Privacy Policy for Gepetto Mirror app from AR-Labs.io

I. Who we are?

  1. The administrator of your personal data is AR-Labs.io inc. located in the state of Delaware, at 8 The Green, Ste D, Dover, DE 19901.
  2. AR-Labs.io inc. is an entity managing AR-Labs.io platform, which includes Gepetto Mirror app (hereinafter referred to as the System).
  3. Contact with the Administrator can be made in particular by email via the email address info@ar-labs.io or in writing to our registered office address.

II. What data do we collect about you when you contact us?

Data collected when you contact us:

  1. When you contact us via the website, telephone, email, chat you provide us with your personal data, e.g. name, surname, email address and telephone number.
  2. When you register with our contact form you may be asked to provide personal information such as your name, email address, phone number, mailing address and possibly other information as prompted.
  3. Providing personal information is voluntary, but lack of them can prevent us from contacting you and providing you with services.

III. How do we use your data?

  1. Your personal data is processed in order to be able to communicate between us and you and to correctly use the available functionalities.
  2. If you have asked a question through our website, we will use your data to provide you with an answer.
  3. In case of violation of the rules of our service, violation of the law or when required by law, we may provide your data to the relevant state authorities.

IV. Purpose and basis of processing.

  1. In particular, we process your data for the purpose of providing the Administrator with electronic services and other purposes specified in the Regulations.
  2. Your personal data may also be used in order to: presenting an offer concerning the services provided by the Administrator; provide information about the Administrator’s business activity; in the event of concluding an agreement with the Administrator for the provision of services (including the use of the System) your data shall be used for purposes connected with the fair performance of such an agreement, including accounting purposes.
  3. Your personal data will be processed: on the basis of the consent granted – until it is withdrawn or the purpose for which the data was collected ceases to exist. Granted consent may be withdrawn at any time without affecting the legality of the processing, which was performed on the basis of consent before its withdrawal; in connection with the performance of a contract concluded with the Administrator – until the expiry of the period in which the Administrator or you can pursue claims related to the contract concluded, or until the expiry of the period in which proceedings can be initiated by public administration authorities in connection with the performance of the contract.

V. What rights you have:

Data protection law includes a number of options that you can exercise at any time. Your rights include:

  1. The right to access the content of your personal data and to receive a copy of it;
  2. The right to rectify your data;
  3. The right to erasure of your data;
  4. The right to restrict the processing of your personal data;
  5. The right to object to the processing of your personal data;
  6. The right to data portability;
  7. The right to lodge a complaint with the supervisory authority – the President of the Office for Personal Data Protection;
  8. The right to withdraw consent to the processing of personal data.
  9. In order to exercise your rights, direct your request to the email address info@ar-labs.io
  10. If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below. Additionally, if you are a European resident we note that we are processing your information in order to fulfill contracts we might have with you (for example if you make an order through the Site). Additionally, please note that your information will be transferred outside of Europe, including to the United States.
  11. At AR-Labs.io, your privacy is very important. We store only the minimal information required for our try on app to work and to be able to connect you offline. Personal data (usually referred to just as "data" below) will only be processed by us to the extent necessary and for the purpose of providing a functional and user-friendly service Per Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as the "GDPR"), "processing" refers to any operation or set of operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not.

VI. Data security

  1. The administrator has formulated individual personal data security objectives and has taken the measures necessary for them to occur in the business it runs:
  2. ensuring that personal data are processed lawfully, fairly and in a manner transparent to the data subject („lawfulness, fairness and transparency”);
  3. ensuring that personal data are collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes; („purpose limitation”);
  4. ensuring that personal data are collected adequate, relevant and limited to what is necessary for the purposes for which they are processed („data minimisation”);
  5. The administrator shall take steps to ensure that personal data are accurate and, where necessary, kept up to date, and all reasonable steps are taken to ensure that personal data which are inaccurate in light of the purposes for which they are processed are erased or rectified without delay („accuracy”);
  6. The administrator shall take steps to ensure that personal data are kept in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the data are processed („storage limitation”);
  7. The administrator shall take steps to ensure that personal data are processed in a way which ensures their appropriate security, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, by means of appropriate technical or organisational measures (‚integrity and confidentiality’).
  8. The objectives set out in paragraph 1 shall be achieved by taking appropriate measures and applying effective safeguards, which shall include in particular:
  9. appropriate security of the IT systems in which personal data are processed,
  10. continuously raising the awareness and knowledge of employees/co-workers in the field of personal data security
  11. communicating to employees/co-workers the consequences, including disciplinary ones, in case of personal data security breach,
  12. assigning access to documents, materials or systems containing personal data only to authorised persons,
  13. securing documents, materials or systems against loss or destruction of personal data contained therein,
  14. implementing detailed rules defining the management of user rights and authentication principles in all systems used by the Administrator,
  15. carrying out thorough tests in the process of preparing new software,
  16. reporting of information security incidents,
  17. regularly analysing information security risks and designing actions to minimise potential risks,
  18. entrusting personal data only to such third parties which provide sufficient guarantees for the implementation of appropriate technical and organisational measures to ensure that the processing complies with the requirements of generally applicable laws, this document and protects the rights of data subjects.
  19. Taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of the processing, as well as the risk of violation of the rights or freedoms of natural persons with different probability of occurrence and the gravity of the risk resulting from the processing, the administrator has implemented – both when determining the means of processing and at the time of processing itself – appropriate technical and organisational measures designed to effectively implement the principles of data protection so as to meet the requirements of commonly applicable laws and to protect the rights of data subjects. When processing personal data, we use, among other things, encryption of the connection using an SSL certificate.

