Labster Privacy Policy

Please read this privacy policy carefully! It contains important information about Your Personal Information and Your legal rights.

This privacy policy was last updated on September 23, 2024.

For information about Labster’s compliance with the US Family Education Records Privacy Act (“FERPA”) and Personal Information contained in Student Educational Records, see section 13.

For information about Labster’s Compliance with the California Consumer Privacy Act and the California Privacy Rights Act, see section 11.

For information about Labster’s compliance with the European Union’s General Data Protection Regulation (“GDPR”) as applicable to the European Economic Area and European Union, the United Kingdom’s GDPR (the UK GDPR), and Switzerland’s Federal Act on Data Protection (“FADP”), see section 10.

1. Definitions

This Privacy Policy uses the capitalized terms below. Review this section to ensure You understand what each term means.

“Collect” means any activity Labster may perform with your Personal Information, including collecting, processing, using, and storing your Personal Information, as well as sharing it with (but not selling it to) third parties.

“Customer(s)” means organizations (such as educational institutions, companies, etc.) that purchase Labster’s Services, or individual persons that work for, are employed by, or represent such organizations.

“End User(s)” means any person who uses Labster’s Services.

“Labster;” “We;” “Us;” and “Our” means the Labster group of companies, which includes: Labster ApS CVR number 34457808, Vesterbrogade 149, St., lokale 102, 1620 Copenhagen V, Denmark; and its subsidiaries and affiliates, Labster GmbH, Talacker 41, 8001 Zurich, Switzerland; Labster Inc., 245 Main Street, 2nd Floor, Cambridge, Massachusetts 02142; Labster Spain, S.L., Travessera de Gracia, 11, 08021, Barcelona, Spain; Labster ApS (UK), Lowin House, Tregolls Road, Truro, TR1 2NA, United Kingdom; and UbiSim Inc, 630 Rene-Levesque Blvd., Suite 2800, Montreal, Quebec, H3B 1S6, Canada.

“Services” means, collectively, Labster’s interactive STEM and nursing simulations, the Labster cloud-based platform, and Labster’s mobile applications.

“Personal Information” generally means any information relating to an identified or identifiable individual, but may have a different definition under applicable law. Please see sections 10.2 and 11.1 for specific legal definitions.

2. Changes to This Notice

If Labster changes this Privacy Policy, we will inform you via our website, by email, or by a notice posted in the Services.

3. How to Contact Labster

At Your request and if applicable law requires, Labster may do the following: (a) disclose to You a list of Your Personal Information that Labster has collected; (b) delete, amend, or correct Your Personal Information; and/or (c) transfer your Personal Information to another party. 

To submit a request fill out and submit this form.

If You have questions or concerns about this Privacy Policy or Labster’s Personal Data Collection practices, please contact Labster’s Data Protection Officer by post or email using the information below.

Data Protection Officer: John Pothier, external legal counsel

Email: john.pothier@labster.com with a copy to privacy@labster.com.

US Address (For US-based inquiries):

Labster Inc.

245 Main Street, 2nd Floor

Cambridge, MA 02142

EU Address (for all other inquiries):

Labster ApS

Vesterbrogade 149, St., lokale 102 

1620 Copenhagen V, Denmark

For EU GDPR Representatives and information about Labster as a Data Controller, please see section 10.1.

4. Personal Information Labster Collects

This section the types of Personal Information that Labster collects from you when You use Our Services and app(s), visit our website(s) or interact with Us. We also collect Personal Information from third parties such as Labster’s customers, business partners and service providers. We may obtain information through communications, correspondence, or from Your devices, web browser and web browsing activity. The specific types of Personal Information we collect and the reasons for collecting it will depend on your interactions with Labster, certain third parties, and/or the reason(s) Labster contacted You, described in more detail below.

Labster collects the following types and categories of Personal Information:

