Legal Requirements for Mobile Apps
Last Updated: 08 SEP 2020
Factory 42 is an immersive and television content production studio that uses cutting-edge advanced imaging technologies to develop unique multi-sensory experiences for consumers, visitor destinations, broadcasters, brands and artists.
Who collects information about you?
Factory 42 Limited (“we”, “us”, “our”, “Factory 42”) collects, uses and is responsible for your personal information. When we do so, we are responsible as a ‘data controller’ of that information.
Our registered office is at New Wing Somerset House, Strand, London, WC2R 1LA.
How to complain
We hope that we can resolve any query or concern that you raise about our use of your personal information.
You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
Links to other websites
2. THE DATA WE COLLECT ABOUT YOU
Creating a player profile
We may let you create a player profile that is stored locally on your device. Your player profile may include information like:
an avatar of your choice;
Photos and videos
Our Apps may request permission to use your camera and local storage for the purpose of viewing augmented reality content, capturing photos or recording videos, and saving photos or videos to your device. Any images or videos you capture are only stored locally on your device and will never be transmitted to us or any other third party by any of our Apps.
Contacting us for support
If you choose to contact Factory 42 via firstname.lastname@example.org, any other Factory 42 email address, by telephone or by post, we may store some or all of the following personal information for a short period if you’ve provided us with it:
Details about a child’s use of any of the applications for which we provide support
You may choose whether or not to give some information to us. However, not providing certain information may mean you cannot enjoy all or parts of our Apps.
How do we use your personal information?
Under the GDPR, we must always have a lawful basis for using personal information. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal information, to meet our legal and regulatory obligations, or because it is in our legitimate business interests to use it. Where we have said that using or keeping your information is “necessary for our legitimate interest”, we have carried out an assessment to ensure this is not unfair to you. Where we have said that we are relying on consent, we will seek consent from the parent or guardian if the user is under the age of 13.
Your personal information may be used for the following purposes:
To provide a requested service or carry out a contract with you:
Carrying out our obligations to you, such as delivering any Virtual Content that you have bought.
Managing your User Account and respond to your queries.
Supplying our support services to you. Your personal details are required in order for us to correspond with you regarding any issues or questions you may have regarding the Apps for which we supply support services.
Communicating with you for customer service purposes. This may include responding to emails, calls or written correspondence from you.
Where we have your consent:
We may from time to time ask you for your consent for other purposes, which we will explain to you at the time
To meet our legal and regulatory obligations:
Dealing with requests from you to exercise your rights under data protection laws.
To respond to requests from regulators, courts or government authorities.
Necessary for our legitimate interests:
Ensuring our Apps work as intended on your device and as necessary to provide the content or services you request on our Apps.
Responding to your inquiries and fulfilling your requests, for example, when you send us questions, suggestions, compliments or complaints, or when you request information about our Apps. We may also take such into account when improving our Apps, products and services.
Defending or bringing claims to protect our legal rights and interests, including to enforce our Terms of Service.
Who will you share my personal information with?
We will not share any of your personal information with any third parties for any purpose, subject to one exception:
In some limited circumstances, we may be legally required to share certain personal information, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
When we need to enforce our Terms of Service, investigate fraud, reduce credit risk, exercise our legal rights or defend against legal claims.
Automated decision making
We do not carry out automated decision making using the information we collect from you.
Change of purpose
If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required and permitted by law.
3. SECURITY AND RETENTION
Keeping your data secure
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business or legal need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
For how long do we keep your personal information?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
In relation to personal information made available through email, telephone or postal correspondence, this will be stored for no longer than two years from the point at which reason for the communication has been resolved.
In some circumstances you can ask us to delete your data – please see below.
In some circumstances we may anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
International data transfers
Where possible, we try to only process your information within the UK and European Economic Area (EEA). If we or any third party transfers your information outside of the UK or EEA, we always require that appropriate safeguards are in place to protect the information when it is processed.
4. YOUR LEGAL RIGHTS
Under certain circumstances, you have rights under data protection laws in relation to your personal information. These include rights to:
Object to processing of your personal information where we are relying on legitimate interests as the legal basis of our processing your personal information, or where we use your personal information for direct marketing purposes. If we have compelling legal grounds to carry on processing your personal information, we will be able to continue to do so.
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below).
Object to decisions being taken by automated means which produce legal effects concerning you or significantly affect you.
Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal information.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
If you would like to exercise any of these rights, please email our Privacy Lead at email@example.com and let us have enough information to identify you.