Privacy Policy

General Privacy Policy for the Tobii AB – last updated on December 6th, 2021.

California residents – please refer to “Privacy Notice for California Residents” below.

Tobii AB (publ) is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using our websites, our services or our products (below we use the word "Services" for easier review), you can be assured that it will only be used in accordance with this Privacy Policy, unless we clearly state otherwise to you in connection with any particular service.

This Privacy Policy outlines how Tobii generally handles your personal data. In connection with some of our services, we will give you more specific information about our handling of your personal data, and we will, where appropriate, ask for your consent before handling your personal data. At the end of this policy, there is information on how to contact us if you have any questions or if you think anything is unclear.

Please note that this policy only covers Tobii’s use of personal data. Sometimes, other companies buy or license our technology and use it to handle personal data as part of their service offering. In such cases you should refer to the privacy policies of those respective businesses.

1. What we collect

Depending on which services you use, we process different kinds of information from or about you.

Please note that some of our services may handle types of personal data that are not listed in this privacy policy. In those cases, we will however always notify you clearly in connection with your use of such service.

Here's how:

Personal data and other information you (and others) give us.
We collect the information that you (and others) give us when using our services.

For example:

  • When you register to use our services, we may ask for information such as your name, email address and phone number.
  • For many of our services, you will have the opportunity to create a user profile (for example in one of our web-based services) and add information to your profile after registration.
  • If you buy something from us, we collect information about the transaction. This can include your payment information, purchase activity and delivery and contact details.
  • When you communicate with Tobii, you provide us with information such as your email address.
  • Depending on which services you use, you have the option of submitting information about your physical features, such as information about your eyes and disabilities concerning your eyes, or other health related data.
  • If you seek customer support for one of our services, then it's sometimes necessary for us to access your personal information to be able to help you with your problem (for example if we need to remotely control your device to troubleshoot). In those cases, we will either delete the data once the support matter has been resolved (as in the remote control case), or store the data according to applicable retention routines within the Tobii Group, if we find that either you or Tobii has a legitimate interest in doing so.
  • We collect content and information about content that you create using our services.

Personal data and other information which is automatically collected about you when you use our services.

We also collect information automatically when you are connected to our services. Depending on how you access and use our services, we collect information such as:

  • Information about how you access our services, including information about the type of device that you're using, its configuration (such as your operating system and graphics processing unit), your browser, and how your device is performing.
  • Information about the features you interact with on our services. For example, when you use our devices, we may collect information on how often you use a certain feature, including from third parties.
  • Information about you and your social media profile if you choose to access our services with a social media profile. Please note that the information you share within the scope of those social media services, is not applicable to this Privacy policy.

Third parties may also collect information about you through the services, or receive information collected about you through the services, as described below.

  • Related companies
    We may share your personal data within the Tobii Group in order to develop and improve our products and services. Such information, however, is anonymized to the best extent possible.
  • Third party companies
    Some of our services offers the opportunity to use a social media account as an access method to the service. If you choose to do so, that social media platform will receive information that you chose that access method at one of Tobii’s services, and we will receive some types of information from the social media site. How that social media platform processes your information falls outside the scope of this Privacy policy.

2. How do we use your personal data?

We use the information as set out below and to provide our services to you and our partners.

Please note that some of our services may use personal data in ways which are not described in this privacy policy. In those cases, we will however always notify you clearly in connection with your use of such service.

Here's how:

To provide and personalize our services.

We use the information we collect to provide you with our services. For example, we use this information to:

  • Provide you with hardware, content, games, apps and other needs;
  • Create accounts and user profiles;
  • Communicate with you about our services;
  • Provide technical support;
  • Notify you about updates to our services; and
  • Customize your usage based on your activities, including the content, games, apps and other experiences you interact with. This allows us to make our services unique and relevant to you, for example by showing you content that is most relevant to you.

To improve and develop your experience and our services.

We also use the information that we collect to understand, develop and improve our services. For example, we use the information to:

  • Seek and analyse input and feedback about our services;
  • Identify and address technical issues on our services;
  • Conduct and learn from research about the ways in which people use our services; and
  • Improve services offered by others, such as third parties that offer games, apps and other content connected to our services.

