Privacy policy – Studio

Privacy policy

This documents intents to inform the user of our policies regarding the collection, use, and disclosure of personal data when using our Service and the choices the user has concerning their data.

Onirix (“us”, “we”, or “our”) operates studio.onirix.com (the “Service”) which is the web platform in which the user can manage, create and publish AR content.

Onirix Studio is a project of Nuevo Sentido Tecnológico Realidad Aumentada (Neosentec S.L.) with ID CIF:B74378720.

We use user data to provide and improve our services. By using our services, the user agrees to the collection and use of information in accordance with this privacy policy. Unless otherwise defined, the terms used in this privacy policy have are equivalent to those in our terms and conditions. The usage of the Service requires a minimum age of 13 years. Minors are excluded from using our services due to data protection laws.

We value the privacy of our users:

  • We only collect data that we require to run our service efficiently.
  • We don’t share the collected data with 3rd parties, except for cases in which have to comply with the law or if we have the user’s written consent.
  • Our sales department might process your information and might contact you with regards to business related inquiries.

Please note that this privacy policy may change due to legislative requirements or self-regulation. Users are advised to visit it periodically.

Neosentec S.L. has adapted this web platform to the requirements of the Organic Law 15/1999, of December 13, of Protection of Personal Data (LOPD), and Royal Decree 1720/2007, of December 21, known as the Regulation of development of the LOPD. It also complies with Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons (RGPD), as well as with Law 34/2002, of July 11, of Services of the Information Society and Electronic Commerce (LSSICE or LSSI).

Responsible for the processing of user data

  • Responsible identity: NUEVO SENTIDO TECNOLÓGICO REALIDAD AUMENTADA S.L.
  • Commercial name: Neosentec
  • NIF/CIF: B74378720
  • Address: CEEI Building Technological Park of Asturias 33248 Llanera Asturias
  • Email: info@neosentec.com
  • Field of business: services related to Augmented Reality

For the purposes of the observance of the General Data Protection Regulation cited above, the personal data that the user provides us through the Studio, are treated as described below. We implement all the technical and organizational security measures required in the current legislation.

Data Protection

We apply the following principles that meet the requirements of the new European data protection regulation when processing your data:

  • Principle of legality, loyalty, and transparency: We will always require the user’s consent when processing personal data for one or more specific purposes.
  • The principle of data minimization: We are only going to request necessary data in relation to the purposes for which we require them.
  • The principle of limiting the conservation period: the data will be kept for no longer than necessary for the purposes of the treatment. In the case of subscriptions, we will periodically review our lists and eliminate inactive records within a considerable time.
  • The principle of integrity and confidentiality: user data will be treated in such a way that adequate security of personal data and confidentiality is guaranteed. We take all necessary precautions to prevent unauthorized access.

How have we obtained your data?

The personal data that we process within the Studio comes exclusively from the registration process or was entered by the user while providing payment information.

What are your rights regarding your data?

Anyone has the right to request information about what personal data the Service is using. The user has the right to:

  • Request access to their personal data
  • Request deletion and correction
  • Request the limitation of the usage of data
  • Oppose the treatment
  • Request their data in a portable format

Interested parties may access their personal data, as well as request the correction of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes it was collected for. Under certain circumstances, the user may request the limitation of the processing of their data.

Under certain circumstances and for reasons related to their particular situation, the users may object to the processing of their data. Neosentec S.L. will stop processing the data, except for compelling legitimate reasons, or the exercise or defense of possible claims. The user has the right to receive the personal data that they have provided and that concerns them, in a structured format, of common use and machine-readable, and to transmit them to another entity responsible for the processing when:

  • The processing is based on consent.
  • The data has been provided by the person concerned.
  • The processing is carried out by automated means.

By exercising your right to the portability of data, you will have the right to have personal data transmitted directly from responsible to respond when technically possible. Users have the right to exercise judicial protection and can submit a claim to the supervisory authority, in this case, the Spanish Data Protection Agency, if they consider that the processing of personal data that concerning them violates the regulation.

For what purpose do we process your personal data?

