Talespin Reality Labs, Inc. (“Talespin,” “we”, “us” and “our”) provides products and services that enable individuals (“End Users”) to leverage virtual reality for training and learning purposes via our VR headset application (“Products”).
This Privacy Policy details how we collect, use, disclose, and secure personal information from or through our Products:
If, after reviewing this Privacy Policy, you have any questions or privacy concerns, please send us an email to DPO@csod.com
IF YOU ARE AN INDIVIDUAL LOCATED IN THE EEA OR THE UNITED KINGDOM: If you are located in the European Economic Area (“EEA”), this entire Privacy Policy applies to you. However, please see Additional Information for Individuals in the EEA and the United Kingdom below, which will inform you in detail about our legal bases for processing and which rights you have in connection with our processing of your personal information.
IF YOU ARE A RESIDENT OF NEVADA: If you are a resident of Nevada, this entire Privacy Policy applies to you. However, please see the Section titled “Notice for Nevada Consumers” below, which will also apply to you.
Who We Are
Cornersone OnDemand Inc
1601 Cloverfield Blvd, Suite 600 South
Santa Monica CA 90404
United States
With respect to its collection and processing or personal information, Talespin acts as a: ‘Data controller’ when it collects personal information on its own behalf and for its own business purposes, such as through our Products.
How to Contact Us about Privacy
Any questions about this Privacy Policy or requests for access to or deletion or rectification of personal information that Talespin collects and processes should be addressed to DPO@csod.com or by mail at:
Attn: Legal Department
Cornersone OnDemand Inc
1601 Cloverfield Blvd, Suite 600 South
Santa Monica CA 90404 USA
Changes to this Privacy Policy
Talespin may update this Privacy Policy from time to time, in its sole discretion. Changes, modifications, additions, or deletions will be effective immediately upon their update in the Policy unless otherwise stated in the change notice. We encourage you to review this Privacy Policy regularly for any changes. Your continued use of the Products, and/or your continued provision of personal information to us after the posting of such notice, will be deemed an acceptance of any changes and subject to the terms of the then-current Privacy Policy.
International Transfers
We are located in the United States, and the personal information that we collect is stored on servers hosted by us or our authorized third-party service providers located in the United States. This means that your personal information will be collected, processed, and stored in the United States, which may have data protection laws that are different from (and sometimes less protective than) the laws of your country or region, such as the EU’s General Data Protection Regulation (“GDPR”).
By sending us personal information, you agree and consent to the processing of your personal information in the United States, which may not offer an equivalent level of protection to that required in other countries (particularly the European Union), and to the processing of that information by us on servers located in the United States, as described in this Privacy Policy.
We have implemented safeguards designed to ensure that the personal information we process remains protected in accordance with this Privacy Policy, including when processed internationally or by our third-party service providers and partners. The safeguards we may take in our discretion include, for instance, entering into specific agreements in connection with any onward transfers of personal information. We may implement other mechanisms and take similar appropriate safeguards with our third-party service providers and partners. Further details can be provided upon request.
Personal Information We Collect
We collect information directly from you, such as when you use our Products. We also collect information indirectly, as set forth below, such as from third parties.
Information Collected Directly from You
Using our Products
When you use our Products, we record and collect End User actions on the Products and End User interactions with the module(s) when using the Products, including:
• Recorded audio
• Voice input
Information Collected Indirectly
When you use our Products, we, or authorized third parties, collect some information, including Device and Usage Information described below, by automated means using cookies, web beacons, SDKs and server logs for analytic purposes. We may also collect information from third parties, as explained below.
Device and Usage Information
When you visit, use or interact with the Products, even if you do not have an account, we, or authorized third parties (such as service providers), may collect information about your use of the Products via your device. Device and Usage Information that we, or these authorized third parties, collect consists of:
• Information About your Device: information about the devices and software you use to access the Products – primarily the device that you use, your IP address or device ID (or other persistent identifier that uniquely identifies your device on the Internet), the operating system of your device, device screen size, and other similar technical information.
• Usage Information: information about your interactions with the Products, including access dates and times, hardware and software information, device event information, and crash data. This information allows us to understand the screens that you view, how you have used the Products (which may include administrative and support communications with us or whether you have clicked on third party links), and other actions on the Products. We, or our authorized third parties, automatically collect log data when you access and use the Products, even if you have not created an account or logged in. We use this information to administer and improve the Products, analyze trends, track visitors’ use of the Products, and gather broad demographic information for aggregate use.