  • Contact information, such as Your full name (first, last); Your personal, business, or school email address; Your business or personal phone number; and employer, job role, title or position and other identifying information, like location Information (such as Your business or personal address; Your university, college, or educational institution).
  • Account management and access information. Labster creates and retains your Labster user account credentials (username with password) and a unique ID associated with You or Your login credentials; Labster may receive tokens or similar access identifiers to enable Your access to Labster’s services through a third-party platform, such as a Learning Management System. If You access Labster through a Learning Management System, Labster may also receive certain directory information the Learning Management System shares with Labster.
  • Payment and billing information, such as Your personal or business billing information, including bank or financial account/institution information that is necessary for making payment. Whether Labster Collects personal or business billing information depends on the payment method and the party making payment to Labster.
  • The contents of Your communications with Labster and Labster’s business partners and service providers (in whatever form You use to correspond with Labster or its business partners and service providers, such as mail, email messages, community forum posts, voicemail, online chats, social media (or any other method of communication) as well as service or support requests, chat messages, posts, comments, and Your reviews and ratings of Labster’s Services.
  • Ad engagement data and targeted ad information like views, clicks, forwarding or originating website; and email engagement data (views, opens, clicks, clickthrough, and other interactions) from emails Labster sent to You regarding marketing, promotions, product updates, or other topics. 
  • Web tracking information, such as website visitor ID and similar trackers and identifiers like cookies, pixels, strings, tags, web beacons, ad browser fingerprints, and geolocation.
  • Data from ad engagement, web tracking and other sources to infer certain Personal Information about You, like a predicted age, profession or occupation.
  • Website, Services, and application usage or visit data, such as logins, visits, sessions, downloads, clicks, keystrokes, and other interactions with Labster’s Services.
  • Internet connection, web browser, and device profile data, such as IP address, device and browser type, operating system, language, resolution, and apps; device IDs such as MAC, Apple ID, Android ID, Ad ID, and serial numbers; and geographic identifiers such as device or web browser geolocation information.
  • Audio, video, or photos/images of You if you participate in certain events, user studies, surveys, or provide an identifying document at Labster’s request. Labster will always request your specific and unambiguous consent before Collecting this Personal Information.
  • Your saved preferences and settings about: (i) communications from Labster and Labster business partners and service providers; (ii) Labster’s and Labster’s business partners’ and service providers’ Collection of Your Personal Data; and (iii) Your preferences regarding whether Labster may share Your Personal Information.
  • Education information such as Your education attainment; the name of Your educational institution(s) school(s), universit(y)/(ies), or similar education provider(s). Labster may be able to infer or know Your educational attainment or status from this information. 
  • Government-issued identifying documents or information, such as Your Taxpayer Identification Number (TIN) or similar identifier (if you are a pass-through entity providing services to Labster, or an institutional Customer).
  • Electronic signature(s) if you execute agreements such as quotes, order forms, or other contracts with Labster.
  • Business records and information, such as Your Labster purchases, orders, or other transaction details, or information about other products and services you use if you choose to share that information with Labster.
  • Social media information, such as username, handle or alias.
  • Any other Personal Information You provide to Labster and give Your express or implied consent to Labster to Collect.

4.1 Personal Information Labster Collects Directly from You

Labster Collects Personal Information directly from You through Our Services, website(s), and app(s), as well as phone, email, online chat, or in-person interactions. Labster also Collects Your Personal Information automatically from your device or web browser.

LABSTER NEEDS YOUR NAME AND EMAIL ADDRESS TO CREATE YOUR LABSTER ACCOUNT CREDENTIALS. YOU MUST HAVE ACCOUNT CREDENTIALS TO ACCESS LABSTER’S SERVICES AND USE LABSTER’S APPLICATION(S) ON YOUR DEVICES. IF YOU DON’T PROVIDE LABSTER WITH SUCH PERSONAL INFORMATION, WE CANNOT GIVE YOU ACCESS TO OUR SERVICES OR APPLICATION(S).

Labster Collects the following Personal Information directly from You (typically, by asking you to enter this information) to create and maintain your Labster account credentials and give you access to and save Your progress in Labster’s Services: email address; name (first, last); phone number; education information (typically, Your school, university, or educational institution and basic information about Your educational attainment); and employer name; and job title, role, or position. 

Additionally, Labster may automatically Collect the following Personal Information for the same purposes: application or site usage data (visits, sessions, downloads); browser or device profile (type, OS, language, resolution, apps, etc.); browsing history; IP address; device ID (MAC, Apple ID, Android ID, Ad ID, serial, etc.); geolocation data; and browser data and files (such as cookies, pixels, strings, and browser fingerprint).

Labster Collects Your Personal Information from Your correspondence or communication with Labster via phone, online chat, forum posts, or social media to provide technical or customer support or for the purposes described in section 5. As part of such communications, Labster collects the following information: email address; name (first, middle, last); phone number; Your school, university, or educational institution or employer name; Labster application or website usage data (visits, sessions, downloads); web browser and/or device profile (type, OS, language, resolution, apps, etc.); IP address; device ID (MAC, Apple ID, Android ID, Ad ID, serial, etc.); geolocation data; browser data like cookies or other records; and other Personal Information necessary to provide You with support or troubleshooting, which Labster would not Collect without first obtaining Your consent. Labster will create and retain technical or customer support interaction records.

If you visit Labster’s website(s), Labster Collects—depending on Your Labster privacy preference settings (if applicable) and Your browser and/or device settings—the following Personal Information from You: website usage data (visits, sessions, downloads); web browser and/or device profile (type, OS, language, resolution, apps, etc.); device ID (MAC, Apple ID, Android ID, Ad ID, serial, etc.); and browser data like cookies or other records; internet connection, web browser, and device profile data such as IP address, device and browser type, operating system, language, resolution, and apps; geographic identifiers such as device or web browser geolocation information; ad engagement data and targeted ad information like views, clicks, forwarding or originating website; web tracking information such as website visitor ID and similar trackers and identifiers like cookies, pixels, strings, tags, web beacons, ad browser fingerprints, and geolocation. Labster may use third-party tools and applications to Collect this Personal Information (see section 4.2 below).

