top of page

ViTAs Labs Privacy Notice

Introduction

This Privacy Notice is meant to give you information about what personal data we collect about you, how we use it, why we use it, and how you control the data processing.

1. The Basics

  1. Who We Are

    1. ​We, ViTAs Labs Ltd. offer a virtual reality application for elite athletes and coaches through our solution. Our offices are located at Graziani 4, Tel Aviv, Israel, and our registration number is 516714292. 

    2. If you have questions about our company or your privacy, or want to exercise your rights, you can contact us at [info@vitas-labs.com].

  2. ​Our Role: Controller and Processor. Certain data protection laws, including the laws in the EU, differentiate between a party that determines why and how personal data is processed (called a "controller") and a party that processes personal data solely on the controller's behalf and according to the controller's instructions (called a "processor"). We are the controller with respect to the processing described in this Privacy Notice. That said, in respect of certain personal data, we serve as a processor. Please see the section below on Personal Data We Collect as a Processor for more information.

  3. Definitions and Recommendations

    1. ​When we refer to "services", we mean the services available through our virtual reality application and solution and through our website. 

    2. When we refer to "personal data", we mean information that is defined as personal data under law. This includes information that identifies you directly or indirectly, including unique identifiers like IP addresses or cookie IDs.

    3. When we refer to "you", we mean any user of our solution. 

    4. This Privacy Notice is meant to be read together with our Terms of Service, which you can find at [https://www.vitas-labs.com/terms]. In general, we recommend that you routinely review this privacy notice and your preferences through our solution.

  4. ​A Note on Legal Bases. Certain jurisdictions only allow the processing of personal data where a legal basis has been established. Under the EU's General Data Protection Regulation ("GDPR"), the possible legal bases include (but are not limited): your consent, the processing is necessary to perform a contract with you, the processing is necessary to fulfill our legal obligations, or a company has a legitimate business interest to process your personal data. Where we are a controller, we only collect and process data where we have established a legal basis. Below you can find more details about specific legal bases.

2. Personal Data We Collect as a Processor

We process certain personal data about Coaches and Players (as defined in the Terms) who are users of our solution in connection. In that case, we serve as a processor and the customer serves as a controller. We process that data on behalf of the relevant customer and according to its instructions. If you use the solution as a Coach or Employee in connection with one of our customers, we may process personal data about you that includes name, username, usage records, tracking of progress, and materials that you may provide, such as trainings or exercises that you design. We may share this data with the relevant customer. To learn more about our processing activities in this capacity or to exercise your privacy rights regarding them, please contact the applicable customer directly.

3. Personal Data We Collect as a Controller, How We Use It, and Why

Below is a description of the types of personal data we collect, how we use it, and the reason why we consider each use lawful. You have no legal obligation to provide us with personal data, but if you don't provide us with certain information, we may not be able to provide you with the associated services.

  1. Website Visitors. When you visit our site, we may collect the following types of data about you.

    1. Contact Form Information – When you send us a message through the contact form on our site, we collect any data you provide, such as your full name, email address, and the content of your message.

    2. How We Use this Data: To respond to your message and to provide you with information about our products and services.

    3. Legal Basis: We process this personal data based on the performance of a contract with you.

  2. ​Customer. If you register to use our solution as a customer, we collect the following information from and about you

    1. ​Registration Data – When creating an account as a customer, you will be asked to provide your email address and password.

      1. How We Use this Data: We use your registration information to allow you to access our solution, save your preferences, protect the security of our solution, prevent fraud, provide customer support and address any issues that arise. We will use your contact details to communicate with you about our solution.

      2. Legal Basis: When we process your registration data to provide you with our services, we do so to perform a contract with you, in this case our Terms of Service or the customer agreement. When we process your registration data to maintain our solution, including to prevent fraud, protect the security of and/or provide customer support address issues with our solution, we do so on the basis of our legitimate interest to maintain our assets and improve our services.

    2. ​Payment Data – If you make a purchase through the solution, we receive information related to such purchase, which may be processed and stored on our behalf with a payment service provider/s.

      1. ​How We Use this Data: To process your payment and to prevent fraud.

      2. Legal Basis: We process your payment data to perform a contract with you, specifically our Terms of Service or the customer agreement. When we process your payment data to prevent fraud, we do so based on our legitimate interest to protect ourselves and our customers. 

  3. ​Anonymous and Aggregate Data. We may also use anonymized and aggregate data based on usage in order to improve our services.

4. Sharing the Personal Data We Collect

We share your personal data as follows:

  1. Service Providers. Below is a list of the types of service providers we use, the service each provides, and the types of data shared with each. Our service providers have agreed to confidentiality restrictions and have undertaken to use your personal data solely as we direct.

    1. ​Cloud Computing: 

      1. ​We use service providers that offer cloud computing services. They offer us space on their servers for us to store our files and programs, including your personal data. 

      2. All personal data that we collect from you is stored on third party servers.

    2. ​Customer Relationship Management (CRM)

      1. ​We use an external CRM tool to help us keep track of our customers and information related to them, including their personal data. 

      2. Your name, company, position, email address, and phone number.

    3. ​Payment Processors

      1. ​When you make a payment through our services, the transaction is processed by an independent vendor. 

      2. The details of your credit card number.

  2. ​Change of Ownership. If we are looking to sell our company, liquidate assets, or merge with another, we may share your personal data with other interested parties as part of negotiations toward that transaction. In such case, or where we do sell our company, your personal data shall continue to be subject to the provisions of this Privacy Notice.