Information from Third Parties
In some instances, we process personal information from third parties, which consists of:
• Data from our partners and service providers, such as aggregated transaction information from providers of payment services and marketplace providers.
All End User Information is collected by Talespin for the sole purpose of providing and improving the Products and is aggregated.
Why We Collect Your Personal Information and How We Use It
We, or our authorized partners, collect and process personal information in order to:
• Provide the Products
• Ensure that the Products are operational and optimized for user experience
• Improve the content and general administration of the Products
• Enhance End User experience, including to provide customer support
• Detect fraud, illegal activities, or security breaches
• Respond to your verbal requests within the Products (e.g. take instruction from you)
• Perform system maintenance and upgrades, and enable new features
• Understand how you access and use the Products in order to provide technical functionality, develop new products and services
• Conduct statistical analyses and analytics based on usage and activity on the Products, including which modules are watched
• Enforce our agreements with you if necessary
• Provide information to regulatory bodies when legally required, and only as outlined in this Privacy Policy
Individuals located in the EEA and the United Kingdom, please see Additional Information for Individuals in the EEA and the United Kingdom below for more information, including our legal bases for processing.
Disclosure of Your Personal Information
We disclose your personal information under certain circumstances as further described below.
Third Parties and Service Providers
Talespin shares personal information, including End User Information, with our third party agents, contractors, or service providers who are hired to perform services on our behalf or in order to assist with certain business purposes. These providers may operate or support certain functions of the Products. Below is a list of categories of service providers that we may use to perform these functions (which are subject to change):
• Analytics services
• Customer support services
• Billing services and payment gateway providers
• Hosting and content delivery network services
• Communication tools
• Professional services (such as auditors, lawyers, consultants, accountants and insurers)
• End User audio data collection services on the Products.
• Virtual reality hardware and software applications
Service providers process your personal information for the specific purpose of providing their services to us (and in accordance with our instructions).
When you use the Products through a third party marketplace, such as Meta’s Quest, Meta will collect and use your information as set forth in their privacy policy.
Affiliates
We may share data collected from you with our affiliates.
Business Transfers
As we continue to grow, we may purchase websites, applications, subsidiaries, or other businesses or business units. Alternatively, we may sell businesses or business units, merge with other entities, obtain financing, and/or sell assets or stock, in some cases, as part of a reorganization or liquidation in bankruptcy. In order to evaluate and/or as part of these transactions, we may transfer your personal information to a successor entity upon a merger, consolidation, or other corporate reorganization in which Talespin participates, to investors and/or to a purchaser or acquirer of all or a portion of Talespin’s assets, including bankruptcy.
Aggregated or Anonymized Information
We share anonymized, aggregated, automatically-collected, or otherwise non-personal information with third parties for various purposes, including (i) compliance with reporting obligations; (ii) business or marketing purposes; (iii) assistance for us and other parties in understanding our users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, and/or functionality available through the Products. We do not share personal information about you in this case.
Legal Obligations and Security
Talespin may preserve or disclose your personal information in limited circumstances (other than as set forth in this Privacy Policy), including: (i) with your consent; (ii) when we have a good faith belief it is required by law, such as pursuant to a valid subpoena, warrant, or other judicial or administrative order (as further explained below); (iii) to protect the safety of any person; (iv) to protect the safety or security of the Products or to prevent spam, abuse, or other malicious activity of actors with respect to the Products; or (v) to protect our rights or property or the rights or property of those who use the Products.
If we are required to disclose personal information by law, such as pursuant to a subpoena, warrant, or other judicial or administrative order, we will use reasonable efforts to provide you with notice of this disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Our policy is to respond to requests that are properly issued by law enforcement within the United States or via mutual legal assistance mechanism (such as a treaty), and to object to requests that we do not believe were issued properly. However, if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), which will be determined on a case-by-case basis.
Information from Children
We do not knowingly collect any personal information directly from children under the age of 16. If we discover we have received any personal information from a child under the age of 16 in violation of this Policy, we will take reasonable steps to delete that information as quickly as possible. If you believe that we have any personal information from or about anyone under the age of 16, please contact us at support@talespin.com.
Analytics
The Products use third-party analytics tools that drop cookies and/or similar technologies to collect and store information about your device and use of the Products. We use analytics tools to calculate visitor, session and campaign data for analytics reports.
One of our tools is Unity Gaming Services. You can read more about Unity’s practices in Unity’s privacy policy.
