PRIVACY 

POLICY

Data Protection Statement/Information according to Art 13 and 14 GDPR

Stratum1 GmbH Schubertrstr. 6a, 8010 Graz

T: +43 (0) 676 38 34 217 Email: office@stratum1.io

1. General / Personal data

We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our website/plattform and inform you about your privacy rights and how you are protected.

“Personal data” means any information relating to a natural person that can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier.

“Processing” means any operation performed on personal data, such as collection, recording, organisation, structuring, storage, adaptation or any kind of disclosure or other use.

Please read this privacy policy so that you are fully aware of how and why we are using your personal data. We encourage you to review this Privacy Policy, which may be subject to changes, periodically to stay informed. Moreover, we advise you to read this Privacy Policy in conjunction with our Terms and Conditions.

Furthermore, it is important that the personal data you provide to us is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Please note that this Privacy Policy does not cover the use of cookies or pixels and other similar technologies (small data files stored on your hard drive or in device memory) which may be placed by third parties. In this context, we ask you to read the privacy policies of these third parties.

2. For what purposes and on what legal basis will your personal data be processed?

We will only use your personal data for a predefined purpose and when the law allows us to, especially under the following circumstances:

  • Where processing is necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract.

  • Where processing is necessary for compliance with a legal obligation to which we are subject.

  • Where processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights

    and freedoms which require protection of your personal data.

  • Where you have given consent to the processing of your personal data for one or more specific

    purposes. You have the right to withdraw your consent at any time by contacting us.

    In the table below, we have set out a description of the purposes/activities we use your personal data and on which legal basis we rely our data processing.

    Purpose/Activity Type of Data Legal Basis

Customer Account / Registration / Onboarding / Training / Authentification / Verification

Name, Addresses, Company, Password, Phone Number

Performance of a Contract, Legal Obligation

Creation of an Avatar Personal Features Performance of a Contract

Subscription of Services Newsletter Contact / Request

Notice and Action Procedure re Illegal Content and Suspicion of Criminal Offences

Payment Information Name, Email Address Name, Email Adress, Request / Concern, Phone Number Notice, Name, Email Address

Performance of a Contract Consent Consent, Performance of a Contract
Legal Obligation

Ensuring the Operation, Functionality, Security and Optimisation of our Services

IP Address, Access / Communication / Browser Information, Server Log Files, Location Data

Legitimate Interest

Metaverse / Virtual Spaces

User Settings, Audio and Video / Telemetry Information of you, Recordings, Location Data, Shared Information / Content

Performance of a Contract, Consent

In order to comply with national as well as European legal provisions (such as data storage for compliance with legal retention periods

depending in each case on the relevant legal provisions

Compliance with a legal obligation

3. Who receives your personal data?

Within our firm, only those departments or employees receive your personal data to the extent that this is necessary for processing for the corresponding purposes.

We only transfer your personal data to third parties if there is a valid legal basis for the transfer. This includes in particular the following recipients:

  • Courts and authorities;

  • Attorneys, tax advisers and auditors;

  • Banks and insurance companies;

  • Other service providers.

    In addition, processors commissioned by us (e.g. IT service providers) receive your personal data and only process your personal data on our behalf and in accordance with our instructions. In particular, the processors are not permitted to use your personal data for their own purposes.

    Some of the recipients of your personal data stated above are located or process your personal data outside your country. The data protection standard in other countries may not be the same as the one in Austria. However, we transfer your personal data only to countries for which the European Commission has decided that they offer an adequate level of data protection; if this is not the case, we take measures to ensure that all recipients offer an adequate level of data protection, for which purpose we conclude standard contractual clauses (EU Implementing Decision (EU) 2021/914 in connection with Regulation (EU) 2016/679).

    Shared Content / Information: When you use our services, it is possible that certain personal data will

be accessible to other users. This personal information will include your profile and any content/information you choose to share with other users, including any audio (conversations with other users) or images of you.

4. How long will your personal data be stored?

We process your personal data for as long as reasonably necessary to achieve the abovementioned purposes, as well as in addition in accordance with the legal obligations for storage and documentation, which result among others especially from the Austrian Civil Code (ABGB) and the Austrian Business Code (UGB) or for asserting, exercising or defending legal claims.

