Privacy policy

BEAR SAS

Data protection and respect of customer and user privacy is a core value for us. This privacy policy serves to inform our customers, as well as end users of applications including, or communicating with, BEAR SAS technology, in compliance with the General Data Protection Regulation (GDPR) about which data we collect, why we collect it, and what we do with it. Wherever we refer to consent as a justification for data processing, this presupposes that you have effectively given us such consent; if you have not provided us with the respective consent we will not process your personal data for purposes that require your consent.

Below you will find detailed information about

  • who we are and how you can contact us;
  • to which products and services this privacy policy refers;
  • which categories of personal data we process, the sources from which we obtain personal data, the purposes for which we process personal data and on which legal basis we conduct such processing;
  • to whom we transfer personal data;
  • for how long we store personal data; and
  • your data subject rights in relation to the personal data we process.

1. Contact

Who we are and how to contact us

Responsible for this privacy policy and for any processing of personal data in relation to our products and services is :

BEAR SAS
1, place Francis Ponge
34000
Montpellier
FRANCE

You can contact us as follows :
By telephone: +1 347 759 62 67 (during business hours, that is Monday to Friday 9:30 am to 6 pm CET)
by Email: [email protected]

2. Scope of Application

This privacy policy applies to the following products and services:

2.1 The BEAR mobile SDK

The BEAR mobile Software Development Kit is a development framework utilizing recognition and tracking of images or objects and instant tracking of images, objects or spaces.

2.2 BEAR GO

BEAR SAS Studio is a web-based service enabling its users to manage target collections as well as to create, manage and publish AR experiences.

2.3 BEAR API

BEAR API is a service that enables cloud-based image recognition with a quick response time and a high recognition rate by hosting of large numbers of target images in a cloud. It also allow to manage images to be recognized and interactions that appear when an image is recognized.

2.4 The BEAR Lite mobile app

The BEAR Lite mobile app is a demo app available in stores that demonstrated BEAR SDK capabilities.

2.5 Email and newsletter services

From time to time we send information about our own products to our customers. Additionally, we offer subscription to our newsletter service – our newsletter covers augmented reality news, product updates and offers, including offers of our partners.

3. Data categories and purpose

Which data categories we process for which purpose

3.1 Data we do NOT process

3.1.1 Sensitive (“special”) data categories

We do not process sensitive ("special") data categories of our customers and service users. Sensitive ("special") data categories not processed by us include data that reveal racial and ethnic origin, political opinions, religious or philosophical beliefs, as well as genetic data, biometric data to uniquely identify a natural person, health information or data to the sexual life or the sexual orientation of a natural person. Of course, we also do not process any data on criminal convictions or offenses. If you provide unsolicited information containing sensitive ("special") data categories to us (e.g. by entering an Email revealing sensitive data such as a function within a church or a trade union in a registration form), such data will only be processed as part of the fulfillment of the contract (or the contract initiation), as requested and entered by you.

3.1.2 User behavior data

We do not process any information about individual users’ usage of our services except where, and to the extent that, it is technically necessary for the performance of such services.

3.2 The categories of personal data we process, the respective purpose(s) and legal basis and the sources from which we obtain personal data

