Talespin Reality Labs, Inc. (“Talespin, “we”, “us”, and “our”) provides products and services (“Services”) that enable customers (“Customers”) and their employees or designated users (“End Users”) to leverage virtual reality for training and learning purposes via our SaaS, widget and application Customer platforms (“Customer Platforms”).
· From our website at www.talespin.com (“Site”);
· From the Customer Platforms (which may include a dedicated app) in connection with our Services; and
· When you otherwise communicate with us, such as through email or via social media platforms.
Talespin is a Delaware corporation with the following contact information:
Talespin Reality Labs, Inc.
600 Corporate Pointe, Suite 1130
Culver City, CA 90230
With respect to its collection and processing or personal information, Talespin acts either as a:
· ‘Data controller’ when it collects personal information on its own behalf and for its own business purposes, such as through our Site, or
· ‘Data processor’ when it collects and processes personal information on behalf of its Customers in order to provide the Services.
Attn: Legal Department
Talespin Reality Labs, Inc.
600 Corporate Pointe, Suite 1130
Culver City, CA 90230
United States Individuals in the EEA may contact Talespin at: firstname.lastname@example.org
We are located in the United States, and the personal information that we collect is stored on servers hosted by us or our authorized third-party service providers located in the United States. This means that your personal information will be collected, processed, and stored in the United States, which may have data protection laws that are different from (and sometimes less protective than) the laws of your country or region, such as the EU’s General Data Protection Regulation (“GDPR”).
Visiting the Site
When you visit the Site, you may fill out a web form and share your personal information with us directly, such as on our “Contact Us” page, on our “Request a Demo” page, or when you chat with us. Information we collect consists of:
· E-mail address
· Phone number
· Company name
· Job title and position
Occasionally, we may also offer opportunities for you to share your data with us such as through a survey, to sign up for a newsletter, or to register for or receive details about an event we are sponsoring. If you participate in those surveys, sign up for a newsletter, or register for an event, we will collect the information you provide to us at that time.
In addition, if you send us an email or otherwise contact us, we will collect the personal information that you provide to us at that time.
Signing up for Our Services
When you become a Customer, we will collect information from you, some of which may include personal information, including name, e-mail address, phone number, company information. Customers and End Users provide us directly with their personal information in connection with their accounts.
When you visit the Site, we, or authorized third parties, collect some information, including Device and Usage Information described below, by automated means using cookies, web beacons, SDKs and server logs for analytic purposes. For more information on our use of these technologies and the data that they collect, please see our Cookie Statement. We may also collect information from third parties, as explained below.
Device and Usage Information
When you visit, use or interact with the Site, even if you do not have an account, we, or authorized third parties (such as service providers or, as explained below, External Ad Partners), may collect information about your use of the Site via your device. Device and Usage Information that we, or these authorized third parties, collect consists of:
· Information About your Device: information about the devices and software you use to access the Site – primarily the internet browser or mobile device that you use, the website or source that linked or referred you to the Site, your IP address or device ID (or other persistent identifier that uniquely identifies your computer or mobile device on the Internet), the operating system of your computer or mobile device, device screen size, and other similar technical information.
· Usage Information: information about your interactions with the Site, including access dates and times, hardware and software information, device event information, crash data, and cookie data. This information allows us to understand the screens that you view, how you have used the Site (which may include administrative and support communications with us or whether you have clicked on third party links), and other actions on the Site. We, or our authorized third parties, automatically collect log data when you access and use the Site, even if you have not created an account or logged in. We use this information to administer and improve the Site, analyze trends, track visitors’ use of the Site, and gather broad demographic information for aggregate use.
· Location Data: we, or authorized third parties, collect your location data, including city, metro code, zip code, state, country, latitude and longitude, and area code through your IP address. To disable the collection of precise location information from your mobile device through the Site, you can access your mobile device settings and choose to limit that collection.
Please note that cookies or similar technologies that we use on the Customer Platforms are functional and only intended to assist with providing the Services.
