PRIVACY POLICY – immerVR GmbH (Website + Apps)
Controller pursuant to Art. 4(7) EU General Data Protection Regulation (GDPR)
immerVR GmbH
Im Zollstock 12
91093 Hessdorf
Germany
Managing Director: Daniel Pohl
Email: support@immervr.com
If you have any questions about data protection, please email us.
Scope
These data protection information apply to our website(s), our social media presence, and our apps (immerGallery, immerGallery Demo, immerGallery Business), unless a section explicitly states otherwise.
Our relevant online offers include, in particular:
https://www.immerVR.com
https://www.imrVR.com
https://www.linkedin.com/company/immerVR
https://x.com/immerVR
https://www.youtube.com/immerVR
https://www.facebook.com/immerVR
https://instagram.com/immervr
https://www.tiktok.com/@immervr
============================================================
A) PRIVACY POLICY FOR OUR APPS (immerGallery, immerGallery Demo and immerGallery Business)
============================================================
Privacy Policy immerGallery, immerGallery Demo and immerGallery Business
Data protection information
Protecting your data is very important to us. To ensure transparent cooperation, we draw your attention to important processing activities and special features.
To be able to use our services, please purchase and download our apps immerGallery, immerGallery Demo and immerGallery Business from the Meta Horizon Store. We do not collect or receive any personal data from you in this process. Information about data processing by Meta can be found at https://www.meta.com/legal/privacy-policy/.
Our apps are distributed via the Meta Horizon Store. We collect, process and store certain data from you and use it for the purpose of improving our apps, for example to fix bugs or create a better user experience.
In our apps, you can voluntarily submit an internal developer log file, for example if a failure occurs inside the app and you want to notify us about it. The legal basis is Article 6 (1) (b) of the GDPR (performance of a contract) and, where appropriate, Article 6 (1) (f) GDPR (our legitimate interest in error analysis and app improvement).
The data submitted with developer log files can include in particular:
• IP address (last segment anonymized), for the purpose of knowing if multiple reports come from the same user while keeping the IP address partially anonymized
• submission date, time and time zone for the purpose of knowing when incidents/bugs happened
• data in the app log file that might reveal used paths and file names on the system where the app is running, for the purpose of understanding from which location which files were loaded
• the used version number of the app, for the purpose of knowing in which app version the incident/bug happened
• information about which buttons and interactions happened during the app usage, and which virtual reality system and input controllers are used, for the purpose of reconstructing what led to the incident/bug
• screen frequency, status of relevant Android permissions and other environment settings to reconstruct the system environment during the incident/bug
• HMD-specific events (e.g. HMDAcquired, HMDMounted, VrFocusAcquired, TrackingAcquired and the corresponding “lost” events) for reconstructing the scenario of the incident/bug
• recentering events and the result of the Meta user entitlement check to reconstruct the sequence of events
• information about the local settings used for the app (e.g. whether keeping the rotation in 360° content enabled during program restarts), to replicate the same settings when the incident/bug happened
• system memory statistics such as total amount of reserved memory, texture memory, texture count, frame rate, frame time, number of draw calls, number of triangles, amount of mesh memory, CPU and GPU levels over time and the status of the internal garbage collection, to give developers an overview of the system status and resources
• results of the recognition of the voice control as text (but no audio data), for the purpose of improving voice control with wrongly detected inputs
• statistics about the app usage, e.g. the number of app starts or the usage time of the app over multiple sessions, for the purpose of supporting debugging and improving the app
• a list of purchased add-ons and/or unlocked rewards, to help debug entitlement and reward-related issues
During run-time, the app itself is not using user-specific data by itself (excluding user inputs or content provided by the user) beyond what is necessary for licensing, rewards and platform features described here. However, the required call to the Meta Entitlement check might internally use user data to verify the entitlement status. We do not have access to the user-specific data used internally by Meta for this entitlement check; please refer to the Meta Horizon Store, Meta's Terms and Conditions and Meta's Privacy Policy for further information.
Meta IDs and/or hashed versions of these may be used to authenticate you as a valid user of our apps. Your reward gallery status is synced externally to guarantee that after a reinstall of the app, you still have access to this content.