If You are an educator (a professor, instructor, teacher, etc.) who would like to sign up for a trial of Labster’s Services, We may ask You for additional business and professional information to verify You are an educator, such as a faculty directory page or an email address associated with your education institution.

4.2 Third-party Sources of Personal Information

Labster Collects Your Personal Information from third parties, such as Labster’s business partners and service providers. Depending on how You interact with Labster, We also Collect Your Personal Information from Our Customers (for instance, if You are a student, Your educational institution may purchase Labster’s Services and provide Us with Your Personal Information so We may give You access to Our Services). Labster enters contracts with its business partners, service providers, and Customers to ensure such Personal Information is secured, stored, and shared by and with Labster in accordance with applicable law.

We Collect Personal Information from third-party sources like Your bank or a payment processor pursuant to a payment or transaction with Labster or if you communicate with Us via social media (TikTok, X, Instagram, etc.). If you communicate with Labster via social media, Labster will receive Personal Information included in that communication and publicly available Personal Information attached to Your social media account presence. If you communicate with Labster for technical and customer support, Labster may Collect Personal Information that is transmitted through the third-party source that transmits Your communication and Our correspondence with You. For further information regarding social media, see section 4.2.1.1.

If You interact with Labster’s marketing or advertising, such as when you sign up for or attend Labster webinars or in-person events; fill out requests for information or materials; or click on a web ad for Labster’s Services, Labster Collects Personal Information through business partners and service providers that host Labster’s content or events or provide web advertising for Labster.

We Collect Personal Information for sales, marketing, and demand generation purposes through lead and demand generation services or referral providers; third-party applications or websites via web trackers and other automated targeted ad and marketing technologies; third-party marketing and demand generation campaigns or promotions; and online advertising networks and targeted advertising services and data analytics providers; and through publicly available and accessible sources (like university or school staff directories and social networking and media sites).

Labster also Collects Personal Information through integrations with third-party login services or from Your education provider (who is usually a Customer). Your educational institution may share Your Personal Information with Us so We can provide You access to Labster’s Services. Alternatively, if you access Labster through a third-party connection like your educational institution’s “Learning Management System” (called an “LMS,” such as Blackboard, Canvas, Moodle, Brightspace/D2L, Sakai, Clever/Classlink, Google Classroom, Schoology), Labster will receive Personal Information from the LMS, such as the user ID associated with your LMS account; an access token or other unique user ID; and any other Personal Information that You or Your educational institutions permit the LMS to share with Labster. 

We Collect Personal Information from Our IT and security systems, such as automated website and application security and intrusion monitoring systems, and endpoint and network protection applications. 

Labster also Collects Personal Information through physical security systems like door entry systems, reception logs, and CCTV cameras. These systems Collect Personal Information such as: email address; name (first, middle, last); application or site usage data (visits, sessions, downloads); browser or device profile data (type, OS, language, resolution, apps, etc.); browsing history; IP Address; device ID (MAC, Apple ID, Android ID, Ad ID, serial); geolocation data; and browser data and files (such as cookies, pixels, strings, ad browser fingerprint; application or site usage data (visits, sessions, downloads).

4.2.1.1 Social Media Services

We have profiles on social media networks like Facebook, X, TikTok, YouTube, Instagram, Pinterest, and LinkedIn. 

If You visit our social media pages, the applicable social media network may Collect Your Personal Information and use such Personal Information for various purposes, such as to display interest-based ads on social media network websites and on other websites.

Labster is jointly responsible with the social media network provider for Collecting Your Personal Data from such social media network providers. To learn more about the Personal Information a social media network Collects, please see the social media network’s privacy policy and settings. 

4.2.1.2 Cookies

We use cookies to tell the difference between You and other End Users or website visitors and to track Your activity on Our website and across other websites. Cookies are pieces of information transmitted from our web server or third-party web servers to Your web browser, where they are stored for later retrieval. Cookies contain a string of characters that allows Us to identify Your web browser when You access Our Services or website(s). A cookie also contains information about its origin and storage period. A cookie does not always allow Us to be aware of your identity.

You can find a list of the cookies and tracking technologies We use and why we use them, as well as how to accept and reject them here. You may also disable cookies through Your web browser settings. You can find out how to do so at www.aboutcookies.org. Please note that if you turn off cookies some features and functions of Our Services and website(s) (and other websites) may not function or display properly.