To promote our brand and services.
We use the information that we collect to send you promotional messages and content and otherwise market to you on and offer our services. We also use this information to measure how users respond to our marketing efforts. If you would like to opt out of receiving marketing emails, then you can always do so by follow the instructions implemented in every such promotional message.

To promote safety and security.
We use the personal data that we collect to help promote safety and security on and off our services, such as by investigating suspicious activity or breaches of our terms or policies and protecting our or others’ rights or property.

3. How is personal data shared?

To provide and support our services, information that we have about you is shared in certain circumstances. The following can see information about you when you and others use our services.

Please note that, in connection to some of our services, we may share personal data in ways which are not described in this privacy policy. In those cases, we will however always notify you clearly in connection with your use of such service.

Developers, support and other online content providers on our services

You can interact with third-party content, games, apps and other experiences through our services. We may share information about you with these partners so they can provide you with the experiences that you've requested, such as:

  • Information in your Tobii profile and about how you use our services. For example, we may provide a third-party games provider with your user id or similar, so that the games provider may deliver a game to you that you’ve purchased bundled with one of our products

  • Any other information that you choose to share with the third party through your use of the services.

  • Sharing within related companies. Depending on which services you use, we share information with companies that are part of the same group of companies that Tobii is part of, or that become part of that group, such as Tobii Pro, and Tobii Tech.

Service providers
We share the information that we collect with vendors, service providers, researchers and other partners, who work at our direction to support the services (such as hosting our services, fulfilling orders, facilitating payments, analysing the way people use our services, processing credit card payments, providing customer service or sending electronic communications for us).

Other parties in connection with certain business transactions
In the event that the ownership of Tobii (or any portion of our assets) changes as a result of a merger, acquisition or in the event of a bankruptcy, information from or about you or your device may be transferred to another company.

Law enforcement or legal requests
We share information with law enforcement or in response to legal requests in the circumstances outlined in Section 7 below.

We also share de-identified or aggregate data with others. “De-identified data” means information where we have removed identifiable data such as your name and other data that could reasonably be used to identify you. “Aggregate data” is data that has been combined with other data so that it doesn't identify any specific person. For example, we provide developers with aggregated statistics about the number of people from a particular region that use our services, so developers can create content tailored for people in that market.

4. How the Tobii companies work together

Tobii shares infrastructure, systems, and technology with other Tobii companies to provide an innovative, relevant, consistent and safe experience across all services that you use.

5. Third parties that provide content, marketing or functionality on our services

Some of the content, marketing and functionality on our services may be provided by third parties that are not affiliated with us. For example, we work with companies that help us provide content within the service that you purchased.

Please note that some of our services may be integrated with third party products or services in ways which are not described in this privacy policy. In those cases, we will however always notify you clearly in connection with your use of such service.

6. Data retention and deletion

We store data that identifies you until it is no longer necessary for us to do so, for example when you delete an account with us. This is a case-by-case determination that depends on things such as the nature of the data, why it is collected and processed, and relevant legal or operational retention needs. For example, we may retain certain purchase information for accounting and tax purposes even after you have deleted your account.
When you delete an account with us, we delete or anonymize the data you provided us with and the data we collected during your use of the services. Neither you nor us will be able to restore such deleted or anonymised data.

7. How do we respond to legal requests and minimize harm?

We access, preserve and share information with regulators, law enforcement or others:

  • In response to a legal request where we have a good faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction and is consistent with internationally recognized standards.
  • When we have a good faith belief that it is necessary to: detect, prevent and address fraud or other illegal activity; to protect Tobii, our services, you and others, including as part of investigations; or to prevent death or imminent bodily harm.

8. How we operate and transfer data as part of our global services

We share information globally, both internally within the Tobii Group and externally with our partners to fully provide the services you are entitled to receive based on the service you have purchased or subscribed to and/or otherwise are entitled to receive. Information controlled by Tobii will be transferred or transmitted to, or stored and processed in the United States, China and/or other countries outside of where you live for the purposes as described in this policy. These data transfers are necessary for us to globally operate and provide our services to you. We utilize standard contract clauses approved by the European Commission and rely on the European Commission's adequacy decisions about certain countries, as applicable, for data transfers from the EU/EEA to the United States and other countries.