In general, your personal data will be deleted after revocation of your consent or your objection to the processing of personal data, provided that the storage of personal data is not necessary to fulfil a legal obligation or to assert, exercise or defend legal claims. Further processing will only take place if you have expressly consented to the further use of your personal data or if we have reserved the right to process the personal data in excess thereof, which is permitted by law.

It is possible that the personal data may be made anonymous instead of being deleted. In this case, any personal reference will be irretrievably removed, which is why the deletion obligations under data protection law also cease to apply. In this case, no personal reference can be restored.

5. Data security

Your personal data is protected through appropriate technical and organizational measures. Those measures include but are not limited to protection against unauthorized, unlawful or accidental access, processing, loss, use and tampering.

Irrespective of our efforts to observe an appropriately high standard of due diligence at all times it cannot be excluded that information which you have provided to us via the internet will be inspected and used by other persons.

Please note that we, therefore, assume no liability whatsoever for disclosure of information due to errors in data transfers that were not caused by us and/or unauthorized access by third parties (e.g. hacker attack on accounts).

6. Server log files

In order to optimise our website/plattform in terms of system performance, user-friendliness and provision of useful information about our services, our website provider automatically collects and stores information in so-called server log files, which your browser automatically transfers to us. This includes your internet protocol address (IP address), browser and language settings, operating system, referrer URL, your internet service provider and the date/time.

This data will not be combined with personal data sources. However, we reserve the right to check this data at a later date if we learn of specific indications of unlawful use. The legal basis for the aforementioned data processing is our legitimate interest in the functionality, stability and security of our website/plattform.

7. SSL or TLS encryption

This website/plattform uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the website/plattform operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar. If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

8. What rights do you have?

You have the following rights under data protection laws in relation to your personal data:

  • Request access to your personal data.

  • Request correction of your personal data.

  • Request erasure of your personal data.

  • Object to processing of your personal data.

  • Request restriction of processing your personal data.

  • Request transfer of your personal data.

  • Right to withdraw consent.

If you believe that the processing of your data violates data protection law or your data protection claims have otherwise been violated in any way, you can file a complaint with the supervisory authority. In Austria, the Data Protection Authority is responsible.

Austrian Data Protection Authority Barichgasse 40-42
1030 Wien
Phone: +43 1 52 152-0

E-mail: dsb@dsb.gv.at

9. Is my personal data used for automated individual decision making, including profiling?

We do not use automated individual decision-making according to Art. 22 GDPR.

10. Changes to this Privacy Policy

We reserve the right to update this Privacy Policy to reflect legal and technical requirements or changes in our business.

Cookies

Cookies (including any other technologies with similar purposes, for example pixel tags) are small text files stored on your device during your visit of our website/plattform which store specific information about you. They cannot access, read or alter any other data stored on your device.

Cookies are either stored temporary for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted at the end of your website/plattform visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.

Many cookies are technically necessary, as certain functions of the website would not work without them. Other cookies, which are technically not necessary (optional cookies), are used for example to evaluate user behaviour or to display advertising. For the latter cookies your latter consent is required.

Matomo

We use the web analytics service Matomo Analytics for statistical analysis of website usage and the Matomo Tag Manager to manage analytics and tracking and marketing tags (“Matomo”). The service provider is the New Zealand company InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769.

Matomo sets cookies on the end devices of website visitors, which are used to retrieve information such as IP address, browser information, the website previously visited and the date and time of the server request. A complete list of the data tracked by Matomo can be found here: https://matomo.org/faq/general/faq_18254/.

Matomo stores the data exclusively in the EU and is used with the extension “anonymizeIp()”, whereby the IP addresses are processed in shortened form. A list of the cookies used by Matomo can be found here: https://matomo.org/faq/general/faq_146/.

Third party Cookies

We also use social media buttons and/or plugins on our website which allow you to connect with social media networks, such as Twitter, LinkedIn, Instagram, Facebook, Playcanvas.com, openai.com, readyplayer.me, tbc. If you click on a plug-in provided by these networks, the plug-in is activated and a connection to the respective network will be established, Your data may be transmitted to the network.

Please note that we have no control over the data processed by the network operator. If you do not agree to the transfer of your data, please do not activate these plug-ins and/or do not click on these social media buttons. We recommend reading the privacy policies of the respective social media network beforehand.