We try to use a simple language so that it is understandable, but if you’re not familiar with any terms in the text such as “cookies”, or “IP” feel free to contact us. Your privacy is really important to us, so whether you’re new to CAVE or a long-time user, please take the time to get to know our practices.
This policy applies (i) immediately to new users who use or access the Service on or after the Effective Date and (ii) on the Effective Date to users who use or access the Service before the Effective Date.
Please contact us if you have any questions or comments about our privacy practices. You can reach us online at firstname.lastname@example.org or by mail at the address listed in the “Addressing Questions Regarding Your Personal Data” section below.
TRANSFERS OF PERSONAL DATA
The Service is hosted and operated in Greece, state member of “E.U.”, with development, support and maintenance operations soon coming in other countries too, through CAVE and its service providers. If you do not reside in the Greece, laws in Greece may differ from the laws where you reside. By using the Service, you acknowledge that any Personal Data about you, regardless of whether provided by you or obtained from a third party, is being provided to Greece in Greece, and will be hosted on Greek or other E.U. or US servers, and you authorize CAVE to transfer, store, host and process your information to and in Greece, EU countries, US and possibly other countries. You hereby consent to transfer your data to the Greek pursuant to either, at CAVE discretion, the EU-U.S. Privacy Shield Framework, the details of which are further set forth below, or the standard data protection clauses promulgated by the EC, a copy of which can be obtained at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32010D0087
EU PERSONAL DATA
If you are located in the EU, United Kingdom, Lichtenstein, Norway, or Iceland, you may have additional rights under the EU General Data Protection Regulation (the “GDPR”) related to your Personal Data, as further described below. CAVE will be the controller of your Personal Data processed in connection with the Service, unless you access the Service through an enterprise account, or other CAVE account that is controlled by a third party (e.g. your employer).
COLLECTION OF PERSONAL INFORMATION
Types of Personal Data We Collect
CAVE collects Personal Data about you when you provide it directly to us, when third parties such as our business partners (e.g. companies with whom we integrate our Service), service providers (such as our advertising service providers) provide us with Personal Data about you, or when Personal Data about you is automatically collected in connection with your use of our Service. We collect the following Personal Data from you in connection with the Service:
We also collect usage and performance information that is not Personal Data or that we aggregate or de-identify so that it no longer personally identifies an individual. We also associate some data that is not Personal Data with Personal Data.
We collect Personal Data when a user (i) creates an account (a “User Account”); (ii) logs into the Service; (iii) interacts with the Service; (iv) uploads or generates User Content; (v) communicates with us; and (vi) responds to a communication or interaction from us. Some of the methods and tools we use to collect Personal Data are:
You may withdraw your consent at any time by emailing us. We will return or destroy your personal information within five days of receipt of your withdrawal of consent.
USE OF PERSONAL INFORMATION
CAVE uses Personal Data to: (i) provide, administer, and improve our Service; (ii) better understand your needs and interests, and fulfill requests you make; (iii) promote scientific research; (iv) personalize your experience; (v) provide Service announcements; (vi) provide you with information and offers from CAVE, CAVE Affiliates, and our business partners; (vii) protect, investigate, and deter against fraudulent, harmful, unauthorized, or illegal activity and (viii) comply with legal obligations.
For example, we use Personal Data to:
We will only use your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity, and our “legitimate interests” or the legitimate interest of others, as further described below.
Contractual Necessity: We process the following categories of Personal Data because we need to process the data to perform under our User Agreement with you, which enables us to provide you with the Service. When we process data due to contractual necessity, failure to provide such Personal Data will result in your inability to use some or all portions of the Service that require such data:
Legitimate Interest: We process the following categories of Personal Data when we believe doing so furthers the legitimate interest of us or third parties:
Consent: In some cases, we process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent (such as the use of your demographic data to facilitate research that promotes Sustainable Development), it will be expressly indicated to you at the point and time of collection.
Other Processing Grounds: From time to time we may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.
