PRIVACY NOTICE

Last updated: Apr 15, 2024

1. General

Vobling with the registered name of “Vobling AB”, org. no. 559019-6951, a company registered in Sweden at the registered address Torsgatan 26, 113 21 Stockholm (“Vobling”, “we”, or “us”), cares about your privacy and wants you to understand how we collect and use your personal data. This privacy notice (“Notice”) explains how we process your personal data when you interact with us through our website www.vobling.com (“Website”), when you become our customer or business partner (e.g., a reseller), as well as when you use our applications and our product VR Fire Trainer Interactive Extinguisher (collectively called “Services”).

Vobling processes personal data in either one of two capacities depending on the relationship in which we process the personal data:

  • Vobling is the controller of the personal data when we process it pursuant to an agreement with you as a private customer and use our Services, when you have or you are about to have a business relationship with us, or when you otherwise interact with us through our Website.
  • Vobling is the processor of the personal data when we process the personal data on behalf of our corporate customers, who assign access to the Service to users, mainly their employees. In such cases, our corporate customer at hand is the controller of the personal data, therefore for more information about the processing, consult the respective controller’s privacy notice.

In any case we consider Vobling responsible for and committed to processing the personal data in accordance with applicable data protection laws, such as the EU General Data Protection Regulation 2016/679 (“GDPR"). You can get in touch with Vobling using the contact details set out in section 9 below.

We encourage you to read this Notice in full to ensure that you fully understand how we will process your personal data in relation to our Services.

2. What personal data we process and how we collect it

We collect information about you that constitutes personal data, i.e, information that alone or in combination with other information identifies you or can reasonably lead to your identification.

We collect personal data directly from you when you: (i) fill informs on the Website (ii) use the Services, (iii) or as you otherwise interact with us, i.e. on social media.

However, depending on the purpose of the processing we collect information about you from other sources. This could include, for example, when you are using our Services we collect limited information which in certain cases constitutes personal data from the VR Headset provider. Note that this Notice does not cover other parties, their products or services and we don’t control how these third parties collect or otherwise process your personal data. To find out more information about how these third parties process your personal data and about their data protection practices, please consult their privacy notices.

For sales purposes, we also collect and process personal data that is publicly available, for example information on websites and/or social media such as LinkedIn.

The personal data categories that we will process are:

  • Contact Data, which comprises information that would help us connect with you and includes your name, email address, and in certain cases your phone number. Depending on whether you are a private customer or represent a corporate customer, you may choose to disclose your private or business contact details.
  • Identity Data, which comprises information that helps us identify the license under which you are using our Application, which includes the license key, the VR Headset internal fingerprint number and country.
  • Profile Data, which comprises information about you when you are interested in or choose to become a customer to us or our business partner and that help us manage our relationship with you. This category includes your name, email address, phone number, job title, company name, company domain name, information about the company that you represent and country.
  • Transaction Data, which comprises information about you that allows us to process your payments and includes information about your bank account, payment card details, and billing address, and amount paid purchase order number. This is relevant only if you are a private customer or sole trader. If transaction data concern a company, this is not considered personal data under the GDPR.
  • Communication Data, which comprises information about you that we collect through our interaction and includes the content of our communications with you, such as inquiries that you sent through the contact form at the Website, email content that we may exchange, or the content of messages that we may exchange by another communication channel.

3. How, why and on what legal basis we process your personal data

In this section, we explain the different purposes for which we will process your personal data, how and how long we will process it, as well as our legal basis to do so. According to applicable data protection laws, we need to establish that a legal ground (otherwise called a “legal basis”) exists to base the processing of the personal data.

3.1 When you visit the Website

We will process personal data about you when you send an inquiry to us regarding our Services or/and express your interest in purchasing our Services, by submitting the contact form on the Website. For this purpose, we will process the following personal data categories:

  • Contact Data
  • Profile Data
  • Communication Data

We will process the personal data described above on the basis that it is necessary for our legitimate interest in operating our business and to answer questions from potential customers that are interested in our Services. We will delete this personal data 12 months after our last communication.

3.2 When you express interest in becoming and when you become a business partner

We will process personal data about you when you express your interest in becoming our business partner such as a reseller for the VR Fire Trainer Interactive Extinguisher, by submitting the contact form on the Website and when you have become a business partner. For this purpose, we will process the following personal data categories:

  • Contact Data
  • Profile Data
  • Communication Data
  • Transaction Data (only if you become a business partner)

We will process the personal data described above on the basis that it is necessary for our legitimate interest to engage with potential business partners or to be able to manages our business relationship with the company that you represent. If you are a sole trader, we will process your personal data on the basis that it is necessary for the performance of a contract with you.

If the company that you represent becomes our business partner, we will store the above personal data about you for as long as we have an active contractual relationship with the company that you are representing. Otherwise, we will delete this information after 12 months.