Information from Third Parties
In some instances, we process personal information from third parties, which consists of:
· Data from our partners and service providers, such as transaction information from providers of payment services
· Data from our External Ad Partners (described here) (NOT APPLICABLE).
Once Customers have registered for our Services, we collect information about End Users who will be using the Services (“End User Information”). This information consists of:
· End User first and last name
· End User email
· End User username and password
· End User ID where a Customer has assigned employee IDs (optional)
· End User Job title/role (optional).
We also record and collect End User actions on the Customer Platform and their interactions with the module(s) when using the Services:
· Recorded audio
· Voice input
· Narrative text
· End User performance capture
As ‘data controllers’ of End User Information, Customers are responsible for providing information to individuals in the EEA and United Kingdom, including the purposes of collection, legal bases, and your rights. As explained below, if we receive a notification from a Customer regarding an individual wishing to exercise his/her exercising, we will assist said Customer with responding to and honoring such requests according to the Customer’s instructions.
This End User Information is collected by Talespin for the sole purpose of providing and improving the Services and Customer Platforms.
We, or our authorized partners, collect and process personal information in order to:
· Provide the Site
· Provide the Customer Platforms and our Services to End Users
· Ensure that the Site and Customer Platforms are operational and optimized for user experience
· Improve the content and general administration of the Site, Services and Customer Platforms
· Enhance User experience, including to provide customer support
· Detect fraud, illegal activities, or security breaches
· Enable third parties to deliver advertising to you
· Provide you with notices regarding Services that you have purchased or may wish to purchase in the future including, in some cases, to send you direct marketing communications regarding other services that we may think are of interest to you
· Respond to your queries and requests, or otherwise communicate directly with you
· Perform system maintenance and upgrades, and enable new features
· Understand how you access and use the Site and Customer Platforms in order to provide technical functionality, develop new products and services
· Conduct statistical analyses and analytics based on usage and activity on the Site
· Enforce our agreements with you if necessary
Individuals located in the EEA and the United Kingdom, please see Additional Information for Individuals in the EEA and the United Kingdom below for more information, including our legal bases for processing.
We disclose your personal information under certain circumstances as further described below.
Third Parties and Service Providers
Talespin shares personal information, including End User Information, with our third party agents, contractors, or service providers who are hired to perform services on our behalf or in order to assist with certain business purposes. These providers may operate or support certain functions of the Site, Customer Platforms and/or Services. Below is a list of categories of service providers that we may use to perform these functions (which are subject to change):
· Analytics services
· Customer support services
· Billing services and payment gateway providers
· Hosting and content delivery network services
· Communication tools
· Professional services (such as auditors, lawyers, consultants, accountants and insurers)
· End User audio and visual data collection services on Customer Platforms
· Virtual reality hardware and software applications
· Customer Relationship Management (CRM) solutions
Service providers process your personal information for the specific purpose of providing their services to us (and in accordance with our instructions).
As explained here, we also disclose personal information regarding our Customers and their contact persons who signed up to use the Services (but excluding End Users Information), as well as Site visitors, to External Ad Partners who assist us with advertising and marketing our Services. In some cases, service providers and External Ad Partners collect your personal information directly from you, such as via cookies.
We may share data collected from you with our affiliates.
As we continue to grow, we may purchase websites, applications, subsidiaries, or other businesses or business units. Alternatively, we may sell businesses or business units, merge with other entities, obtain financing, and/or sell assets or stock, in some cases, as part of a reorganization or liquidation in bankruptcy. In order to evaluate and/or as part of these transactions, we may transfer your personal information to a successor entity upon a merger, consolidation, or other corporate reorganization in which Talespin participates, to investors and/or to a purchaser or acquirer of all or a portion of Talespin’s assets, including bankruptcy.
Aggregated or Anonymized Information
We share anonymized, aggregated, automatically-collected, or otherwise non-personal information with third parties for various purposes, including (i) compliance with reporting obligations; (ii) business or marketing purposes; (iii) assistance for us and other parties in understanding our users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, and/or functionality available through the Services. We do not share personal information about you in this case.
