top of page

Privacy Policy

image7.png

Privacy Policy - Imitera

 

 

 

Last updated: 25 November 2025

 

 

1. Who we are

 

This Privacy Policy explains how Imitera AB (“Imitera”, “we”, “us”, “our”) collects and processes personal data when you visit our websites, contact us, use our XR and VR experiences, participate in demos or events, or otherwise interact with us.

 

  • Legal entity: Imitera AB

  • Organisation number: 559176-3718

  • Registered address: Väsjövägen 2, 192 65 Sollentuna, Sweden

  • Website: https://www.imitera.com

  • Primary business: Solutions within Virtual Reality, Augmented Reality and Mixed Reality.

 

For the purposes of the EU General Data Protection Regulation (“GDPR”), Imitera AB is the data controller for the processing of personal data described in this Privacy Policy, unless otherwise stated.

 

When we provide XR solutions and services on behalf of a customer, such as an industrial company or school, that customer is usually the data controller and Imitera acts as a data processor. In those cases, the customer’s privacy information applies to that processing and this Privacy Policy applies mainly to our own business use of data.

 

If you have questions about this Privacy Policy or our processing of personal data, you can contact us at:

 

  • Email: info@imitera.com

  • Postal address: Imitera AB, Väsjövägen 2, 192 65 Sollentuna, Sweden

 

Please clearly mark that your request concerns “privacy” or “data protection”.

 

 

2. Scope of this Privacy Policy

 

This Privacy Policy applies to personal data that we process in connection with:

 

  • Visitors to our websites at imitera.com and related pages (for example About, Products, Case Studies, News, Events, Contact).

  • People who contact us by email, phone or web forms to request information or book demos.

  • Prospective and existing customers, partners and suppliers in a professional context.

  • Participants in our XR and VR demos, pilots, proofs of concept and other experiences based on our platform and products (for example Imitera Core, MarsQuest, HoverBlade and similar).

  • People who engage with us at events, trade fairs and workshops.

  • Applicants for positions or collaborations with Imitera.

 

This Privacy Policy does not apply to:

 

  • Processing carried out solely by our customers or partners in their own systems where they act as the controller.

  • Processing in specific apps where we provide a separate, app specific privacy policy (for example MarsQuest and HoverBlade have their own privacy pages).

 

 

3. Legal framework and definitions

 

We process personal data in accordance with:

 

  • The EU General Data Protection Regulation (“GDPR”)

  • Applicable Swedish data protection and privacy legislation

 

In this Privacy Policy:

 

  • Personal data means any information relating to an identified or identifiable natural person.

  • Processing means any operation performed on personal data, such as collection, storage, use, disclosure or deletion.

  • Data subject is the individual whose personal data is processed.

  • Controller is the entity that decides why and how personal data is processed.

  • Processor is a service provider that processes personal data on behalf of a controller.

 

 

4. Categories of personal data we process

 

The personal data we process depends on how you interact with us.

 

 

4.1 Website visitors and online interactions

 

When you visit our websites, we may process:

 

  • Technical data

     

    • IP address

    • Browser type and version

    • Device type and operating system

    • Language settings

    • Referrer URL

    • Date and time of visits

  • Usage data

     

    • Pages visited, clicks and navigation paths

    • Time spent on pages

    • Interactions with forms and buttons

    • Error messages and performance data

  • Cookie and tracking data

     

    • Cookie identifiers and similar technology identifiers

    • Device and session identifiers associated with cookies

 

 

4.2 Contact and demo requests

 

When you contact us or request a demo, we may process:

 

  • Identification and contact details

     

    • Name

    • Email address

    • Phone number

    • Company name

    • Job title and role

  • Business context

     

    • Industry and size of your organisation

    • Interest area (for example training, product visualisation, events, marketing demos)

    • Notes on your use case and requirements

  • Communication content

     

    • Messages and attachments you send

    • Notes from calls and meetings

    • Follow up actions and status

 

 

4.3 Customers, partners and suppliers

 

For customer and partner relationships, we may process:

 

  • Contact details of key contacts

  • Contract and order information

  • Project and delivery documentation

  • Invoices and payment data (for individual contractors or sole traders)

  • Support and communication history

 

 

4.4 XR and VR experience users

 

When you use our XR and VR experiences, whether as a demo, pilot or full deployment, we may process:

