Privacy Policy
Last update : 2024/07/19
Introduction
AILens Group (“AILens”, “we”, “our” or “us”) cares about the security and privacy of your personal data. This Privacy Policy describes how AILens collects, uses and shares your personal data. In addition to this Privacy Policy, we provide data and privacy information embedded in our products and certain features that ask to use your personal data.
Overview
The Privacy Policy covers how we handle personal data whether you interact with us on our website (https://www.ThinkAR.com) (“Site”), through AILens’s mobile apps (“Mobile Apps”) or in person (including by phone, through email or when visiting us). We may also link to third parties on our services or make third party apps available for connecting our product. Our Privacy Policy does not apply to how third parties define personal data or how they use it. We encourage you to read their privacy policies and know your privacy rights before interacting with them.
Table of Content
-
What is Personal Data at AILens
-
Use of Personal Data
-
Permitted Disclosure of Personal Data
-
How We Protect Personal Data
-
Data Retention Policy
-
Your Rights and Choices
-
Link to Other Websites
-
Used by Minors
-
Updates To This Privacy Policy and Notifications
-
Mobile Devices
-
Legal Basis for Processing (For EEA Users only)
-
California Consumer Privacy Act (CCPA)
-
Languages
-
Contact Us
What is Personal Data at AILens
We may or may not collect your personal data when you register with or access our Services or otherwise interact with AILens. The categories of information we may collect might include but are not limited to the categories described below:
1. Data You Provide. Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (“Anonymous Data”). We collect the content, communications and other information you provide when you use our Services such as when you create or use your account with us (“Account”) or when you provide feedback to us. You are not required to provide the personal data that we have requested. However, if you choose not to do so, in many cases we will not be able to provide you with our products or services or respond to requests you may have. Information we collect may include the following:
(1) Identity Data includes first name, maiden name, last name, nationality, gender, marital status, passport number, ARC number, driver’s license number, Social Security number, Taxpayer Identification number, or other government-issued identification number.
(2) Contact Data includes email address, residential address, billing address, and phone numbers.
(3) Demographic Data includes your date of birth, and country/region.
(4) Financial Data includes bank account, payment and digital wallet information.
(5) Transaction Data includes details about when and where payment transactions occur, the names of the transacting parties, a description of the transactions, the payment or transfer amounts, billing and shipping information, and the devices and payment methods used to complete the transactions.
(6) Profile Data includes your username, password, preferred language, survey responses, promotions, or other prospective seller marketing forms or devices; suggestions for improvements; referrals; or any other actions you perform on our Services.
2. Data Collected Automatically. When you use our Services, some information may be automatically collected by our server logs and other similar technologies. This information include:
(1) Technical Data includes device-specific information (such as your hardware model, operating system version, unique device identifiers and mobile network information), Internet protocol (IP) address, device event information such as crashes, system activity, hardware settings, browser type, language, the date and time when you access our Services.
(2) Location Data includes information about your location, via various technologies including Internet protocol (IP) address which indicates a number assigned to every device connected to the Internet assigned in geographic blocks and other identifiers that may, for example, provide us with information on nearby devices, Wi-Fi access points.
(3) Usage Data includes information about how you use our Services such as your preferences, characteristics, and behavior.
3. Data Collected from Other Sources.
(1) Third-Party Services. If you link, connect, or log in using the single sign-on (“SSO”) via a third-party service (e.g. Google, Facebook, Line), you direct the service to send us information such as your registration, friends list, and profile information as controlled by that service or as authorized by you via your privacy settings at that service.
(2) Other Sources. To the extent permitted by applicable law, we may receive additional information about you, such as references, demographic data or information to help detect fraud and safety issues from third party service providers and/or partners, and combine it with information we have about you. For example, we may receive background check results or fraud warnings from identity verification service providers for use in our fraud prevention and risk assessment efforts.
(3) We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
Use of Personal Data
We use personal data to power our services, to process your transaction, to communicate with you, for security and fraud prevention, and to comply with laws. We may also use personal data for other purposes with your consent. We only use your personal data when we have a valid legal basis to do so.
