Privacy Policy

Your privacy is important to Veero Analytics, LLC (“Veero”, “we,” or “us”).  This Privacy Policy describes the information practices of Veero in connection with the Veero Site and the Application, including what type of information is gathered and tracked, how the information is used, and with whom the information is shared. As described below, this Privacy Policy applies to your interactions with the Veero Site and the Application as well as other interactions with Veero. 

BY USING THE VEERO SITE OR THE APPLICATION, YOU INDICATE YOUR UNDERSTANDING AND ACCEPTANCE OF THESE TERMS OF THIS PRIVACY POLICY. IF YOU DO NOT ACCEPT THESE TERMS, DO NOT USE THE VEERO SITE OR THE APPLICATION.

Please carefully read this Privacy Policy as it may have changed since your last visit to the Veero Site or Application. Continued use of the Veero Site or Application indicates your understanding and acceptance of any changes made to this Privacy Policy and posted to the Veero Site. This Privacy Policy does not cover the privacy practices of any Retailers or any third-party websites to which the Veero Site may link.

Definitions

• “Application” means the Veero application available as: (i) an in-browser application on Retailer Sites, and (ii) a native iOS application on compatible End User devices.
• “End User” means a person using the Application.
• “Personal Information” means data that reasonably can be used to identify or describe an individual, such as your name, business affiliation, postal address, telephone number, or email address.
• “Retailer” means an entity that makes the Application available through its Retailer Site.
• “Session” means each instance that an End User uses the Application.
• “Site Form” means any tool or form available on the Veero Site that can be used to request a demonstration, contact Veero, or submit information to Veero for any other purpose.
• “Veero Site” means www.veero.ai.
• “Visitor” means any person who uses the Veero Site, which includes browsing the Veero Site or submitting a Site Form.

Applicability

This Privacy Policy applies to all information collected from End Users and Visitors by Veero (or carefully selected third parties acting on our behalf). This Privacy Policy does not apply to:

• Information provided by End Users to Retailers. This Privacy Policy does not cover the practices or policies of any Retailer with respect to information provided by End Users. Any activity by the End User on any Retailer Site, other than use of the Application, as well as any information provided to the Retailer by the End User through other means, is subject to the Retailer’s privacy policy. We encourage you to read the privacy policies of Retailers.
• Information collected from Retailers and their employees or personnel. Retailers using the Application on Retailer Sites will be subject to a separate agreement between Veero and the Retailer, and the exchange of information between Veero and Retailers will be governed solely by such agreement.

INFORMATION WE COLLECT

We collect different information from End Users and Visitors as described further below.

Information collected from End Users: Retailers make the Application available on Retailer Sites as an e-commerce tool to simplify the End User’s shopping experience. When an End User opens or otherwise accesses the Application (thus commencing a Session), the End User will be asked to scan their face using the camera on the End User’s device. The Application processes the scan of the End User’s face (the “Scan”) and generates measurements from the Scan (the “Measurements” and collectively with the Scan, “End User Data”) for the purpose of identifying products sold on the Retailer Site that correspond with the End User Data based on Retailer-provided criteria. End User Data is only collected when the End User uses the Application in connection with a transaction between the End User and the Retailer. Note that End User Data is anonymized and does not contain Personal Information.

Information collected from Visitors: We collect certain information from Visitors using the Veero Site as described herein. The information collected from Visitors may include Personal Information, however, we only collect Personal Information when you voluntarily provide it to us. Visitors do not need to provide Personal Information to simply browse the Veero Site.

We may collect your Personal Information when you:

• submit a Site Form;
• subscribe to marketing communications from Veero;
• participate in surveys and evaluations;
• request information or materials;
• apply for a position, or submit your resume to Veero;
• submit questions or comments to Veero;
• submit any information to Veero; or
• contact Veero by any means using information available on the Veero Site.

The types of Personal Information we collect may include (but are not limited to):

• your first and last name;
• your home, billing, or other physical address (including street name, city/town, state/province, postal code);
• your email address;
• your telephone number; and
• any other identifier that permits Veero to make physical or online contact with you.

HOW WE USE YOUR INFORMATION

Use of End User Data: Veero only uses End User Data to facilitate the transaction requested by the End Users on the Retailer Site. As discussed above, End User Data consists of Scans and Measurements. We use the Scan during the Session for the purpose of generating Measurements, and we use Measurements to assist the End User in identifying and purchasing products sold on the Retailer Site. For End Users using the Application on an Apple device, we use the TrueDepth API in connection with the End User’s device camera to collect Scans. The information collected by the TrueDepth API is used in real time to create the Scan and never leaves the End User’s device. All Scans, whether or not collected by the TrueDepth API, exist transitorily and are only accessible during the Session. Veero does not store nor retain any Scans, and Veero does not share Scans with any third parties. Measurements are retained by Veero for thirty (30) days following the Session and may be shared with the Retailer during this thirty-day period. Veero does not share Measurements with any third parties other than Retailers. Please note that End User Data does not contain Personal Information, thus the section below titled “Sharing of Personal Information” does not apply to End User Data. End User Data is only shared as described in this paragraph.