We use personal information to allow us to process your service requests, provide access to privileged areas of the Websites, send out newsletters, personalize your visit to our Websites, personalize your use of our Products, and enable us to improve the products and services we offer. We may occasionally carry out market research and send you details of services and offers that we think may be of interest to you. If you do not wish to receive such information, please contact us, alternatively, when we send you an e-mail, it will contain a provision for you to opt out of receiving any further information from us.
DISCLOSURE OF PERSONAL INFORMATION
We may provide information about you to our employees, third party service providers and agents in order to administer any accounts, products and services provided.
These parties include:
We also share Personal Data with third party service providers and agents when necessary to complete a transaction initiated or authorized by you or provide you with a product or service you have requested. In addition to those set forth above, these parties also include:
We share Personal Data with presenters, sponsors, or other conference participants or organizers if you register for or attend a conference we are involved with.
We share Personal Data with research centers and academic institutions, scientists and authorized personnel involved in research projects to facilitate scientific research.
We also share Personal Data when we believe it is necessary to:
We also share information with third parties when you have given us consent to do so.
Use of Third-Party E-mail Address
If you register for the Service using an e-mail address that we recognize to be either a part of a third-party enterprise account for the Service (an “Enterprise Account”) or a potential enterprise Service purchaser (for example, your employer’s) (each, an “E-Mail Holder”), we may provide your name and email address to the E-Mail Holder and their administrator. In some cases, we will also consolidate your account(s) with the accounts of the E-Mail Holder and we provide your E-Mail Holder and their administrator with access to your User Account information. This may happen when the E-Mail Holder’s account is established after you register for your individual User Account. We make these transfers to allow users who are part of a larger organization to take advantage of the special features and security enjoyed by our enterprise Account holders, and in order to help you and your organization comply with its internal security and email usage obligations. Please note that all accounts for the Service, and all applicable subaccounts (which may include your User Account), are controlled by the account administrator. In certain cases (e.g. when we are aggregating all of the accounts under a current or potential Enterprise Account), we will provide you with the ability to opt-out of consolidation with an E-Mail Holder’s Account (typically by changing the email address on your account to a non-E-Mail Holder email address).
Additionally, when an E-Mail Holder creates an Account, we may notify any individuals already using the Services under an email address with the same company domain as yours so that they can be migrated to your enterprise Account.
YOUR PRIVACY CHOICES
Opting Out of Tracking Tools and Behavioral Advertising
You can opt-out of certain Behavioral Advertising activities by doing one or more of the following. Please note that you will need to opt-out of each browser and device for which you desire to apply these opt-out features.
Service Provider Opt Out: You can opt-out directly from some Advertising Service Providers and providers of Tracking Tools by using their opt-out tools. Some of these service providers, and links to their opt-out tools, are:
Mobile Opt Out: Your mobile devices may offer settings that enable you to make choices about the collection, use, or transfer of mobile app information for Behavioral Advertising. You may also opt-out of certain Tracking Tools on mobile devices by installing the DAA’s AppChoice app on your mobile device (for iTunes, visit https://itunes.apple.com/us/app/appchoices/id894822870?mt=8, for Android, visit https://play.google.com/store/apps/details?id=com.DAA.appchoices&hl=en). For more information, please visit http://support.apple.com/kb/HT4228, https://support.google.com/ads/answer/2662922?hl=en or http://www.applicationprivacy.org/expressing-your-behavioral-advertising-choices-on-a-mobile-device, as applicable.
Do Not Track: Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and across different websites. The Service does not support Do Not Track requests at this time, which means that we collect information about your online activity both while you are using the Service and after you leave our Service.
Our Cookie Management Tool: We also allow you the ability to opt out of certain types of Cookies by clicking on the cookie banner when you first enter the applicable website (for EU users), or by using the solution below:
Please note the following with respect to opting out of Behavioral Advertising:
Emails: We will give you the ability to opt-out of marketing-related emails by clicking on a link at the bottom of each such email. You cannot opt-out of receiving certain non-marketing emails regarding the Service.