Use of Meta User ID and in-app currency (“StereoGold”)
We use the Meta platform feature “User ID” as follows:
• We receive your Meta User ID via the Meta platform. For our internal systems, we immediately convert this User ID into a one-way hash (a pseudonymous identifier). We do not store the plain Meta User ID in our databases.
• We use this hashed User ID to track the amount of StereoGold you have, either collected by app usage or through in-app purchases.
• We also use the same hashed User ID to track which reward galleries you have unlocked and to ensure that these rewards are restored after app reinstallations or when you use the app on the same account again.
This processing is necessary to provide the core functionality of the app (management of StereoGold and unlocked content) and is therefore based on Article 6 (1) (b) GDPR (performance of the contract with you). The hashing of the User ID helps us to minimize the personal data processed.
The hashed User ID and the associated StereoGold and reward gallery data are stored for as long as you use our app and as long as necessary for the purposes described above. If you request deletion of your data, we will delete or anonymize the corresponding records, unless statutory retention obligations apply.
Use of Meta platform features (User ID, User Profile, Avatars)
For Meta Quest devices, we may use platform features such as:
• User ID: grants the app access to the user ID to enable various features
• User Profile: grants the app access to the Meta username and profile photo
• Avatars: grants the app access to Meta Avatars, a persistent identity across the Meta ecosystem. With Meta Avatars, users can bring their visual identities into our app.
We use these features in particular to:
• identify you across sessions and verify your entitlement to use the app;
• associate your in-app currency (StereoGold) and unlocked reward galleries with your account, using a hashed version of your User ID as described above;
• optionally display your Meta username, profile picture and/or Avatar within the app to you and, where applicable, to other users (for example, in multiplayer sessions) so that you can recognize yourself and others;
• ensure that your rewards and progress can be restored if you reinstall the app or switch devices while using the same Meta account.
These platform features are used only to run, support and maintain features of our app requested by you and are used in accordance with the Meta/Oculus Developer Data Use Policy:
https://developer.oculus.com/policy/data-use/ We do not use your Meta User ID or the hash of it for advertising, profiling across different services, or for sharing with third parties, except where necessary for technical processing by our processors (e.g. hosting providers) under data processing agreements.
Voice control
Voice control in the app is executed locally. No audio is submitted to a cloud or another server. As mentioned above, we may store the recognized voice controls as text in the log file, which is only sent to us upon the user's explicit and voluntary command.
In cases where we have user-specific data from you, you can request access to that data by contacting us at the address (email or postal address) above while providing evidence of your user identity. Furthermore, you can request that your user-specific data is deleted by contacting us through the email address mentioned above.
As determined by the Meta Horizon Store, Meta's Terms and Conditions and Meta's Privacy Policy, Meta might collect data from you automatically while using our app. We do not have influence on this and cannot enable or disable it. Data might include: user ratings of the app, time spent in the app, whether the user has been using the app within the last 28 days, aggregated data over multiple users regarding age, gender, country, region and similar properties. Furthermore, crash statistics might be automatically created by Meta and include information about the used devices (e.g. Quest, Quest 2, Quest 3), regions of the user and similar information. We do not control this processing.
Unity game engine
Our virtual reality apps immerGallery, immerGallery Business and immerGallery Demo are based on the Unity game engine. We do not have influence on this processing or direct access to the collected data, but Unity might process some or all of the following information about your device:
unique device identifiers (e.g., IDFV for iOS devices and Android ID for Android devices); IP address; country of install (mapped from IP address); device manufacturer and model; platform type (iOS, Android, Mac, Windows, etc.) and the operating system and version running on your system or device; language; CPU information such as model, the number of CPUs present, frequency, and instruction set support flags; graphics card type and vendor name; graphics card driver name and version; which graphics API is in use (e.g., “OpenGL 2.1” or “Direct3D 9.0c”); amount of system and video RAM present; current screen resolution; version of the Unity Editor used to create the game; sensor flags (e.g., device support for gyroscope, touch pressure or accelerometer); application or bundle identification (“app ID”) of the game installed; unique advertising identifiers provided for iOS and Android devices (e.g., IDFA or Android Ad ID); and a checksum of all the data that gets sent to verify that it transmitted correctly.
For details, please refer to Unity’s own privacy documentation.