When a user creates an account for the service, they are providing personal information for which Neosentec SL is responsible. This information may include personal data such as IP address, name, physical address, email address, telephone number, and other information. By providing this information, the user gives their consent for their information to be collected, used, managed and stored by the Service only as described in the Legal Notice and in this Privacy Policy.

Onirix Studio uses a single system for capturing personal information and processing the information provided by users with the following purposes:

  • Registration: As we are providing an online service, online registration is required. The user must register online if they wish to use the service. In the process, the user agrees to complete all the sections labeled as mandatory and not use false, inaccurate, erroneous or inconsistent information with regards to their true physical or legal identity. If the user registers on behalf of an entity (regardless of the legal form in which it is configured), business or employer, the user states to have sufficient legal capacity to link such entity, business or employer with the terms and conditions. The created account is personal and non-transferable. The user is solely responsible for all conduct that materializes during usage in relation to their account. Once created successfully, and after validating the registration process of the account, (mandatory email and name) it will remain active as long as the user complies with the obligations arising from the terms and conditions, and as long as they meet their payment obligations to Neosentec. If Neosentec suspects at any time that the user’s account is being used to contravene the terms and conditions, or is subject to fraudulent use or contrary to the law, we may suspend the account.

There are other purposes for which we process your personal data:

  • To ensure compliance with the terms and conditions of use and the applicable law. This may include the development of tools and algorithms that help the Service ensure the confidentiality of the personal data it collects.
  • To support and improve the services offered by Onirix (system notifications, consumption notifications, information about updates and new versions and information about promotions).
  • We also collect other non-identifying data obtained through ‘cookies’ that are downloaded to the user’s computer when browsing the Service, which is detailed in the cookie policy.
  • To manage social networks, Neosentec S.L. maintains presences in various social networks. This section covers the data provided by users that become followers of Neosentec S.L in these networks. Neosentec, S.L. will treat user data with the purpose of correctly managing the user’s presence in the social network, informing them about activities, products or services of Onirix. As for any other purpose that the regulations of social networks allow. Neosentec S.L. will in no case use the data extracted from the profiles of followers in social networks to send individual advertising.

Neosentec S.L. will not sell, rent or lease personal data that can identify the user, nor will in the future, to third parties without prior consent.

Neosentec S.L. , no vende, alquila ni cede datos de carácter personal que puedan identificar al usuario, ni lo hará en el futuro, a terceros sin el consentimiento previo. Sin embargo, en algunos casos se pueden realizar colaboraciones con otros profesionales, en esos casos, se requerirá consentimiento a los usuarios informando sobre la identidad del colaborador y la finalidad de la colaboración. Siempre se realizará con los más estrictos estándares de seguridad.

Legitimation to process user data

The legal basis for the processing of user data is given by using our service. To contact Neosentec S.L. via our web page www.onirix.com the user needs to accept our privacy policy.

Data Category

The Service is processing user identifying data. Especially protected data categories are not processed in this context.

How long will we keep your data?

The following personal data will be preserved:

  • While the business relationship is maintained.
  • Until the deletion is requested by the interested party.
  • The period from the last confirmation of interest is 1 year.

With whom is your data shared?

Many tools that we use to manage user data are provided by third parties. To provide services strictly necessary for the development of our products, Studio shares data with the following providers under their corresponding privacy policies:

  • Google Analytics: a web analytics service provided by Google, Inc., a Delaware company whose head office is at 1600 Amphitheater Parkway, Mountain View (California), CA 94043, United States (“Google”). Google Analytics uses “cookies”, which are text files located on the user’s computer, to help www.onirix.com analyze web traffic. The information generated about the users (including your IP address) will be directly transmitted and archived by Google on servers in the United States.
  • Hosting: Dinahosting S.L., with CIF B15805419, located in Rúa das Salvadas 41, baixo 15705 Santiago de Compostela (A Coruña) processes the data in order to perform its services as a hosting provider to Neosetenc S.L.
  • Web platform: Automattic Inc., with address in the USA. More information at: www.wordpress.com (Automattic Inc.). Automattic Inc. processes data in order to perform its web platform services to Luz Soluciones TIC, S.L.
  • Email marketing: The Rocket Science Group LLC d / b / a, with address in the USA. More information at: www.mailchimp.com (The Rocket Science Group LLC d / b / a). The Rocket Science Group LLC d / b / a processes data in order to perform its email marketing services to Neosentec, S.L.