 

  • Basic identifiers

     

    • Internal user, participant or session ID

    • In some cases, name or email address if the experience requires an identified user or if your employer links your account to the experience

  • Device and session data

     

    • Headset type and configuration

    • Device identifiers or installation IDs

    • Connection and performance data

    • Session start and end times

  • Interaction and performance data

     

    • Movement and position data within the virtual environment

    • Controller inputs and actions (for example grabbing, pressing, pointing)

    • Objects and areas you interact with inside the experience

    • Completion status of scenarios or modules

    • Scores and performance metrics where relevant (for example task completion time, error counts, success rates)

 

We design our XR solutions so that we do not intentionally collect biometric identifiers in the strict GDPR sense (such as fingerprint templates or facial recognition profiles). If a specific project requires collection of such data, this will be regulated separately and only carried out with clear legal basis and safeguards.

 

 

4.5 Events, workshops and trade fairs

 

When you participate in events where Imitera is host or exhibitor, we may process:

 

  • Registration and attendance data

     

    • Name, email, phone number, company, role

    • Sessions you sign up for

    • Attendance status

  • Interactions at the event

     

    • Notes from discussions and follow ups

    • Feedback and survey responses

  • Photos and video

     

    • In some cases we may take photos or record short video clips for documentation or marketing. Where individuals are clearly identifiable and local law or practice requires it, we will inform you and, where appropriate, collect consent on site.

 

 

4.6 Marketing and communication

 

For marketing and outreach in a B2B context, we may process:

 

  • Contact details and company information

  • Marketing preferences (subscriptions, opt outs)

  • Information on interactions with our communications

     

    • Email open and click data

    • Support or sales interactions

    • Which content or events you have shown interest in

 

 

4.7 Recruitment and collaboration

 

If you apply for a job or propose a collaboration, we may process:

 

  • Identification and contact details

  • CV, portfolio and cover letter

  • Education and work history

  • References and their contact details

  • Interview notes and assessment results

  • Desired compensation, availability and other information you choose to share

 

We do not intentionally request sensitive personal data such as health information or religious beliefs in the recruitment process. If you provide such information, we will limit its use and protect it carefully.

 

 

4.8 Other data you choose to provide

 

You may voluntarily provide additional information in communications with us. We generally advise you not to send sensitive personal data unless it is clearly necessary and you understand how it will be used.

 

 

5. How we collect personal data

 

We collect personal data in the following ways:

 

  • Directly from you

     

    • When you fill in forms on our website

    • When you contact us by email or phone

    • When you participate in demos, pilots or XR experiences

    • When you attend an event or meeting

    • When you apply for a job or collaboration

  • From your organisation

     

    • If your employer or client lists you as contact person or participant in a project

    • If your organisation gives you access to an Imitera experience and links your identity to it

  • Automatically

     

    • Through cookies and similar technologies when you visit our sites

    • Through logging and analytics inside our XR and VR experiences

  • From third parties

     

    • From partners and event organisers when you sign up to activities we are part of

    • From publicly available sources, such as company websites and professional profiles, in a B2B context

 

 

6. Purposes and legal bases for processing

 

Under GDPR, every processing of personal data must have a legal basis. Below we explain what we use your personal data for and on what legal bases we rely.

 

 

6.1 Operating and securing our websites

 

Purpose

 

  • To provide, operate and maintain our websites.

  • To ensure availability, functionality, performance and security.

  • To detect and prevent abuse, attacks and technical issues.

 

Data

 

  • Technical, usage and logging data as described in section 4.1.

 

Legal basis

 

  • Our legitimate interest (Article 6.1 f GDPR) in operating a secure and functional online presence.

 

 

6.2 Cookies and similar technologies

 

Purpose

 

  • To store your preferences and ensure basic site functionality.

  • To understand how visitors use our websites and improve content and navigation.

  • If used, to support marketing and measurement.

 

Data

 

  • Cookie identifiers, device information, usage data.

 

Legal basis

 

  • For strictly necessary cookies: our legitimate interest (Article 6.1 f GDPR) in providing a functional website.

  • For analytics and marketing cookies: your consent (Article 6.1 a GDPR) where required by law.

 

You can manage your cookie preferences via our cookie banner and through your browser settings.

 

 

6.3 Responding to enquiries and providing demos

 

Purpose

 

  • To respond to requests for information and demos.

