How we process your personal data
1 Introduction
This Policy sets out how SynergyXR collects and processes your personal data as part of the operation of our business and the activities described below in Section 3 below.
Responsible handling of this personal data is essential to our business aim and reputation. This Privacy Policy therefore sets out how and why we collect personal data about you, how the data is used, when the data is deleted, and how you may obtain access to your own personal data.
References to SynergyXR products in this statement include SynergyXR services, websites, apps, software, servers, and devices.
2 Data Controller
SynergyXR ApS is the controller in respect of the processing activities described in this Privacy Policy unless otherwise mentioned below in Section 3 below. If you have any questions to this Privacy Policy or our processing of your personal data as described in Section 3 below, please contact us here:
SynergyXR ApS
Silkeborgvej 261-263, 1st floor
8230 Aabyhoej
Denmark
Tel. +45 8617 1833
Email: contact@synergyxr.com
3 How we process personal data as part of our activities
SynergyXR collects and processes personal data in many different situations, and the purposes of the collection, what the data is intended for and when it is erased will differ in each situation. The specific activities where SynergyXR (as the data controller) may collect personal data about you are therefore individually described below.
3.1 Interaction with our website and cookies
3.1.1 Data to be processed and its origin
You provide the data to us and decide as a general rule the data you are willing to provide. However, we expect to collect the following personal data about you:
• Electronic identification data (IP address, cookies, etc.)
• Location data
• Activity logs and session information (IT systems behaviour)
3.1.2 Why we process the data
We use your personal information to provide functionality, analyze performance, fix errors, and improve the usability and effectiveness of our website and services.
3.1.3 Legal basis for the processing
The legal basis of our processing of non-sensitive personal data is:
Safeguarding our or third-party legitimate interests which override your fundamental rights and freedoms. This legal basis is set out in Article 6(1), para. (f), of the GDPR. The legitimate interests in question are to meet the purpose of registering and analysing activity and statistics in relation to the use of the our website, to ensure and improve the usability of our website and related services.
3.1.4 Sharing the data
Data is shared with our IT suppliers (data processors), who store the data for us and process the data in accordance with our instructions.
The information shared with third parties may be used for a variety of purposes, including analytics.
Analytics
The services contained in this section enable the Owner to monitor and analyze web traffic and can be used to keep track of User behavior.
Stape for Data Anonymization and Server-Side Tracking
We share data with Stape for server-side tracking and data anonymization. This aligns with our commitment to enhancing user privacy and ensuring GDPR compliance. Stape’s role involves managing data processing on the server side, allowing for more robust data protection and minimizing the collection of identifiable user data.
Google Ads conversion tracking (Google Inc.)
Google Ads conversion tracking is an analytics service provided by Google Inc. that connects data from the Google Ads advertising network with actions performed on the website.
Google Analytics with anonymized IP (Google Inc.)
Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the data collected to track and examine the use of this website, to prepare reports on its activities, and share them with other Google services. Google may use the data collected to contextualize and personalize the ads of its own advertising network. This integration of Google Analytics anonymizes your IP address. It works by shortening Users’ IP addresses within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the complete IP address be sent to a Google server and shortened within the US.
N.Rich Analytics and Marketing Optimization
N.Rich assists us in understanding user engagement and improving our marketing efforts through advanced data analytics. This partnership enables us to tailor our marketing activities more effectively, ensuring they are relevant and valuable to our users. Data shared with N.Rich is processed in a manner that aligns with our privacy standards and GDPR requirements.
RB2B User Analytics and Marketing Optimization
RB2B assists us in understanding user engagement by recognizing anonymous US web traffic and aligning it with profiles from their extensive partner network. This process only triggers to identify users with an IP address located within the United States. This enables us to tailor our marketing activities more effectively, ensuring they are relevant and valuable to our US users. Data shared with RB2B is processed in a manner that aligns with our privacy standards and GDPR requirements. RB2B is committed to upholding GDPR compliance standards. To ensure this, RB2B has implemented a geofencing feature in their scripts. RB2B scripts are configured to activate only when they can confirm that a user’s IP address is located within the United States. If they cannot definitively identify an IP address as being in the U.S., the script will not record any data from that user. By limiting the activation of their services to users within the U.S., they ensure that data handling processes align with GDPR guidelines.
Third country transfer
Personal data may be shared to countries outside the EU/EEA. Such transfers will only take place subject to appropriate safeguards are in place for the transfer such as:
• The country has been deemed by the Commission of the European Union to have an adequate level of protection of personal data,
• The country has not been deemed by the Commission of the European Union to have an adequate level of protection of personal data, but we provide appropriate safeguards for the transfer through the use of “Model Contracts for the Transfer of Personal Data to Third Countries”, as published by the Commission of the European Union, Binding Corporate Rules (BCRs), any other contractual agreement approved by the competent authorities or any other legal basis, including the use of supplementary measures if deemed necessary, or if any of the derogations of article 49 of the GDPR are deemed adequate as a basis for the transfer
3.1.5 How long we retain the data
Personal Data shall be processed and stored for as long as required by the purpose they have been collected for. We will in most instances retain personal data related to your interaction with our website and cookies for up to 12 months.
3.2 Marketing activities
3.2.1 Data to be processed and its origin
You provide the data to us and decide as a general rule the data you are willing to provide. However, we expect to collect the following personal data about you:
• Name
• Email address
• Your marketing preferences
3.2.3 Legal basis for the processing
The legal basis of our processing of non-sensitive personal data is:
• Your consent. This legal basis is set out in Article 6(1), para. (a), of the GDPR.