Use of Visitor Information:  Veero collects and uses Visitors’ information, including Personal Information, to operate and improve the Veero Site and Application, and to deliver the services or carry out the transactions requested by the Visitor. These uses may include providing you with more effective customer service; making the Veero Site or Application easier to use by eliminating the need for you to repeatedly enter the same information; performing research and analysis aimed at improving our products, services, and technologies; and displaying content and advertising that are customized to your interests and preferences. We also use your Personal Information to communicate with you. We may send certain mandatory service communications such as welcome letters, information updates, information on technical service issues, and security announcements. We may also contact you to inform you of other products or services available from Veero and its affiliates.

SHARING OF PERSONAL INFORMATION

Veero will not sell, rent, or lease your information, including your Personal Information, to others. Veero shares Personal Information with other companies working on our behalf. Except as described in this Privacy Policy, we will not disclose your Personal Information to third parties for their own marketing purposes unless you have provided consent.

Sharing with third-party providers: In some cases, we use third parties to collect, use, analyze, and otherwise process information, including Personal Information, on our behalf. This includes our use of certain products and services provided by third parties for the purposes of enabling certain features on the Veero Site, such as Site Forms. For example, the information submitted through Site Forms may be processed by third-party providers such as Google. By submitting a Site Form, you consent to us sharing your Personal Information with any third party that provides us with the products or services used to enable Site Forms, or otherwise processes information on our behalf.

We occasionally hire other third parties to provide limited services on our behalf, such as handling the processing and delivery of mailings, providing customer support, hosting Veero Sites, processing transactions, or performing statistical analysis of our products and services. Service providers will be permitted to obtain only the Personal Information they need to deliver the service. They are required to maintain adequate safeguards to protect the confidentiality of the information and are prohibited from using your information for any other purpose.

Sharing with our partners: Some Veero products or services may be co-branded and offered in conjunction with another company. If you register for or use such co-branded offering, both Veero and the other company may receive information collected as part of the co-branded offering. If so, the privacy policy of such other company shall apply to that company’s use of this information. Veero may also team up with carefully selected Veero partners to participate in limited marketing campaigns solely to promote Veero’s products and services, or the partner’s products and services, to you. You may opt-out of receiving these marketing messages at any time by following the instructions in the email message. If you request something from the Veero Site (for example, a product or service, a callback, demonstration, or specific marketing materials), we will use the information you provide to fulfill your request or inquiry. To help us do this, we may share Personal Information with our partners.

Compelled disclosures: We may access or disclose your information, including your Personal Information, if we believe such action is necessary to: (a) comply with the law or legal process served on Veero or the Veero Site; (b) protect and defend the rights or property of Veero (including the enforcement of our agreements); or (c) act in urgent circumstances to protect the personal safety of users of Veero services or members of the public.

YOUR CHOICES

Opting Out:  Veero provides a number of ways for you to “opt-out” of receiving additional information from us, or having us provide your Personal Information to our partners. We may offer you these choices at the time you give us your Personal Information. If you do not wish to continue receiving certain marketing materials (e.g., email messages), you can opt-out of receiving these materials by following the instructions provided in the materials. This option does not apply to communications primarily for the purpose of administering orders, contracts, support, software updates, or other administrative and transactional notices.

How to update your information:  To modify the contact information that you have provided to us, you can contact us at privacy@veero.ai or by mailing us at 625 Mount Auburn Street, Cambridge, MA 02138. Please note that we cannot modify all information provided to us, such as anonymized data. We will comply with requests to modify information to the extent that we are able to do so.

COOKIES AND BROWSER INFORMATION

Veero uses cookies for a variety of purposes. Cookies are small text files placed on the hard drive of the Visitor’s device. Cookies are commonly used to track web activity and provide an enhanced experience when using the internet. Veero may use cookies to collect non-personally identifiable information from Visitors. We use cookies to help us better understand Veero Site usage in the aggregate so that we know what areas of the Veero Site Visitors prefer. If you simply want to browse, you do not have to accept cookies from the Veero Site. Most browsers are defaulted to accept and maintain cookies. If you do not want websites to be able to use cookies, you can alter the configuration of your browser to not accept cookies. Unless you have adjusted your browser settings so that it will refuse cookies, our system will issue cookies when you direct your browser to our Veero Site. Third party vendors, including Google, may use cookies to serve ads to you while you are using the Veero Site based on your prior visits. These cookies are not tied to your Personal Information.