1. Contractual and Pre-contractual Business Relationships. We use your personal data for the purpose of entering into business relationships with you, and to perform the contractual obligations under the contracts that we have with you. Activities include: creation and management of your accounts and account credentials, including the evaluation of applications to commence or expand the use of our Services; accounting, auditing, and billing activities; and processing of payments, including fraud detection and prevention, optimizing valid transactions, communications regarding such payments, and related customer service.
2. Legal Compliance. We use your personal data to verify your identity in order to comply with fraud monitoring, prevention and detection obligations, laws associated with the identification and reporting of illegal and illicit activity, such as AML (Anti-Money Laundering) and KYC (Know-Your-Customer) obligations, and financial reporting obligations. For example, we may be required to record and verify your identity for the purpose of compliance with legislation intended to prevent money laundering and financial crimes. These obligations are imposed on us by the operation of law, industry standards, and by our financial partners, and may require us to report our compliance to third parties, and to submit to third party verification audits.
3. Legitimate Business Interests. Where allowed under applicable law, we rely on our legitimate business interests to process your personal data. When we do so, we balance our legitimate interests against the interests and rights of the individuals whose personal data we process. The following list sets out the business purposes that we have identified as legitimate:
(1) Detect, monitor and prevent fraud and unauthorized payment transactions;
(2) Mitigate financial loss, claims, liabilities or other harm to you, the public, and AILens;
(3) Determine eligibility for and offer new AILens products and services;
(4) Respond to inquiries, send Service notices and provide customer support;
(5) Promote, analyze, modify and improve our Services, systems, and tools, and develop new products and services, including reliability of the Services;
(6) Manage, operate and improve the performance of our Services by understanding their effectiveness and optimizing our digital assets;
(7) Analyze and advertise our Services;
(8) Conduct aggregate analysis and develop business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of, our business;
(9) Share your personal data with third party service providers that provide services on our behalf and business partners which help us operate and improve our business;
(10) Enable network and information security throughout AILens and our Services; and
(11) Share your personal data among our affiliates for administrative purposes.
4. Service-Related Interaction. We may process and use your personal data to communicate with you, for example, to provide information relating to our Services. We may also send service-related email, conduct survey and get feedback from you or otherwise interact with you when you register with or access our Services based on the information you provide us.
5. Advertising. We may use your personal data and your device to target advertisements for our Services to you on our Site and other sites you visit (“interest-based advertising”), where allowed by applicable law, including any consent requirements. For example, when you visit our Site, we will use cookies to identify your device and direct ads for our Services to you. You have choices and control over our cookies (or similar technologies) we use to advertise to you. Please see our Cookie Policy for more information. At present, there is no industry standard for recognizing Do Not Track browser signals, so we do not respond to them.
6. Marketing. We may use your personal data to send you promotional messages, marketing, advertising, and other information based on your preferences on social media advertising through social media platforms, personalize, measure, ad improve our advertising, and analyze characteristics and preferences to send you promotional messages, marketing, advertising and other information that we might be of interest to you. You can opt out of receiving marketing communications from us at any time by using the “Unsubscribe” link in each newsletter or communication, or through your account (if you have created one).
Permitted Disclosure of Personal Data
We value your privacy. We do not share, sell, lease, transfer or otherwise disclose your personal data to third parties unless otherwise stated below.
1. Verification Service Providers. In order to detect and/or prevent fraud and comply with our legal obligations, we will sometimes need to share your information with third party identity verification services.
2. Operational Service Providers. In order to deliver our Services to you, we will need to share your information with third parties who provide us with certain tools/services including data storage, customer service platforms, accounting and invoicing, IT, email and other communication tools, security and fraud detection.
3. Other Service Providers. In order to improve the functionality of our Services, we will sometimes share your information with service providers that help us analyze how people are using our Services in order for us to refine the product. We may also share your information with services providers who help us to deliver certain advertising/marketing campaigns in order to grow our business.