Photon Fusion and Photon Voice (multiplayer and voice communication)
Our application integrates Photon Fusion and Photon Voice for multiplayer interaction and voice communication functionalities. These services are provided by Exit Games GmbH, located at Hongkongstr. 7, 20457 Hamburg, Germany (hereinafter referred to as "Photon"). This section outlines the nature, scope and purpose of data processing within our app in relation to Photon's services, in compliance with the General Data Protection Regulation (GDPR).
Photon Fusion and Photon Voice, as components of our app, involve the processing of data on servers managed and operated by Photon. The data processing is carried out on the basis of a Data Processing Agreement (DPA) between us and Photon, in accordance with Article 28 GDPR.
Location and transfer of data: Photon’s server infrastructure is globally distributed to ensure minimal latency and optimal performance. Personal data processed through Photon services may be transferred to, and stored at, a destination outside the European Economic Area (EEA). Photon takes all steps reasonably necessary to ensure that your data is treated securely and in accordance with GDPR standards.
To participate with other users in multiplayer, your chosen player name will be shared with other participants. As you require the same galleries to view them together, the gallery names, the number of content files and potential file paths on the local device may be shared internally in the app for synchronization. Common album titles will be displayed on each client. It will be shared which app version you use and how many galleries you have on your system. An admin status can be exchanged between users to control the multiplayer experience.
We do not share your plain Meta User ID with other users. Where identifiers are used for technical multiplayer coordination, they are limited to what is necessary for this purpose.
Meta (Platform / joint responsibility for platform processing)
Meta Platforms Ireland Ltd. ("Meta")
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland
OpenStreetMap usage in immerGallery, immerGallery Demo and immerGallery Business
In order to provide you with a dynamic map image from your image's metadata or settings you used in the corresponding .immerVR files, we may use the services from the map image provider OpenStreetMap. In order to generate the dynamic map, information like GPS data from the image content or GPS data mapped to certain tiles in a zoomable map might be transmitted. To be able to receive image data, the IP address of the client needs to be used.
The privacy policy (e.g. regarding GDPR) of OpenStreetMap can be found here:
https://wiki.osmfoundation.org/wiki/GDPR_Privacy_Statement
and
https://wiki.osmfoundation.org/wiki/Privacy_Policy
The OpenStreetMap Foundation is located at St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom.
Pastebin usage in immerGallery, immerGallery Demo and immerGallery Business
Services from Pastebin may be used to allow you to access information posted from yourself or others directly inside our app. For example, if you want to send yourself a URL that is long to type, you can instead type it on a PC with a keyboard, paste it to Pastebin and then recover the URL in immerGallery.
Pastebin collects data as explained in their Privacy Statement:
https://pastebin.com/doc_privacy_statement
Much of Pastebin is public-facing. If your content is public-facing, third parties may access and use it in compliance with Pastebin's Terms of Service. Pastebin does not sell that content; it is yours. However, Pastebin does allow third parties, such as research organizations or archives, to compile public-facing Pastebin information, excluding user personal information, per Pastebin's Terms and Agreements:
https://pastebin.com/doc_terms_of_service
Furthermore, Pastebin states that your personal information, associated with your content, may be gathered by third parties in these compilations of Pastebin data. If you do not want your personal information to appear in third parties’ compilations of Pastebin data, please do not make your personal information publicly available on Pastebin.
Pastebin is located at 3000 C St Ste 301, Anchorage, Alaska, 99503, United States.
Spatial conversions inside the app
When you use spatial conversions inside the app, your privacy comes first!
Server Location and Compliance: Our conversions are processed on secure servers in Europe, adhering to GDPR. By using this service you agree to have your data sent there and back to your country of origin.
Content Management: We uphold your privacy by not retaining any rights to your content. Files are stored temporarily for a maximum of 24 hours or are deleted immediately upon successful retrieval.
Encryption and Security: Content is encrypted pre-upload, decrypted only for processing, and re-encrypted for retrieval. Decryption keys are not stored, ensuring exclusive access by your immerGallery.
File Handling: To enhance privacy, we anonymize file names before server upload and restore original filenames on your device locally.
Analytics: We store the start time of conversion requests, processing time, time of successful retrieval, error messages, the number of images processed, a hashed user ID and a hashed IP address to create statistics of the server utilization, to detect errors, to implement limits on how many conversions a certain user can do and to detect unauthorized access attempts. The dimensions of processed images (e.g., 1920x1080) are recorded in our logs.