With or without cookies, the Veero Site keeps track of usage data, such as the source address from which a page request originates (i.e., your IP address, domain name), date and time of the page request, the referring website (if any), and other parameters in the URL (e.g., search criteria). We use this data to better understand Veero Site usage in the aggregate so that we know what areas of the Veero Site Visitors prefer (e.g., based on the number of visits to those areas). This information is stored in log files and is used for aggregated and statistical reporting. It is not attributed to you as an individual.

End Users should review the privacy policy of the Retailer to learn if and how Retailers use cookies on Retailer Sites.

SAFEGUARDING YOUR INFORMATION

In order to protect your information, including your Personal Information, from improper disclosure, Veero uses commercially reasonable efforts to maintain a secure operating environment to protect any information we collect. Browsers offer varying degrees of security, particularly in regard to encryption. Even the same version of a browser can come with different levels of encryption. Review your browser’s settings for more information. While we are committed to protecting your privacy, please be aware that no transaction over the internet can be completely secure.

ADDITIONAL NOTICES FOR MINORS, CALIFORNIA RESIDENTS, AND INTERNATIONAL RESIDENTS

Notice to Minors and their Parents or Legal Guardians: The Veero Site is intended for adults. We do not knowingly or intentionally collect information from anyone under the age of eighteen (18) through the Veero Site. IF YOU ARE UNDER THE AGE OF 18, PLEASE DO NOT PROVIDE ANY PERSONAL INFORMATION THROUGH THE VEERO SITE. Veero cannot control what Visitors submit through the Veero Site. In the event Veero receives information from a minor, it is Veero’s practice to immediately delete such information upon discovery that such information is in Veero’s possession. If you know of a minor who has provided us with information, please contact us immediately.

Specific Provisions for California Residents: This section of the Privacy Policy applies only to individuals who reside in California. The California Consumer Privacy Act of 2018 (“CCPA”) and provides additional rights to know, delete and opt out, and requires businesses collecting or disclosing Personal Information to provide notices and means to exercise rights. For Purposes of this section, “Personal Information” has the definition set forth in the CCPA.

California Notice of Collection: In the past twelve (12) months, we or our service providers have collected the following categories of information enumerated in the CCPA in connection with the Veero Site and Application:

• First and last name, home, billing or other physical address (including street name, city/town, state/province, postal code, and country of origin), e-mail address, and telephone number, to the extent you are interacting with our Veero Site or Application;
• Information, services and products considered, accepted, rejected and other use data;
• Any other identifier that permits us to make physical or online contact with you;
• Internet activity, including history of visiting and interacting with the Veero Site or Application, browser type, browser language and other information collected automatically; and
• Any other information you have chosen to provide to us through the Veero Site or Application.

We do not generally sell information as the term “sell” is traditionally understood. However, to the extent “sale” under the CCPA would be interpreted to include any of the activities described in the “Sharing of Personal Information” section above, we will comply with applicable law as to such activity.

Right to Know and Delete: If you are a California resident, you have the right to delete Personal Information we have collected from you and you have the right to know certain information about our data practices in the preceding twelve (12) months. In particular, you have the right to request the following:

• Categories of Personal Information we have collected about you;
• Categories of sources from which the Personal Information was collected;
• Categories of Personal Information about you we disclosed for a business purpose or sold;
• Categories of third parties to whom the Personal Information was sold or disclosed for a business purpose;
• Business or commercial purpose for collecting or selling the Personal Information; and
• Specific pieces of Personal Information we have collected about you.

To exercise any of these rights, please submit a request to us at privacy@veero.ai. In the request, please specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within ten (10) days. We may require specific information from you to help us verify your identity and process your request. Please note that, in many instances, we do not collect types of information that enable us to identify you, or we do not retain such information. As such, if we do not have information that permits us to verify your identity, we may deny your requests to know or delete. A request for access can be made by you only twice within a twelve (12) month period.

Right to Opt Out: Under the CCPA, you have the right to opt out of the sale of your Personal Information to third parties at any time. Veero does not “sell” your Personal Information as it is currently defined under the CCPA. You may contact us by emailing us at privacy@veero.ai if you have any questions or concerns.

Authorized Agent: You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent’s permission to do so and verify your identity directly.

Right to Non-Discrimination: You have the right not to receive discriminatory treatment by us for the exercise of any your rights.

California Do-Not-Track Notice: We do not track Visitors over time and across third party websites, nor do we track End Users’ activity on Retailer Sites. Accordingly, we do not respond to Do Not Track (DNT) signals.

Notice to International Residents: Veero is headquartered in the United States and has service providers operating in the United States. The Veero Site and Application are primarily operated and managed on cloud-based servers located and operated within the United States. In order to submit information through the Veero Site, you may be sending your Personal Information to the United States. Accordingly, if you reside or are located outside of the United States, your Personal Information may be transferred to or accessed in a country that may not provide the same level of protection for your Personal Information. We are committed to protecting the privacy and confidentiality of Personal Information when it is transferred.

