What does this privacy policy cover?
VisionApp respects your privacy and is committed to protecting your Personal Data. We want to be transparent with you about the way we collect and use your Personal Data in our (i) websites (https://visionapp.org/ and https://vision.app/) and all its subdomains, and all other websites that are available to you owned, operated or maintained, directly or indirectly, by VisionApp and its affiliated companies, (ii) mobile applications, (iii) online mobile application management platform (collectively, the "VisionApp Sites"). Also, we want to inform you about your privacy rights and how the law protects you.
With that in mind, this Privacy Policy is designed to describe:
- Who we are and how to contact us.
- Your rights related to your Personal Data.
- Marketing communications preferences.
- What Personal Data we collect.
- How we use your Personal Data and why.
- What happens when you do not provide the necessary Personal Data?
- Personal Data from third party sources.
- How we use cookies and other tracking or profiling technologies.
- With whom we share your Personal Data.
- Processing outside Europe.
- How we keep your Personal Data safe.
- How long do we store your Personal Data.
- Our policy on children.
- Third party links.
This Privacy Policy is intended to provide information on how VisionApp collects and processes your Personal Data through the use of the VisionApp Sites, including any data you may provide through the VisionApp Sites.
The Privacy Policy aims to fulfill our Transparency duties under the "General Data Protection Regulation" or "GDPR". We will post any modification or change to this privacy policy on this page.
Regulations by jurisdiction
This privacy policy is designed to fulfill European Union GDPR. However, other regulations may apply in other jurisdictions.
- For United Kingdom based users, the UK GDPR and UK Data Protection Act (DPA) 2018 apply.
- For United States based users, regulations may vary by state. These are CCPA/CPRA (California Consumer Privacy Act / California Privacy Rights Act), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA). In addition, medical data is ruled by HIPAA (Health Insurance Portability and Accountability Act), financial data is ruled by GLBA (Gramm-Leach-Bliley Act) and children data is ruled by COPPA (Children's Online Privacy Protection Act).
- For Spain based users, the LOPDGDD 3/2018 (Ley Orgánica de Protección de Datos y Garantía de los Derechos Digitales) applies.
Who we are
VisionApp, Inc., is the Controller (for the purposes of the GDPR) of your Personal Data (referred to as "VisionApp", "we", "us" or "our" in this Privacy Policy). Our address is: VisionApp Solutions S.L., Avenida Juan Carlos I, 53 - BJ, Águilas, 30880, Murcia, Spain.
How to contact us
You can get in touch by sending an email to: [email protected]. You can contact our representative in the EU by sending an email to the following address: [email protected].
The rights you have related to Personal Data
By law, you have the right to:
- Request access to your Personal Data. This allows you to receive a copy of the Personal Data that we have about you and verify that we are legally processing it.
- Request the correction of the Personal Data we have about you. This will allow you to correct any incomplete or inaccurate information we have about you.
- Request the deletion of your Personal Data. This allows you to ask us to delete Personal Data when there is no good reason for us to continue processing it. You also have the right to ask us to delete your Personal Data when you have exercised your right to object to the processing (see below).
- Oppose the processing of your Personal Data. This right exists when we rely on legitimate interest as the legal basis for our processing and there is something in your particular situation that makes you want to oppose processing for this reason. You also have the right to object when we are processing your Personal Data for direct marketing purposes.
- Request the restriction of the processing of your Personal Data. This allows you to ask us to suspend the processing of your Personal Data, for example if you want us to establish its accuracy or the reason for its processing.
- Request the transfer of your Personal Data. We will provide you, or a third party of your choice, with your Personal Data in a structured, commonly used and machine-readable format. Please note that this right only applies to automated information that you initially gave us your consent to use or when we use the information to fulfill a contract with you.
- Withdraw consent. This right only exists when we rely on consent to process your Personal Data ("Withdrawal of consent"). If you withdraw your consent, we may not be able to provide you with access to certain specific functionalities of the VisionApp Sites. We will inform you of this when you withdraw your consent.
How to exercise your rights:
If you want to exercise any of the rights described above, please contact us through the contact details shown above. Normally, you will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, in certain circumstances we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive, or we may refuse to comply with your request. We may need to ask you for specific information to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). These security standards ensure that Personal Data is not disclosed to unauthorized persons. We may also contact you to ask for more information regarding your request to speed up our response. We aim to respond to all legitimate requests within one month. However, if your request is complex or you have submitted multiple requests, our response may take longer. In such cases, we will notify you and provide updates.
