Privacy Policy

PICO Privacy Policy

Last Updated: September 13, 2024
PICO Immersive Pte. Ltd. (“PICO,” we”, “our”, or “us”) provides innovative virtual reality products and services through our websites, applications ("apps"), content, hardware, and services (collectively, the “PICO Service(s)”). This Privacy Policy explains how we collect, use, share, and otherwise process your personal data in connection with PICO Services.
We are the controller responsible for your personal data. Please take a moment to familiarize yourself with our privacy practices, and contact us at privacy@picoxr.com if you have any questions.
Please note that this policy only applies to the PICO Services. When you use third-party products and services that are designed for use with PICO Services, such as third-party apps and solutions available for your PICO device, processing of your personal data by such third parties is not controlled by PICO and may be subject to their privacy policies. We are not responsible for, and make no representations regarding, such policies, functionality, or content or any other practices or operations of such third parties.

1. Personal Data We Collect
When you use the PICO Services, such as when you create a PICO account, contact our customer support team, use the PICO product, or participate in an online survey, we collect your personal data, including:

Information You Provide to Us. For example:

Account Information. When you register an account to use the PICO Services, you will provide information such as your username, profile photo, email address, the country you are located in, and your date of birth.
Transaction Information. If you add your payment information to your profile or make purchases on or through the PICO Services, we collect information you provide such as your payment information, purchase activity, shipping and contact details.
Government-Issued ID. In certain jurisdictions, we may ask for a government-issued ID in limited circumstances, including when processing a refund request, or as required by law.
Correspondence. When you communicate with us, we receive details and information you provide to us, such as the content of your communications, including interactions with customer support, and any content or information you submit through in-app or website feedback.
User Content. We collect content you generate on the PICO Services, such as comments you post under a game or an app in the PICO Store, screen captures and recordings, the avatar you create, and information about this content, such as the date and time you created the content.
Direct messages and voice chat. When you compose, send, or receive communications, such as direct messages or voice chat, using PICO apps such as PICO Friends and PICO Video, we process the content of the communication and the associated metadata (such as the time the message was sent, received and/or read, as well as the participants in the communication). We do this to provide the service, block spam, detect crime, and to safeguard our users.
Other information. If you submit any other information when using any PICO Service, we will receive it. For example, if you submit your height, weight and gender in PICO Fitness, then we will also receive this information.

Information Automatically Collected. We collect information automatically when you use the PICO Services, including:

Your engagement with PICO Services. We receive information about you when you use and interact with the PICO Services, including when you log in and out of PICO Services; which apps you download or add to your wishlist; and the time/date you launch those apps on the device; and in-app purchases you have made in a game provided by a third-party developer. We also receive information about how you use the apps on the PICO headset, for instance, we receive information about your PICO Browser usage such as which browser features you use. When you make a choice in the PICO headset settings, we will also record your choice.
Device and network information. We collect information about the type of device you're using to interact with the PICO Services, such as a headset, PC, TV, or mobile phone; the configuration of the device, such as the device brand and model, name and version of the operating system, and screen resolution; your network, such information about your local wireless network and your IP address; and how your device is performing, such as the battery level. We also collect certain identifiers that are unique to you or your device, including device identifiers such as the serial number of the PICO headset, your PICO user ID, and other identifiers.
Information collected via cookies. We use cookies and similar technologies to operate and provide the PICO Services. For example, we use cookies to remember your language preferences, and for security purposes. We also use these technologies for advertising and marketing purposes. To learn more about our use of cookies, please see our Cookies Policy. We will obtain your consent to our use of cookies where required by law.
Location. We collect your approximate location based on your device and network information, such as your device’s IP address.
Sensor Data. We may collect information about your environment and how you interact with the device via device sensors (“Sensor Data”), such as information about your face, hands, body, voice, and movements, to provide and improve PICO Services requested by you or your organization. For example, your device may collect and process images of your surrounding environment, the distance between your eyes or your lip movements in order to calibrate the headset display to you. We do not use this data to uniquely identify or recognize you. If you or your organization choose to use the automatic fit adjustment feature, Sensor Data on the device may be used to load these saved fit settings to ensure your headset display is aligned optimally.
Troubleshooting information. We collect troubleshooting information such as crash logs which may contain your user ID, device ID, IP address, CPU usage, amount of time it takes to load a feature, power consumption information, frame rate, and whether you use a certain feature.

Information from Other Sources. PICO may receive personal data about you from business partners and from other lawful sources, such as:

certain affiliated entities within our corporate group, including about your activities on their services;
advertisers, measurement, and data partners, who may provide us with information about the actions you’ve taken outside of the PICO Services, online or in person;
third-party services (for example, if you log-in to the PICO Services using a third-party service), which may provide your public profile information, email, or contact lists;
others, including other users of the PICO Services, such as when you are mentioned in another user’s content, direct messages, complaint, appeal, or feedback;
publicly available sources.