  • To schedule and conduct online and on site demos of our XR solutions.

  • To follow up with relevant information and offers.

 

Data

 

  • Contact details, company information and communication content as described in section 4.2.

 

Legal basis

 

  • Performance of a contract or steps taken before entering into a contract (Article 6.1 b GDPR) when your enquiry is related to a potential or existing business relationship.

  • Our legitimate interest (Article 6.1 f GDPR) in handling contact and demo requests from potential customers and partners.

 

 

6.4 Sales, customer management and project delivery

 

Purpose

 

  • To manage customer and partner relationships.

  • To plan, deliver and maintain XR and VR solutions.

  • To provide support and handle issues.

  • To keep records of projects, deliveries and communications.

 

Data

 

  • Customer and project data, XR usage data where relevant, communication history.

 

Legal basis

 

  • Performance of a contract (Article 6.1 b GDPR) with you or your organisation.

  • Our legitimate interest (Article 6.1 f GDPR) in efficient management of our business relationships.

 

In many XR projects we act as a data processor on behalf of our customer. In those cases, our processing is governed by a data processing agreement and the customer’s legal bases.

 

 

6.5 XR usage, analytics and product improvement

 

Purpose

 

  • To operate XR and VR experiences and ensure they work as intended.

  • To analyse usage and performance for product and content improvement.

  • To generate insights about how scenarios are used, where users struggle and how training can be improved.

 

Data

 

  • Device, session, interaction and performance data as described in section 4.4.

 

Legal basis

 

  • Performance of a contract (Article 6.1 b GDPR) when the data is necessary to provide the service or experience.

  • Our legitimate interest (Article 6.1 f GDPR) in improving and developing our XR platform and content, provided that this interest does not override your rights and freedoms.

 

Where possible, we use aggregated or pseudonymised data for analysis and improvement.

 

 

6.6 Marketing and communication

 

Purpose

 

  • To send you information about our products, services, events and content that is relevant in a professional context.

  • To manage subscriptions and marketing preferences.

  • To measure the effectiveness of our communications.

 

Data

 

  • Contact details, company information, interaction data and preferences as described in section 4.6.

 

Legal basis

 

  • Our legitimate interest (Article 6.1 f GDPR) in B2B marketing to existing customers and relevant professional contacts, within the limits of applicable marketing law.

  • Your consent (Article 6.1 a GDPR) where required, for example for certain email campaigns or newsletters.

 

You can opt out of marketing communications at any time by using the unsubscribe link in the email or by contacting us.

 

 

6.7 Events, workshops and trade fairs

 

Purpose

 

  • To manage registrations and participation.

  • To provide information before and after the event.

  • To evaluate and improve our events.

  • In some cases, to document events with photos or video for internal or external communication.

 

Data

 

  • Contact details, participation data, feedback and, where relevant, images or video.

 

Legal basis

 

  • Performance of a contract (Article 6.1 b GDPR) in managing your participation.

  • Our legitimate interest (Article 6.1 f GDPR) in running and improving events and documenting our activities.

  • Where required, consent (Article 6.1 a GDPR) for using identifiable photos or video in marketing.

 

 

6.8 Recruitment and collaboration

 

Purpose

 

  • To manage job applications and recruitment processes.

  • To evaluate candidates and make hiring decisions.

  • To keep a talent pool for future roles, where appropriate.

 

Data

 

  • Recruitment data as described in section 4.7.

 

Legal basis

 

  • Our legitimate interest (Article 6.1 f GDPR) in recruiting and hiring staff and collaborators.

  • Performance of a contract or steps prior to entering a contract (Article 6.1 b GDPR).

  • Your consent (Article 6.1 a GDPR) if we ask to keep your application for future opportunities beyond a specific process.

 

 

6.9 Legal obligations and protection of rights

 

Purpose

 

  • To fulfil legal obligations under accounting, tax and company law.

  • To handle disputes, claims and compliance matters.

  • To respond to lawful requests from authorities.

 

Data

 

  • Any data relevant to the specific obligation or case.

 

Legal basis

 

  • Compliance with legal obligations (Article 6.1 c GDPR).

  • Our legitimate interest (Article 6.1 f GDPR) in establishing, exercising or defending legal claims.

