Effective Date: June 18th 2024
This Privacy Policy of Even Realities Website (the “Policy”) explains how we collect, use, store, disclose, and share (collectively “process”) your personal data when you visit or purchase from the Even Realities Website offered by us (the “Services”). We respect your privacy and will take security protection measures to protect your personal data. Please note our Services may involve integrations with websites and services managed by third parties. By interacting with these third parties, you are providing information directly to the third party and not us and subject to the third party’s privacy policy. Please read their data usage policies or other documentation. Our linking to another site or service doesn’t mean we endorse that third party.
In this Policy “Even Realities”, “we”, “us” or “our” refers to Even Realities GmbH, a company registered in Berlin with its registered address located at Friedrichstraße 79, 10117 Berlin, Germany if you are accessing the Services within EEA and within the United States.
This Policy may be updated from time to time and therefore please check back periodically for the latest version of the Policy as indicated below. If there will be any significant changes made to the use of your personal data in a manner different from that stated at the time of collection, we will notify you by posting a notice on our website or by other means.
Here is a summary of the information contained in this Policy. This summary is to help you navigate the Policy and it is not a substitute for reading everything. You can view the particular sections for more detailed information.
- What data do we collect about you? If you register an account to use the Services, we will need some personal data from you to set this up. We will also collect and create personal data about you when you use certain functions of the website (e.g. when you buy some products through the store). Additionally, we will automatically collect data about your device network and your usage behavior. For more information, please refer to 1. What data do we collect about you?.
- How do we use your data? We process your personal data to manage the contract you have refused/agreed to and to provide functions related to account management, shopping, and other services. For more information, please refer to 2. How do we use your data?.
- How do we retain your data? Your personal data is stored on servers located in Netherlands and we take every reasonable step to ensure that your personal data is only processed for the minimum period necessary for the purposes set out in this Policy. For more details on the location and duration of the retention of your personal data, please refer to 3. How do we retain and protect your data?.
- How will we disclose and transfer your data globally? We may disclose your personal data to affiliates and some third-party service providers (e.g. technology services and business support) who help us deliver the Services. We may also be required to disclose certain personal data about you in response to any legal procedures or requests from regulatory authorities for audit purposes, in the event of mergers, acquisitions, sale of assets, or transfer of services, and in other circumstances specified under 4. How will we disclose your data?. Due to the international operation of our business, your personal data may be accessed from and transferred to jurisdictions outside of where you are located. In the event of a cross-border transfer of personal data, we take appropriate measures to provide an adequate level of protection for your personal data. For more information, please refer to 5. How will we transfer your data around the world?.
- What are your rights regarding the processing of your personal data? Depending on where you are, you may have certain rights with respect to your personal data, such as rights of access and data portability, to correct or delete your personal data, to withdraw your consent, restrict or object to our processing of your personal data, or to lodge complaints with an applicable authority for any breach of data protection laws. For more information, please refer to 6. What are your data subject rights and choices?. In particular, if you are a California resident, certain state data privacy legislations may entitle you to additional rights as detailed under 8. Notice to California Residents.
- How do we protect minors? We do not aim to provide Services for minors and we do not intentionally collect or maintain information from minors. For more information, please refer to 7. How do we protect minors?.
- Contact Us. If you have any questions or comments regarding this Policy and/or other privacy practices, want to exercise any rights you may have, please contact us by using the information detailed under 9. How to contact us?.
1. What data do we collect about you?
For the purpose of this Policy “personal data” means any information relating to an identified or identifiable individual. To the extent that our processing of your personal data is subject to certain data privacy protection laws (including but not limited to the General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act of 2018 (“CCPA”), and California Privacy Rights Act of 2020 (“CPRA”) collectively hereafter “applicable laws”), we will also notify you about the legal basis on which we process your personal data and your rights under such laws.
We collect the following categories of personal data from you:
- Account Information: User ID, email address, password, registration time, last login time, account status information.
- Order Information: Customer’s full name, mailing address, email address, phone number, payment information, order details, credit card information, order status, shipping, and logistics information.
- Device Information: IP address, browser type and version, geographic location, operating system, network service provider.
- Usage Information: Access time, accessed pages, page response time, clickstream data (such as mouse clicks and scroll activity), system log data, purchase history, browsing history, user preference settings, interaction click data.