We use the following types of cookies:

  • Strictly Necessary: strictly necessary cookies help make Our website(s) and Services usable by enabling functions like page navigation and access to secure parts of Our website(s) or Services. Our website(s) and Services cannot function properly without these cookies. These cookies are required to enable you to navigate Our website(s) and Services and use key functions. They support functions such as order processing and access to secured areas of webpages(s) and Services. They also enable anonymous analysis of user patterns, which We use to continuously develop and improve our webpage(s) and Services. We automatically store these cookies on Your device(s) because these cookies are strictly necessary for the operation of Our website(s) and Services.
  • Functionality: functionality cookies enable Our website(s) and Services to remember information that changes the way Our website(s) or Services behave or look, like Your preferred language or the region that You are in.
  • Performance: these cookies help Us understand how visitors interact with our website(s) by collecting and reporting certain anonymized Personal Information.
  • Targeting and Advertising: We use targeting and advertising cookies to track visitors across website(s) and services to display web ads that are relevant and engaging for the individual user. Typically, a third party provides this service on Labster’s behalf. For more information regarding this practice, and to opt-out of such collection and use of this information by our third-party service providers, please see www.networkadvertising.org.

4.2.1.3 Google Analytics

We use Google Analytics on our website(s). Google Analytics is a web analysis service that helps Us better understand how You use Our website(s) and Services. Google Analytics collects information such as how often users visit our website(s), what pages they visit, and what other sites they visit prior to or after visiting Ours. Google uses the data collected to track and examine the use of websites, to prepare reports on user activities, and to share them with other Google services. Google may use the data collected on Our website(s) and Services to contextualize and personalize ads on Google’s advertising network. Google’s ability to use and share information collected by Google Analytics about your visits to the websites is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. Google offers an opt-out mechanism for the web available here.

4.2.1.4 Third-Party Links and Integration

OUR WEBSITE(S) AND SERVICES INTERFACE WITH THIRD-PARTY SITES AND SERVICES (FOR EXAMPLE, SOCIAL MEDIA PAGES OR OTHER THIRD-PARTY APPLICATIONS, SITES, OR SERVICES) OR CONTAIN LINKS TO WEBSITES THAT BELONG TO THIRD PARTIES THAT WE DO NOT CONTROL.

PRIVACY POLICIES FOR THESE THIRD-PARTY WEBSITES AND SERVICES MAY BE DIFFERENT FROM OUR PRIVACY POLICY. YOU ACCESS THESE THIRD-PARTY SITES AND SERVICES AT YOUR OWN RISK. YOU SHOULD ALWAYS READ THE PRIVACY POLICY OF A LINKED SITE OR INTEGRATED SERVICE BEFORE DISCLOSING ANY PERSONAL DATA ON SUCH SITE AND/OR THROUGH SUCH SERVICE. LABSTER IS NOT RESPONSIBLE FOR INFORMATION YOU SUBMIT TO SUCH THIRD PARTIES.

5. How Labster Uses Personal Information

Labster uses Personal Information Collected from You and third parties for various purposes, all listed below. 

Labster does not use Personal Information for any purpose(s) other than the purpose(s) for which Labster collected it. Labster Collects only the Personal Information necessary to accomplish the purpose(s) for which it was Collected.

To Provide and Manage Our Services and Apps: Labster Collects Personal Information to provide free trials, to fulfill contractual obligations with Our Customers (who may also be End Users), or at Our Customer’s instructions before entering a contract. We Collect and use this Personal Information to process orders, payments, or refunds for Labster’s Services; fulfill requests for information; provision Customers and End Users with access to Labster’s Services, application(s), and website(s); manage Customers’ and End User’s access to Labster’s Services; establish a connection between the End User’s device and Labster’s services; provide  Labster’s Services in the End User’s preferred language; and integrate Labster’s Services with third-party platforms.

To Provide Technical Support and Communicate with Customers or End Users: Labster uses the Personal Information it Collects to assist and communicate with Our Customers and End Users. We use Personal Information to notify Customers or End Users of Service updates, changes, security events, or other essential communications; to provide remote or in-person customer service (such as troubleshooting, technical assistance, and instructions); and to give Customers and End Users access to Labster’s online community, knowledge base, and technical documentation. Labster also uses Personal Information to communicate with Customers and End Users about payments and billing or to respond to any other inquiries from Customers, End Users, or the general public.

For Website, Services, and App Use Tracking, Measurement, and Improvement: Labster Collects Personal Information to track the use of, benchmark, analyze, measure, and improve its website(s), app(s), and Services. Labster may track, analyze, and measure Customer or End User feedback to identify technical or content improvement areas. Technical improvements include improvements to Service connectivity, device or system requirements to run or install the Services or apps, rendering and graphical optimization, accessibility features, etc. Content improvement includes adding, updating, or changing Services material, content, and features. Labster may also use Personal Information to track and understand web traffic and to improve and optimize our technical resource needs; to troubleshoot errors and technical glitches or issues with Our Services, apps, or website(s); to plan for and test or “pilot” Service updates or new features or content; to enable Services functionality and features.

