ARuVR
Legal

Privacy Policy

How we collect, use, and protect your information when you use our Service.

Last updated: April 2026

1. Introduction

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

2. Definitions

For the purposes of this Privacy Policy:

  1. Account means a unique account created for You to access our Service or parts of our Service.
  2. Affiliatemeans an entity that controls, is controlled by or is under common control with a party, where “control” means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
  3. Application means the software program provided by the Company downloaded by You on any electronic device, named ARuVR.
  4. Company(referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to ARuVR LTD, Unit 1 - Alexander Charles House, E18 1JL, London UK.
  5. Country refers to: United Kingdom.
  6. Device means any device that can access the Service such as a computer, a cellphone, a headset or a digital tablet.
  7. Personal Data is any information that relates to an identified or identifiable individual.
  8. Service refers to the Application.
  9. Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.
  10. Third-party Social Media Service refers to any website or any social network website through which a User can log in or create an account to use the Service.
  11. Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
  12. You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

3. Types of Data Collected

Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

  • Email address
  • First name and last name
  • Usage Data

Usage Data

Usage Data is collected automatically when using the Service.

  • Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
  • When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.
  • We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

4. Use of Your Personal Data

The Company may use Personal Data for the following purposes:

  • To provide and maintain our Service, including to monitor the usage of our Service.
  • To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.
  • For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Service.
  • To contact You:To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
  • To manage Your requests: To attend and manage Your requests to Us.
  • For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, to evaluate and improve our Service, products, services and your experience.

We DO NOT share Your personal information with anyone outside the Company.

5. Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

6. Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to - and maintained on - computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

7. Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other legal requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

  • Comply with a legal obligation
  • Protect and defend the rights or property of the Company
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the personal safety of Users of the Service or the public
  • Protect against legal liability

8. Third Party Processors

Our carefully selected partners and service providers may process personal information about you on our behalf as described below:

Digital Marketing Service Providers

We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information. Our appointed data processors include:

(i) Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy at sopro.io. Sopro are registered with the ICO Reg: ZA346877; their Data Protection Officer can be emailed at dpo@sopro.io.

9. Data Subject Access Request Process (DSAR)

a. Information to be provided to data subjects

ARuVR provides natural persons (the data subjects) with information in an appropriate format which clearly communicates:

  • The identity of ARuVR and its representatives where applicable
  • The purposes for which the personal information can be processed
  • The legitimate interests of ARuVR or the processing where “legitimate interest” is the legal basis used
  • The types of personal information collected, where this is from a source other than the natural person
  • Information about the disclosure of personal information to third parties
  • Whether personal information is transferred outside the UK and EEA and an explanation of the safeguards in place, and how to get a copy of the safeguards
  • Where ARuVR is based outside the EU and the natural person is in the EU, the identity of the EU-based representative, where this is required
  • Details of any technologies (such as cookies) used on a website to collect personal information about the natural persons
  • Other information to make the processing fair and transparent, including retention periods, rights of access, rights to correction, deletion, restriction and portability, the right to lodge a complaint with the ICO, the right to withdraw consent where processing is based on consent, and information about any automated decision making or profiling.

Where personal information is collected for marketing purposes, ARuVR ensures the natural person(s) are aware of how they can object to such marketing.

All requests for access to their personal information from data subjects shall be notified to the ARuVR CTO who acts as the Data Protection Officer (DPO), or another person appointed by the ARuVR Directors as responsible for data protection compliance and the PIMS.

b. Rights of natural persons

Natural persons' rights in relation to their personal information are respected by ARuVR. Requests from natural persons to exercise their rights are addressed without undue delay and within one month of receipt of the request. If it is not possible to respond within one month, the natural person is informed of any necessary extension - no longer than a further two months (maximum of three months in total).

Such rights include access to information, objection to processing, rectification of inaccurate information, erasure and/or restriction on the use of information, data portability and the right not to be subject to automated processing where such processing relates to profiling or that significantly affects the natural person.

b.1 Access request procedure
In response to a request from a data subject, the DPO verifies the identity of the requestor then confirms whether personal information concerning them is being processed and, where that is the case, advises the data subject that they can receive a copy of their personal information together with the purposes of processing, categories of data, recipients, retention periods, rights available, source (if not collected from the data subject), and details of automated decision-making and cross-border transfers.
b.2 Rectification request procedure
ARuVR ensures that the natural person is able, without undue delay, to obtain the rectification of inaccurate personal information concerning them. The natural person is also entitled to have incomplete personal information completed. The DPO verifies identity, locates the data, instructs rectification, and confirms completion to the data subject.
b.3 Erasure (“right to be forgotten”) procedure
ARuVR ensures that a natural person has the right to obtain erasure of personal information about them without undue delay where: the information is no longer necessary for the original purpose; consent is withdrawn and there is no other legal ground; the natural person has objected and there are no overriding legitimate grounds; the information has been unlawfully processed; or erasure is required to comply with a legal obligation.
b.4 Restriction of processing
A natural person has the right to obtain restriction of processing where: the accuracy of the information is contested; the processing is unlawful but erasure is refused; ARuVR no longer needs the data but it is required by the natural person for legal claims; or the natural person has objected pending verification of legitimate grounds. When a restriction is lifted, the natural person is informed beforehand.
b.5 Data portability
Where the natural person has the right to data portability and the information is being processed by automated means, the natural person is able to have that information transmitted to them, or to any other organisation they nominate, free of charge and in a structured, commonly used machine-readable format.
b.6 Objection to processing
ARuVR's PIMS has procedures to consider and respond to requests from a natural person who objects to processing of personal information. Where a natural person objects to processing for direct marketing purposes, ARuVR ensures that processing ceases for that natural person.

c. Complaints and appeals procedure

In response to a complaint or appeal to data processing from a data subject, the DPO verifies the identity of the requestor, logs the complaint, and investigates the nature and grounds for the complaint or appeal. Where necessary, ARuVR legal counsel is informed and asked to provide legal advice and support.

10. Information Security Policy Statement

ARuVR Ltd is committed to implementing, operating and continually improving an appropriate information security management system, policies, processes and controls to maintain the confidentiality, integrity and availability of its and its customers' information and its information processing facilities.

The primary objective is to ensure that ARuVR Ltd is legally compliant and fulfils all of its information security obligations to customers and other interested parties.

The information security management system provides the framework for identifying applicable legislation and controlling risks to information security through the implementation of operational controls, setting objectives and continuous improvement, thus maximising our potential to fulfil all information security obligations to customers and other external parties, such as suppliers and business partners. It provides all interested parties and customers with the confidence that their information shall be kept appropriately secure whilst under the control of ARuVR Ltd.

We recognise that our business relationships require ongoing commitment to achieving business excellence and information security at every level of ARuVR Ltd and its supply chains.

11. More Information

ARuVR reserves the right to update and change this Privacy Policy from time to time, without notice.

If you have any questions about this Privacy Policy, you can contact us at info@aruvr.com.

ARuVR LTD
Unit 1 – Alexander Charles House
London E18 1JL, United Kingdom

ISO 27001 certified · ICO registered

Contact us