Some of the above information is collected automatically by tools like cookies on our websites. A “cookie” is a text file that websites send to a visitor’s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. Click to view our complete Cookie Privacy Notice.
2. How do we use your data?
We will only use your personal data when the applicable laws allow us to. Our legal bases for collecting and using the personal information described in this Policy depends on the personal data we collect and the specific context in which we collect the information:
- We need to perform a contract with you;
- You have given us consent to do so;
- Processing your personal data is in our legitimate interests including:
- providing, maintaining, and marketing our Services;
- detecting, preventing, and enforcing violations of our Terms of Service, including misuse of services, fraud, abuse, and other trust and safety protocols; and
- protecting our legal rights and the rights of others.
- We need to comply with our legal obligations under the applicable laws.
The purposes for which we process personal data subject to applicable laws and the legal basis on which we perform such processing are as follows:
| Purpose | Type of Personal Data | Legal Basis |
|---|---|---|
| To provide you with functions related to user account management such as account registration, account deletion, account login, and modification of account information | Account Information | Performance of contract |
| To provide shopping functionality and manage orders | Account Information, Order Information | Performance of contract |
| To investigate and resolve security issues and to enforce our Terms of Service | Account Information, Device Information, Usage Information | Legitimate interests & Performance of contract |
| To identify the abnormal status, ensure the stability and security of our Services | Account Information, Device Information, Usage Information | Legitimate interests |
| To conduct marketing activities and user preference analysis | Account Information, Usage Information | Consent |
| To comply with legal obligations and defending against legal claims and disputes | Account Information, Order Information, Device Information, Usage Information | Legal obligations & Legitimate interests |
3. How do we retain and protect your data?
Where would we keep your data
If you use the Services, your data will be processed on servers located in Netherlands. Additionally, we will only transfer your personal data to our partners, service providers, and other third parties when necessary. In such cases, your personal data may be stored on those third parties’ servers.
How long do we store your data
We adhere to retention policies for the personal data we collect to ensure that it is not retained longer than necessary for the intended purpose. Different retention periods are applied to the various types of personal data collected by us in accordance with the service needs and regulatory requirements.
Upon expiration of the retention period, we will either delete or anonymize your personal data. Measures will be taken to render the information irrecoverable or irreproducible.
When assessing how long your personal data is retained, we consider criteria such as: (i) the nature of the personal data and the activities involved; (ii) when and for how long you use the Services; and (iii) our legitimate interests and our legal obligations.
How do we protect your data
We have implemented appropriate technical and organizational security measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access, and other unlawful or unauthorized forms of processing in accordance with applicable laws. When using a website account, it is important that you select a strong password and do not share it with others. If you have any concerns that your website account or personal data has been put at risk, for example, if someone could have found out your password, please contact us by using the contact details provided in Section 9 below.
Please note the Internet is an open system, the transmission of information via the internet is not completely secure. Although we will implement all reasonable measures to protect your personal data, we cannot guarantee the security of your data transmitted to us using the internet – any such transmission is at your own risk and you are responsible for ensuring that any personal data that you send to us are sent securely.
4. How will we disclose your data?
In order to provide you with more comprehensive and high-quality Services, we will authorize our commercial partners to provide certain services to you. In such cases, we may share some of your personal data with these partners.
We will only share your personal data for lawful, legitimate, necessary, specific, and explicit purposes and we will only share the personal data required to provide the Services. We will require our partners through agreements to retain data only for the necessary period and to implement adequate security measures to protect data security.
We will disclose personal data to the following categories of third parties for the purposes explained in this Policy:
- Affiliates and corporate partners: We disclose the categories of personal data described above between and among our affiliates and related entities for legitimate business purposes and the operation of the Services in accordance with applicable laws.
- Service providers and business partners: Third-party service providers who provide us with technology services (such as cookies) and business support (such as payment and logistics providers) may need to process your data. These third parties will process your personal data on our behalf under relevant contracts.
- Law enforcement agencies, public authorities, or other judicial bodies and organizations: We disclose Information if we are legally required to do so or if we have a good faith belief that such use is reasonably necessary to comply with a legal obligation, process, or request; enforce our Terms of Service and other terms, policies, and standards, including investigation of any potential violation thereof; detect, prevent, or otherwise address security, fraud, or technical issues; or protect the rights, property, or safety of us, our users, a third party, or the public as required or permitted by applicable laws (including exchanging information with other companies and organizations for the purposes of fraud protection).