To Understand Our Customers, End Users, and Market: Labster Collects Personal Information (and makes inferences using this Personal Information) so We may understand Our market, customers, and users. We Collect and use this Personal Information to track and measure Service traffic and use. Where practical, We store such Personal Information in aggregate, de-identified, or anonymized formats. We also Collect and use Personal Information to gather Customer and End User feedback in the form of interviews, screen recordings, polls, and surveys to measure and analyze Customer or User satisfaction and sentiment so We may improve Our Services.

To Maintain Business or Technical Records for Compliance, Auditing, Security, and Other Legitimate Business Purposes: Labster Collects certain Personal Information for industry-standard business, financial, and accounting records, many of which are necessary for auditing or compliance obligations. This includes Customer orders, purchases, and refunds and other financial and accounting records; executed (signed) contracts; communications regarding transactions and contracts; Communications between Labster and Our Customers or End Users regarding billing, technical support, or inquiries about Our Services that we retain to show We communicated with You at Your request. Additionally, Labster keeps records of certain web activity on its websites or social media network to enable Customers, End Users, and Labster employees to revisit such records, such as community forum posts regarding Service troubleshooting, feature requests, and other Customer or End User feedback and inquiries. Labster also maintains website and Service traffic and use data so it may understand its user base and customers over time. Finally, Labster maintains users' Personal information to create records of physical or in-person interactions, like office visitor logs, CCTV recordings, and other physical security measures for the safety and security of Labster’s employees, guests, and property.

To Comply with Legal Obligations: Labster may Collect and disclose Personal Information to comply with applicable laws or reasonable requests from law enforcement. Labster also Collects Personal Information to screen for persons or organizations that may be subject to financial, trade, or other sanctions or embargoes and to ensure Labster has the information necessary for financial and security audits or inquiries by government agencies. Labster may also Collect Personal Information to create records of data processing activities, data subjects, and consumer requests regarding personal information to verify the identity of data subjects or consumers making such requests. 

To Uphold Our Agreements; For Security; or Fraud and Abuse Prevention: We Collect Personal Information to enforce Labster’s Terms of Use, Cloud Access Agreement (and other contracts with Customers, You, and third parties), and Our Acceptable Use Policy or for the security and integrity of our Services, systems, employees, Customers, End Users, vendors, and property; to identify or verify Labster’s End Users and/or Customers; and to detect fraud against End Users, Customers, or Labster.

For Advertising and Marketing, Including Direct Marketing and Targeted Advertising: We Collect Personal Information for sales and demand generation activities, such as tracking and profiling online behavior, interactions with Our advertising and/or content, and web browsing habits through cookies, pixels, and other web identifiers (such processes typically include both profiling and automated decision making by our service providers or business partners to serve and present online advertisements to potentially interested people or organizations); direct or targeted correspondence (phone, email, text and/or chat, social media) and marketing and/or advertising and direct selling of Labster’s Services to potential, existing, and former customers, including people or organizations that have not had contact with, or interacted with, Labster; and for event registration and management and delivering event content online or in-person (such as webinars, trade shows, etc.).

For Activities or Uses That You Consent To: Depending on how you interact with Labster, We may occasionally ask for Your specific consent to Collect Your Personal Information for a specific use or purpose.

6. Who We Share Your Personal Information With

LABSTER DOES NOT SELL PERSONAL INFORMATION AND DOES NOT SHARE PERSONAL INFORMATION IF PROHIBITED BY LAW. Labster only shares Your Personal Information with third parties if those third parties commit to contractual obligations to use your Personal Information in compliance with applicable law.

For more information about our sub-processors, please visit our Trust Center.

We share Your Personal Information with the following types of third parties:

  • Labster Affiliates: Labster shares Your Personal Information among Our affiliates, which includes all companies within the Labster Group of companies listed in section 1.
  • Your Educational Institution: Labster shares certain Personal Information, such as Your Labster simulation performance and completion, with Your educational institution or whoever provides You with and administers Your access to Labster’s Services.
  • Labster’s Service Providers and Business Partners: Labster shares Your Personal Information with Our business partners and service providers, like those we use to help deliver our Services and app(s) to you, such as payment processors, banks or financial institutions; app stores; and Learning Management Systems (if Labster is integrated with a Learning Management System for sign-on and course/student management purposes).

We also share Your Personal information with third parties We use to help us run, advertise, and market our business, such as marketing agencies; online marketing, lead generation, profiling, and targeted advertising providers; industry event hosts; website hosts, and cloud hosting providers; data and market or business analytics and consulting providers; financial or security auditors; and insurers or brokers.

Other Approved Third Parties: We share Your Personal Information with third parties You connect to Labster’s Services or correspond with Labster through such as social media networks.

Government Organizations or Law Enforcement: We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with Our legal and regulatory obligations.

As Part of a Merger or Acquisition: We may also share Personal Information with other third parties, such as potential buyers of some or all of Our business, or during a re-structuring of Our business.

7. Security of Your Personal Information

We have an information security program that We continuously update. Our information security program includes a variety of physical, administrative, and technological safeguards designed to protect Your Personal Information. We follow generally accepted industry standards to protect Your Personal Information, such as data encryption; de-identification and anonymization (where appropriate and practical); firewalls; use and access limitations for our personnel and vendors; and physical access controls to our facilities.