Marketing & Advertising
Social Media
Talespin maintains an online presence on social media platforms (“Social Media Platforms”) such as Instagram, Twitter or Facebook, to provide information about our Products and communicate with users and/or visitors to those pages or accounts. When you interact or post to our account, we process your personal information. In some cases, the Social Media Platforms are service providers or processors. In other cases, such as with Facebook, we are jointly responsible for the processing, as explained in the section titled Talespin as a ‘Joint Controller’ with Facebook.
How We Secure Personal Information
We use reasonably appropriate security measures designed to protect the security of personal information both online and offline. These measures vary based on the sensitivity of the information that we collect, process and store and the current state of technology. Please note, though, that no website or internet transmission is completely secure, so while we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.
Do-Not-Track Signals
Certain internet web browsers allow a “do not track” (DNT) setting that relies on a technology known as a DNT header, which sends a signal to websites visited by the individual about the individual’s browser DNT setting. At this time, we do not currently respond to DNT signals, whether that signal is received on a computer or on a mobile device. Learn more about DNT here.
Your Choices
Individuals in the EEA and the United Kingdom have additional rights, as explained below.
Notice to Nevada Consumers
We do not sell your personal information within the scope of, and according to the defined meaning of a “sale” under, NRS 603A.
Additional Information for Individuals in the EEA and the United Kingdom
Note: for purposes of this section, “personal information” has the same meaning as “personal data” as such term is defined in applicable data protection laws.
Categories of Recipients of Personal Information
The categories of recipients of personal information with whom we may share your personal information are listed in Disclosure of Your Personal Information above.
Purpose(s) of the Processing and Legal Bases
Talespin as ‘Data Controller’
As a ‘data controller’, Talespin processes your personal information for a number of different purposes. Some are essential for us to provide the Products or to fulfill our legal obligations, some help us run the Products efficiently and effectively, and some enable us to provide you with more relevant and personalized offers and information. In all cases, with respect to individuals in the EEA, we must have a reason and a legal ground for processing your personal information. The most common legal grounds on which we rely are briefly explained below:
• Performance of a Contract: we may process your personal information in order to enter into, or perform a contract to which you are a party –for instance, when you agree to use the Products.
• Legitimate Interests: we may process personal information where it is necessary for our legitimate business interests, but only to the extent that they are not outweighed by your own interests or fundamental rights and freedoms. When we rely on this legal basis, if required, we will carry out a legitimate interest assessment to ensure we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws.
• Consent: We rely on consent where it is required, such as when we are asking you to confirm your marketing preferences. When we rely on consent, you will be asked to confirm that you give your permission to Talespin to process your personal information. You have the right to withdraw your consent at any time if you no longer want to be part of the Talespin processing activity where your consent was sought.
• Legal Obligation: Talespin may have legal obligations to retain and/or disclose your personal information, or may cooperate in a legal or governmental investigation. It is essential that Talespin complies with its legal, regulatory, and contractual requirements, so if you object to this processing, Talespin will not be able to provide its Products to you.
The following breakdown illustrates in more detail our processing activities and how the above legal bases for processing apply (in brackets):
• Provide the Products [Legal Basis: Performance of a Contract]
• Ensure that the Products are operational and optimized for user experience [Legal Basis: Legitimate Interests or Performance of a Contract, depending on the specific use]
• Improve the content and general administration of the Products [Legal Basis: Legitimate Interests]
• Enhance user experience, including to provide you with customer support [Legal Basis: Legitimate Interests]
• Detect fraud, illegal activities, or security breaches [Legal Basis: Legitimate Interests]
• Except with respect to End User Information, enable third parties to deliver advertising to you [Legal Basis: Legitimate Interests or Consent, depending on the specific circumstances]
• Provide you with notices regarding Products that you have purchased [Legal Basis: Performance of a Contract]
• Providing you information about Products that you may wish to purchase in the future including, in some cases, to send you direct marketing communications regarding other services that we may think are of interest to you [Legal Basis: Legitimate Interests]
• Respond to your queries and requests, or otherwise communicate directly with you [Legal Basis: Legitimate Interests or Performance of a Contract, depending on the specific use]
• Perform system maintenance and upgrades, and enable new features [Legal Basis: Legitimate Interests]
• Understand how you access and use the Products in order to provide technical functionality and develop new products and services [Legal Basis: Legitimate Interests]
• Conduct statistical analyses and analytics based on usage and activity on the Products Legal Basis: Legitimate Interests or Consent, depending on the specific circumstances]
• Enforce our agreements with you if necessary [Legal Basis: Legitimate Interests]
• Provide information to regulatory bodies when legally required, and only as outlined in this Privacy Policy [Legal Basis: Compliance with a Legal Obligations]
Talespin as a ‘Joint Controller’ with Facebook
We have a presence on Facebook (including Instagram). With respect to our use of Facebook, we are jointly responsible with Facebook Ireland for the processing activities (“Joint Processing”) with respect to your personal information:
Facebook Ireland Ltd.,
4 Grand Canal Square, Grand Canal Harbor
Dublin 2, Ireland
Information about the personal information that is collected from you by Facebook, as well as how and why it is processed by Facebook, can be found at https://www.facebook.com/about/privacy.