All security on our Websites is treated seriously. Where applicable, we undertake security steps, including use of SSL technology, on our back-end systems that store customer account information and to protect data transmissions. However, this is not a guarantee that such data transmissions cannot be accessed, altered or deleted due to firewall or other security software failures. To the extent the Service requires you to provide any Financial Account Information, such as when you purchase subscriptions to the Service, that information will be collected and processed by third-party PCI-compliant service providers. We do not store Financial Account Information transmitted through the Service, provided that we do store (or our payment processor on our behalf will store) just the last four digits of your credit card number, if you provide this to us, to comply with credit card processing requirements of authorizations, charges and chargebacks.
If you have any further concerns about security, please email our Customer Service team.
We retain Personal Data about you for as long as you have an open account with us or as otherwise necessary to provide you with the Service, and thereafter as set forth in our Service agreement with you (typically 30 days after termination of the Service, or sooner upon request (except as required by law)). In some cases we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule, or regulation. Upon disposal, we will destroy or render unreadable any such Personal Data. Afterwards, we retain some information in a depersonalized or aggregated form but not in a way that would identify you personally.
INTERACTIONS WITH OTHERS
The Service contains areas where you may be able to publicly post information, communicate with others, submit media content, and/or review goods, services, or vendors, such as discussion boards or blogs. Any information, including Personal Data that you post there, will be public and can be viewed by the public at large, and therefore anyone who accesses such postings will have the ability to read, collect, and further disseminate such information. We have no control over, and take no responsibility for, the use, storage, or dissemination of information posted or otherwise made available on such portions of the Service. By posting Personal Data online in public forums, you may receive unsolicited messages from other parties.
RIGHTS AND CHOICES YOU HAVE REGARDING YOUR PERSONAL DATA
Accessing, Correcting, and Deleting Your Personal Data and Other Data Subject Rights
You have certain rights with respect to your Personal Data, and we want to help you review and update your information to ensure it is accurate and up-to-date. We may limit or reject your request in certain cases, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, if it is not required by law, or if the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question. In some cases, we may also need you to provide us with additional information, which may include Personal Data, to verify your identity and the nature of your request. We will take reasonable steps to respond to all requests within 30 days (or less!).
If you are a CAVE Account holder, you can accomplish most of the following by logging into your User Account or, for those using enterprise accounts, by contacting your account administrator. For any further information, requests or questions, please contact us at email@example.com
Access: You can request more information about the Personal Data we hold about you and request a copy of such Personal Data.
Rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data.
Erasure: You can request that we erase some or all of your Personal Data from our systems. Please note that if you request the deletion of information required to provide the Service to you, your User Account will be deactivated and you will lose access to the Service.
Portability: You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
For the following, please email us at firstname.lastname@example.org:
Withdrawal of Consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Service.
Objection: You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as for marketing purposes.
Restriction of Processing: You can ask us to restrict further processing of your Personal Data.
You also have the right to lodge a complaint about CAVE practices with respect to your Personal Data with the supervisory authority of your country or EU Member State.
Closing Your Account
You may close an account, and upon termination of your User Account, we will take reasonable steps to provide, modify, or delete your Personal Data as soon as is practicable. However, CAVE may nevertheless retain your Personal Data to protect the business interests of CAVE, CAVE Affiliates, vendors, and other users, and some information may remain in archived/backup copies for our records or as otherwise required by law. Those interests include without limitation the completion of transactions, maintaining records for financial reporting purposes, complying with our legal obligations, resolving disputes, and enforcing agreements.
ENFORCEMENT AND RECOURSE
Our Service is not intended for children under the age of 16 (in the EU), and therefore, CAVE does not knowingly acquire or receive Personal Data from children under the age of 16 (in the EU). If we later learn that any user of our Service is under the age of 16 (in the EU), we will take appropriate steps to remove that user’s information from our account database and will restrict that individual from future access to the Service.
FOR FURTHER QUESTIONS REGARDING YOUR PERSONAL DATA