4. Law Enforcement Agencies and Regulators. We may share your personal data as we believe necessary: (i) to comply with applicable law, or rules imposed by payment method in connection with use of that payment method; (ii) to enforce our contractual rights; (iii) to protect the Services, rights, privacy, safety and property of AILens, our Users or others; and (iv) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.
5. Group Companies. Information may be shared with AILens Group entities in order to, inter alia, meet our legal and regulatory obligations. EEA Users should be aware that AILens Group’s affiliates are likely to act as processors in respect of your personal information in order to provide you with the best possible service and customer support.
6. Business Partners. From time to time we may partner with other companies (“Partners”) to allow you to transact with individuals that are customers of such Partners and not AILens. In order to complete these transactions, we will need to share information regarding your account (such as name, email address, phone number and date of birth) with the applicable Partner so that they can meet their legal and regulatory obligations. Your information will only be shared with such Partners to the extent you actually transact or interact with customers of such Partner.
7. Professional Advisers. In order to complete third party financial, technical, compliance and legal audits of AILens’s operations or otherwise comply with our legal obligations, we may need to share information about your account as part of such review with professional advisers acting as processors or joint controllers who provide consultancy, banking, legal, compliance, insurance or accounting services.
8. Third Parties. We may choose to sell, transfer, or merge parts of our business or our assets to third parties. Alternatively, we may acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.
9. With Your Consent. Where you provide consent, we share your information as described at the time of consent. For example: At your direction or as described at the time you agree to share; or when you authorize a third-party application or website to access your personal information.
How We Protect Personal Data
We use reasonable technical and organizational information security measures to provide appropriate protection for your personal information from leaking or unauthorized access and prevent such risks of providing personal information. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We cannot, however, guarantee your personal data may not be accessed, disclosed, altered, or destroyed by any attacks from hackers or any skilled computer experts. If you have reason to believe that your interaction with us is no longer secure (e.g., you feel that the security of your account has been compromised), please contact us immediately.
In relation to EEA Users, we have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Data Retention Policy
We retain your personal data as long as we are providing our Services to you. Even after we stop providing our Services directly or indirectly to you, and even if you close your account, we keep your personal data in order to comply with our legal and regulatory obligations. We may also keep it to assist with our fraud monitoring, detection and prevention activities. We also keep your personal data to comply with our tax, accounting, and financial reporting obligations, where we are required to retain the data by our contractual commitments to our financial partners, and where data retention is mandated by the payment methods you used. In all cases where we keep data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.
Even after you close your account, we may be required to retain certain information you have provided for a number of years. For example, we are subject to various AML and CTF regulations which, in a number of jurisdictions, require us to retain certain personal data for a minimum period of five (5) years following the closure of your account.
For further details of retention periods for different aspects of your personal data please contact us.
In some circumstances we may use Anonymized Data (defined in Section 2) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Your Rights and Choices
You may have choices regarding our collection, use and disclosure of your personal data:
1. Opting out of receiving electronic communications from us. If you no longer want to receive marketing-related emails from us, you may opt-out via the unsubscribe link included in such emails. We will try to comply with your request(s) as soon as reasonably practicable.
2. If you would like to review, correct, or update your personal data that you have previously disclosed to us, you may do so by signing in to your account or by contacting us.
3. Your data protection rights. Depending on your location and subject to applicable law, you may have the following rights with regard to the personal data we control about you:
(1) The right to request that AILens updates your personal data that is inaccurate, incomplete or outdated;
(2) The right to request that AILens erases your personal data in certain circumstances under applicable law;
(3) The right to request that AILens restricts the use of your personal data in certain circumstances under applicable law;
(4) Where the processing of your personal data is based on your previously given consent, you have the right to withdraw your consent at any time; and/or
(5) In some cases, you may also have the right to object to the processing of your personal data.
Notwithstanding anything foregoing, there may be situations where we cannot grant your request — for example, if you ask us to delete your transaction data and we are legally obligated to keep a record of that transaction to comply with law. We may also decline to grant a request where doing so would undermine our legitimate use of data for anti-fraud and security purposes, such as when you request deletion of an account that is being investigated for security concerns. Other reasons your privacy request may be denied are if it jeopardizes the privacy of others, is frivolous or vexatious, or would be extremely impractical or unreasonable.