Talespin and Facebook have entered into entered into an agreement in order to determine the respective responsibilities for compliance with our obligations in connection with the Joint Processing within the meaning of the GDPR. This joint controller agreement, which sets out the reciprocal obligations, is available here.
Talespin’s legal basis for processing your personal information via Facebook is our legitimate interest in promoting our Products .
PLEASE NOTE THAT FACEBOOK IRELAND IS RESPONSIBLE FOR ENABLING DATA SUBJECTS’ RIGHTS UNDER ARTICLES 15-20 OF THE GDPR WITH REGARD TO THE PERSONAL DATA STORED BY FACEBOOK IRELAND IN CONNECTION WITH THE JOINT PROCESSING, AS FURTHER DESCRIBED IN FACEBOOK’S PRIVACY POLICY. TO EXERCISE YOUR RIGHTS, PLEASE GO TO YOUR FACEBOOK SETTINGS OR CONTACT FACEBOOK AS SET FORTH IN ITS PRIVACY POLICY.
It cannot be excluded that some processing by Facebook Ireland Ltd. will also take place in the United States by Facebook Inc.
How Long Do We Keep Your Personal Information?
We use the following criteria to determine our retention periods: the amount, nature and sensitivity of your information, the reasons for which we collect and process your personal information, the length of time we have an ongoing relationship with you and provide you with access to our Products, and applicable legal requirements. We will retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax, or accounting requirements), when we are unable to reasonably verify your identity, or as may otherwise be required under GDPR. Additionally, we cannot delete information when it is needed for the establishment, exercise, or defense of legal claims (also known as a “litigation hold”). In this case, the information must be retained as long as needed for exercising respective potential legal claims.
When we have no ongoing business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), we will securely store your personal information and isolate it from any further processing until deletion is possible. If you have questions about, or need further information concerning, our data retention periods, please email support@talespin.com.
Staying in Control of Your Information: Your Rights
If the GDPR (or its equivalent in the United Kingdom) applies to you because you are in the EEA or the United Kingdom, you have certain rights in relation to your personal information:
• The right to be informed – our obligation to inform you that we process your personal information (and that is what we are doing in this Privacy Notice)
• The right of access – your right to request a copy of the personal information we hold about you (also known as a ‘data subject access request’)
• The right to rectification – your right to request that we correct personal information about you if it is incomplete or inaccurate (though we generally recommend first making any changes in your Account Settings)
• The right to erasure (also known as the ‘right to be forgotten’) – under certain circumstances, you may ask us to delete the personal information we have about you (unless there is an overriding legal reason we need to keep it)
• The right to restrict processing – your right, under certain circumstances, to ask us to suspend our processing of your personal information
• The right to data portability – your right to ask us for a copy of your personal information in a common format (for example, a .csv file)
• The right to object – your right to object to us processing your personal information (for example, if you object to us processing your data for direct marketing)
• Rights in relation to automated decision-making and profiling – our obligation to be transparent about any profiling we do, or any automated decision-making.
These rights are subject to certain rules around when you can exercise them. If are located in the EEA and wish to exercise any of the rights set out above, please contact us (see How to Contact Us about Privacy).
You will not have to pay a fee to access your personal information (or to exercise any of the other rights) unless your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request under those circumstances.
We may need to request specific information from you to help us confirm your identity. This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. Note that if we are unable to reasonably confirm your identity, we will not be able to honor certain requests.
We will respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated as required by law.
In addition, if you no longer wish to receive our marketing/promotional information, we remind you that you may withdraw your consent to direct marketing at any time directly from the unsubscribe link included in each electronic marketing message we send to you. If you do so, we will promptly update our databases, and will take all reasonable steps to meet your request at the earliest possible opportunity, but we may continue to contact you to the extent necessary for the purposes of providing our Products.
Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to address your concerns before you approach the supervisory authority, so please contact us directly first.
Last updated: September 05, 2024