 

 

7. Cookies and tracking

 

Our websites use cookies and similar technologies. These technologies may be set by us or by third party providers integrated into our site.

 

We group cookies roughly as:

 

  • Strictly necessary cookies

    Required for basic functionality and security, such as enabling navigation, remembering form entries during a session and protecting against abuse.

  • Analytics cookies

    Used to understand how visitors use the site, for example which pages are popular and how long visitors stay. These support improvements to design and content.

  • Preference and functional cookies

    Used to remember choices you make, such as language or presentation options.

  • Marketing cookies (if used)

    Used to deliver and measure online marketing campaigns and to build audiences for ads on third party platforms.

 

You can manage your cookie preferences via our cookie banner and through your browser settings. If you disable certain cookies, some features of the site may not function optimally.

 

If we provide a separate Cookie Policy on our website, its content is considered part of this Privacy Policy.

 

 

8. How we share personal data

 

We do not sell personal data.

 

We may share personal data with:

 

 

8.1 Service providers

 

We use selected service providers that act as data processors and help us with:

 

  • Website hosting and platform services

  • Cloud infrastructure and storage

  • Email and communication systems

  • Analytics and logging

  • Customer relationship and project management

  • Event tools and survey platforms

  • Recruitment and HR tools

 

These providers are contractually bound to only process personal data on our documented instructions, to protect it and to keep it confidential.

 

 

8.2 Customers and partners

 

In XR projects where we act as a processor, we may share usage and performance data with the customer that commissioned the project, in line with the agreed scope.

 

In collaborations or joint events, we may share participant lists or contact details with partner organisations, where this is necessary and lawful.

 

 

8.3 Professional advisors and authorities

 

We may share personal data with:

 

  • Legal, financial or other professional advisors, strictly as necessary and under confidentiality.

  • Public authorities, regulators and courts where required by law or where sharing is necessary to protect our or others rights.

 

 

8.4 Corporate transactions

 

If Imitera is involved in a merger, acquisition, restructuring or sale of business or assets, personal data may be transferred to the relevant parties, subject to appropriate safeguards and in line with this Privacy Policy.

 

Whenever we share personal data, we limit sharing to what is necessary and apply appropriate safeguards.

 

 

9. International transfers

 

Some of our service providers may be located outside the EU or EEA or may store data there. When personal data is transferred to a country that does not have an adequacy decision from the European Commission, we will ensure an adequate level of protection by:

 

  • Using Standard Contractual Clauses adopted by the European Commission, and where necessary

  • Implementing additional technical and organisational safeguards such as encryption and strict access controls

 

You can contact us for more information about specific third country transfers and the safeguards used.

 

 

10. Data retention

 

We keep personal data only for as long as necessary for the purposes for which it was collected, or as required by law.

 

As a guideline:

 

  • Website logs and security data

    Kept for a limited period, typically a few months, unless needed longer for incident investigation.

  • Contact enquiries and demo requests

    Kept for as long as necessary to handle your request and for a reasonable follow up period, typically up to 2 to 3 years after the last meaningful interaction.

  • Customer and project data

    Kept for the duration of the customer relationship and then as long as required or justified by applicable limitation periods and accounting and tax rules.

  • XR usage and analytics data

    Raw identifiable session data is kept for as long as needed for project delivery and support. Aggregated or anonymised data may be retained longer for analytics and product improvement.

  • Marketing data

    Kept until you opt out or unsubscribe, plus a reasonable administrative period to implement your choice and maintain records of your preference.

  • Recruitment data

    Kept for the duration of the recruitment process and typically up to 2 years after completion, unless we are required by law to keep it longer or you consent to a longer retention for future opportunities.

  • Legal and financial records

    Kept for the periods required by Swedish law, for example for bookkeeping.

 

When personal data is no longer needed, we will delete it or anonymise it so that it can no longer be linked to an individual.

 

 

11. Security of personal data

 

We take appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.

 

These measures include, where appropriate:

 

  • Access control and role based access to systems and data

  • Use of secure communication channels such as HTTPS

  • Regular updates and security patches

  • Backups and tested recovery procedures

  • Logging and monitoring of systems

  • Internal policies and training on information security and privacy

  • Due diligence and contractual protections for service providers

 

Despite these measures, no system is completely secure. If a personal data breach occurs that is likely to result in a high risk to your rights and freedoms, we will notify the relevant supervisory authority and, when required by law, inform the affected individuals.