Additional Information for Visitors in the European Economic Area and United Kingdom: Veero and our service providers may receive and/or access your Personal Information in jurisdictions that may not provide levels of data protection equivalent to those in your country of residence. By using the Veero Site or Application, or otherwise interacting with us, regardless of where you live or where you provide information to us, you consent to our use and our service providers’ use of your Personal Information worldwide and to the transfer of your Personal Information to countries outside of your country of residence, including the United States. In certain circumstances, courts, regulatory agencies, law enforcement agencies, or security authorities in those other countries may be entitled to access your Personal Information.

Veero will take adequate measures designed to protect the transfer of Personal Information of individuals in the European Economic Area (EU Member States, Iceland, Liechtenstein and Norway) (“EEA”), such as relying on the European Commission-approved Standard Contractual Clauses (“EU SCCs”), as may be updated from time to time, as a legal mechanism for such transfer, or other adequate transfer mechanism as required under relevant data protection laws, as well as additional safeguards, where appropriate. A copy of these clauses may be obtained by contacting us at the email address provided herein.

For transfers to or from the United Kingdom (“UK”), we make use of the EU SCCs, as modified by the UK’s International Data Transfer Addendum (collectively the “UK SCCs”). For individuals located in the EEA or the UK, the term “Personal Information,” as used in this section, is equivalent to “personal data” under applicable European and UK data protection legislation.

If you are located in the EEA, the UK, or Switzerland, you have certain rights and protections under applicable law regarding the processing of your Personal Information, as defined by the General Data Protection Regulation (“GDPR”), and the following notices apply to you:

Legal Basis for Processing: When we process your Personal Information, we will do so in reliance on the following lawful bases:

• To perform our responsibilities under our contract with you (e.g., providing the services you requested).
• When we have a legitimate interest in processing your Personal Information to operate our business or protect our interests (e.g., to provide, maintain, and improve our services, conduct data analytics, and communicate with you).
• To comply with our legal obligations (e.g., to maintain a record of your consents and track those who have opted out of non-administrative communications).
• When we have your consent to do so (e.g., when you opt in to receive non-administrative communications from us). When consent is the legal basis for our processing your Personal Information, you may withdraw such consent at any time.

Data Retention: We store Personal Information for thirty (30) days, unless reasonably necessary to comply with our legal, regulatory, or other compliance obligations. We store other data for as long as necessary to carry out the purposes for which we originally collected it and for other legitimate business purposes, including to meet our legal, regulatory, or other compliance obligations.

Your Rights: For individuals in the European Union, according to the GDPR, you have the following statutory rights:

• Information. At the point where Personal Information is collected from the data subject, as defined by the GDPR, or obtained from another source, there is a requirement to inform the data subject about our use of that Personal Information and the rights of data subjects over it. Compliance with this right is provided within this Privacy Policy.
• Access. You have the right to obtain confirmation as to whether or not Personal Information concerning you is being processed, and, where that is the case, all necessary information to make the process transparent. You also have the right to obtain a copy of your Personal Information being processed.
• Rectification. You have the right to require rectification of inaccurate data about you.
• Erasure. You have the right to ask for the deletion of your data in certain circumstances.
• Restrict processing. You have the right to restrict processing of data under certain specified circumstances.
• Data portability. You have the right to request for the receipt or the transfer to another organization, in a machine-readable form, of your Personal Information.
• Object to processing. You have the right to ask us to stop using all or some of your Personal Information under certain specified circumstances.
• Right to withdraw consent. When you have given your explicit consent for the processing of your data, you can withdraw it at any time without justification. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

If would like to exercise your rights, please let us know by sending an email at privacy@veero.ai.

You also have the right to lodge a complaint with your local Data Protection Authority or to the Data Protection Authority where the alleged infringement took place.

MISCELLANEOUS

Changes to this Privacy Policy: Veero reserves the right to change this Privacy Policy from time to time. If we do make changes, the revised Privacy Policy will be posted on the Veero Site.

Enforcement:  Veero regularly reviews its compliance with this Privacy Policy. Please feel free to direct any questions or concerns regarding this statement or Veero Site treatment of Personal Information by contacting us at the addresses indicated below.

Links to Other Sites:  The Veero Site may provide links to third-party websites, such as those of our business partners and online advertisers. You should review their privacy policies to learn more about what, why, and how they collect and use personally identifiable information.

For Questions or Concerns:  If you have questions or concerns regarding this statement, you should first contact privacy@veero.ai. Other correspondence may be sent to:

Veero Analytics, LLC

625 Mount Auburn Street

Cambridge, MA 02138

This Privacy Policy was last amended on January 3, 2023.