• Safeguarding our or third-party legitimate interests which override your fundamental rights and freedoms. This legal basis is set out in Article 6(1), para. (f), of the GDPR. The legitimate interests is to obtain information is to ensure that our marketing efforts are sufficient. Our direct marketing activities will be subject to your consent, cf. above.
3.2.4 Sharing the data
Data is shared with our IT suppliers (data processors), who store the data for us and process the data in accordance with our instructions.
Intuit (MailChimp)
We use e-mail services provided by Intuit to distribute emails, including emails for marketing purposes.
N.Rich Analytics and Marketing Optimization
We integrate our CRM data with N.Rich. This integration facilitates enhanced customer insights and marketing personalization, ensuring that our interactions with you are as relevant and effective as possible. All data sharing and processing comply with our stringent privacy standards and GDPR guidelines.
Third country transfer
Personal data may be shared to countries outside the EU/EEA. Such transfers will only take place subject to appropriate safeguards are in place for the transfer such as:
• The country has been deemed by the Commission of the European Union to have an adequate level of protection of personal data,
• The country has not been deemed by the Commission of the European Union to have an adequate level of protection of personal data, but we provide appropriate safeguards for the transfer through the use of “Model Contracts for the Transfer of Personal Data to Third Countries”, as published by the Commission of the European Union, Binding Corporate Rules (BCRs), any other contractual agreement approved by the competent authorities or any other legal basis, including the use of supplementary measures if deemed necessary, or if any of the derogations of article 49 of the GDPR are deemed adequate as a basis for the transfer.
3.2.5 How long we retain the data
Personal Data shall be processed and stored for as long as required by the purpose they have been collected for. We will in most instances retain personal data related to your interaction with our website and cookies for up to 2 years after the latest contact or marketing activity.
3.3 User administration and provision of services
3.3.1 Data to be processed and its origin
You provide the data to us which is necessary for us to provide the services. We expect to collect the following personal data about you:
• Name
• Email address
• Company information
• User details
• Electronic identification data (IP address, cookies, etc.)
• Usage data and activity logs (IT systems behaviour)
• Search history
• Login information (user name, password, etc.)
It is a requirement according to the agreement which you (or your employer or organization) have entered into with SynergyXR, that you provide a number of the above-mentioned personal data. Failure to provide the data may cause that we are unable to offer our services to you.
If you have been onboarded to our services through your employer, organization or facilitated by any other third party, we act as data processor in the provision of such services. The processing described in this privacy policy is related to SynergyXR’s processing activities as data controller.
3.3.2 Why we process the data
We process the personal data with the purpose of providing the agreed services to you and ensure user administration.
3.3.3 Legal basis for the processing
The legal basis of our processing of non-sensitive personal data is:
Conclusion of a contract with you or performance of a contract, which you have concluded. This legal basis is set out in Article 6(1), para. (b), of the GDPR.
3.3.4 Sharing the data
Data is shared with our IT suppliers (data processors), who store the data for us and process the data in accordance with our instructions.
Unity Technologies
Unity Technologies provides a real-time 3D development platform, of which SynergyXR is a user. Unity Technologies include device data collection in the runtime of the software, which is incorporated into the applications that SynergyXR creates with the software.
Intuit (MailChimp)
We use e-mail services provided by Intuit for user administration and distribution of standard emails, such as emails provided in the event of forgotten password or user activation.
Exit Games GmbH
Exit Games GmbH provides hosting for Photon Multiplayer services.
Third country transfer
Personal data may be shared to countries outside the EU/EEA. Such transfers will only take place subject to appropriate safeguards are in place for the transfer such as:
• The country has been deemed by the Commission of the European Union to have an adequate level of protection of personal data,
• The country has not been deemed by the Commission of the European Union to have an adequate level of protection of personal data, but we provide appropriate safeguards for the transfer through the use of “Model Contracts for the Transfer of Personal Data to Third Countries”, as published by the Commission of the European Union, Binding Corporate Rules (BCRs), any other contractual agreement approved by the competent authorities or any other legal basis, including the use of supplementary measures if deemed necessary, or if any of the derogations of article 49 of the GDPR are deemed adequate as a basis for the transfer
3.3.5 How long we retain the data
Personal Data shall be processed and stored for as long as required by the purpose they have been collected for. We will in most instances retain personal data related to your interaction with our website and cookies for up to 3 years after the latest use of the service.
4 Your rights
You are entitled at all times to exercise your rights under the data protection legislation in force at the given time:
• Access: You have the right to obtain access to the data we process about you and a number of additional data.
• Rectification: You have the right to have personal data about you rectified.
• Erasure: In special circumstances, you have the right to have personal data about you erased, before the time for our ordinary erasure.
• Restriction: In certain cases, you have the right to restriction of processing of your personal data. If the right applies, we may then only process the data – except for retention – with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another person or for reasons of important public interest.
• Data portability: In certain cases, you have the right to receive a copy of the personal data you have provided in a structured commonly used and machine-readable format. If you wish to exercise your rights, please contact us at contact@synergyxr.com. Your request will be processed in accordance with the legislation in force at the given time. To the extent necessary, we will contact you and ask for additional information required to handle your request correctly.
5 Making a complaint
If you would like to make a complaint about our processing of your personal data, you are welcome to contact us.
You also have a right to file a complaint to the relevant Supervisory Authority, such as the Danish Data Protection Agency, Carl Jacobsens Vej 35, DK-2500 Valby. A complaint may be filed by email to dt@datatilsynet.dk or through the website of the Danish Data Protection Agency www.datatilsynet.dk.
6 Updating our privacy policy
SynergyXR may update this privacy policy on an ongoing basis when this is necessary to provide a fair description of our processing of personal data.
In the event of material changes to our processing of your personal data already in our possession, you will be notified directly of the update (e.g. by email).
This privacy policy was last updated in August 2024.