Legal Obligations and Security
If we are required to disclose personal information by law, such as pursuant to a subpoena, warrant, or other judicial or administrative order, we will use reasonable efforts to provide you with notice of this disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Our policy is to respond to requests that are properly issued by law enforcement within the United States or via mutual legal assistance mechanism (such as a treaty), and to object to requests that we do not believe were issued properly. However, if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), which will be determined on a case-by-case basis.
We do not knowingly collect any personal information directly from children under the age of 16. If we discover we have received any personal information from a child under the age of 16 in violation of this Policy, we will take reasonable steps to delete that information as quickly as possible. If you believe that we have any personal information from or about anyone under the age of 16, please contact us at email@example.com.
The Site uses third-party analytics tools that drop cookies and/or similar technologies to collect and store information about your device and use of the Site. We use analytics tools to calculate visitor, session and campaign data for analytics reports.
We market our company and Services in a variety of ways. We may gather information from or about you in the following different roles:
· Individuals, entities and others who have no relationship with Talespin, meaning that Talespin has acquired data about them through a third party (“Leads”) or they have visited the Site
· Individuals, entities or others who have contacted Talespin or otherwise inquired about Talespin’s Services
In some cases, you provide personal information directly to Talespin as part of a marketing event that Talespin hosts or co-hosts, such as when you attend an event, through email or when you schedule a demo. Occasionally, and in some cases only with your consent, we may send you future communications. We may also acquire personal information about you when you visit our Site or Social Media Accounts (see below). Talespin also engages third parties who provide us with contact information for Leads. When acquiring information from third parties, Talespin endeavors to obtain contractual commitments from the third parties that the information was acquired lawfully and with the appropriate level of consent.
Our communications to you for marketing purposes will contain instructions on how you can opt-out from receiving future communications, and if you consent to our use of your personal information for marketing purposes, you may always withdraw your consent. You may also directly contact Talespin about its marketing activities at firstname.lastname@example.org.
Individuals in the EEA and the United Kingdom have additional rights, as explained here.
Talespin maintains an online presence on social media platforms (“Social Media Platforms”) such as Instagram, Twitter or Facebook, to provide information about our Services and communicate with users and/or visitors to those pages or accounts. When you interact or post to our account, we process your personal information. In some cases, the Social Media Platforms are service providers or processors. In other cases, such as with Facebook, we are jointly responsible for the processing, as explained in the section titled Talespin as a ‘Joint Controller’ with Facebook.
Talespin uses Oculus hardware and enterprise software (“Facebook Enterprise Products”) provided by Facebook Technologies, LLC (“Facebook”) in order to provide the Services. In connection with Customers’ and End Users’ use of Facebook Enterprise Products, Facebook will automatically collect the following data:
· Information related to device status and performance, such as battery life, OS version, controller pairing status, last time active, the rate at which a device displays images, or memory usage.
· Device settings and configurations, such as a list of installed apps, behavior configured to the Oculus button, and whether Kiosk mode or Guardian mode has been turned on or off.
· Information about your interactions with the Facebook Enterprise Products, including information about your interactions with features, applications, or other experiences.
· Information about how you access the Facebook Enterprise Products, including the type of device used and IP address.
· Anonymized data collected when an app you are using crashes, such as which app was running, recent actions performed in the app, and information related to device health, settings and configurations. This anonymized data is used to identify and fix bugs and other technical issues and to improve the Enterprise Software, and may be provided to app developers to help them identify and fix bugs in their apps.
· Information collected in or through cookies, local storage, and similar technologies on our device management website (see https://www.workplace.com/work/legal/FB_Work_Cookies for more information).
Facebook uses and shares such data in accordance with the Oculus for Business Privacy Disclosure available here.
Talespin collects and has access to data about End Users for purposes of provisioning, managing and monitoring their use of Facebook Enterprise Products and providing support to Customers and End Users. Facebook is not responsible for Talespin’s collection, use, storage, and disclosure of data related to Customers’ and End Users’ use of Facebook Enterprise Products or software and experiences provided by Talespin, which are the sole responsibility of Talespin.