VII. How will we contact you?

  1. If you have asked a question by e-mail, you may receive e-mails from us regarding your case. If you have provided a telephone number, we may also contact you by telephone.
  2. If you have subscribed to our e-newsletter or otherwise agreed to receive it, you will receive it from us by email.

VIII. Use of cookies

  1. Our website may use cookies to identify your browser when you use our site, to tell us which page to display and to compile anonymous statistics about the number of visitors to our site.
  2. Cookies do not contain any personal data. They are stored in the memory of your device in the form of small text files.
  3. Using the appropriate options of your browser, you can delete cookies or block their use on our website at any time. If you would like to find out how to disable or change the way cookies are stored in your browser, you can use the help function of your browser.
  4. Third party cookies – Google Analytics – are also used. Detailed information on the use of session cookies by Google can be found at: google.com/analytics/learn/privacy.
  5. We use Google Tag Manager to control our marketing campaigns. This involves the use of cookies from Google LLC. As above, you can choose to give your consent in the cookie settings panel.

IX. Google Analitycs

  1. This website uses the Google Analytics tool provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. It is used to create statistics based on the collected data and their further analysis in order to improve the quality of the service.
  2. Google Analytics processes non-personal data, e.g. time spent on the website, browser type, information about the operating system you are using.
  3. The data collected by Google Analitycs is collected automatically and transferred to a Google server located in the United States for storage.
  4. Detailed information about this tool, how it works, and how to delete it can be found on the website maintained by Google:
  5. https://support.google.com/analytics/answer/6004245.
  6. Google LLC, with its registered office and technical infrastructure located in the USA, has joined the EU-US-Privacy Shield programme, which confirms the maintenance of appropriate security measures in the processing of personal data required by European legislation.

X. Google Tag Manager

  1. The Website uses Google Tag Manager provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. It is used to check how you use the Website and to coordinate the running of our advertising activities.
  2. Google Tag Manager processes data in order to manage website tags via an interface. Google Tag Manager does not save cookies or collect personal data.
  3. Detailed information about this tool, how it works, how to deactivate it can be found on the page maintained by Google at: https://policies.google.com/privacy.
  4. Google LLC, with its registered office and technical infrastructure located in the USA, has joined the EU-US-Privacy Shield programme, which confirms the maintenance of appropriate security measures in the processing of personal data required by European legislation.

XI. ARKit, Unity 3D, ARFaceTracking, TrueDepth

  1. In order to effectively provide our services, we use ARKit, developed by Apple Inc. and Unity 3D, developed by Unity Technologies Inc. To fit virtual accessories (glasses) to your face, the App uses ARFaceTracking and TrueDepth API, which accesses your device’s sensory data.
  2. Our company does not collect or use information about your face. All sensory and fitting data used by TrueDepth API and ARKit happens locally, on your device. There is no transfer of sensory information between our servers, third-party servers and your device, which means we will never access your facial data.

XII. Use of cameras and screen captures

  1. In order to effectively provide our services, we use your device's camera to allow you to take photos or record short videos.
  2. Taking pictures and recording the screen are decisions of the user, who for this purpose has to tap or hold a special button. In this way, these activities are performed consciously by the user. The system itself does not perform these actions without the user's knowledge. Also, our recording function only allows users to record the inside of the app, and it is not possible to exit the app and still record the screen.
  3. Our company does not collect or use your facial information, and all recorded material is stored locally, on your device, and is not shared anywhere without your permission. There is no transfer of recorded information between our servers, third-party servers and your device, which means we will never access your recorded data. Only you can decide what to do with your recording next (delete, save locally to your phone, share it with friends or family on social media).

XIII. External services

  1. In addition, we use the services of external entities to which your data may be transferred in order to achieve the objectives of the Company. In this case, each time a contract is signed on the entrustment of personal data processing with entities such as:
  2. accounting office,
  3. IT service provider,
  4. marketing agency.
  5. Personal data shall not be disclosed to third parties unless such disclosure results from applicable laws obliging the Administrator to disclose the data to authorised entities.

XIV. Changes to our privacy policy

We reserve the right to change the above privacy policy by publishing a modified version on this website used by the Administrator in the course of its business.