Additional note on other app stores
The information above explicitly describes distribution via the Meta Horizon Store. If and when our apps are (also) offered via other third-party stores, comparable principles apply: the respective store operator is generally responsible (controller) for store/account operation as well as purchase and payment processing. We do not receive your full payment data (e.g., credit card numbers). Depending on the store, we may receive limited information needed to provide the app/license and support (e.g., confirmation of purchase, product/app identifier, refund status).
The following store operators may apply (depending on availability):
• Steam Store (Valve)
– Operator: Valve Corporation, 10400 NE 4th St., Bellevue, WA 98004, USA
– Privacy Policy: https://store.steampowered.com/privacy_agreement/
– Steam Subscriber Agreement (Terms): https://store.steampowered.com/subscriber_agreement/
• PICO XR Store (PICO)
– Operator: PICO Immersive Pte. Ltd., 1 Raffles Quay, #26-10, South Tower, Singapore 048583
– Privacy Policy: https://www.picoxr.com/global/legal/privacy-policy
– Terms of Service: https://www.picoxr.com/global/legal/terms-of-service
• Google Play Store (Google)
– Service provider for Google Play services: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
– (For EEA/UK paid content, Google may use Google Commerce Limited as contracting party): Google Commerce Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland
– Privacy Policy: https://policies.google.com/privacy?hl=en
– Google Play Terms of Service: https://play.google.com/intl/en/about/play-terms/
For other platforms, such as Steam Store, PICO XR Store, Google Play Store, similiar concepts to the Meta User ID, User Profile and Avatar, but adjusted to these platforms, may be used for the same reasons described above on the Meta platforms.
Alternative licensing for immerGallery Business (outside app stores) via LemonSqueezy
If we offer licenses for immerGallery Business outside an app store (e.g., on our website), we may use LemonSqueezy as reseller/merchant of record for checkout, invoicing, tax handling and payment processing. In this case, LemonSqueezy processes personal data as controller for the payment transaction. We receive only the information necessary to fulfil the purchase and provide support (e.g., name, email address, company and invoice information if provided, purchased product/license details, and transaction identifiers). The legal basis for our processing is Art. 6(1)(b) GDPR (contract fulfilment) and, where applicable, Art. 6(1)(c) GDPR (legal obligations, e.g., tax/accounting) and Art. 6(1)(f) GDPR (legitimate interests, e.g., fraud prevention, support).
• Provider: Lemon Squeezy, 222 South Main Street, Suite 500, Salt Lake City, Utah 84101, USA
• Privacy Policy: https://www.lemonsqueezy.com/privacy
• Buyer Terms & Conditions: https://www.lemonsqueezy.com/buyer-terms
• Terms of Service: https://www.lemonsqueezy.com/terms
• Data Processing Agreement (DPA): https://www.lemonsqueezy.com/dpa
Purpose and legal basis of data processing
Data processing at immerVR GmbH is carried out to provide apps and services for you. We process personal data on the basis of the following legal principles:
• Art. 6 (1) (a) GDPR: Consent
• Art. 6 (1) (b) GDPR: for pre-contractual or contractual measures. These include:
• answering enquiries
• administration
• offer preparation, contract processing and order processing
• providing the platform
• maintaining business relationships
As a company, we are subject to different legal obligations. In order to fulfil these legal obligations, it may be necessary to process personal data on the basis of Art. 6 (1) (c) of the GDPR or Article 6 (1) (e) of the GDPR, such as:
• control and reporting obligations
• creditworthiness, age and identity checks
• prevention of criminal acts
Controller pursuant to Art. 4(7) EU General Data Protection Regulation (GDPR)
immerVR GmbH
Im Zollstock 12
91093 Hessdorf
Germany
Managing Director: Daniel Pohl
Email: support@immervr.com
General information on data processing
When you use our apps, we may process personal data. We always process personal data in compliance with the legal requirements. Personal data are processed only to the extent necessary to provide the respective service and for the purposes described below.
We do not sell personal data.