3.2.1 Information we collect and process during registration for one of our Services (applies for BEAR SDK and BEAR GO)
Data categoryPurpose of processingLegal basisSource
NameWe process your name in order to be able to get in contact with you.This information is necessary for the performance of the contract (Art. 6 no. 1 b GDPR).Your entry in the registration form.
Email addressContact for electronic information and user name for login profile.Necessary for the performance of the contract (Art. 6 no. 1 b GDPR)Your entry in the registration form.
AddressWe need your address for billing purposes.Necessary for the performance of the contract (Art. 6 no. 1 b GDPR).Your entry in the registration form (only collected upon purchase of a commercial license, not collected upon registration for a trial license).
CountryWe need the information about the country you live in and/or operate from for billing purposes.Necessary for the performance of the contract (Art. 6 no. 1 b GDPR).Your entry in the registration form (only collected upon purchase of a commercial license, not collected upon registration for a trial license).
Town / City / PostcodeWe need the information about the town you live in and/or operate from for billing purposes.Necessary for the performance of the contract (Art. 6 no. 1 b GDPR).Your entry in the registration form (only collected upon purchase of a commercial license, not collected upon registration for a trial license).
3.2.2 Information we process during usage of one of our Services (applies for BEAR SDK, BEAR GO and BEAR API)
Data categoryPurpose of processingLegal basisSource
Device and service specific Information (Operating System, SDK Version)Non-personal device information is collected for program evaluation and maintenance. We do not collect or store such information in connection with personal data.The device and service specific information we collect does not include personal data, therefore it does not require a specific legal justification.The information is transmitted to us, when a registered software developer uses the BEAR SDK or when an end user uses an application that includes the BEAR SDK.
Internet Protocol (IP) addressesBEAR SAS logs the IP addresses on the servers of the service being used mainly to ensure that the services run smoothly and to detect minuses of our services and for error detection/investigation. These log files are not used for any other purpose and will automatically be deleted 30 days after the IP address was transmitted.It is necessary for performance of the contract you concluded with us that we track functionality and errors to ensure a smooth AR experience (Art. 6 no. 1 b GDPR).The transmission of your IP address is a technical requirement, when you use BEAR SDK and BEAR API.
Analysis of page visitsFor reasons of product improvement and for statistical analysis of the use of our services we may collect statistical information about page visits by use of cookies and/or by counting of logins.Your consent, Art. 6 no. 1 a GDPR.Whenever you use our services, we automatically collect and store this information.
3.2.3 Information we process during usage of the SDK trial version
Data categoryPurpose of processingLegal basisSource
Email addressDuring a trial usage of our SDK, we process data about how often your trial key was used as well as the app-id. We receive the Email address In case a trial-user does not buy a commercial license of the SDK product after the end of a free-trial period, we might send additional personalized Emails for direct marketing reasons.The purpose of the data processing is based on the legitimate interests of product improvement and direct advertising for promoting our own products and addressing potential customers directly (Art. 6 no. 1 f GDPR).Every time you use the trial version of SDK, the Email address of your account under which you downloaded the trial license will be processed by us. We request you to provide your Email address to us during the registration process. In exchange we offer you a trial license.
Device and service specific information (Operating System, SDK-Version used, SDK Version)Non-personal device information is collected for program evaluation and maintenance. We do not collect or store such information in connection with personal data.The device and service specific information we collect does not include personal data, therefore it does not require a specific legal justification.Device and service specific information (Operating System, SDK-Version used, SDK Version)
Target assetsThe functionality of the SDK may allow users to process and store personal data (eg pictures of natural persons or documents) as target objects or target images. Such use is enabled by the technology of BEAR SAS but not conducted under the control of BEAR.A user that intends to store target images or target objects on servers hosted by BEAR SAS needs to seek approval of BEAR SAS and may be required to conclude a data processing agreement with BEAR SAS. If such data is processed by use of our technology without being stored on servers hosted by us, we are not involved in th processing within the meaning of Art. 4 no. 8 GDPR.Target assets are uploaded by the user
3.2.4 Information we process during the payment/procurement process (applies to BEAR SDK, BEAR GO and BEAR API)
Data categoryPurpose of processingLegal basisSource
AddressYour address helps us to stay in contact with you as our customer. We further need your address for individualization reasons.The storage of addresses is necessary in order to fulfill our contractual obligations (Art. 6 no. 1 b GDPR).You share your Address with us when signing up for one of our services
VAT-IDIf applicable we need your VAT- ID for tax purposes.If you provide us you’re your VAT-ID we are required by law to process this information in connection with our invoicing. (Art. 6 no. 1 c GDPR). Processing of credit card information may be necessary for conducting your payment (Art. 6 no. 1 b GDPR).If applicable, you enter your VAT-ID during registration for the service
Credit Card InformationYour Credit Card information will only be used during the payment process. Only the last four digits of the credit card information will be stored.Processing of credit card information may be necessary for conducting your payment (Art. 6 no. 1 b GDPR).When you use Credit Card as a payment method, you disclose your Credit Card Information to us and/or our payment provider(s).
Contracts and non- disclosure-AgreementsWe process and store information about contract conclusion to fulfill our legal obligations and for evidence purposes.Legal requirement for accounting purposes (Art. 6 no. 1 c GDPR); legitimate interest of preserving evidence for the case of dispute and/or default of payment.Your entry during the registration and/or payment process.
3.2.5 Information we process with our Email and newsletter services
(a) Product information Emails
Data categoryPurpose of processingLegal basisSource
Email addressInformation about our own products, including advertising for our own products.Our legitimate interest in advertising (Art. 6 no. 1 c GDPR)Email address(es) you entered during registration for one or several of our services.
(b) Newsletter services
Data categoryPurpose of processingLegal basisSource
Email-addressProvide you with augmented reality news, product updates and offers – including advertising for our own products as well as for products of our partners.Your request and your consent to receive our newsletter (Art. 6 no.1a,b GDPR)Email address(es) you entered when you subscribed for our newsletter.

4. Data recipients

Information about when we share personal data with others

We will not share your personal data with any third party companies, organizations or individuals for their own purposes as an independent company unless we do not have your active (meaning: opt-in) consent. In addition, we will share your personal data only if one of the subsequent circumstances applies.

4.1 Transmission within the group

BEAR SAS has a subsidiary located in CANADA – BEAR Inc. No personal data regarding customers located in the European Union is transmitted by BEAR SAS to BEAR Inc.

4.2 Transmission to external processors

We only transfer personal data to external processors if we have concluded a data processing agreement with them that meets the legal requirements under art. 28 GDPR.

