Last updated [Monday, Dec 16th, 2019]
Effective: April 14th, 2022
- Providing a series of examples that help illustrate how the policies may be implemented by Embody and;
- Defining and capitalizing a few terms that are used more than once for simplicity and brevity.
When we refer to “Embody”, we mean the Embody entity that acts as the controller or processor of your information, as explained in more detail in the “Identifying the Data Controller and Processor” section below.
Table of Contents
- Applicability of this privacy notice
- Information we collect and receive
- How we store your information
- Our stand on sharing and disclosing information
- Age Limitations
- Identifying the data controller and data processor
- Your information protection rights
- Contacting data protection authority
- Contacting Embody
Applicability of this privacy notice
Information we collect and receive
Embody may collect and receive Customer Data and other information and data (“Other Information”) in a variety of ways. The following table lists the type of information being collected for different Embody products and services.
Customer, Account, Device, Location, Log, Services Metadata
Customer, Account, Authentication, Device, Location, Log,Services Metadata, Third Party Provider, head and eye-tracking data
Customer, Account, Authentication, Device, Location, Log,Services Metadata
Embody Shopping Cart
Third Party Provider, Cookies
Third Party Provider, Cookies
Customer Information: In order to experience spatial audio that is personalized to every user, customers submit a photograph of their right ear to Embody.
- Account Information: To start using the service, the users supply Embody with information about their email address and the name of the OEM partner that is providing the service.
- Authentication Information: Embody authenticates a user as a trial and / or a paid user. For a paid user, Embody records the details of the transaction which includes the name of the OEM provider, the type of the product and the amount paid.
- Device Information: Embody collects information about devices accessing the Services, including type of device, what operating system is used, device settings, audio settings, application IDs, unique device identifiers and crash data. Whether we collect some or all of this information often depends on the type of product used, name of the OEM provider, type of the device used and its settings.
Location Information: Embody receives information from the user that helps us approximate the location. We may for example use the name of the OEM provider and the Internet Protocol (IP) address received from your browser or device to determine an approximate location.
- Head Tracking Data: Embody collects head and eye-tracking data in real-time, without storing any video recordings, and without collecting any other personal information during this process.
Log data: As with most websites and technology services delivered over the Internet, Embody's servers automatically collect information when you access or use our Websites or Services and record it in log files and database. This log data may include the IP address, the address of the web page visited before using the Website or Services, browser type and settings, the date and time the Services were used, information about browser configuration and plugins, language preferences and cookie data.
- Services Metadata: Embody collects information about the type and version of external or internal service used. Example of external services are Immerse Gaming, Immerse API, SpatialMix etc. Example of internal services include micro services that support creation, update and download of the personalized head response transfer function(HRTF). Embody also receives information on the status and settings of the HRTF.
- Additional Information: We receive additional information if you participate in a focus group, data collection and validation activity, apply for a job, request support, interact with our social media accounts, interact with our products at a public or a private event, or otherwise communicate with Embody.
Generally, no one is under a statutory or contractual obligation to provide any Customer Data or Other Information (collectively, “Information”). However, certain Information is collected automatically and, if some Information, such as email and image of the right ear are not provided, we may be unable to provide the Services.
How we store your information
Figure 1. Network & system configuration showing client communication with the Embody server.
How we use your information
Embody uses Other Information in furtherance of our legitimate interests in operating our Services, Websites and business. More specifically, Embody uses Other Information:
- To provide, update, maintain, troubleshoot and protect our Services, Websites and business.
- As required by applicable law, legal process or regulation.
- To communicate with you by responding to your requests, comments and questions.
- To provide a better listening experience
- To send emails and other communications
- To investigate and help prevent security issues and abuse.
Our stand on sharing and disclosing information
- Research: Embody may use an anonymized images of users in research, for example: training of machine learning models to predict a personalized HRTF.
- Third Party Service Providers and Partners: We may engage third party companies or individuals as service providers or business partners to process Other Information and support our business. These third parties may, for example, provide data annotation, virtual computing and storage services.
- During a Change to Embody’s Business: If Embody engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Embody’s assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some or all Other Information may be shared or transferred, subject to standard confidentiality arrangements.
- Aggregated or De-identified Data: We may disclose or use aggregated or de-identified Other Information for any purpose. For example, we may share aggregated or de-identified Other Information with prospects or partners for business or research purposes, such as telling a prospective Embody investor or customer on the engagement and experience of users with personalized HRTF.
- To Comply with Laws. If we receive a request for information, we may disclose Other Information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.
- To enforce our rights, prevent fraud, and for safety. To protect and defend the rights, property or safety of Slack or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.
- With Consent. Embody may share Other Information with third parties when we have consent to do so.
Given the nature of communications and information processing technology, Embody cannot guarantee that Information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others.
To the extent prohibited by applicable law, Embody does not allow the use of our Services and Websites by anyone younger than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with personal data, please contact us and we will take steps to delete such information. For more information on acceptable age group, see GDPR guidelines here.
Identifying the data controller and the data processor
Embody is the data collector as well as the data processor of customer and other information. Generally speaking, the GDPR treats the data controller as the principal party for responsibilities such as collecting consent, managing consent-revoking, enabling right to access, etc. A data subject who wishes to revoke consent for his or her personal data therefore will contact the data controller to initiate the request, even if such data lives on servers belonging to the data processor. The data controller, upon receiving this request, would then proceed to request the data processor remove the revoked data from their servers. The data “processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Your information protection rights
Embody’s processing of your Personal Data is subject to the General Data Protection Regulation. As Embody’s customer, you have a right to edit, delete or restrict processing of your information. You also have the right to obtain a machine-readable file containing all the data and information that we have collected and processed.
Embody relies on its legitimate interests, described above, to process your data. Embody may also process customer and other Information that constitutes your personal data for direct marketing purposes and you have a right to object to Embody’s use of your personal data for this purpose at any time.
In order to exercise any of your rights, you can send an email to firstname.lastname@example.org . Your request will be processed by the Embody privacy and security team.
Contacting data protection authority
To communicate with our Data Protection Officer, please email email@example.com
Data Protection Authority
Subject to applicable law, you also have the right to (i) restrict Embody’s use of Other Information that constitutes your Personal Data and (ii) lodge a complaint with your local data protection authority. If you are a resident of the European Economic Area and believe we maintain your Personal Data within the scope of the General Data Protection Regulation (GDPR), you may direct questions or complaints to our lead supervisory authority:
For Customers and Authorized Users who use third party servers established for Customers in the USA and Canada:
60 East 3rd Avenue, Suite 120
San Mateo, CA, 94401
United States of America
For Customers and Authorized Users who use third party servers established for Customers outside of the USA and Canada:EmbodyVR Inc.
60 East 3rd Avenue, Suite 120
San Mateo, CA, 94401
United States of America