Information regarding distribution of apps / Meta Horizon Store
Our apps are distributed via Meta Horizon Store. For this purpose, Meta processes personal data as controller. In this context, Meta may process personal data including account data (e.g. Meta account ID, user ID) and other information. We do not control this processing. Please consult Meta's privacy policy at https://www.meta.com/legal/privacy-policy/.
Distribution of apps / use of app / processing of personal data in connection with app
When you use our apps, we may process personal data. The specific processing depends on the feature and service you use.
A. Data processing for technical provision of the app (usage data / log data)
For technical reasons (e.g. to provide and secure the app, to analyze technical errors), our systems may process usage data, such as:
• IP address
• device information (e.g. device type, operating system, language settings)
• timestamps
• app version
• error logs / crash reports (if applicable and supported by the platform)
Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in secure and stable operation) or Art. 6 (1) (b) GDPR if necessary for contract performance.
B. Processing for user-specific features (Meta platform features)
Use of Meta platform features (User ID, User Profile, Avatars)
For Meta Quest devices, we may use platform features such as:
• User ID: grants the app access to the user ID to enable various features
• User Profile: grants the app access to the Meta username and profile photo
• Avatars: grants the app access to Meta Avatars, a persistent identity for users. With Meta Avatars, users can bring their visual identities into our app.
We process the above data only to the extent required to provide the respective app feature (e.g. display username/profile photo, show avatar in multiplayer). Legal basis: Art. 6 (1) (b) GDPR (contract performance) or Art. 6 (1) (f) GDPR (legitimate interest in feature operation).
In cases where we have user-specific data from you, you can request its deletion by contacting us through the email address mentioned above.
As determined by the Meta Horizon Store, Meta's Terms and Conditions apply. Meta as platform provider may process personal data including account data (e.g. Meta account ID, user ID) and other information. We do not control this processing.
C. Online features and multiplayer (Photon / Exit Games)
Our apps may offer online features such as multiplayer. For this we use Photon/Exit Games. When you use these features, your device establishes a connection to Photon servers and the following data may be processed:
• IP address
• device identifiers (as provided by the platform/network stack)
• session identifiers
• game/app events required for the multiplayer functionality
Provider: Exit Games GmbH, Schillerstraße 18, 76135 Karlsruhe, Germany
Privacy policy: https://www.photonengine.com/en-US/PrivacyPolicy
Legal basis: Art. 6 (1) (b) GDPR (contract performance) for providing online/multiplayer features.
D. Third-party content and services used in the app
1) OpenStreetMap
We may integrate map material from OpenStreetMap. Provider: OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom
Privacy policy: https://wiki.osmfoundation.org/wiki/Privacy_Policy
Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in providing map functionality) or Art. 6 (1) (b) GDPR if necessary for a feature.
2) Pastebin
We may use Pastebin to provide logs or share content. Provider: Pastebin.com, 1900 South Norfolk Street, Suite 350, San Mateo, CA 94403, USA
Privacy policy: https://pastebin.com/doc_privacy_statement
Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in support/troubleshooting).
E. Data recipients / transfers
We may use processors (e.g. hosting providers) under data processing agreements.
International transfers: If personal data is transferred to third countries (e.g., via US-based providers), we implement appropriate safeguards (e.g. adequacy decision, standard contractual clauses) where required.
Storage duration
We store personal data only as long as necessary for the purposes described, or as required by law. Log data is typically stored for a limited period for security and troubleshooting, then deleted or anonymized.
Your rights
You have the following rights (subject to legal requirements):
• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw consent at any time (Art. 7 (3) GDPR)
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
If you have any questions or wish to exercise your rights, please contact us at support@immervr.com.
============================================================
B) PRIVACY POLICY FOR OUR WEBSITE AND ONLINE PRESENCE
============================================================
Privacy Policy for our Website (https://www.immerVR.com and related domains)
1. Visiting our website (log files)
When you visit our website, our web server automatically processes certain information that your browser transmits to us. This is technically necessary to display our website and to ensure stability and security (legal basis: Art. 6(1)(f) GDPR; legitimate interest in the secure and reliable operation of the website). The following data may be processed:
• IP address
• date and time of the request
• time zone difference to Greenwich Mean Time (GMT)
• content of the request (specific page)
• access status / HTTP status code
• amount of data transferred
• referrer URL (website from which the request originates)
• browser type/version, language
• operating system and its interface
We store server log files only as long as required for security and troubleshooting, and otherwise delete or anonymize them in accordance with our retention concept.