2. Our Use of Your Personal Data
We use personal data to provide the PICO Services to you, to improve the PICO Services, to market to you, for security and fraud prevention, and to comply with applicable law. We may also use personal data for other purposes as allowed under applicable law.

To provide the PICO Services. We use the information we collect to provide you with the PICO Services. For example, we use this information to:

Provide you with PICO Services, including creating and animating your avatar using sensor data such as facial expressions; troubleshooting and improving the PICO Services; providing and improving first-party apps; providing an optimized and life-like experience; and creating and administering accounts for you; processing your transactions; and recommending personalised content to you (such as games that may interest you);
Make sure your device is fitted and calibrated optimally for better comfort, visual clarity, and VR experience, including by calculating the distance between your eyes on-device to ensure your headset display is aligned optimally;
Communicate with you about PICO Services, including to notify you about your transactions, account, or any changes to our terms, conditions, and policies; and
Provide technical support.

To improve the PICO Services. We also use the information we collect to improve the PICO Services. For example, we use the information to:

Analyze usage data and metrics;
Understand users’ feedback about the PICO Services;
Identify and address technical issues, including crashes and other malfunctions, on the PICO Services;
Conduct and learn from research about the ways in which you interact with the PICO Services; and
Improve and develop our PICO Services, including training our systems and algorithms.

To market to you. We use the information we collect to send you marketing messages about the PICO Services. We also use this information to measure the effectiveness of our marketing activities. If you would like to opt out of receiving marketing messages, please follow the instructions in such marketing messages. We will obtain your consent to send you such messages where required by law. We do not use sensor data for marketing purposes.
For security and fraud prevention. We use the information we collect to verify accounts, devices, and activities, combat harmful conduct, detect and prevent technical or security issues, including fraudulent activity, enforce our terms, conditions, and policies, and promote the safety and security on and off the PICO Services.
To comply with applicable law. We may also use your personal data for other purposes as allowed under applicable law. For example, to satisfy tax or reporting obligations, or to comply with a lawful governmental request when we are required to do so by applicable law.

For any other purposes disclosed to you at the time we collect your information or with your consent, or as allowed under applicable law.

3. How we Disclose Your Personal Data
We may disclose your personal data with the following partners and third parties:

Developers. You can interact with third-party games, apps and services through the PICO Services. We disclose certain of your personal data with these developers automatically while other data is shared only with your permission. We require these developers to only use this data to provide you with the experiences and services you have requested and for no other purpose. For example, with your permission, we make available to third party developers your PICO account information including your profile picture, username, region, and your avatar. Developers may also access information derived from sensor data, such as your facial expression or eye gaze direction, in order to provide their applications for your use on PICO. We prohibit developers from using this data to uniquely identify or recognize you, and developers are required to handle the data consistent with our developer terms and applicable law.

Developers may also collect information from you directly through the experiences they provide. Please note that any information these third parties collect will be subject to those developers’ own privacy policies.

Affiliates. As a global company, the PICO Services are supported by a number of affiliated entities within our corporate group. We share your personal data with affiliated entities to enable them to provide us important functions such as cloud hosting, security, research and development, analytics, online payments, and customer and technical support and content moderation.
Service providers. We may engage third parties to act as our service providers and perform certain tasks on our behalf, such as processing or storing data, including your personal data, in connection with delivering the PICO Services. The service providers are obligated to handle your personal data consistent with this Privacy Policy and according to our instructions. They cannot use your personal data for their own purposes and must delete or return your personal data once they've fulfilled our request.
Partners. From time to time, we may partner with third parties to provide services or other offerings. We require our partners to protect your personal data.
Corporate transactions. Your personal data may be disclosed to third parties in connection with a corporate transaction, such as a merger, sale of assets or shares, reorganization, financing, change of control, or acquisition of all or a portion of our business.
With your consent. We may disclose your personal data to others at your direction or with your consent.
For legal reasons. We may disclose information about you where permitted by applicable law if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate. We may also disclose information about you where there is a lawful basis for doing so, if we determine that disclosure is reasonably necessary to enforce our terms and conditions, exercise or defend legal claims, or to protect our operations or users.

4. Your Choices and Rights
You have the following choices with respect to your personal data. Depending on the nature of the choice you would like to exercise, we may need to verify your identity before honoring your request.