  3. Law Enforcement Related Disclosure. We may share your personal data with government agencies or other relevant parties, such as a law office or independent auditor: (i) if we believe that such disclosure is appropriate to protect our rights, property or safety (including the enforcement of the Terms of Service and this Privacy Notice) or those of a third party; (ii) if required by law or court order; or (iii) as is necessary to comply with any legal and/or regulatory obligations, such as audit requirements. 

5. International Transfers

Some of our service providers are located in countries other than your own. When we transfer your personal data internationally, we will do so safely and securely and in accordance with applicable law.

  1. If you are located in the EU, when we share your personal data with third parties based outside of the European Economic Area ("EEA"), we will ensure that they sign on agreements that require them to comply with applicable law, keep your data secure at similar levels to the level described in this Privacy Notice, and make sure that your data protection rights are protected. We will also implement the following safeguards: 

    1. ​When we transfer your personal data to Israel or the UK or another jurisdiction, as applicable, we rely on the decision by the European Commission that says that those countries are considered to provide an adequate level of data protection. 

    2. When we transfer your personal data to entities in the US that are covered under the Data Privacy Framework, we rely on the decision by the European Commission that says that these entities are considered to provide an adequate level of data protection.

    3. Where we transfer your personal data to other countries, we (i) take additional security measures to protect the data and (ii) use specific contracts approved by the European Commission, known as the Standard Contractual Clauses, to give your personal data the same protection it has in the EEA. 

    4. Please contact us at [info@vitas-labs.com] if you would like further information on the specific mechanism used by us when transferring your Personal Data out of the EEA. 

6. Security

The security of your personal data is our highest priority. We work hard to make sure that your personal data will be held securely and that it will not be shared or lost accidentally. However, it is impossible to guarantee absolute security. The security of your data also depends on the security of the devices you use and the way in which you protect your user IDs and passwords. The measures we take include:

  1. Technical Measures. The electronic safeguards we employ to protect your personal data include secure servers, firewalls, and antivirus protections. 

  2. Access Control. We limit access to your personal data only to authorized personnel who have a need to know, including account managers, customer support staff, and software developers. We review these permissions regularly and revoke an employee's access immediately after his/her termination.

  3. Internal Policies. We maintain and regularly review and update our privacy related and information security policies. 

  4. Personnel. We require employees to sign non-disclosure agreements according to applicable law and industry customary practice.

  5. Database Backup. Our databases are backed up and verified regularly. Backups are encrypted and stored within the production environment to preserve their confidentiality and integrity.

7. Your Rights - How to Control Our Use of Your Personal Data

Depending on which laws apply, you have certain legal rights over your data. Below is some general information about rights that may apply to you but we recommend checking the law or consulting with a lawyer to understand what applies in your specific case. To exercise your rights, please contact us at [info@vitas-labs.com]. If you want to exercise your rights regarding your personal data held by other controllers you can contact the applicable controller directly. We may ask for reasonable evidence to verify your identity before we can comply with any request. 

  1. Right of Access. You may have a right to know what personal data we collect about you. We may charge you a fee to provide you with this information, if permitted by law. If we are unable to provide you with all the information you request, we will do our best to explain why. If your personal data is subject to GDPR, we Article 15 of the GDPR for more details.

  2. Right to Correct Personal Data. You may request that we update, complete, correct or delete inaccurate, incomplete, or outdated Personal Data. See Article 16 of the GDPR for more details, if your personal data is subject to GDPR.

  3. Deletion of Personal Data ("Right to Be Forgotten"). You may have the right to request that we delete your personal data. Note that we cannot restore information once it has been deleted. Even after you ask us to delete your personal data, we may be allowed to keep certain data for specific purposes under applicable law. If your personal data is subject to GDPR, see Article 17 of the GDPR for more details.

  4. Right to Restrict Processing. You may have the right to ask us to stop processing your personal data. If your personal data is subject to GDPR, see Article 18 of the GDPR for more details.

  5. Right to Data Portability. You may have the right to request that we provide you with a copy of the personal data you provided to us in a structured, commonly-used, and machine-readable format. If your personal data is subject to GDPR, see Article 20 of the GDPR for more details.

  6. Right to Object. You may have the right object to certain processing activities. If your personal data is subject to GDPR, see Article 21 of the GDPR for more details.

  7. Withdrawal of Consent. If we are processing your data based on your consent, you are always free to withdraw your consent, however, this won't affect processing we have done from before you withdrew your consent.

  8. Right to Lodge a Complaint with Your Local Data Protection Authority. If you are located in the EU, you have the right to submit a complaint to the relevant data protection authority if you have any concerns about how we are processing your personal data, though we ask that as a courtesy you please attempt to resolve any issues with us first.

8. Data Retention

  1. We retain your personal data as long as necessary to fulfill each of the purposes we described above.

  2. When deciding how long to store personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized access, the purposes for which the personal data was collected, as well as applicable legal requirements. Please note that we may delete information from our systems without notifying you first. Retention by any of our service providers or subcontractors may vary in accordance with each business's retention policy. 

  3. Please contact us at [info@vitas-labs.com] if you would like details about the retention periods for each type of personal data we process.

9. Third-Party Services

You may have access to third-party services through our services. Please note that all use of third-party services is at your own risk and subject to such third party's terms and privacy policies. We do not take any responsibility for the performance of other services.

10. Children

As a controller, we do not knowingly collect personal data from children under the age of sixteen (16). In the event that you become aware that an individual under the age of sixteen (16) has registered as a customer without parental permission, please advise us immediately.

11. Changes to the Privacy Notice

We may update this Privacy Notice from time to time to keep it up to date with legal requirements and the way we operate our business. We will place any updates on this webpage. Please come back to this page every now and then to make sure you are familiar with the latest version.

bottom of page