For more information about our security policies and processes, please visit our Trust Center.

8. How Long We Keep Your Personal Information

We will keep Your Personal Information while You have an account with us or while We are providing Our Services to You. If We stop providing Services to You, We will keep Your Personal Information for as long as is necessary: (1) to respond to any questions, complaints, or claims related to Your data; (2) to show that We complied with applicable law; and (3) to comply with applicable law or ensure accurate business and financial records.

We will not keep Your Personal Information for longer than necessary to accomplish the purpose for which We collected it. Different retention periods apply for different types of Personal Information. Further details on this are available in our Data Retention Policy available in our Trust Center.

9. EEA/EU/UK and Swiss Data Subjects

This Section applies to the versions of the General Data Protection Regulation (“GDPR”) adopted by the European Union, the United Kingdom, and Switzerland.

9.1 Processor and Representatives

Labster ApS may be the  Processor or Controller (as defined by the GDPR) of the Personal Information discussed in this Privacy Policy. Labster has designated the following EU, UK, and Swiss GPDR representatives:

Labster’s EU Representative (according to Art. 27 GDPR) is Labster ApS, CVR number 34457808, with a primary business address at Vesterbrogade 149, St., lokale 102, 1620 Copenhagen V, Denmark.

Labster’s UK Representative (according to Art. 27 GDPR, and DPA 2018) is Labster ApS, with a primary business address c/o TMF Group, 13th Floor, One Angel Court, EC2R 7HJ, London, England, United Kingdom.

Labster’s DACH Representative (according to Art. 27 GDPR) is Labster GmbH, with a primary business address at Hagenholzstrasse 81a, 8050 Zurich, Switzerland.

For additional contact information, please see section 3.

9.2 Special Category Personal Information

“Special Category Personal Information” is defined as information that reveals a person’s racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, or trade union membership; genetic and biometric data; and data concerning health, sex life, or sexual orientation.

Labster will never Collect Special Category Personal Information without Your Consent.

9.3 The Personal Information We Collect and Process

To see a full disclosure of the Personal Information Labster Collects and processes, please refer to section 4.

9.4 Why Labster Processes Your Personal Information

According to the GDPR, Labster must have a legally valid reason (or “bases” as defined by the GDPR) for Collecting your Personal Information. To see how and why Labster Collects and uses Your Personal Information, please refer to section 5. Labster relies on the following legally valid reasons (which are generally applicable to the purposes described in section 5) for Collecting Personal Information:

  • You clearly consented to Labster Collecting Your Personal Information.
  • So Labster can perform its contractual obligations to You as part of a contract with You, or to take steps at Your request before We enter into a contract with You.
  • So Labster may comply with its legal obligations.
  • To protect Your vital interests or the vital interests of another natural person.
  • We have a legitimate interest in Collecting Your Personal Information, except where Our interests are overridden by Your interests or fundamental rights and freedoms.

9.5 Cookies

The legal basis for all cookies that are not strictly necessary for the operation of Our website(s) or Service is our legitimate interest in optimizing our marketing measures, improving our product and service quality, and improving Our website and Services user experience. 

You can find a list of the cookies and tracking technologies We use, why We use them, and how to accept and reject them here and in sections 4.2.1.2.

9.6 Your Rights Under the GDPR

According to the GDPR, You have the following rights with respect to Your Personal Information:

Right to Be Informed - The right to know or be notified about the collection and use of your personal information.

Right to Access - The right to be provided with a copy of your personal information (the right of access).

Right to Rectification - The right to require us to correct any mistakes in your personal information.

Right to be Forgotten - The right to require us to delete your personal information—in certain situations.

Right to Restriction of Processing - The right to require us to restrict processing of your personal information—in certain circumstances, e.g., if you contest the accuracy of the data.

Right to Data Portability - The right to receive the personal information you provided to us, in a structured, commonly used, and machine-readable format and/or transmit that data to a third party—in certain situations.

Right to Object - The right to object:

  • At any time to your personal information being processed for direct marketing (including profiling)
  • In certain other situations to our continued processing of your personal information, e.g., processing carried out for the purpose of our legitimate interests

Right Not to be Subject to Automated Individual Decision-Making - The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.

For further information on Your GDPR rights, please consult Your national supervisory authority.

9.7 Where Your Personal Information is Stored

Information may be held or accessed at Our offices (in the locations described in section 1) and with the third parties described in section 7. Some of these third parties may be based outside the European Economic Area.