We use reasonably appropriate security measures designed to protect the security of personal information both online and offline. These measures vary based on the sensitivity of the information that we collect, process and store and the current state of technology. Please note, though, that no website or internet transmission is completely secure, so while we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.
Certain internet web browsers allow a “do not track” (DNT) setting that relies on a technology known as a DNT header, which sends a signal to websites visited by the individual about the individual’s browser DNT setting. At this time, we do not currently respond to DNT signals, whether that signal is received on a computer or on a mobile device. Learn more about DNT here.
How you make choices about cookies and other tracking technologies depends on the type of cookie or tracking technology being used. For details on how to manage your preferences for cookies and tracking technologies within your web browser, please see our Cookie Statement.
Some visitors in some locations may be required opt-in to non-essential cookies, as explained in the Cookie Statement.
If you are receiving promotional emails from us, you can choose to stop receiving those by following the unsubscribe/opt-out instructions in those emails. You can also opt-out by contacting us at email@example.com.
To request access to, or to make changes to, data that we have collected from you via the Customer Platforms, please email us at firstname.lastname@example.org.
We do not sell your personal information within the scope of, and according to the defined meaning of a “sale” under, NRS 603A.
Note: for purposes of this section, “personal information” has the same meaning as “personal data” as such term is defined in applicable data protection laws.
The categories of recipients of personal information with whom we may share your personal information are listed in Disclosure of Your Personal Information above.
Talespin as ‘Data Controller’
As a ‘data controller’, Talespin processes your personal information for a number of different purposes. Some are essential for us to provide the Services or to fulfill our legal obligations, some help us run the Services efficiently and effectively, and some enable us to provide you with more relevant and personalized offers and information. In all cases, with respect to individuals in the EEA, we must have a reason and a legal ground for processing your personal information. The most common legal grounds on which we rely are briefly explained below:
· Performance of a Contract: we may process your personal information in order to enter into, or perform a contract to which you are a party –for instance, when a Customer signs up for the Services.
· Legitimate Interests: we may process personal information where it is necessary for our legitimate business interests, but only to the extent that they are not outweighed by your own interests or fundamental rights and freedoms. When we rely on this legal basis, if required, we will carry out a legitimate interest assessment to ensure we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws.
· Consent: We rely on consent where it is required, such as when we are asking you to confirm your marketing preferences. When we rely on consent, you will be asked to confirm that you give your permission to Talespin to process your personal information. You have the right to withdraw your consent at any time if you no longer want to be part of the Talespin processing activity where your consent was sought.
· Legal Obligation: Talespin may have legal obligations to retain and/or disclose your personal information, or may cooperate in a legal or governmental investigation. It is essential that Talespin complies with its legal, regulatory, and contractual requirements, so if you object to this processing, Talespin will not be able to provide its Services to you.
