GDPR

The European Union’s General Data Protection Regulation (GDPR) sets an important bar globally for privacy rights, information security, and compliance. At PsyTechVR, we believe privacy is a fundamental right and that the GDPR is an important step forward in protecting and enabling the privacy rights of individuals.
PsyTechVR is committed to its own compliance with the GDPR, as well as to provide an array of products, features, documentation, and resources to support our customers in meeting their compliance obligations under the GDPR. Following is a description of PsyTechVR’s contractual commitments to its customers concerning personal data collected from AR/VR/LMS software. For AR/VR/LMS software licensed from PsyTechVR Software Licensing programs, refer directly to the PsyTechVR Products and Services Data Protection Addendum (PSDPA). We take your privacy and personal data seriously. We only collect the minimum amount of personal data necessary to process your orders and communicate with you. We will never sell or share your personal data with third parties. You have the right to access, modify, or delete your personal data at any time.

Yes, the GDPR requires that controllers (organizations using PsyTechVR’s products and services) only use processors (PsyTechVR) that process limited personal data on the controller’s behalf and provide sufficient guarantees to meet key requirements of the GDPR. PsyTechVR provides these commitments to all customers of PsyTechVR Software Licensing programs in the PSDPA. Customers of other generally available AR/VR/LMS software licensed by PsyTechVR or our affiliates also enjoy the benefits of PsyTechVR’s GDPR commitments, as described in this notice, to the extent the software processes personal data.

You can find PsyTechVR’s contractual commitments with regard to the GDPR (GDPR Terms) in the attachment to the DPA labeled "European Union General Data Protection Regulation Terms." Those terms commit PsyTechVR to the requirements of processors in GDPR Article 28 and other relevant articles of the GDPR.

PsyTechVR extends the GDPR Terms to all customers of generally available enterprise software products licensed by us or our affiliates under PsyTechVR software license terms, effective as of Dec 20, 2021, regardless of the applicable version of the enterprise software, to the extent PsyTechVR is a processor of personal data in connection with such software, and so long as PsyTechVR continues to offer or support the version. Support details can be found in the PsyTechVR Policy at www.psytechvr.com.
For clarity, different or lesser commitments may apply to beta or preview software, materially modified software, or any software licensed by PsyTechVR or our affiliates that is not made generally available to the public or otherwise not licensed under PsyTechVR software license terms. Some products may collect and send to PsyTechVR some other data by default; product documentation provides information and instructions for how to turn off or configure such other data collection.

PsyTechVR’s GDPR Terms reflect the commitments required of processors in Article 28 of the GDPR. Article 28 requires that processors commit to:

• only use sub-processors with the consent of the controller and remain liable for sub-processors; process limited personal data only on instructions from the controller, including with regard to transfers;
• ensure that companies/persons who process personal data are committed to confidentiality; implement appropriate technical and organizational measures to ensure a level of personal data security appropriate to the risk;
• assist the controller in its obligations to respond to data subjects’ requests to exercise their GDPR rights;
• meet the GDPR’s breach notification and assistance requirements;
• assist the controller with data protection impact assessments and consultation with supervisory authorities;
• delete or return personal data at the end of provision of services; and
• support the controller with evidence of compliance with the GDPR.