Access or update personal data. You may request to access or update your personal data by emailing us at the email address provided in the ‘Contacting us’ section of this Privacy Policy.
Delete your data. You may request to delete your personal data by emailing us at the email address provided in the ‘Contacting us’ section of this Privacy Policy. For PICO Video, you can delete your watch history through the ‘History’ feature. If you delete the information we identify as required or mandatory to provide the PICO Services, we may not be able to provide all or part of the PICO Services.
Withdrawing your consent. If you have provided consent for us to collect, use, or share your personal data, you can revoke it by changing your choice in the relevant device or app settings, or by emailing us at the email address provided in the ‘Contacting us’ section of this Privacy Policy. We will process, validate, and respond to such requests as required by applicable law. If you revoke your consent, we may not be able to continue to provide all or part of the PICO Services.
Opt-out of marketing communications. You may opt-out of marketing-related messages by following the opt-out or unsubscribe instructions enclosed in the messages, or by submitting a request to the email address provided in the ‘Contacting us’ section of the Privacy Policy. You may continue to receive service-related and other non-marketing messages.
Others. Depending on the jurisdiction in which you reside, you may also have a right to oppose, request a copy of your authorization, limit our collection and use of your personal data, and potentially other rights. In the event that you wish to make a complaint about how we process your personal data, please contact us at privacy@picoxr.com. This is without prejudice to your right to launch a claim with your data protection authority or follow the dispute resolution process provided in the Terms of Service.

5. Transferring Your Personal Data
We provide the PICO Services on a global basis. This means that the information that we collect from you may be transferred to, and stored at, a destination outside of the country you reside in, including in Singapore where we are based. It may also be processed by staff operating outside your country who work for us, for one of our service providers or one of our partners. We will treat your personal data securely and in accordance with this Privacy Policy and applicable law. When we store your information in countries outside of the country where you live, we ensure that all necessary measures to protect your data will be taken, including the use of appropriate transfer mechanisms when required, according to the applicable law.
6. Data Security
Security of your personal data is important to us. We maintain appropriate technical, administrative, and physical security measures that are designed to protect your personal data from unauthorised access, theft, disclosure, modification, or loss. We regularly review our security measures to consider available new technology and methods.
For security and privacy reasons, we request that you abstain from disclosing personal information, including passwords, credit card numbers, or other confidential data during chat interactions. Our commitment to safeguarding your privacy is unwavering, but the security of personal information also relies on safe user practices.
7. Data Retention
We retain your personal data for as long as necessary to provide the PICO Services and for the purposes set out in this Privacy Policy. We also retain personal data when necessary to comply with contractual and legal obligations, when we have a legitimate business interest to do so (such as improving and developing our website and app service, and enhancing the safety, security and stability of our website and app service), and for the exercise or defence of legal claims. The retention periods may differ depending on the type of information and the purposes for which we use the information.
8. Information Relating to Minors
PICO Services are not directed at children under 13 years of age or under the equivalent minimum age threshold in the relevant jurisdictions. To provide users younger than 18 with an age-appropriate experience, certain features are not available. If you believe that we have collected personal data from or about a child under the relevant minimum age, please contact us at privacy@picoxr.com. If we learn that we have collected personal data from or about a child under the relevant minimum age, we will delete it as soon as reasonably possible.
9. Changes to This Policy
We may amend or update this Privacy Policy from time to time. If we make changes to this Privacy Policy, we will provide notice of such changes as appropriate, such as by sending you an email notification to the address you have provided, and/or providing notice through the PICO Services. If we make an administrative change, we will update the "Last Updated" date at the top of this Privacy Policy.
10. Contacting Us
If you have questions about this Privacy Policy, please contact us by email at privacy@picoxr.com.
11. Jurisdiction-Specific Terms
In the event of a conflict between the provisions of the below Jurisdiction-Specific Terms that are relevant to your jurisdiction from which you access or use the PICO Services, and the rest of this Privacy Policy, the relevant jurisdictions’ Jurisdiction-Specific Terms will supersede and govern the data processing.
11.1 EEA, UK and Switzerland
The information provided in this section applies to individuals in the European Economic Area, United Kingdom and Switzerland, which we refer to in this notice collectively as “Europe”.
Legal bases for processing. We use your personal data only as permitted by law. Our legal bases for processing your personal data described in this Privacy Policy are described in the table below.
Your rights. If you are located in Europe, in addition to the rights set out in section 4 "Your Choices and Rights", you also have the following rights in relation to your personal data:
Right of portability. If any automated processing of personal data is based on your consent or a contract with you, you have a right to transfer or receive a copy of the personal data in a usable and portable format.
Right to erasure. You have the right, in some circumstances, to require us to erase your personal data without undue delay if the continued processing of that personal data is not justified.
Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal data if the continued processing of the personal data in this way is not justified, such as where the accuracy of the personal data is contested by you.
Right to objection. You also have the right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal data, and we will assess and inform you if that is the case.
To make such requests, contact us at the email address provided in section 9 "Contacting Us".
You also have the right to lodge a complaint with your local supervisory authority, but we encourage you to first contact us with any questions or concerns.

