Introduction
The Virtual Reality Industry Forum of 5177 Brandin Court, Fremont, CA 94538, USA (VRIF, We, Us, Our) is committed to protecting and respecting your privacy.
This policy describes the personal data that we collect, how we use it, how we store it, and when we delete it.
What data is collected?
Self-hosted software tools
We host several software tools (“Tools”) to support our work. Users sign up for the tools using their full names and corporate email addresses and can then optionally enter personal profile information (office, mobile and fax phone numbers, descriptive text, company name, job title, department and location).
The stored personal data consists of users’ full names, corporate email addresses, (optional) personal profile information, and hashed passwords. If requested, personal email addresses are also stored (and are used for communicating with the user).
The tools also store additional information that is necessary for their operation. This data indicates how and when the tools were used by individual users.
The tools maintain log files in order to diagnose and resolve problems. These log files may contain information relating IP addresses to user email addresses.
The tools use “cookies”, i.e., information that is placed on your computer or other device when you visit the tools’ web sites. These cookies allow you to remain logged into the tools and to move between tools without the need to log in again. You can use browser privacy functions to delete or block cookies, but this may make use of the tools less convenient or not possible.
Google G Suite
We use Google G Suite calendars for scheduling VRIF meetings, teleconferences and other industry events. Users may be invited to teleconferences using their email addresses, and no other personal information is stored. We do not convey user email addresses to Google, all meeting invitations are sent using mailing lists hosted by us.
We use Google G Suite documents for drafting of non-sensitive and non-private information, such as collecting general ideas on new work topics. You may need to be logged in with Google to edit such documents. We do not track information associated with such logins. You can optionally provide your name and email address to view and edit such documents.
Google maintains log files in order to diagnose and resolve problems. These log files may contain information relating IP addresses to user email addresses.
Other systems
We may use other systems to store member company and user information, manage teleconferences and webinars, handle meeting registrations and payment, manage interactions with non-members who have expressed interest in our work, and send emails on our behalf.
These systems include:
- ARO (Association Resources Online) for member company and user information
- net for processing credit card transactions
- Mailchimp for sending emails to people interested in following our activities
- Gotomeeting for teleconferencing
- Other systems which from time to time may be selected by the Board and/or a Working Group. Such systems will be duly recorded in an update to this Privacy Policy.
In all these systems, users may be identified by full name and/or email address (usually corporate email address, but personal email addresses are used if requested).
The following member company and user information may be stored in ARO:
- Company: name, URL, address, phone number, signed bylaws, records of membership dues payments, logos, and general notes regarding contacts and correspondence with those contacts
- User: title, first, middle, and last name, email address, company, address, phone numbers, division, manager, contributions submitted, past meeting attendance
Non-member domain email addresses are always provided directly and voluntarily by individual users who have supplied business cards or signed up for webinars in the expectation that we will store their details. We keep track of the provenance of this information, and we never purchase contact lists from third parties.
We do not store credit card details (these are supplied directly to a third party payment processor). If there are issues accessing the third party processor, you may contact the Secretariat for clarification and resolution of such issues.We sometimes receive passport details to be included in visa letters for users who wish to attend our meetings. It is our intention to only collect the required information and store it only as long as such storage required to process the request for such a letter..We use Google Analytics for tracking usage of our web sites. The data collected is associated with IP addresses, and may contain information relating IP addresses to individual users or households.
External systems may maintain log files in order to diagnose and resolve problems. These log files may contain information relating IP addresses to user email addresses.
How is the data used?
Email addresses
Email addresses are used to identify users, i.e., as usernames for gaining access to ARO. They can be used in several ways:
- To log into a tool
- To identify a user when analyzing tool usage data (any reported results of such analysis will always be anonymized)
Email addresses are also used for contacting users. This can happen in several ways:
- To send an email to a user
- To send an email to a group (email list) of which a user is a member
- To share a piece of content, e.g., a wiki page, with a user or a group of which a user is a member
- To notify a user that some event has occurred, e.g., that a wiki page has been created or updated, or that some software code has been submitted for approval
Full names and personal profile information
We use full names to provide “user-friendly” ways of referring to users, e.g., we might refer to a user as “Edgar Example” rather than as edgar@example.com.
Personal profile information is (optionally) provided by users for use by other users. We don’t rely on this information or make use of it in any way.
Other personal information
We may receive and use credit card details, but we will never store them. Also, we may receive and use passport details, but we will only store them at the explicit request of the owner and only for such period that is required for the purpose for which the data was provided.
How is the data shared?
VRIF members (and authorized non-members) who are users of our software tools and email lists may be able to view some of your personal information, including:
- Full names, email addresses and (optional) personal profile information for other tools users
- Email list memberships for other tools users (apart from some “closed” lists for which the members are not visible)
- Lists of attendees at all teleconferences (apart from some “closed” teleconferences such as board meetings)
Webinar attendance lists are shared with:
- The third party company that assists with webinar planning
Meeting attendance lists (full names, email addresses and member organization name) may be shared with:
- Any third party company that assists with meeting planning
- Other meeting attendees and, via the tools, all users of such tools
Your personal data will never be made publicly available, will never be shared with any other third parties, and it will certainly never be sold.Your personal data will only be used by VRIF and the management company who provide contracted administrative services to VRIF.
How is the data stored?
All personal data is stored on secure servers, and all communication with these servers is encrypted using industry-standard technologies. Passwords are never stored in plain text (only hashed passwords are stored).
The secure servers which provide our tools are located in the United States of America. Personal data may be transferred to and stored at a destination outside the European Economic Area (EEA) and may be processed by staff operating outside the EEA.
When is the data deleted?
On your request, or if you cease to work for a VRIF member company, or if your employer ceases to be a VRIF member, we will disable your access to all tools and remove your email address from all VRIF email lists.
All messages sent to non-member email lists include information on how to unsubscribe from the list. You can unsubscribe from VRIF member email lists using the ARO tool. Requests to unsubscribe from email lists are always dealt with in a timely manner, but note that we will normally be able to unsubscribe you from the “members@vr-if.org” (all members) list or from lists that are associated with your role(s) within the VRIF.
If your access to our tool is disabled and/or you are removed from an email list, your personal data is hidden from other users but the historical record of your past activities is not deleted:
- Your past contributions are archived and remain associated with your email address
- Your past email list contributions are archived and remain associated with your email address
- Your past meeting attendance is archived and remains associated with your company and email address
Metadata that results from your use of the tools is subject to a data retention policy as follows:
- Tool usage data is deleted after 6 months
- Tool logs and backups are deleted after 6 months
- Any metadata not mentioned above that is stored in our systems is deleted after 6 months
- Third party metadata (Authorize.net, Google, Meeting Hotels, Mailchimp, GotoMeeting) is handled according to the third party’s data retention policies
Note that personal data may persist in stored archives and backups, which will be retained in accordance with our data retention and disaster recovery policies. These backups may persist for an indefinite period of time, but are not available for active data processing.
Changes to privacy policy
We review and amend our privacy policy from time to time. The current version of the policy is available at http://www.vr-if.org/privacy .
Contacting us
You have the right to access and review your personal data, and to request corrections or removal of such data. To exercise any of these rights, , or to ask any other privacy-related question, please email privacy@vr-if.org. If a request comes from an email address that we don’t recognize, we may ask you to provide proof of your identity before we can process your request.