3.3 When you purchase our Services

We will process personal data about you when you become our customer, in other words, when you or the company that you represent buys a license to the Services to manage your order of our Services. For this purpose, we will process the following personal data categories:

  • Contact Data
  • Transaktion Data

If you are a private customer or a sole trader, we will process this personal data described above on the basis that it is necessary for the performance of a contract with you.

If the company that you are representing has purchased our Services, we base the processing of your personal data on our legitimate interest to providing your company that you represent with the ordered Services.

We will store the personal data for as long as we have an active contractual relationship with you or the company that you represent.

However, we may store Transaction data for as long as this is required by applicable tax or accounting requirements. To the extent we are subject to these requirements, for this processing, our legal basis is that the relevant processing is necessary to comply with our legal obligations. As this period may change from time to time through an amendment of applicable law or depending on the jurisdiction you are subject to, for more information about the retention of your personal for this purpose, you can contact us at info@vrfiretrainer.com.

3.4 When you use the Service

When you use the Services, we will process personal data that will only indirectly identify you as strictly necessary to provide and enable you to access and use our Services.

For this purpose, we will process the following category of personal data category:

  • Identity Data

If you are a private customer, we will process this personal data described above on the basis that it is necessary for the performance of a contract with you. We will store the personal data for as long as we have an active contractual relationship with you. Your personal data will be deleted 12 months after the termination of the contract.

If you are using the Service as part of your relationship with our corporate customers, we will process this data on the behalf of the corporate customer assigning access to the Service, such as your employer. This means that we are a processor and not the controller of this personal data. Therefore, for more information about the processing, consult the respective controller’s privacy notice.

3.5 To provide customer support

When we provide support in relation to our Service, we process your personal data to provide you with support. For this purpose, we will process the following personal data categories:

  • Contact Data
  • Communication Data

If you are a private customer, we will process this personal data described above on the basis that it is necessary for the performance of a contract with you. We will store the personal data for as long as long as we have an active contractual relationship you.

If you are using the Service as part of your relationship with our corporate customers, we will process this data on the behalf of the corporate customer assigning access to the Service, such as your employer. This means that we are a processor and not the controller of this personal data. Therefore, for more information about the processing, consult the respective controller’s privacy notice.

3.6 To register you for an event or enable you to download our informational materials

From time to time, we organise events and webinars that you can attend and/or after your participation to such events we would like to send invitations to you about similar events / webinars that we organize in the future. We also prepare informational material (such as white papers) that you can download by filling in the registration form on our Website. For this purpose, we will process the following personal data category:

  • Contact Data

We will process the personal data described above for this purpose on the basis that it is necessary for our legitimate interest in organizing informative events and webinars, managing the registration process for such events and/or providing you with material about the Services that we think will be interesting to you. We store and further process this personal data to send you invites to similar events / webinars for 12 months after your initial request. You can opt-out from receiving relevant material at any given time.

3.7 To market our Services

In certain circumstances that you interact with us, such as when you request relevant material from us, you may opt-in to be contacted regarding our Services and products. For this purpose, we will process the following personal data category:

  • Contact Data

We process the personal data described above for this purpose based on your prior consent to be contacted for marketing and we will store this personal data for as long as we have your consent to do so. Note that you can withdraw your consent at any time.

3.8 To send our newsletter to you

When you subscribe to our newsletter, we will ask you to provide us with your email address so that we can send our newsletter to you via email.

We process your email address for this purpose based on your prior consent and we will store this personal data for as long as we have your consent to do so. Note that you can withdraw your consent at any time.

3.9 To establish, exercise or defend against legal claims

We will store the personal data described under section 2 to the extent that it is necessary to establish, exercise or defend ourselves against legal claims and/or to deal with litigation or regulatory matters. For this purpose, we will or may process the following personal data category:

  • Contact Data
  • Identity Data
  • Transaction Data
  • Communication Data
  • Profile Data

Where this is the case, our legal basis for this processing is that it is necessary for the purposes of our legitimate interest to establish, exercise, or defend against legal claims.

The categories of personal data that we will process for this purpose, and the retention time for which we will retain data for this purpose, will vary depending on the specific case at hand. However, in each case, we will only process personal data for as long as we have a legitimate reason to do so lawfully. For further information, you can contact us at info@vrfiretrainer.com for more information.

3.10 To manage our relationship with you and create statistics

We process your personal data in order to manage our relationship with you as well as for statistical and reporting purposes in our Customer Relationship Management systems (“CRM systems”). For these purposes, we will process the following personal data categories:

  • Contact Data
  • Profile Data
  • Communication Data

Our CRM systems support our marketing and administrative business operations. We will process the personal data described above on the basis that it is necessary for our legitimate interest to operate and administer our business, to manage our relationship with our existing or potential customers and business partners, to be able to make data driven business decisions, and to support our marketing activities.

