Privacy Policy for ClickFitTest from AR-Labs.io Sp. z o.o.

I. Who we are?

  1. The administrator of your personal data is AR-Labs.io Sp. z o.o. located in Warsaw (02-559), Pulawska 52/35, 02-559, District Court for the Capital City of Warsaw in Warsaw, XIII Commercial Division of the National Court Register, KRS 0000907031 NIP 5213932256, REGON 389240524.
  2. AR-Labs.io Sp. z o.o. is an entity managing AR-Labs.io platform, which includes ClickFitTest app (hereinafter referred to as the Application).
  3. Contact with the Administrator can be made in particular by email via the email address info@ar-labs.io or in writing to our registered office address.

II. What data do we collect about you?

Data collected when you contact us:

  1. When you contact us via the website, telephone, email you provide us with your personal data, e.g. name, surname, email address and telephone number.
  2. When you register with the Application you may be asked to provide personal information such as your name, email address, phone number, mailing address and possibly other information as prompted.
  3. Providing personal information is voluntary, but lack of them can prevent us from contacting you and providing you with services.

III. How do we use your data?

  1. Your personal data is processed in order to be able to communicate between us and the users of the Application and to correctly use the available functionalities.
  2. If you have asked a question through our website, we will use your data to provide you with an answer.
  3. As part of providing the service, we may carry out marketing of our own services. For this purpose, it is necessary to process your data, and the legal basis is the Administrator’s legitimate interest, which is the marketing of own services (Article 6(1)(f) RODO).
  4. In case of violation of the rules of our service, violation of the law or when required by law, we may provide your data to the relevant state authorities.

IV. Purpose and basis of processing.

  1. In particular, we process your data for the purpose of providing the Administrator with electronic services and other purposes specified in the Regulations.
  2. Your personal data may also be used in order to:
  3. presenting an offer concerning the services provided by the Administrator,
  4. to send information and messages of marketing nature,
  5. to provide information about the Administrator’s business activity,
  6. in the event of concluding an agreement with the Administrator for the provision of services (including the use of the Application) your data shall be used for purposes connected with the fair performance of such an agreement, including accounting purposes.
  7. Your personal data will be processed:
  8. on the basis of the consent granted – until it is withdrawn or the purpose for which the data was collected ceases to exist. Granted consent may be withdrawn at any time without affecting the legality of the processing, which was performed on the basis of consent before its withdrawal,
  9. in connection with the performance of a contract concluded with the Administrator – until the expiry of the period in which the Administrator or you can pursue claims related to the contract concluded, or until the expiry of the period in which proceedings can be initiated by public administration authorities in connection with the performance of the contract,
  10. in connection with marketing and information activities – until the end of activities conducted by the Administrator consisting in the transfer of information concerning its activities, or until you express your objection to such processing.
  11. We process your data on the basis of:
  12. Article 6(1)(a) of the RODO, i.e. your consent to the processing of your personal data and to receive information about the Administrator’s business, in particular expressed through a form on the websites used by the Administrator or through the Application,
  13. Article 6(1)(b) of the RODO, i.e. necessity to perform a contract to which the data subject is a party and reliable fulfillment of obligations related to the provided services;
  14. Article 6(1)(f) RODO, i.e. the necessity resulting from the Administrator’s legitimate interests pursued, such as the provision of information on the Administrator’s operations and services offered, reliable performance of the obligations assumed by the Administrator, in particular the performance of contracts, offering services of the highest standard, as well as the provision of information about the Administrator. Processing of personal data in the aforementioned scope is within the scope of Administrator’s activity and is necessary to provide information and services to customers.

V. What rights you have:

Data protection law includes a number of options that you can exercise at any time. Your rights include:

  1. The right to access the content of your personal data and to receive a copy of it;
  2. The right to rectify your data;
  3. The right to erasure of your data;
  4. The right to restrict the processing of your personal data;
  5. The right to object to the processing of your personal data;
  6. The right to data portability;
  7. The right to lodge a complaint with the supervisory authority – the President of the Office for Personal Data Protection;
  8. The right to withdraw consent to the processing of personal data.
  9. In order to exercise your rights, direct your request to the email address info@clickfit.app