9. Changes to this policy

If we make changes to this Privacy Policy, we will provide notice of such changes as appropriate, such as by sending you an email notification to the address that you've provided, and/or providing notice through the services. If we make an administrative change, we may update the "Last Updated" date at the top of this Privacy Policy.

The Data Protection Officer for Tobii AB can be contacted at dpo@tobii.com. You also have the right to lodge a complaint with the Swedish lead supervisory authority, the Datainspektionen, www.datainspektionen.se

10. What is our legal basis for processing data?

The legal ground for processing personal data varies depending on the types of data and the situation. The legal grounds we rely on at Tobii are the following:

  • If processing is necessary to fulfill our contract with you, i.e. what we are obliged to provide under the agreement between you and us. Our obligations to you vary depending on the service you are using. For example, we may need to store your name and address to keep track of our warranty obligations to you.
  • With your consent, which you may withdraw at any time. For example, when you have given your consent for Tobii to use your eye images and other personal data to develop our algorithms and thus our products. It should be noted that a withdrawal of a consent shall, and cannot, affect the lawfulness of processing that has already been carried out based on that consent before its withdrawal.
  • As necessary to comply with our legal obligations; for example, Tobii must store some purchase information to comply with tax and accounting regulations. The legal ground for this processing (storing) is therefore necessary for compliance with legal obligations.
  • Occasionally to protect your vital interests or those of others. On rare occasions, we may process your data if doing so is necessary to protect your vital interests. For example, in situations where there is an immediate risk to your health we may share information with your caregiver.
  • As necessary for our (or others) legitimate interests. Tobii has a legitimate interest in providing an innovative, personalized, safe and profitable service to our existing and future users and partners, unless those interests are overridden by your interests or fundamental rights and freedoms that require protection of personal data.

11. How can you exercise the rights provided to you under the GDPR?

Under the General Data Protection Regulation, you have the right to:

Access your data
You have the right to obtain from Tobii a confirmation of whether or not personal data concerning you is being processed, and if that is the case, a right to access information including, but not limited to, the purpose of the processing and the categories of personal data that Tobii has concerning you. By your request, Tobii is required to provide you with a copy of undergoing processing of your personal data.

Rectify your data
If it comes to your knowledge that certain personal data of yours which is being processed by Tobii is inaccurate, you have the right to obtain a rectification and in some cases a right to have incomplete data completed.

Port your data
If the legal ground for a processing of personal data is based on either (i) consent or (ii) fulfilment of a contract between you and Tobii, you have a right to receive data which you have provided us in a commonly used and machine-readable format and have the right to transmit such data to another controller.

Erase your data
You have the right to obtain from Tobii the erasure of your personal data when, for example, (i) the data no longer is necessary in relation to the purpose for which it was collected, (ii) if you withdraw a consent, (iii) if you object to the processing and there are no overriding legitimate grounds for the processing, or if (iv) the personal data have been unlawfully processed.

Restrict and object to certain processing of your data
You have the right to restrict Tobii from processing your data when, for example, (i) you contest the accuracy of the personal data, or (ii) if Tobii no longer needs certain data for the purposes of the processing.

Find out more about these rights, and how you can exercise them by either contacting Tobii at dpo@tobii.com or obtain information from the appropriate supervisory authority.

12. Contacting us

The data controller responsible for your information is Tobii AB (publ) which you can contact by e-mail at dpo@tobii.com or by post at:
Attn: Data Protection Officer
Tobii AB (publ)
Box 743
182 17 Danderyd
Sweden

Privacy Notice for California Residents

Effective Date: January 1, 2020

This California Privacy Notice (this “notice”) applies to “Consumers” as defined by the California Consumer Privacy Act (“CCPA”) as a supplement to Tobii AB’s (“Company” “us” “we” our”) other privacy policies or notices.

To aid in readability, in some places we have abbreviated or summarized CCPA terms or language. Terms defined in the CCPA that are used in this notice shall have the same meaning as in the CCPA.