- Change of corporate ownership: If we are involved in a merger, acquisition, bankruptcy, reorganization, partnership, asset sale, or other transaction, we may disclose your Information as part of that transaction.
5. How will we transfer your data around the world?
Since we maintain servers located in Netherlands, your personal data may be processed on servers located outside of the country where you live. Meanwhile, due to the international nature of our business, your personal data may also be accessed by our affiliates or be transferred to third-party service providers and business partners in connection with the purposes set out in this Policy. For this reason, we transfer personal data to other jurisdictions that may have different laws and data protection compliance requirements to those that apply in the jurisdiction in which you are located.
In the event of an international transfer of personal data, when required by applicable laws, we will provide an adequate level of protection for your personal data using various means including where appropriate implementing the European Commission approved Standard Contractual Clauses and UK International Data Transfer Agreement between our affiliates and third parties (where applicable) or any other lawful approach that permits the lawful transfer of personal data from those countries.
6. What are your data subject rights and choices?
Subject to applicable law and depending on where you reside, you may have some rights regarding your personal data as described further below. You may exercise some of your right in the websites via “Account > Orders”. If you have any other requests relating to the access of your personal data, please contact us.
Data Access
You may have the right to know what personal data we process about you, including the categories of personal data, the business or commercial purposes for collection, and the categories of third parties to whom we disclose it. You may access your account-related personal data through this path on the website: evenrealities.com. If you have any other requests relating to the access of your personal data, please contact us.
Data Correction
You may have the right to request that we correct inaccurate personal data that we retain about you, subject to certain exceptions. You may correct some of your account-related personal data through this path on the website: evenrealities.com. If you have any other requests relating to the correction of your personal data, please contact us.
Data Portability
You may contact us to request the personal data you have provided to us in a structured, commonly used, and machine-readable format and have it transferred to another controller to the extent applicable.
Data Deletion
You have the right to delete your account and erase your personal data. Upon deleting your account, all your personal data will be deleted. Additionally, you may also request deletion of the personal data you provide by contacting us. If some of your personal data cannot be deleted, we will inform you of the reasons for not taking action.
Please note that we reserve the right to retain some of your personal data where there are valid grounds for us to do so under applicable laws.
Right to object to our use of your personal information for direct marketing purposes
You can request that we change the manner in which we contact you for marketing purposes. You can request that we not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.
Withdrawal of Consent
Where we process your personal data on the basis of your consent, you may withdraw your consent by contacting us. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
Objection to the Processing
Subject to applicable laws, you may object to the processing of your personal data based on our legitimate interests where there are grounds relating to your particular situation by contacting us. Please note that we may have an overriding legitimate interest to keep processing your personal data, but we will let you know where this is the case.
Restriction to the Processing
If you would like to restrict our processing of your personal data, you may contact us. You have the right to restrict the processing of your data where one of the following applies:
- the processing is unlawful and you oppose the erasure of relevant personal data;
- for the purpose of establishment, exercise, or defense of legal claims, you request us to retain your personal data that we were supposed to delete;
- your objection regarding the accuracy of your personal data is pending our verification;
- your request to object to the processing of your personal data is pending our verification.
Other Rights
Depending on your jurisdiction, you may be entitled to additional rights in relation to your personal data. For example, you may also have the right to lodge complaints with an applicable data protection authority if you consider that the processing of your personal data infringes any applicable data protection laws (for example, the EU General Data Protection Regulation). For California residents, please find more details of your rights in Section 8 below.
If you would like to contact us to exercise one or more of these rights, to ask a question about these rights or any other provision of this Policy, or about our processing of your personal data, or to file a complaint about how we process your personal data, you may use the contact details provided in Section 9 below. When submitting a right request, please specify the scope and basis of your request and provide us with the necessary information to verify your identity. We may contact you to confirm your identity in order to handle your request. We will respond to your request or complaint in due course under applicable data protection laws.
