Data Privacy Framework Notice

Last Updated: September 25, 2023

Advisory

On 10 July 2023, the European Commission approved the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) as a valid transfer mechanism to comply with EU data protection requirements when transferring personal data from the European Economic Area to the United States. The decision concluded that the US ensures an adequate level of protection for personal information that is transferred from the EU to US companies as part of the Data Privacy Framework Program.

On 17 July 2023, the Swiss-US Data Privacy Framework (“Swiss-U.S. DPF”)  entered into effect and may be relied upon once recognized by the Swiss Federal Administration.  Likewise, on 17 July 2023, the UK Extension to the EU-U.S. Data Privacy Framework (“UK Extension”) became effective and can be relied upon on the date that the adequacy regulations implementing the data bridge for the UK Extension enter into force.

Introduction

ExitReality Inc. ("ExitReality”, "Hyperspace”, “we”, “our" or "us") respect your privacy. This Data Privacy Framework Notice ("Notice") describes our standards and procedures for handling Personal Information transferred from the European Economic Area ("EEA"), the United Kingdom (and Gibraltar) and Switzerland to the U.S. in accordance with ExitReality’s obligations under the DPF.

For the purpose of this Notice, "Personal Information" means any data relating to an identified or identifiable individual, including, for example, name, address, telephone number and e-mail address, and "processing" means any operation performed on Personal Information, such as, for example, collection, use, management, consultation or disclosure. This Notice supplements our Privacy Statement. Unless specifically defined in this Notice, the terms in this Notice have the same meaning as in our Privacy Statement.

In compliance with the DPF ExitReality commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) (DPF Panel) with regard to unresolved complaints concerning our handling of non-human resources data received in reliance on the DPF.

Certification to the DPF Program

ExitReality complies with the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF as set forth by the U.S. Department of Commerce.  ExitReality has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles with regard to the processing of Personal Information received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension.  ExitReality has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles with regard to the processing of Personal Information received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this Notice and the Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

How We Obtain Personal Information

We obtain and process Personal Information from the EEA, the United Kingdom and Switzerland in different capacities:

  • As a data controller, we collect and process EEA, the United Kingdom and Swiss Personal Information directly from individuals, either via our publicly available websites, including Hyperspace.mv or in connection with our customer, partner, and vendor relationships.
  • As an agent (as that term is used in the Principles), we obtain and process EEA, the United Kingdom and Swiss Personal Information on behalf of and under the instructions of our customers in connection with ExitReality-branded cloud or hosted service offerings ("Online Services"). In that context, customers are the data controllers or agents and the roles and responsibilities of the parties for the processing of Personal Information are defined in our agreements with customers.

ExitReality commits to comply with the Principles with respect to all Personal Information received from the EEA, the United Kingdom and Switzerland in reliance on the DPF.

Data Privacy Framework Principles

  1. Notice. ExitReality’s Privacy Statement in combination with this Notice describes our privacy practices with respect to Personal Information received from the EEA, the United Kingdom and Switzerland in reliance on the DPF.
  2. Choice. When providing our Online Services, our customers choose the types of Personal Information we process and the purposes of the processing. Accordingly, our customers are responsible for providing notice to individuals. In the event Personal Information is (i) to be used for a purpose that is materially different from the purposes for which the Personal Information was originally collected or subsequently authorized, or (ii) transferred to a third party acting as a data controller, individuals will be given, where practical and appropriate, an opportunity to opt out of having their Personal Information so used or transferred where it involves non-sensitive information. Where such use or transfer involves sensitive information, individuals must opt-in before such use or transfer.
  3. Data Integrity and Purpose Limitation. Any Personal Information we receive may be used by ExitReality for the purposes indicated in our ExitReality Privacy Statement or as otherwise notified to you. We will not process Personal Information in a way that is incompatible with these purposes unless subsequently authorized by you.

    We take reasonable steps to limit the collection and usage of Personal Information to that which is relevant for the purposes for which it was collected, and to ensure that such Personal Information is reliable, accurate, complete and current. Individuals are encouraged to keep their Personal Information with ExitReality up to date and may contact ExitReality as indicated below or in the ExitReality     Privacy Statement to request that their Personal Information be updated or corrected.

    We will retain your Personal Information in an identifiable form only for the period necessary to fulfill the purposes outlined in the ExitReality     Privacy Statement, unless a longer retention period is required or permitted by law or by the Principles. We will adhere to the Principles for as long as we retain the Personal Information collected under the DPF.

    When providing our Online Services, we process and retain Personal Information as necessary to provide our services as permitted in our agreement with customers, or as required or permitted under applicable law.
  4. Accountability for Onward Transfer of Personal Information. ExitReality may transfer Personal Information for the purposes described in the ExitReality Privacy Statement to a third party acting as a data controller or as an agent. If we intend to disclose Personal Data to a third party acting as a data controller or as an agent we will comply with, and protect, Personal Information as provided in the Accountability for Onward Transfer Principle. When providing our Online Services we disclose Personal Information as provided in our agreement with customers.

    We remain responsible for the processing of Personal Information received under the DPF and subsequently transferred to a third party acting as an agent if the agent processes such Personal Information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.
  5. Security. ExitReality takes reasonable and appropriate precautions, taking into account the risks involved in the processing and the nature of the Personal Information, to help protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction.
  6. Access. Where appropriate, individuals have reasonable access to their Personal Information and may request corrections, deletions, or additions where the Personal Information is inaccurate or has been processed in violation of the Principles. We may limit or deny access to Personal Information where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by the Principles. You may request access to your Personal Information by contacting us as described below.

    When providing our Online Services, we only process and disclose the Personal Information as specified in our agreements with customers. Our customer controls how Personal Information is disclosed to us and processed, and how it can be modified. Accordingly, if you want to request access, or to limit use or disclosure of your Personal Information, please contact the company to which you submitted your Personal Information and that uses our Online Services. If you contact us with the name of our customer to which you provided your Personal Information, we will refer your request to that customer and support them in responding to your request.
  7. Recourse, Enforcement and Liability. ExitReality has established procedures to periodically verify implementation of and compliance with the Principles. ExitReality conducts an annual self-assessment of its practices regarding Personal Information intended to verify that the assertions ExitReality makes about its practices are true and that such practices have been implemented as represented.

    In compliance with the DPF, ExitReality commits to resolve DPF Principles-related complaints about our collection and use of your Personal Information.  EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of Personal Information received in reliance on the DPF should first contact ExitReality at:     privacy@hyperspace.mv or through one of our other contact methods described below.

    In compliance with the DPF, ExitReality commits to refer unresolved complaints concerning our handling of Personal Information received in reliance on the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF to an independent dispute resolution mechanism, either the DPAs or the ICO as applicable. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://ico.org.uk for more information and to file a complaint.

    For residual complaints not fully or partially resolved by other means, you may be able to invoke binding arbitration as detailed in the Principles available     here.
    ExitReality is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“    FTC”).

Amendment. This Notice may be amended consistent with the requirements of the DPF. When we update this Notice, we will also revise the "Last Updated" date at the top of this document.

Questions or complaints. If you have any questions, concerns or complaint regarding our privacy practices, or if you’d like to exercise your choices or rights, you can contact us:

  • By email at privacy@hyperspace.mv
  • By mailing to ExitReality, Inc., Attn: Legal, 1 E. Washington St, Ste 1200, Phoenix, AZ 85004, USA

How useful was this article?

Click on a star to rate it!

We are sorry that this article was not useful for you!

Let us improve this article!

Tell us how we can improve this article?