2. Cookies, consent, and tracking technologies
We use cookies and similar technologies to the extent technically necessary to operate the website.
You can generally prevent the storage of cookies by adjusting your browser settings. Please note that disabling cookies may limit the functionality of the website.
3. Contacting us
If you contact us (e.g., by email), we process the data you provide (e.g., name, email address, content of your message) to respond to your enquiry (legal basis: Art. 6(1)(b) GDPR for (pre-)contractual communication, or Art. 6(1)(f) GDPR for general enquiries).
4. Hosting and processing by processors
We use service providers (processors) for hosting and IT infrastructure:
• STRATO GmbH, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany (privacy policy: https://www.strato.de/datenschutz/)
• Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany (privacy policy: https://www.hetzner.com/legal/privacy-policy)
These providers may process personal data (e.g., IP addresses and server log data) on our behalf to provide hosting and IT services.
5. Newsletter (Brevo, formerly Sendinblue)
If you subscribe to our newsletter, we process your email address (and any voluntary additional data you provide) for sending the newsletter (legal basis: Art. 6(1)(a) GDPR; consent). We use a double opt-in procedure. For proof of consent, we store the registration and confirmation data, including IP address and timestamps.
We use Brevo (formerly Sendinblue) as email service provider:
• Provider: Sendinblue GmbH (Brevo), Köpenicker Str. 126, 10179 Berlin, Germany
• Privacy Policy: https://www.brevo.com/legal/privacypolicy/
You can withdraw your consent at any time, e.g., via the unsubscribe link in each newsletter or by contacting us.
Please note: Newsletter emails may contain web beacons / tracking pixels to measure delivery and open rates and link clicks. If you do not want this, please unsubscribe or configure your email client to not automatically display images.
6. PayPal donation button
If we provide a PayPal donation button on our website, PayPal processes personal data under its own responsibility when you use it (e.g., account data, payment data, transaction data). We may receive limited information required for bookkeeping (e.g., confirmation of payment, name shown in PayPal account statements). Privacy policy: https://www.paypal.com/va/webapps/mpp/ua/privacy-full
7. Embedded YouTube videos
We may embed YouTube videos. When you play a video, information about your use may be transmitted to YouTube/Google (legal basis for embedding: Art. 6(1)(f) GDPR; legitimate interest in an appealing presentation and information). YouTube/Google may process data in the USA and other countries under their own responsibility.
Provider: YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA / Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy Policy: https://policies.google.com/privacy?hl=en
8. Advertising and conversion tracking
We may use the following channels and tools for marketing, optimisation and to measure the effectiveness of our advertising. Where required by law, we use these only with your consent (legal basis: Art. 6(1)(a) GDPR). You can withdraw consent at any time via our consent settings.
• Google Ads Conversion Tracking (Google):
When you click on a Google ad and then visit our website, Google may set a cookie and process information about your visit (including IP address and usage information) to measure conversion success. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. More information and opt-out options: https://www.google.com/settings/ads and https://www.google.com/settings/ads/plugin
• Reddit Ads and Reddit Conversion Tracking:
We may place advertisements on Reddit (Reddit Ads). If you reach our website via a Reddit ad, Reddit may set cookies and process information to measure the effectiveness of the advertising. Provider: Reddit, Inc., 548 Market St. #16093, San Francisco, CA 94104, USA. More information: https://www.redditinc.com/policies/privacy-policy
• Social media advertising (Meta/Facebook/Instagram, X/Twitter):
We may place ads on Meta platforms and X (Twitter). The respective platform provider processes personal data under its own responsibility. Providers include:
– Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (privacy policy: https://www.meta.com/legal/privacy-policy/)
– Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland (privacy information: https://gdpr.twitter.com/)
9. Our social media presence
We maintain profiles/pages on social networks (e.g., Meta/Facebook/Instagram, X/Twitter, LinkedIn, TikTok, YouTube) to communicate with users and provide information (legal basis: Art. 6(1)(f) GDPR; legitimate interest in communication and information). The providers process personal data under their own responsibility. Depending on the platform, joint controllership (Art. 26 GDPR) may apply for certain processing activities (e.g., “Page Insights” on Meta platforms). Please refer to the privacy policies and information of the respective providers.