Complaints / Claims
If you wish to file a complaint regarding this Privacy Policy or our practices regarding your Personal Data, please contact us at: [email protected]. We will respond to your complaint as soon as we can. If you believe that your complaint has not been adequately resolved, please note that the GDPR gives you the right to contact the local supervisory authority for data protection.
Marketing communications preferences
You can ask us to stop sending you marketing messages at any time by:
- Following the opt-out links of any marketing messages sent to you; or by
- Contact us at any time using the contact details shown above.
Opting out of marketing messages does not apply to service-related communications or processing of Personal Data necessary for these communications. As an example, these service-related communications may include: emails that we may have to send you in connection with managing your account on the VisionApp Sites, your use of the VisionApp Sites, updates to this Privacy Policy, etc.
What Personal Data we collect
All the Personal Data that we collect, both from you and from third parties about you, are described in the following table. Before reading this table, it may be helpful to explain what "Personal Data" is. The GDPR definition of Personal Data can be found here https://gdpr-info.eu/issues/personal-data/.
| Category of Personal Data collected | What this means |
|---|---|
| Identity data | Your first name, last name, middle name, username or a similar identifier |
| Contact details | Your email address and telephone numbers. |
| Profile data | Your username and password, preferences and comments linked to your account on VisionApp Sites. |
| Image data | The images, videos, graphics and other content that you upload to the VisionApp Sites for certification and authentication and any metadata attached to or related to such content (including the creator, date, time, device and location of where that content was captured, along with certain contextual media related to that content). When we refer to "contextual media" related to content, as an example, we can capture video streams or images while using VisionApp applications to help us determine user face parameters to calculate face-device distance. In this process we do not store any biometric or personal information about the user. In addition, we can capture information from sensors like ambient light sensors or barometric pressure sensors. |
| Transaction Data | Any details about payments to and from you and others details of the subscriptions and services you have purchased from us. |
| Marketing and communications details | Your preferences at the reception marketing information from us and our third parties and your communication preferences. |
| Technical Data | Internet protocol (IP) address, your login data, browser type and version, time zone location and configuration, types and versions of browser plugins, operating system and platform and other technologies of the devices you use to access the VisionApp Sites or use our services. |
Aggregated Data
We also collect, use and share "Aggregated Data" as statistical or demographic data for any purpose. The Aggregated Data may be derived from your Personal Data, but once in aggregate form it will not constitute Personal Data for the purposes of the GDPR since these data do not directly or indirectly reveal your identity.
We do not collect any "Special Categories of Personal Data" about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, union membership, health information, genetic and biometric data). We also do not collect information on convictions and criminal offenses.
Why do we need access to the camera?
Users are notified and must consent to camera access when using features requiring it. We do not store any personal image taken with the device camera. We use the camera to measure face dimensions and parameters which help us to calculate the face-device distance. This information is only used to perform optometric measurements or digital habits analytics. This information is captured and processed temporarily on the user's device and is never stored in any database. In addition to your VisionApp account information, we only capture those metrics related to your face dimensions and other optometric concepts. These metrics are:
- Interpupillary distance and iris diameter pixel size, to be able to calibrate the distance measurement between device and face.
- Average distances between device and face at different moments.
- Illuminance to know the ambient light conditions of your surroundings.
- Time of use of the device, to know if it exceeds recommendations.
How we use your Personal Data and why
We will only use your Personal Data for the purposes for which we have collected it (as indicated in the table below), unless we reasonably consider that we need to use it for another reason and that reason is consistent with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will update this Privacy Policy and explain the legal basis that allows us to do so.
What is our "legal basis" for the processing of your Personal Data?
Regarding each of the purposes for which we use your Personal Data, the GDPR requires us to ensure that we have a "legal basis" for that use. The most common is that we rely on one of the following legal bases:
- In case we need to fulfill a contract that we are about to enter into or that we have entered into with you ("Contractual need").
- When necessary for our legitimate interests and your interests and fundamental rights do not prevail over those interests ("Legitimate interests"). The following table provides more details on the specific legitimate interests pursued with respect to each of the purposes for which we use your Personal Data.
- When it is necessary to fulfill a legal or regulatory obligation ("Compliance with the law").
