis and design services and payment providers. Insofar as the processing of personal data is part of the service, we oblige our partners to comply with applicable data protection law and conclude agreements, so-called data processing agreements pursuant to Art. 28 GDPR, to ensure our control over the data and the protection of your rights. Where we use service providers outside the EU and EEA, we ensure that an adequacy decision and/or appropriate safeguards (for example, standard contractual clauses) are in place. If we offer chargeable services as part of our service, the required transaction data of your purchases will be collected by us and the payment will be processed by external payment service providers. In doing so, they process the required transaction data in accordance with their applicable data protection policies.

12. Cookies
We only use data from cookies stored on your device, such as cookie IDs and settings, when you access our website, for example to read this privacy policy or our TOS. For more information on how we use cookies on our website, please see the privacy policy for our website website.

13. No automated decision-making, no Profiling
We do not use fully automated decision-making within the meaning of Article 22 GDPR. Should we use these procedures in individual cases, we will inform you separately about this and about your rights in this regard, insofar as this is required by law. Except as in connection with the display of personalized advertising as described above, we do not process your data with the aim of automatically evaluating certain personal aspects.

8) YOUR RIGHTS AS A DATA SUBJECT

Subject to statutory conditions, you have the following rights under Article 15 to 22 GDPR:
  • The right to receive information about your personal data;
  • The right to have your personal data corrected;
  • The right to restrict the processing of personal data or to object;
  • The right to have your personal data erased or blocked. Subject to statutory storage duties, data may only be blocked for the duration of these duties;
  • The right to data portability;
  • The right to object to the sale of your data.
You can exercise your rights by mail or email to the address of the data controller indicated in this privacy policy. We will generally respond in the form you choose for your request. To the extent that there are doubts about the identity of the person asserting rights, we reserve the right to request additional information or evidence necessary to confirm their identity.
You may also contact the competent supervisory authority:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
10969 Berlin
Tel.: +49 (0)30 13889-0
Fax: +49 (0)30 2155050
mailbox@datenschutz-berlin.de
Current version date: 10.05.2021