Updated: 22 May 2018
EyesDecide considers data protection and privacy to be of paramount importance
Information we collect about you.
• Account information.
Account registration is required before you can use the EyesDecide service (“EyesDecide Registered User”). When you register for an account, we collect your first and last name, username, password and email address.
• Billing information.
If you make a payment to EyesDecide, we require you to provide your billing details, a name, address, email address and financial information corresponding to your selected method of payment (e.g. a credit card number and expiration date or a bank account number).
If you participate in an EyeTracking and/or Facial coding study controlled by an EyesDecide Registered User (“Participant”) you may be required to provide access to webcam and consent to a your face video being recorded. This applies only to studies that do not use the xLabs Chrome Extension. Explicit consent must be provided by you to enable the webcam to collect video of your face. Consent may be retracted at any time during the session by cancelling the session. Face videos are analyzed by our computers to calculate eye-gaze tracks (a series of x,y coordinates) and facial coding algorithms to determine emotion. The videos are not associated with you except via the information you enter to participate in the study (such as answers to survey questions).
We store Personal Information for as long as it is required for our research and business purposes and as required by law or at the request of EyesDecide Registered Users or you. When Personal Information is no longer required, we will delete it from our systems.
Facial videos are permanently deleted within 24-48 hours.
Even though EyesDecide is processing data at the request of the data controller being the EyesDecide Registered User, we want to ensure that you can execute your rights under GDPR.
At the start and end of a session we provide Participants with a key tied to your face video (even after deletion). If you contact us and provide this key we can check the status of face video data collected. EyesDecide has also provided EyesDecide Registered Users with a range of tools to help them manage your rights as a Participant.
EyesDecide may use first party cookies (small text files that the XLABS website stores locally on your computer) on our websites, for one or more of the following purposes: to help identify unique and returning visitors and/or devices; conduct A/B testing; and diagnose problems with our servers. Browsers do not share first-party cookies across domains. EyesDecide does not use methods such as browser cache, Flash cookies, or eTags, for acquiring or storing information about end users’ web browsing activity. You can set your browser preferences to refuse all cookies should you wish to prevent cookies from being used.
Information, including EyesDecide User Information, and any Personally Identifiable Information contained therein, may be shared with certain third-party companies and individuals that help facilitate technical and administrative aspects of the EyesDecide Service (e.g. email communications), or perform functions related to the administration of EyesDecide (e.g. hosting services). These third parties perform tasks on our behalf and are contractually obligated not to disclose or use EyesDecide User Information for any other purpose, and to employ adequate security measures to prevent unauthorized access to such data. However, EyesDecide is not responsible in the event that Personally Identifiable Information is disclosed at a result of a breach or security lapse by any such third party.
If xLabs, or substantially all of its assets, is acquired by another company or successor entity, xLabs Client Information will be one of the assets transferred or acquired by the purchaser or successor. You acknowledge that such transfers may occur, and that any purchaser of or successor to xLabs or its assets may continue to collect, use and disclose your information acquired prior to such transfer or acquisition as set forth in this policy.
The security of your personal information is important to us. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. Examples of these include limited and password-protected access, high security public/private keys and SSL encryption to protect transmission. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security.
If you are a citizen of the European Union you have certain rights relating to how others handle your personal information. These rights are:
1. The right to be informed how your personal information is being used.
2. The right of access your personal information and how it is processed.
3. The right to rectify inaccurate or incomplete personal information.
4. The right to deletion of all or any personal data.
5. The right to restrict processing, that is, the right to block or suppress processing of your personal data.
6. The right to data portability – this allows individuals to retain and reuse their personal data for their own purpose.
7. The right to object, in certain circumstances, to use of your personal data in a manner different from the purpose for which it was provided.
8. Right to prevent automated decision making or profiling based on your data without human intervention.
IF YOU WISH TO EXERCISE THESE RIGHTS, CONTACT US AT GDPR@XLABS.COM.AU