Where required by GDPR (e.g., cookie usage, camera access), we will seek explicit consent before processing. Below, we have outlined the legal bases for using your Personal Data in a table format.
| Purpose | Category (s) of Personal Data involved | Why do we do this? | Our legal basis for this use of data |
|---|---|---|---|
| Account creation and maintenance | Identity, Profile, Contact data | To register as a new customer and maintain your account on VisionApp Sites | Contractual need |
| Provision of services | Identity, Profile, Data Image, Contact, Technical Data | To provide you with the services and functionalities of the VisionApp Sites, including: Authenticating and storing the creator, the date, the time, the device and the location of the place where the content that is uploaded is captured. VisionApp Sites, as well as other information that allows us to verify an image; and make the Image Data associated with the content uploaded to the VisionApp Sites available to the public through a URL that can be shared and accessed by third parties that you share | Contractual need |
| Payment processing | Identity, Contact data, Transaction Data | To process and manage the payments, fees and charges for any subscription you may acquire to the VisionApp Sites (or any paid portion thereof) | Contractual need |
| Fraud prevention | Identity, Contact, Technical Data | To maintain the sites VisionApp, our services and associated operating systems and insurance | Legitimate interests. We have a legitimate interest in ensuring the continued security and proper functioning of our services, VisionApp Sites and associated IT services and networks. |
| Troubleshooting | Technical Data | To track down problems that may be occurring on our systems | Legitimate interests. It is in our legitimate interest that we can monitor and ensure the proper functioning of the VisionApp Sites and associated systems and services |
| Marketing | Identity, Contact, Marketing and communications data | To form an opinion on what we think you may want or need, or what may be of interest to you. This is how we decide which services and offers may be relevant to you. | Legitimate interests. We have a legitimate interest in providing you with updates to VisionApp Sites and related offers where you have purchased or shown interest in similar services from us |
What happens when you do not provide the necessary Personal Data?
In cases where we need to process your Personal Data, either to comply with the law or to comply with the terms of a contract that we have with you and you do not provide such data when requested, we may not be able to comply with the contract we have or are trying to enter into with you (for example, to provide you with the functionality of the VisionApp Sites). In this case, we may need to stop using the VisionApp Sites that you have with us, but we will notify you if this is the case at that time.
Personal Data from Third Party Sources
In addition to the Personal Data we collect directly from you (as described in the section immediately preceding this one), we also collect some of your Personal Data from third party sources. These sources are broken down in the following table, along with a description of whether they are publicly available or not.
| Third Party Data Source | Available to the Public? | Category (s) or other types of Personal Data received |
|---|---|---|
| Social media sites | Yes | Identity, Contact data |
How we use cookies and other tracking or profiling technologies
We may collect information using "cookies". Cookies are small data files that a website stores on the hard drive of your computer or mobile device. We may use both session cookies (which expire after you close your web browser) and persistent cookies (which remain on your computer or mobile device until you delete them) to provide you with a more personal and interactive experience on the VisionApp Sites. We use two broad categories of cookies:
- First-party cookies, served directly by us to your computer or mobile device; and
- Third-party cookies, which are served by our partners or service providers on the VisionApp Sites.
The cookies we use
The VisionApp Sites use the following types of cookies for the purposes indicated below:
| Type of Cookie | Purpose |
|---|---|
| Essential Cookies | These cookies are essential to provide you with the services available through the VisionApp Sites and to enable you to use some of their features. For example, they allow you to enter secure areas of the VisionApp Sites and help the content of the pages you request load quickly. Without these cookies, the services you have requested cannot be provided, and we only use these cookies to provide you with those services. |
| Functionality Cookies | These cookies allow VisionApp Sites to remember the choices you make when using VisionApp Sites, such as remembering your language preferences, remembering your login details, and remembering changes you make elsewhere in the VisionApp Sites that you can customize. The purpose of these cookies is to provide you with a more personal experience and to avoid having to re-enter your preferences each time you visit the VisionApp Sites. |
| Analysis and performance |
These cookies are used to collect information about the traffic of VisionApp Sites and about how users use VisionApp Sites. The information collected is typically linked to a pseudonymous identifier associated with the device.