VI. Data security

  1. The administrator has formulated individual personal data security objectives and has taken the measures necessary for them to occur in the business it runs:
  2. ensuring that personal data are processed lawfully, fairly and in a manner transparent to the data subject („lawfulness, fairness and transparency”);
  3. ensuring that personal data are collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes; („purpose limitation”);
  4. ensuring that personal data are collected adequate, relevant and limited to what is necessary for the purposes for which they are processed („data minimisation”);
  5. The administrator shall take steps to ensure that personal data are accurate and, where necessary, kept up to date, and all reasonable steps are taken to ensure that personal data which are inaccurate in light of the purposes for which they are processed are erased or rectified without delay („accuracy”);
  6. The administrator shall take steps to ensure that personal data are kept in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the data are processed („storage limitation”);
  7. The administrator shall take steps to ensure that personal data are processed in a way which ensures their appropriate security, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, by means of appropriate technical or organisational measures (‚integrity and confidentiality’).
  8. The objectives set out in paragraph 1 shall be achieved by taking appropriate measures and applying effective safeguards, which shall include in particular:
  9. appropriate security of the IT systems in which personal data are processed,
  10. continuously raising the awareness and knowledge of employees/co-workers in the field of personal data security
  11. communicating to employees/co-workers the consequences, including disciplinary ones, in case of personal data security breach,
  12. assigning access to documents, materials or systems containing personal data only to authorised persons,
  13. securing documents, materials or systems against loss or destruction of personal data contained therein,
  14. implementing detailed rules defining the management of user rights and authentication principles in all systems used by the Administrator,
  15. carrying out thorough tests in the process of preparing new software,
  16. reporting of information security incidents,
  17. regularly analysing information security risks and designing actions to minimise potential risks,
  18. entrusting personal data only to such third parties which provide sufficient guarantees for the implementation of appropriate technical and organisational measures to ensure that the processing complies with the requirements of generally applicable laws, this document and protects the rights of data subjects.
  19. Taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of the processing, as well as the risk of violation of the rights or freedoms of natural persons with different probability of occurrence and the gravity of the risk resulting from the processing, the administrator has implemented – both when determining the means of processing and at the time of processing itself – appropriate technical and organisational measures designed to effectively implement the principles of data protection so as to meet the requirements of commonly applicable laws and to protect the rights of data subjects. When processing personal data, we use, among other things, encryption of the connection using an SSL certificate.

VII. How will we contact you?

  1. If you have asked a question by e-mail, you may receive e-mails from us regarding your case. If you have provided a telephone number, we may also contact you by telephone.
  2. If you have subscribed to our e-newsletter or otherwise agreed to receive it, you will receive it from us by email.

VIII. Use of cookies

  1. Our website may use cookies to identify your browser when you use our site, to tell us which page to display and to compile anonymous statistics about the number of visitors to our site.
  2. Cookies do not contain any personal data. They are stored in the memory of your device in the form of small text files.
  3. Using the appropriate options of your browser, you can delete cookies or block their use on our website at any time. If you would like to find out how to disable or change the way cookies are stored in your browser, you can use the help function of your browser.
  4. Third party cookies – Google Analytics – are also used. Detailed information on the use of session cookies by Google can be found at: google.com/analytics/learn/privacy.
  5. We use Google Tag Manager to control our marketing campaigns. This involves the use of cookies from Google LLC. As above, you can choose to give your consent in the cookie settings panel.

IX. Google Analitycs

  1. This website uses the Google Analytics tool provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. It is used to create statistics based on the collected data and their further analysis in order to improve the quality of the service.
  2. Google Analytics processes non-personal data, e.g. time spent on the website, browser type, information about the operating system you are using.
  3. The data collected by Google Analitycs is collected automatically and transferred to a Google server located in the United States for storage.
  4. Detailed information about this tool, how it works, and how to delete it can be found on the website maintained by Google:
  5. https://support.google.com/analytics/answer/6004245.
  6. Google LLC, with its registered office and technical infrastructure located in the USA, has joined the EU-US-Privacy Shield programme, which confirms the maintenance of appropriate security measures in the processing of personal data required by European legislation.

X. Google Tag Manager

  1. The Website uses Google Tag Manager provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. It is used to check how you use the Website and to coordinate the running of our advertising activities.
  2. Google Tag Manager processes data in order to manage website tags via an interface. Google Tag Manager does not save cookies or collect personal data.
  3. Detailed information about this tool, how it works, how to deactivate it can be found on the page maintained by Google at: https://policies.google.com/privacy.
  4. Google LLC, with its registered office and technical infrastructure located in the USA, has joined the EU-US-Privacy Shield programme, which confirms the maintenance of appropriate security measures in the processing of personal data required by European legislation.

XI. ARKit, Unity 3D, ARFaceTracking, TrueDepth

In order to effectively provide our services, we use ARKit, developed by Apple Inc. and Unity 3D, developed by Unity Technologies Inc. To fit virtual accessories (glasses) to your face, the App uses ARFaceTracking and TrueDepth API, which accesses your phone’s sensory data. Our company does not collect or use information about your face. All sensory and fitting data used by TrueDepth API and ARKit happens locally, on your phone. There is no transfer of sensory information between our servers, third-party servers and your phone, which means we will never access your facial data.

XII. External services

  1. In addition, we use the services of external entities to which your data may be transferred in order to achieve the objectives of the Company. In this case, each time a contract is signed on the entrustment of personal data processing with entities such as:
  2. accounting office,
  3. IT service provider,
  4. marketing agency.
  5. Personal data shall not be disclosed to third parties unless such disclosure results from applicable laws obliging the Administrator to disclose the data to authorised entities.

XIII. Changes to our privacy policy

We reserve the right to change the above privacy policy by publishing a modified version on this website used by the Administrator in the course of its business.