Process for exercising data protection rights
1. No fee is usually required. Usually, you will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if we deem your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
2. What we may need from you. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
3. Time limit to respond. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Link to Other Websites
Our Services may provide the ability to connect to other online services. These online services may operate independently from us and/or may have their own privacy notices or policies, which we strongly suggest you review. If any online service linked to our Services is not owned or controlled by us, or does not claim to be covered by this Privacy Policy, we are not responsible for it and/or it is not covered by this Privacy Policy. Please refer to the privacy policy associated with that online service.
Used by Minors
Our Services are not directed to minors, including children under the age of 18, and we request that they not provide personal data through the Services. In some countries, we may impose higher age limits as required by applicable law.
Updates To This Privacy Policy and Notifications
We may change this Privacy Policy from time to time. When we do make updates, we will let you know by changing the “Last updated” legend at the top of this Privacy Policy. If it is a big update, we will send you a notification or post a notice on our website. If you ever have any questions about changes made to the Privacy Policy, please contact us.
If applicable law requires that we obtain your consent or provide notice in a specified manner prior to making any changes to this Privacy Policy applicable to you, we will provide such required notice and will obtain your required consent.
Mobile Devices
With your consent, we may send you push notifications. You may grant us access to your location information or contact details in order to provide our Services to you. When you upload a picture from your mobile device, your picture may also be tagged with your location information. Please read the instructions on your mobile device to understand how to change the settings and enable the sharing of such information or the receipt of (or opt-out of receiving) push notifications (including Software Development Kit (“SDK”) and push token data). Different device operating systems may have different default settings, so please familiarize yourself with such settings governing push notifications.
Legal Basis for Processing (For EEA Users only)
This section only applies to European Economic Area (“EEA”) users. We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
-
Where we need to perform the contract we are about to enter into or have entered into with you.
-
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
-
Where we need to comply with a legal or regulatory obligation.
California Consumer Privacy Act (CCPA)
If you are located in California, we process your personal data in accordance with the California Consumer Privacy Act (CCPA). This section provides additional details about the personal data we collect and use for purposes of CCPA.
How We Collect, Use, and Disclose Your Personal Data. The Personal Data We Collect section describes the personal data we may have collected about you, including the categories of sources of that information. We collect this information for the purposes described in the How We Use Personal Data section. We share this information as described in the How We Disclose Personal Data section. AILens uses cookies, including advertising cookies, as described in our Cookie Policy.
Your CCPA Rights and Choices. As a California consumer and subject to certain limitations under the CCPA, you have choices regarding our use and disclosure of your personal data:
Exercising the right to know: You may request the following information about the personal information we have collected about you:
1. the categories and specific pieces of personal information we have collected about you;
2. the categories of sources from which we collected the personal information;
3. the business or commercial purpose for which we collected the personal information;
4. the categories of third parties with whom we shared the personal information; and
5. the categories of personal information about you that we disclosed for a business purpose, and the categories of third parties to whom we disclosed that information for a business purpose.
Exercising the right to delete: You may request that we delete the personal information we have collected from you, subject to certain limitations under applicable law.
Exercising the right to opt-out from a sale: You may request to opt out of any “sale” of your personal information that may take place.
Non-discrimination: The CCPA provides that you may not be discriminated against for exercising these rights.
To submit a request to exercise any of the rights described above, please contact us.
Languages
This Private Policy is written in English. Any translations into another language are made solely for convenience and will not be considered in the interpretation or application of this Privacy Policy. The other translations of this Private Policy are only for reference. In case of any discrepancy, the English version shall prevail.
Contact Us
To submit questions regarding this Privacy Policy, you can contact AILens by emailing us at support@thinkar.com.
We may need to verify your identity before responding to your request, such as verifying that the email address from which you send the request matches your email address that we have on file. Authentication based on a government-issued and valid identification document may be required.