The following breakdown illustrates in more detail our processing activities and how the above legal bases for processing apply (in brackets):
· Provide the Site [Legal Basis: Performance of a Contract]
· Provide the Customer Platforms and our Services to Customers and End Users [Legal Basis: Performance of a Contract]
· Ensure that the Site and Customer Platforms are operational and optimized for user experience [Legal Basis: Legitimate Interests or Performance of a Contract, depending on the specific use]
· Improve the content and general administration of the Site, Services and Customer Platforms [Legal Basis: Legitimate Interests]
· Enhance user experience, including to provide you with customer support [Legal Basis: Legitimate Interests]
· Detect fraud, illegal activities, or security breaches [Legal Basis: Legitimate Interests]
· Except with respect to End User Information, enable third parties to deliver advertising to you [Legal Basis: Legitimate Interests or Consent, depending on the specific circumstances]
· Provide you with notices regarding Services that you have purchased [Legal Basis: Performance of a Contract]
· Providing you information about Services that you may wish to purchase in the future including, in some cases, to send you direct marketing communications regarding other services that we may think are of interest to you [Legal Basis: Legitimate Interests]
· Respond to your queries and requests, or otherwise communicate directly with you [Legal Basis: Legitimate Interests or Performance of a Contract, depending on the specific use]
· Perform system maintenance and upgrades, and enable new features [Legal Basis: Legitimate Interests]
· Understand how you access and use the Site and Customer Platforms in order to provide technical functionality and develop new products and services [Legal Basis: Legitimate Interests]
· Conduct statistical analyses and analytics based on usage and activity on the Site Legal Basis: Legitimate Interests or Consent, depending on the specific circumstances]
· Enforce our agreements with you if necessary [Legal Basis: Legitimate Interests]
Talespin as a ‘Joint Controller’ with Facebook
We have a presence on Facebook (including Instagram). With respect to our use of Facebook, we are jointly responsible with Facebook Ireland for the processing activities (“Joint Processing”) with respect to your personal information:
Facebook Ireland Ltd.,
4 Grand Canal Square, Grand Canal Harbor
Dublin 2, Ireland
Information about the personal information that is collected from you by Facebook, as well as how and why it is processed by Facebook, can be found at https://www.facebook.com/about/privacy.
Talespin and Facebook have entered into entered into an agreement in order to determine the respective responsibilities for compliance with our obligations in connection with the Joint Processing within the meaning of the GDPR. This joint controller agreement, which sets out the reciprocal obligations, is available here.
Talespin’s legal basis for processing your personal information via Facebook is our legitimate interest in promoting our Services.
It cannot be excluded that some processing by Facebook Ireland Ltd. will also take place in the United States by Facebook Inc.
We use the following criteria to determine our retention periods: the amount, nature and sensitivity of your information, the reasons for which we collect and process your personal information, the length of time we have an ongoing relationship with you and provide you with access to our Services, and applicable legal requirements. We will retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax, or accounting requirements), when we are unable to reasonably verify your identity, or as may otherwise be required under GDPR. Additionally, we cannot delete information when it is needed for the establishment, exercise, or defense of legal claims (also known as a “litigation hold”). In this case, the information must be retained as long as needed for exercising respective potential legal claims.
When we have no ongoing business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), we will securely store your personal information and isolate it from any further processing until deletion is possible. If you have questions about, or need further information concerning, our data retention periods, please email email@example.com.
IF YOU ARE AN END USER, YOU MUST CONTACT THE CUSTOMER(S) (ACTING AS ‘DATA CONTROLLER’) ON BEHALF OF WHICH TALESPIN PROVIDES THE SERVICES AND COLLECTS PERSONAL INFORMATION, AS EXPLAINED HERE. IF WE RECEIVE REQUESTS FROM END USERS, WE WILL SEND THOSE REQUESTS TO THE RELEVANT CUSTOMER, WHO WILL BE RESPONSIBLE FOR RESPONDING TO AND ADDRESSING RIGHTS REQUESTS, WITH OUR COOPERATION.
If the GDPR (or its equivalent in the United Kingdom) applies to you because you are in the EEA or the United Kingdom, you have certain rights in relation to your personal information:
· The right to be informed – our obligation to inform you that we process your personal information (and that is what we are doing in this Privacy Notice)
· The right of access – your right to request a copy of the personal information we hold about you (also known as a ‘data subject access request’)
· The right to rectification – your right to request that we correct personal information about you if it is incomplete or inaccurate (though we generally recommend first making any changes in your Account Settings)
· The right to erasure (also known as the ‘right to be forgotten’) – under certain circumstances, you may ask us to delete the personal information we have about you (unless there is an overriding legal reason we need to keep it)
· The right to restrict processing – your right, under certain circumstances, to ask us to suspend our processing of your personal information
· The right to data portability – your right to ask us for a copy of your personal information in a common format (for example, a .csv file)
· The right to object – your right to object to us processing your personal information (for example, if you object to us processing your data for direct marketing)
· Rights in relation to automated decision-making and profiling – our obligation to be transparent about any profiling we do, or any automated decision-making.