9.8 Transfers of Your Personal Data Outside the EEA/UK/Switzerland

We may share Your Personal Information outside the European Economic Area (EEA), the UK, and Switzerland. Labster is accountable for all onward transfers of Personal Information from the EU, UK, and Switzerland to a Labster location outside the EU, UK, or Switzerland and later transfers of the Personal Information to any third parties

We transfer Personal Information to countries that do not have laws that protect Your Personal Information and/or give You the same rights as the GDPR. We ensure these transfers comply with applicable law. Our standard practice is to use the European Commission’s Standard Contractual Clauses, the United Kingdom’s IDTA, and Switzerland’s Standard Contractual Clauses. To obtain copies of these measures, please contact Labster as described in section 3.

Transfers to the United States and the Data Privacy Framework: Labster follows the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF (“UK-DPF”), and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”). If there is any conflict between the terms in this privacy policy and the applicable DPF, the DPF governs. To learn more about the DPF program please see more information here. To view Our certification, please visit https://www.dataprivacyframework.gov/ and see the “Data Privacy Framework List.”

9.9 Promotional and Marketing Communications

We may Collect Your Personal Information to communicate with You by email, text message, telephone, or mail about Our Services and offers or promotions related to Our Services. We have a legitimate interest in Collecting your Personal Information for marketing and promotional purposes, and We do not usually need Your consent to send You promotional communications. If Your consent is required, We will ask for Your consent separately and clearly. We do not sell Personal Information to other organizations for marketing purposes.

You have the right to opt out of receiving promotional communications at any time by:

  • Contacting Us using the method described in section 3.
  • Using the "unsubscribe" link found in the footer of Our emails or replying "STOP" to text messages.
  • Updating Your marketing preferences here.

We may ask You to confirm or update Your marketing preferences if you instruct us to provide Our Services to You in the future or if there are changes in the law.

9.10 Automated Decision Making and Profiling

We do not perform automated decision making, including profiling.

9.11 How to File a GDPR, UK GDPR, or Swiss FADP Complaint

You have the right to lodge a complaint with a supervisory authority in the European Union (or European Economic Area) in the EU member state where you work or normally live, the United Kingdom if you are a UK data subject, and Switzerland if You are a Swiss data subject. The supervisory authority that oversees Labster ApS is the Danish Data Protection Agency which may be contacted using the information below.

You may file a complaint under the applicable Data Privacy Framework by visiting the US Department of Commerce’s DPF complaint page.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Labster will comply with the advice of the panel established by the EU data protection authorities, the UK Information Commissioner’s Office, and the Swiss Federal Data Protection and Information Commissioner to address unresolved complaints about Our Collection of Personal Information Collected or transferred in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. Helpful contact information can be found below:

Danish Data Protection Agency (https://www.datatilsynet.dk), via e-mail to dt@datatilsynet.dk, call +45 33 19 32 00, or write a letter to: Datatilsynet, Carl Jacobsens Vej 35, DK-2500 Valby, Denmark.

The Swiss Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home.html), via e-mail to info@edoeb.admin.ch, call +41 (0)58 462 43 95, or write a letter to: Office of the Federal Data Protection and Information Commissioner FDPIC, Feldweggweg 1, CH – 3003 Berne, Switzerland.

The United Kingdom Information Commissioner’s Officer (https://ico.org.uk/), via e-mail to info@ico.org.uk, call +44 0303 123 1113, or write a letter to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF United Kingdom.

Under certain conditions, you may invoke binding arbitration for complaints regarding Labster’s Data Privacy Framework compliance not resolved by any of the other Data Privacy Framework mechanisms as provided here.

10. California Consumers

10.1 Definitions

“Personal Information” is defined by the California Consumer Privacy Act of 2018 (“CCPA”) (as amended by the California Privacy Rights Act of 2020 (“CPRA”)) as information that identifies, relates to, describes, or is reasonably capable of being associated with or linked, directly or indirectly, with a particular consumer or household. 

10.2 Personal Information We Shared

Labster does not sell Personal Information. 

In the preceding twelve (12) months, Labster has shared and disclosed for a business purpose the following categories of personal information:

  • Identifiers (real name, unique personal identifier, online identifier, Internet Protocol address, email address, account name).
  • Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, address, telephone number, education, employment, bank account number.
  • Commercial information (records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies).
  • Internet or other electronic network activity information (e.g., browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement).
  • Geolocation data.
  • Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (FERPA).
  • Inferences drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

10.3 Your Rights Under the California Consumer Privacy Act

You have the right under the California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act of 2020) and certain other privacy and data protection laws, as applicable, to exercise the following rights free of charge:

Disclosure of Personal Information We Collect About You

You have the right to know, and request disclosure of:

  • The categories of personal information We have collected about You, including sensitive personal information.
  • The categories of sources from which the personal information is collected.
  • The categories of third parties to whom We disclose personal information.
  • The specific pieces of personal information We have collected about you.

Please note that we are not required to:

  • Retain any personal information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained.
  • Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information.
  • Provide the personal information to you more than twice in a 12-month period.