Processing purpose	Legal basis
To enable us to administer, operate, and provide the PICO Services to you, including to create your account; create and animate your avatar; recommend personalised content to you; process your transactions; and provide you with troubleshooting.	The processing is necessary to perform the contract governing our provision of the PICO Services or to take steps that you request prior to signing up for an account to use the PICO Services.
To make sure your device is fitted and calibrated optimally for better comfort and VR experience.	The processing is necessary for our legitimate interests, namely, to identify and resolve issues with the PICO Services and to improve the PICO Services.
To understand how you use the PICO Services, including reviewing user feedback, to monitor, improve and develop the PICO Services and conduct product development.	The processing is necessary for our legitimate interests, namely, to identify and resolve issues with the PICO Services and to improve the PICO Services.
To share your information with third party platforms and/or Developers to provide you with features, such as content sharing when you integrate your PICO account with a third party service.	The processing is necessary for our legitimate interests, namely to provide you with a seamless experience, allow you to interact with third-party games, apps and service through the PICO services and your content to be shared on other platforms, enable third parties to authenticate users, and optimise your experience.
To comply with any legal obligation, including where necessary to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority.	This processing is necessary in order to comply with our legal obligations.
To communicate with you, including to notify you about changes to the PICO Services, provide customer support to you and send you other service-related messages.	The processing is necessary for the performance of a contract with you.
To send you marketing communications in accordance with your preferences.	The processing is necessary for our legitimate interests, namely to promote new developments and features of our PICO Services. We will obtain your consent to send you messages where required by law.
To enforce our terms, conditions and policies, including to ensure that you are old enough to use the PICO Services.	The processing is necessary for the performance of a contract with you.
To help us detect abuse, fraud, and illegal activity on the PICO Services.	The processing is necessary for our legitimate interests, namely, to ensure that the PICO Services are safe and secure.

Cross-border transfer. We have taken appropriate safeguards to ensure that your personal data will remain protected and require our third-party service providers and partners if applicable to have appropriate safeguards as well. For onward transfers of your personal data, we ensure that: (i) the personal data is transferred to countries recognized as offering an equivalent level of protection; or (ii) the transfer is made pursuant to appropriate safeguards, such as standard data protection clauses adopted by the European Commission.
UK GDPR Representative: Cosmo Technology Private Limited, whose registered office is at 2 Temple Back East, Temple Quay, Bristol, BS1 6EG, United Kingdom.
EU GDPR Representative: Mikros Information Technology Ireland Limited, whose registered office is located at Mespil Business Centre, Mespil House, Sussex Road, Dublin 4, Ireland.
11.2 South Korea
If you are using our services in South Korea, the following additional terms apply. In the event of any conflict between the following additional terms and the provisions of the main body of this policy, the following terms shall prevail.
Data security. We work hard to protect the PICO Services and our users from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold. To this end, we have in place technical, managerial and physical safeguards, including internal policies for data protection, limitation of access to personal data on a need-to-know basis and control of access to the facilities where personal data is processed.
Data retention. We destroy personal data for which the purposes of collection as consented to by you have been achieved, or for which the periods of use as consented to by you or as provided in this Privacy Policy have expired; provided, however, we will continue to store your personal data for any statutorily-prescribed periods, where applicable.
Children. The PICO Services are not intended for use by children under 14 years of age.
Destruction of personal data. We destroy your personal data in a manner that renders it unrestorable by the relevant department.
Entrustment and/or overseas transfer of personal data. We entrust your data to our affiliates and service providers, some of whom are located outside of Korea, subject to your consents or notifications to you, if applicable. We inform you as the table below of the entrustment for processing or overseas transfer of your personal data by electronic means that takes place when we collect it. The retention period permitted to the transferee may vary according to the use of the PICO Services and the relevant terms, laws and regulations. We transfer your personal data with security measures as appropriate for the operation of the PICO Services. The entities receiving and processing your data are committed to using and storing personal data in compliance with domestic and international regulations and to taking all available physical and technical measures to protect personal data.

Transferee	Purpose of Transfer	Items of personal information transferred
Alibaba Cloud (Singapore) Private Limited (Singapore corporation)	CDN cache server	content files
Broadonetech Pte. Ltd (Singapore corporation)	CDN cache server	content files

Local representative pursuant to the Personal Information Protection Act. Please send your inquiries concerning privacy issues in South Korea to our local representative pursuant to the Personal Information Protection Act. Contact details are as follows.
- Bae, Kim and Lee LLC
- Representative: Soonik Kwon
- Address: Tower B, Centropolis, 26 Ujeongguk-ro, Jongno-gu, Seoul 03161, Korea
- Phone: +82-2-3404-0108
- Email: koreaprivacyPICO@bkl.co.kr