These rights are subject to certain rules around when you can exercise them. If are located in the EEA and wish to exercise any of the rights set out above, please contact us (see How to Contact Us about Privacy).
You will not have to pay a fee to access your personal information (or to exercise any of the other rights) unless your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request under those circumstances.
We may need to request specific information from you to help us confirm your identity. This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. Note that if we are unable to reasonably confirm your identity, we will not be able to honor certain requests.
We will respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated as required by law.
In addition, if you no longer wish to receive our marketing/promotional information, we remind you that you may withdraw your consent to direct marketing at any time directly from the unsubscribe link included in each electronic marketing message we send to you. If you do so, we will promptly update our databases, and will take all reasonable steps to meet your request at the earliest possible opportunity, but we may continue to contact you to the extent necessary for the purposes of providing our Services.
Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to address your concerns before you approach the supervisory authority, so please contact us directly first.
Last updated: May 20, 2021
When you visit the Site or use the Services, we and our service providers acting on our behalf automatically collect certain data using tracking technologies like cookies, web beacons, and similar technologies:
· A cookie is a small amount of data, which often includes an anonymous unique identifier that is sent to your browser from a website’s computers and stored on your computer’s hard drive.
· Other technologies (such as SDKs) incorporate third party computer code into our Services.
· Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you viewed a particular website tied to the web beacon, and a description of a website tied to the web beacon.
All modern Internet browsers allow you to control your cookie settings. These settings are usually accessed in the ‘Options’ or ‘Preferences’ section of your browser. On your mobile device, go to Settings, then go to the specific web-browser, and then to the Cookies section. Please note that certain features of the website will not be available once cookies are disabled. For further information about cookies and how to manage them, please visit www.allaboutcookies.org.
Some cookies (i.e., essential) cannot be disabled, while others may but this may impact your use of the Site or Services.
Here is a basic description and overview of the type of cookies Talespin uses:
Essential cookies make it possible for you to access the Site and/or Customer Platforms, navigate within the Site and/or Customer Platforms, and access information related to your account.
With respect to Customer Platforms, each time you log in, a cookie containing an encrypted, unique identifier that is tied to your account is placed on your browser. These cookies allow Talespin to uniquely identify you when you are logged into the Customer Platforms and to process your requests.
Essential cookies are necessary to operate the account portal, so you can’t opt out of them.
Functionality cookies allow the Site and/or Customer Platforms to remember information you have entered or preferences you select, and provide enhanced, more personal features. These cookies allow you to optimize your use of the Services after logging in. These cookies can also be used to remember changes you have made to the portions of your account that you can customize.
You can use your browser settings to opt out of functionality cookies. For more information on how to do that, click here. Note that opting out may affect the functionality of our Site or Services for you.
Third party service providers that currently place functionality cookies within the Services or Site include:
These cookies collect data about how visitors use the Site or Services. This includes data like which pages visitors go to the most. These cookies don’t collect information that individually identifies visitors. The data these cookies collect is aggregated and intended to be anonymous and used to improve how the site functions and performs.
Third party service providers that currently place performance cookies within the Services or Site include:
Google Analytics: We use Google Analytics to help analyze page statistics and user behavior to the Site and Services. For information on how to opt-out of tracking technologies from Google Analytics, click here.
To learn more about how to opt out of targeting and advertising cookies, you can go to the Your Online Choices page, the Network Advertising Initiative page, and the Digital Advertising Alliance’s Consumer Choice page. These opt-out tools are provided by third parties, not Talespin. We do not control or operate these tools or the choices that advertisers and others provide through these tools.
Third party service providers that currently place advertising cookies within the Site include:
The above table lists the third-party service providers that Talespin currently authorizes to place cookies or similar technologies. This table is subject to change and may not necessarily include all third-party service providers that Talespin uses at any given time.
If you have any questions, contact us at firstname.lastname@example.org.
Last updated: May 20, 2021