Disclosure of Personal Information Sold, Shared, or Disclosed for a Business Purpose

In connection with any personal information we may sell, share, or disclose to a third party for a business purpose, You have the right to know:

  • The categories of personal information about You that We sold or shared and the categories of third parties to whom the personal information was sold or shared.
  • The categories of personal information that we disclosed about You for a business purpose and the categories of persons to whom the personal information was disclosed for a business purpose.

You have the right to opt-out of the sale of your personal information or sharing of your personal information for the purpose of targeted behavioral advertising. If you exercise your right to opt-out of the sale or sharing of your personal information, We will refrain from selling or sharing your personal information, unless you subsequently provide express authorization for the sale or sharing of your personal information.

To opt-out of the sale or sharing of your personal information, visit our homepage and click on the Do Not Sell or Share My Personal Information link at the footer of our homepage under at “Privacy Settings” here: https://www.labster.com or https://www.ubisimvr.com

We do not sell your Personal Information to third parties.

Right to Limit Use of Sensitive Personal Information

You have the right to limit the use and disclosure of Your sensitive personal information to the use which is necessary to:

  • Perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services.
  • To perform the following services: (1) Helping to ensure security and integrity to the extent the use of the consumer's personal information is reasonably necessary and proportionate for these purposes; (2) Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a consumer's current interaction with the business, provided that the consumer's personal information is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer's experience outside the current interaction with the business; (3) Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the business; and (4) Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business and as authorized by further regulations.

You have a right to know if Your sensitive personal information may be used, or disclosed to a service provider or contractor, for additional, specified purposes.

Right to Deletion

Subject to certain exceptions set out below, on receipt of a verifiable request from You, We will:

  • Delete Your personal information from our records.
  • Direct third parties with whom We have shared Your Personal Information to delete Your Personal Information unless this proves impossible or involves disproportionate effort.

Please note that We may not delete Your Personal Information if it is reasonably necessary to:

  • Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by You, or reasonably anticipated within the context of Our ongoing business relationship with You, or otherwise perform a contract between You and Us.
  • Help to ensure security and integrity to the extent the use of the Your Personal Information is reasonably necessary and proportionate for those purposes.
  • Debug to identify and repair errors that impair existing intended functionality.
  • Exercise Your free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act.
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when Our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided We have obtained your informed consent.
  • Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with Us.
  • Comply with an existing legal obligation.
  • Otherwise use your Personal Information, internally, in a lawful manner that is compatible with the context in which you provided the information.

Right of Correction

If We maintain inaccurate Personal Information about You, You have the right to request Us to correct that inaccurate personal information. Upon receipt of a verifiable request from You, We will use commercially reasonable efforts to correct the inaccurate Personal Information.

Protection Against Retaliation

You have the right to not be retaliated against by Us because you exercised any of your rights under the CCPA/CPRA. This means We cannot, among other things:

  • Deny goods or services to you.
  • Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties.
  • Provide a different level or quality of goods or services to You.
  • Suggest that You will receive a different price or rate for goods or services or a different level or quality of goods or services.

11. Canadian Residents

To the extent applicable to our collection, use, and disclosure of Personal Data relating to Canadian individuals, Labster complies with the principles of the Personal Information Protection and Electronic Documents Act (“PIPEDA”), including accountability, identifying purposes, consent, limiting collection, limiting use, disclosure and retention, accuracy, safeguards, openness, individual access, and challenging compliance and the Canadian Anti-Spam Law (“CASL”), including commercial electronic messages sent to exempt and non-exempt recipients who have provided their express of implied consent.

12. Family Educational Rights and Privacy Act (US)

Schools and educational institutions need to provide Personal Information to Labster in order for Labster to deliver its agreed-upon products and services to students. In the United States, the Family Education Rights Privacy Act (“FERPA”) permits schools to disclose students’ personal information to a Labster without the students’ (or their guardians’) prior written consent under FERPA’s “school official” exception (defined in Code of Federal Regulations (CFR) §99.31(a)(1)). At a school’s request, Labster enters written agreements to not re-disclose or use students’ personal information for purposes the school has not authorized. Labster will not collect, use, or disclose students’ personal information in a manner inconsistent with FERPA and FERPA regulations.

13. Children and Minors

Labster’s website(s), Services, and app(s) are not intended for use by minors, particularly those under age thirteen (13). We do not knowingly Collect Personal Information from children unless: (1) the End User’s academic/educational institution has entered into an agreement with Us and allows a minor to use the Services; (2) such academic/educational institution is responsible for the minor’s use of the Services; or (3) the minor uses the Services at the direction and under the supervision of a parent or guardian. Any use by a minor under the age of thirteen (13) which is permitted by the user’s academic/educational institution is done so in accordance with the academic/educational institution’s receipt of consent from such minor’s parent or guardian in accordance with the Children’s Online Privacy Protection Act, or other applicable law. 

If We learn We have Collected Personal Data from a child under age thirteen (13) without parental consent, we will delete that information as promptly as possible. If you believe that We might have Personal Information belonging to a child under thirteen (13) years of age, please contact Us immediately under the contact details provided above.