 

 

12. Your rights

 

Under GDPR, you have several rights regarding your personal data. These rights may be subject to conditions and exceptions.

 

  • Right of access

    You have the right to ask whether we process personal data about you and to receive a copy of that data together with information about the processing.

  • Right to rectification

    You have the right to have inaccurate or incomplete personal data corrected.

  • Right to erasure

    You have the right to request deletion of your personal data in certain situations, for example when the data is no longer necessary for the purposes for which it was collected or when you withdraw consent and there is no other legal basis.

  • Right to restriction of processing

    You have the right to request that we restrict processing in certain circumstances, for example while we verify the accuracy of data or assess an objection.

  • Right to data portability

    When processing is based on consent or contract and carried out by automated means, you may have the right to receive your personal data in a structured, commonly used and machine readable format and to have it transmitted to another controller where technically feasible.

  • Right to object

    You have the right to object at any time to processing based on our legitimate interests, for reasons relating to your particular situation.

    You also have an unconditional right to object to processing of your personal data for direct marketing, including profiling related to such marketing.

  • Right to withdraw consent

    Where we rely on your consent, you have the right to withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

 

If you wish to exercise any of these rights, please contact us using the details in section 1. We may need to verify your identity to protect your privacy.

 

If we process your data as a processor on behalf of a customer, we may redirect your request to that customer and assist them in handling it.

 

 

13. Complaints and supervisory authority

 

If you have concerns about our processing of your personal data, we encourage you to contact us first so we can attempt to resolve the issue.

 

You also have the right to lodge a complaint with the relevant supervisory authority. In Sweden, this is:

 

Integritetsskyddsmyndigheten (IMY) - The Swedish Authority for Privacy Protection

 

  • Postal address: Integritetsskyddsmyndigheten, Box 8114, 104 20 Stockholm, Sweden

  • Phone: +46 (0)8 657 61 00

  • Email: imy@imy.se

  • Website: https://www.imy.se

 

You can lodge a complaint with the authority in the EU or EEA member state where you live, where you work, or where you believe the infringement occurred.

 

 

14. Children and young users

 

Our websites, XR platform and B2B marketing are aimed primarily at organisations and adult professionals.

 

If we are involved in projects that include students or children (for example educational XR projects), the school, municipality or similar organisation is usually the primary controller and responsible for providing information and collecting any necessary consents. In those cases, we act as a processor and process student data only on that organisation’s documented instructions.

 

If you believe we have collected personal data about a child in a way that is not compliant with this Privacy Policy or applicable law, please contact us so we can investigate and take appropriate action.

 

 

15. Social media and third party sites

 

We use third party platforms, such as LinkedIn and other networks, to communicate and share content. When you interact with us on these platforms, the platform provider and Imitera may act as separate controllers for different aspects of the processing.

 

Our websites may contain links to third party websites or services that we do not control. This Privacy Policy does not cover those sites and we are not responsible for their content or privacy practices. We encourage you to read their privacy information.

 

 

16. When we act as a processor

 

In many XR projects, our customers decide which individuals participate, what data is collected and how it is used. In those cases:

 

  • The customer is the data controller and is responsible for providing information to participants.

  • Imitera is a data processor and processes personal data only on the customer’s documented instructions.

  • Our responsibilities and obligations are defined in the data processing agreement with the customer.

 

We may still act as an independent controller for certain limited purposes, such as contact details for customer representatives, aggregated analytics for improving our technology and data we must keep to comply with legal obligations.

 

 

17. Automated decision making and profiling

 

We do not currently use personal data to make decisions that are based solely on automated processing and that produce legal effects or similarly significantly affect you.

 

We may use limited profiling for standard B2B marketing, for example to:

 

  • Segment contacts by industry, role or previous interactions

  • Decide which type of content or invitations may be most relevant to you

 

You can object to such profiling when it is connected to direct marketing, and we will stop that processing.

 

 

18. Changes to this Privacy Policy

 

We may update this Privacy Policy when our processing changes or when required by law.

 

When we make changes, we will:

 

  • Update the “Last updated” date at the top of this document.

  • Where appropriate, provide additional notice, for example on our website or by email.

 

We recommend that you review this Privacy Policy periodically to stay informed about how we process personal data.

 

bottom of page