7. How do we protect minors?
Our Services are not directed towards and we do not knowingly collect, sell, or share any information about children. If you become aware that a child has provided any personal data to us while using our Services, please email us at the contact details provided in Section 9 below and we will investigate the matter and if appropriate delete the personal data.
8. Notice to California Residents
If you are a California resident, the California Privacy Rights Act or other California privacy laws described below require us to provide you with the following additional information:
Collection and Use of Your Personal Data
We collect personal data from and about you in the preceding 12 months as described in Section 1 above.
Disclosure of Personal Data
We disclose personal data with third parties for business purposes in the preceding 12 months as below:
| Categories of personal data | Disclosed to which categories of third parties |
|---|---|
| All categories detailed in Section 1 above | Cloud storage services provider and our affiliates |
| Account Information, Usage Information | External advertising placement services provider, Marketing services provider |
| Account Information, Order Information | Payment services provider, Logistics providers |
Your California Rights and Choices
As a California resident, you may be able to exercise the following rights:
- the right to know any or all of the following information relating to your personal data we have collected and disclosed in the last 12 months upon verification of your identity:
- The specific pieces of personal data we have collected about you
- The categories of personal data we have collected about you
- The categories of sources of the personal data
- The categories of personal data that we have disclosed to third parties for a business purpose and the categories of recipients to whom this information was disclosed
- The categories of personal data we have sold and the categories of third parties to whom the information was sold
- The business or commercial purposes for collecting or selling personal data.
- the right to correct any inaccurate personal data we have about you.
- the right to request deletion of personal data we have collected from you subject to certain exceptions.
- the right to opt-out of the sale and/or the sharing of your personal data and sensitive personal data to third parties now or in the future.
You also have the right to be free of discrimination for exercising these rights. However, please note that the exercise of these rights may limit our ability to process personal data. For example, if you submit a deletion request, we may no longer be able to provide you with our Services.
Limit the Use of Sensitive Personal Data
You also have the right to request limitation of use and disclosure of your sensitive personal data subject to certain exceptions. If you would like to limit the use of your sensitive personal data, please contact us by using the contact details provided in Section 9 below.
The location and password are sensitive personal data as defined by the CPRA. Currently, we use and disclose such data to third-party service providers for the purpose necessary to provide Services to you. We do not “sell” or “share” (as defined under the CPRA) your sensitive personal data.
Do Not Sell or Share My Personal Data
Based on the definition of “sell” and “share” under the CPRA, we do not believe that we engage in such activity and have not engaged in such activity in the past 12 months from the effective date of this Policy.
To submit your California Consumer Rights Requests
You may submit a request to exercise your California Consumer Rights by contacting us using the contact details provided in Section 9 below. We will need to verify your identity before processing your request, which may require us to request additional personal data from you or require you to log into your account if you have one. In certain circumstances, we may decline or limit your request, particularly where we are unable to verify your identity or locate your information in our systems, or as permitted by law. Subject to certain restrictions, you can have an agent exercise your rights for you. If you have an agent exercising your rights, we must be provided with your written authorization allowing that person to make such a request on your behalf. We reserve the right to deny the agent’s request if we are not reasonably able to confirm proper authorization and/or verify your identity as the requestor.
Appeal
You may appeal our refusal to take action on a request by contacting us using the contact details provided in Section 9 below. If your appeal is denied and you are a California resident, you may contact the California Attorney General about the results of the appeal by submitting a complaint by clicking here: https://oag.ca.gov/contact/consumer-complaint-against-business-or-company.
California’s “Shine the Light” Law
California’s “Shine the Light” law (Civil Code Section §1798.83) provides certain rights to California residents who have an established business relationship with us with regard to the disclosure of certain types of personal data to third parties for their direct marketing purposes. We do not disclose personal data to third parties for their direct marketing purposes.
9. How to contact us?
For more information about your data subject rights or how we process your personal data, please contact us by using the information below.
Controller: Even Realities GmbH
Contact Details: Friedrichstraße 79, 10117 Berlin, Germany
Website: evenrealities.com
Phone: +49 30 837 90777
10. How do we update this Policy?
We will update this Policy in a timely manner and we recommend that you regularly check the latest version of this Policy via “Privacy Notice” of the website. If there are any substantial changes to this Policy, depending on the nature of such changes, we will notify you in advance through pop-ups, push notifications, emails, and other appropriate means.