Navigation

When browsing the Studio we may collect unidentifiable data, which may include, IP addresses, geographic location (approximated), a record of how services and sites are being used, and other data that can not be used to identify the user. Among the non-identifying data is also those related to the user’s browsing habits through third-party services. This website uses the following third-party analytic services:

Google analytics

We use this information to analyze trends, administer the site, track the movements of users around the site and to gather demographic information about our user base as a whole.

Data Security and Secrecy

We are committed to respecting the confidentiality of user data. It is our obligation to comply with current legislation and adopt all measures to avoid alteration, loss or unauthorized access, in accordance with current data protection regulations.

This website includes an SSL certificate. SSL is a security protocol that allows user data to travel encrypted, between a server and a web user and vice versa.

We can not guarantee the absolute security of the Internet and therefore we can never fully exclude the possibility of fraudulent data access by third parties. With respect to the confidentiality of user data, Neosentec, S.L. will ensure that any person who is authorized by Neosentec S.L. to process customer data (including its staff, collaborators and service providers), will be under an appropriate obligation of confidentiality (either contractual or through legal duty).

When a security incident occurs, upon noticing, Neosentec S.L., shall notify the user without undue delay and shall provide timely information related to the Security Incident as it is known or if the user requests it.

Accuracy of Data

The user is solely responsible for the accuracy and correctness of their data, exonerating Neosentec S.L., from any responsibility in this regard.

Users guarantee in any case for the accuracy, validity, and authenticity of the personal data provided, and are responsible to keep them properly updated. The user agrees to provide complete and correct information in their Onirix account.

Acceptance and consent

The user declares to have been informed about the conditions regarding the protection of personal data. The user is accepting and consenting to the processing thereof by Neosentec S.L. in the form and for the purposes indicated in this privacy policy.

Revocability

The given consent, both for the processing and for the transfer of data of the involved parties, is revocable at any time by communicating this to Neosentec SL., as detailed in the terms established in this privacy policy for the exercise of ARCO rights. This revocation will not be retroactive in any case.

Changes to the Privacy Policy

Neosentec S.L. reserves the right to modify this policy to adapt it to new legislation or jurisprudence, as well as industry practices. In such cases, Neosentec S.L. will announce the changes introduced with reasonable anticipation to its implementation.

Advertising

In accordance with the LSSICE, we do not perform SPAM practices. We do not send emails with commercial content that have not been previously requested or authorized by the user. Consequently, the user can configure notifications inside Onirix Studio. This can be configured in Profile & Account -> Notifications. Scheduled maintenance periods, invoices, payments and other notifications of this kind cannot be deactivated as they provide important information about the service.

In accordance with the provisions of Law 34/2002 regarding to the services of the Information Society and Advertising, we are not going to send the user notifications of commercial nature without properly identifying them.

Privacy Measures

  • The database is unique for all entities related to the service.
  • The service maintains an audit log that keeps all activities that each user performs inside the application.
  • The activity log records the following data:
    • Access dates
    • IP
    • Resources accessed
    • The device from which the account is being accessed (mobile or desktop, browser type, browser version, operating system, version etc.)

Availability

The availability of our Services is detailed inside our terms and conditions.

Security

The domains www.onirix.com and studio.onirix.com are using a 128-bit HTTPS connection, that protects the flow of information between our Service and the user.

The access to the Studio is protected with a username and password.

All passwords to access the Studio are stored by Neosentec S.L. using procedures that make them unreadable.

A complete backup of the database is created daily.

We allow users to manage permissions for accessing the Studio individually inside their organization or entity. Users are responsible to safe keep login information.

The servers that host the Service are located in European data centers whose rooms are equipped with fire detection systems and fire doors.

Location

All servers that host the Service are located in Belgium, Europe.

All backups, of both the data and the application, are stored in the territory of the European Union, applying all security measures of a physical and logical nature.

Revision

Document revised on 15/01/2019.

We appreciate that you are reading this document.