10. Discord server (community/support)
We operate a Discord server for community exchange and support. Our website itself does not connect to Discord. If you join our Discord server, Discord processes personal data under its own responsibility, and we may receive and process data you voluntarily provide within Discord (e.g., username, profile information, messages, uploaded content) in order to operate and moderate the community and provide support (legal basis: Art. 6(1)(f) GDPR; legitimate interest in community and support).
Server Insights (Discord Community Server analytics)
Our Discord server may be configured as a “Community Server” and may use Discord’s “Server Insights” feature. Server Insights provides aggregated analytics about server growth, activation, engagement, audience and (if enabled) announcement channels. According to Discord, the information shown in Server Insights is aggregated and anonymized, and Discord applies thresholds/bucketing so that individual members cannot be targeted.
Why we use this feature / legal basis
We use Community Server features and Server Insights to operate and improve our community server, in particular to support a safer experience for our users (e.g., enabling Discord’s Community requirements such as verified-email verification level and an explicit media content filter). The legal basis for this processing is Art. 6(1)(f) GDPR (legitimate interest). Our legitimate interest lies in operating a safe, well-moderated community server, preventing abuse, and improving community support.
Opt-out (your choice)
Discord allows users to opt out from having their activity included in Server Insights. If you do not want your activity in servers to be included in Server Insights, you can disable the corresponding Discord account setting (commonly labelled “Use data to improve Discord”) in your Discord user settings. Please note that Discord’s wording and location of this toggle may change over time; current guidance is provided by Discord here:
https://support.discord.com/hc/en-us/articles/360032807371-Server-Insights-FAQ
Additional note (Announcement Channels)
Discord notes that users who post in Announcement Channels may need to have “Use data to improve Discord” enabled in order for their announcement statistics to appear in the Server Insights “Announcement Channels” section.
Provider:
• Discord Netherlands B.V., Schiphol Boulevard 195, 1118BG Schiphol, Netherlands (EEA controller)
• Discord Inc., 444 De Haro Street #200, San Francisco, CA 94107, USA
Privacy Policy: https://discord.com/privacy
Terms of Service: https://discord.com/terms
11. Reddit (community presence)
If we maintain a presence on Reddit, the same applies as for other social media: Reddit processes personal data under its own responsibility. Please refer to Reddit’s privacy policy and terms at https://www.redditinc.com/. Reddit, Inc. is located at 548 Market St. #16093, San Francisco, California 94104, USA and Reddit Ireland Limited, Attn: Reddit EU Data Inquiries, Georges Quay Plaza, Floor 2 - 101, Dublin D02 F856, Ireland.
12. Data subject rights
You have the rights described below in the section “Your rights / Rights of the data subject” (access, rectification, deletion, restriction, data portability, objection, withdrawal of consent, complaint). These rights apply to our website processing as well.
==========
C) GENERAL
==========
No obligation to provide and consequences of non-provision
The provision of personal data is not legally or contractually prescribed and you are not obliged to provide data. We will inform you in the course of the input process if the provision of personal data is required for the relevant service (e.g. by calling it a “mandatory field”). In the case of necessary data, non-provision means that the service in question cannot be provided.
Storage time of your data
We process your personal data, where necessary, for the duration of the business relationship and as long as it is necessary for the aforementioned purposes, as well as in accordance with the statutory retention and documentation obligations arising in particular from the fiscal code and the commercial code, which usually amount to 10 years. In addition, personal data may be stored and stored for as long as the data are relevant to pending judicial or administrative proceedings in which the controller has a party status.
You have the right to object to the processing of your personal data at any time. Please send this in writing by email or by post to the address of the ImmerVR GmbH. We kindly point out that the exercise of their rights may, in individual cases, be subject to certain conditions.
Ensuring data security and data protection
To ensure the protection and security of your personal data, we are implementing a large number of technical and organisational security measures, the effectiveness of which we regularly review.
Your rights / Rights of the data subject (GDPR)
If the legal requirements are met, you have the following rights with regard to your personal data:
• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw consent at any time (Art. 7(3) GDPR), without affecting the lawfulness of processing before withdrawal
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
To exercise your rights, please contact us at support@immervr.com.
Last updated: 15 December 2025