We use Google Analytics 4. This service collects data regarding your behavior on our site (page views, clicks, time spent). Important: We have configured Google Analytics to ensure IP Anonymization. This means your full IP address is not stored by Google; it is masked to protect your identity. The data is retained for a period of 14 months before being automatically deleted. You can find more information about how Google protects your data here: Google Privacy Policy. |
| Social media cookies | These cookies are used when you share information using a social media share button or a "like" button on VisionApp Sites or when you link your account or commit to our content on or through a website from social networks like Facebook, Twitter or Google. The social network will record that you have done this. |
Google Analytics Cookies
Specifically, we use Google Analytics 4 to measure how you interact with the VisionApp Sites. The specific cookies used are:
| Cookie Name | Expiration | Description |
|---|---|---|
| _ga | 2 years | Used to distinguish users. It allows us to calculate visitor, session and campaign data and keep track of site usage for the site's analytics report. |
| _ga_* | 2 years | Used to persist session state. This cookie helps us identify a specific session on our website. |
Deactivating cookies
Normally, you can delete or reject cookies through your browser settings. To do this, follow the instructions provided by your browser (usually located within the "settings", "help", "tools" or "preferences" options). Many browsers are configured to accept cookies until you change the settings. If you do not accept our cookies, you may experience some inconvenience in using the VisionApp Sites. For example, we may not be able to recognize your computer or mobile device and you may have to log in each time you visit the VisionApp Sites. For more information about cookies, including how to see which cookies have been set on your computer or mobile device and how to manage and delete them, visit https://allaboutcookies.org/ and https://www.youronlinechoices.com/uk/. You can also prevent the use of Google Analytics in relation to the use of the VisionApp Sites by downloading and installing the browser plugin available through this link: Google Analytics Opt-out.
Who we share your Personal Data with
The following table describes who we share your Personal Data with, what we share, and why we do so.
| Recipients | Category(ies) of Personal Data we share | Why we share it | Location(s) |
|---|---|---|---|
| Our hosting provider | All categories | We outsource hosting for VisionApp Sites. This means that all categories of Personal Data we process will be stored and kept on our hosting service provider's servers. | Worldwide |
| Service providers | Identity data, Contact data, Technical Data, Marketing and communication data | Our service providers supply us with IT and system administration services. | Worldwide |
| Professional advisors | Identity data, Contact data | Our lawyers, bankers, auditors, and insurers provide advisory, banking, legal, insurance, and accounting services | Spain |
| People to whom you send a URL related to your image data | Identity data, Image data, Technical Data | To allow the people you send the corresponding URL to view the Image Data and confirm the authenticity of the relevant content pieces you have uploaded to VisionApp Sites | Worldwide |
Regarding international information transfer, we comply with Standard Contractual Clauses (SCCs).
Processing outside of Europe
Since we are a company based in Spain and direct the VisionApp Sites to people located in Europe, we are subject to the GDPR (which is a European data protection law). For this reason, we take appropriate measures to ensure that when we process your Personal Data, we do so in compliance with the GDPR. Furthermore, when we transfer your Personal Data to any of the third parties mentioned above, we also take appropriate measures to ensure that we have implemented the necessary safeguards to maintain this protection and prevent it from being undermined as a result of such disclosure. We implement mechanisms like Binding Corporate Rules (BCRs) and Data Processing Agreements (DPAs). Similarly, when transferring data outside the United Kingdom, we will comply with the relevant local regulations. We ensure compliance with applicable local data protection laws, including GDPR, UK regulations, and other international standards where required.
How we keep your data secure
We have implemented appropriate security measures to prevent your Personal Data from being accidentally lost, used, accessed in an unauthorized way, altered, or disclosed. We limit access to your Personal Data to those employees and other personnel who have a business need to access it. All such individuals are subject to a contractual duty of confidentiality. We have procedures in place to deal with any actual or suspected Personal Data breaches. In the event of such a breach, we have systems in place to work with the applicable regulators. Additionally, in certain circumstances (e.g., when legally required), we may notify you of breaches that affect your Personal Data.
How long we keep your Personal Data
We will only retain your Personal Data for as long as we reasonably need to use it for the purposes set out above, unless the law requires a longer retention period (e.g., for regulatory purposes).
Third-party links
The VisionApp Sites may include links to third-party websites, plug-ins, and applications. By clicking on those links or enabling those connections, you may allow third parties to collect or share your Personal Data. We do not control these third-party websites and are not responsible for their privacy statements. When you leave the VisionApp Sites, we recommend you read the privacy policy of every site you visit.
VisionApp Solutions S.L., 2025