This means BEAR SAS may transfer or disclose personal data to a third party that agrees to process personal data strictly limited to our respective instructions and to provide appropriate technical and organizational data security measures. We primarily cooperate with processors located in the European Union and will only transfer personal data to processors outside the European Union if an appropriate level of data protection is guaranteed.

The processors we cooperate with include:

4.2.1 Cloudflare (CDN)

Cloudflare is a content delivery network (CDN), a CDN is a system of distributed servers (network) that deliver content to a user, based on the geographic locations of the user, the origin of the webpage and the content delivery server. The provider of this service is Cloudflare Inc., a company located in the United States participating in and complying with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.

4.2.2 Drift

Drift is a conversational marketing platform that allows to engage with our customers directly from the web.. The provider of this service is Drift Inc., a company located in the United States participating in and complying with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.

4.2.3 Cabinet François Girard

For accounting and documentation purposes, we send bills and contract documentations to our accountant Société d’Expertise Comptable et Commissaire aux Comptes located in France.

4.2.4 Google Analytics

We only process non-personal (anonymized) data on a regular basis for analytics purposes to Google Analytics. Google Analytics is a service by Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA.

4.2.5 Amazon EU or US

We use Amazon EU or US (depending on which region you choose) cloud services to store assets (ie target images and AR experience that you upload via BEAR GO or via BEAR API).

5. Storage period

How long we store collected data

5.1 General storage period

Our storage of personal data is always limited to the period necessary to achieve the purpose of the storage. Where a storage period prescribed by European regulations and directives and/or any other relevant legislation has expired, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

If you have purchased a product from BEAR SAS (SDK, GO or API), your data will be stored for as long as their use is required for the execution of the contract (e.g. for payment and contract handling) and, moreover, for the fulfillment of legal obligations (retention or accounting obligation). Your data will be deleted as soon as they are no longer needed to fulfill the contract and, moreover, all legal obligations for storage have expired.

5.2 Personal data of trial users

Your personal data will be stored at least for as long as necessary for you to access the trial products. During this period we may send you Emails about products corresponding to your trial license (similar products). If you have not used your trial license in six months we will consider you as a “non-active” user. Unless you object we will continue to send you follow up-Emails after you have become a non-active user. If you do not react to any of our follow-up emails within two years from when you have become a non-active user, we will delete all personal data related to your trial license (unless the same data is required for fulfilment regarding another product license we have granted to you.

6. Rights of the Data Subject

Your rights under the applicable data protection law

BEAR SAS is a company located in the European Union. Under the GDPR and ancillary data protection law, as a person affected by data processing you have the following rights:

  • Right of access: Upon request, we will inform you about the scope, the origin and the recipients of your personal data processed by us as well as of the purpose(s) of such processing. In case of excessive Requests for Access (more often than 4 times a year), we reserve the right to charge an expense reimbursement.
  • Right to rectification: Should any personal data related to you as processed by us be incorrect or incomplete despite our efforts to ensure that the data is accurate and up to date, we will correct it at your request.
  • Erasure: Under certain circumstances, you have a right to erasure, for example, in connection with a contradiction or when data was collected illegally. If the legal prerequisites for an erasure are present (meaning that there are no legal obligations or predominant interests against the request), we will carry out the requested erasure immediately.
  • Restriction: You may also request a restriction of the data processing for the same reasons that justify an erasure. In that case, the stored data must remain stored (ie for evidence purposes) but may no longer be used otherwise by us.
  • Right to object and withdrawal of consent: You are entitled to object against any data processing conducted by us based on a legitimate interest. Upon objection we will cease to process the respective personal data except for exceptional cases where we hae compelling legitimate grounds for the processing which override your interests; as regards data processing for direct advertising purposes, this right of objection has an absolute nature, we will thus never invoke compelling legitimate grounds overriding your legitimate interests if you object to use of your data for advertising purposes; Any consent you have given to processing of your personal data can be revoked at any time in writing and free of charge (for contact see sec. 1 above).
  • Data portability: If you wish to transfer provided data to another controller, we will provide the data in an electronically transferable format.
  • Right of appeal to the Data Protection Authority: We also remind you of your right of appeal to the Data Protection Authority. You have the right to complain to a supervisory authority, in particular in the Member State of your place of residence, your place of work or the place of the alleged infringement, if the data subject considers that the processing of the personal data is in breach of this Regulation. You may also contact us directly at any time.

To exercise these rights, please use the contact information under point 1. Please note that we may request submission of documents and/or information to verify your identity when treating your request. We do so in order to make sure that your personal data is never disclosed to a third party not entitled to receive your personal data.

7. Modification of this privacy policy

We may revise this privacy policy from time to time as appropriate. The use of your data is subject to the latest version, which can be accessed under https://www.bear2b.com/en/privacy-policy

We will post changes to this privacy policy via https://www.bear2b.com/en/privacy-policy , as part of our business relationship with you, via Email to an Email address associated with your account. We will also keep prior versions of this Privacy Policy in an archive for your review.

Valid from: 25th May 2018