Where the organisation you work for is an existing customer or partner of ours, we will store your personal data in our CRM systems for 12 months after such organisation has stopped being a customer or partner of ours. Where the organisation you work for is a prospective customer or partner of ours, we will store your personal data in our CRM systems for 12 months after our last communication with you.

3.11 Cookies and similar tracking technologies (“Cookies”)

When you interact with us through our Website and use the Services, we place Cookies on your device which will collect and share with us technical information, including your IP address and the type of browser that you are using. For more information about the types of Cookies we use, what we use them for, the retention period, and how you can control Cookies, please read our Cookie notice available here.

In certain cases, Cookies collect personal data, such as your IP address. We further process this personal data for statistical and reporting purposes, where we aggregate such personal data to minimise or eliminate the risk of re-identification. For this processing we rely on our legitimate interest to make data driven decisions to improve our Services.

4. Special categories or sensitive personal data

Please note that we will not collect any personal data categories that are considered special or sensitive, under applicable data protection laws (such as information about your racial or ethnic origin or health, political opinions, religious or philosophical beliefs, trade union membership) or about any criminal background.

5. How long we store your personal data

We retain the personal data we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with information you have requested or to comply with applicable legal, tax or, accounting requirements, or to exercise, or defend legal claims). See section 3 for information on the particular retention periods we apply for the specific purposes described above.

When we have no ongoing legitimate business need or legal reason to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.

6. Recipients of personal data and transfers of personal data

We disclose the personal data described above to the following categories of recipients:

  • Courts and similar judicial entities and/or authorities, if we are required to do so by law.
  • Service providers upon which we rely for our core operational activities. Our service providers are available here.
  • To an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger, or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Notice.

We store and process your personal data described above within the EU/EEA. If, in the future, we make a change to the service providers we currently use and this involves a transfer of your personal data outside the EU/EEA, then Vobling will ensure adequate safeguards are in place to require that your personal data will remain protected in accordance with this Notice and applicable data protection laws. We will do this through one of the following measures:

  • The country of destination is on the European Commission’s list of countries with an adequate level of protection, or;
  • By implementing controller-to-controller or controller-to-processor standard contractual clauses that have been approved by the European Commission (as applicable) for the transfer of personal data to third countries.

If a standard contract is deemed ineffective due to national law of the country of destination, Vobling will take additional technical, organisational, or contractual measures to ensure an adequate level of protection when transferring personal data to countries covered by paragraph (ii) above.

You can find out more information about the transfers and the safeguards we implement to protect your personal data by contacting us at info@vrfiretrainer.com.

7. Your rights

You have certain data protection rights in relation to how we process your personal data. You can contact us at info@vrfiretrainer.com at any time to exercise your rights as set out below. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

7.1 Right to access

You have the right to access and receive a copy of your personal data that we process, as well as other supplementary information.

7.2 Right to rectification

You have the right to ask us to rectify inaccurate personal data that we process about you or complete incomplete personal data.

7.3 Right to erasure

In certain cases, you have the right to request the erasure of your personal data, such as in cases where the personal data is no longer needed for the purpose for which it was collected, or if we no longer have a legal basis to continue processing it.

7.4 Right to restriction of processing

In certain cases, such as when you have contested the accuracy of your personal data, you have the right to request that we restrict the processing of your personal data. In such a case, we will only store your personal data or further process it if permitted to do so by law.

7.5 Right to data portability

You have the right to data portability, which means that in certain cases you can receive the personal data you have shared with us in a structured, commonly used and machine-readable format and that you have the right to request that we transfer these data to other data controllers where this is technically possible.

7.6 Right to object

You have the right to object to the processing of personal data based on our legitimate interest. You also have the right to opt-out at any time of receiving any marketing communications we send you.

7.7 Right to withdraw consent

If we process your personal data based on your consent, then you have the right to withdraw such consent at any given time. Note that withdrawal of your consent will not affect the lawfulness of the processing we carried out prior to such withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

8. Informing you of changes to this notice

If we make changes to this Notice, we will take appropriate measures to inform you. For significant changes in how we collect or process your personal data, we will ask for your consent, if this is required by applicable law.

You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Notice.

9. Contact information for complaints

If you have any comments or complaints regarding Vobling’s processing of your personal data, please contact info@vrfiretrainer.com.

You have the right to contact and lodge a complaint with your national Data Protection Authority. You can find the contact details of EEA supervisory authorities here. You also have the right to contact and lodge a complaint with the Swedish Authority for Data Protection Authority (“IMY”), which is the lead supervisory authority for the processing of personal data, since Vobling has its main establishment in Sweden. IMY can be reached at:

Integritetsskyddsmyndigheten
Box 8114, 104 20 Stockholm, Sweden
Email: imy@imy.se
Phone number: +46 (0) 8-657 61 00
IMY’s website: www.imy.se