This Privacy Policy outlines how Tobii generally handles your personal data. In connection with some of our services, we will give you more specific information about our handling of your personal data, and we will, where appropriate, ask for your consent before handling your personal data. At the end of this policy, there is information on how to contact us if you have any questions or if you think anything is unclear.

For more information on this notice or your California privacy rights, email us at dpo@tobii.com or, write to us at:

Attn: Data Protection Officer
Tobii AB (publ), Box 743, 182 17 Danderyd, Sweden.

Personal information we collect

We have collected the following categories of personal information from consumers within the last twelve (12) months:

Identifiers

This may include but is not limited to: a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, driver’s license number, passport number, citizenship status or other similar identifiers.

We collect this information:

  • Directly from you — for example, from forms you complete or products and services you purchase.
  • Indirectly from you — for example, from observing your actions on our Website.
  • From a third party — for example, from analytics or marketing providers.

For the purpose of:

  • Processing interactions and transactions
  • Managing interactions and transactions
  • Performing services
  • Research and development
  • Quality assurance
  • Security
  • Debugging

Personal Records

This may include information such as: physical characteristics or description, signature, telephone number, employment.

We collect this information:

  • Directly from you — for example, from forms you complete or products and services you purchase.

For the purpose of:

  • Processing interactions and transactions
  • Managing interactions and transactions
  • Performing services
  • Research and development
  • Quality assurance
  • Security
  • Debugging

Internet Usage Information

This may include, but is not limited to: browsing history, search history, and information regarding your interaction with an Internet Web site, application, or advertisement.

We collect this information:

  • Directly from you — for example, from forms you complete or products and services you purchase.
  • Indirectly from you — for example, from observing your actions on our Website.
  • From a third party — for example, from analytics or marketing providers.

For the purpose of:

  • Processing interactions and transactions
  • Managing interactions and transactions
  • Performing services
  • Research and development
  • Quality assurance
  • Security
  • Debugging

As permitted by applicable law, we do not treat deidentified data or aggregate consumer information as personal information and we reserve the right to convert, or permit others to convert, your personal information into deidentified data or aggregate consumer information.

Please note that some of our services may handle types of personal data that are not listed in this privacy policy. In those cases, we will however always notify you clearly in connection with your use of such service.

Subject to restrictions and obligations of the CCPA, our vendors may also use your personal information for some or all of the above listed business purposes. Our vendors may themselves engage services providers or subcontractors to enable them to perform services for us, which sub-processing is, for purposes of certainty, an additional business purpose for which we are providing you notice.

Sharing personal information

We may share personal information with third parties for a business purpose. In the last twelve (12) months, we have disclosed the following categories of personal information for a business purpose:

  • Identifiers
  • Personal Records
  • Internet Usage Information

We disclose your personal information for a business purpose to the following categories of third parties:

  • Our affiliates
  • Service providers
  • Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.

Please note that, in connection to some of our services, we may share personal data in ways which are not described in this privacy policy. In those cases, we will however always notify you clearly in connection with your use of such service.

In the last twelve (12) months, we have not sold any personal information.

California Privacy Rights

We provide California Consumers the privacy rights described in this section. You have the right to exercise these rights via an authorized agent who meets the agency requirements of the CCPA and related regulations. As permitted by the CCPA, any request you submit to us is subject to an identification process. We will not fulfill your CCPA request unless you have provided sufficient information for us to reasonably verify you are the consumer about whom we collected personal information.

If we cannot comply with a request, we will explain the reasons in our response. We will use personal information provided in your request only to verify your identity or authority to make the request and to track and document request responses, unless you also gave it to us for another purpose.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive or clearly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Additionally, you have the right to make or obtain a transportable copy, no more than twice in a twelve-month period, of your personal information that we have collected in the period that is 12 months prior to the request date and are maintaining. Once we receive and confirm your request, we will disclose to you:

  • The categories of PI we have collected about you.
  • The categories of sources from which we collected your PI.
  • The business or commercial purposes for our collecting or selling your PI.
  • The categories of third parties to whom we have shared your PI.
  • The specific pieces of PI we have collected about you.
  • A list of the categories of PI disclosed for a business purpose in the prior 12 months, or that no disclosure occurred.
  • A list of the categories of PI sold about you in the prior 12 months, or that no sale occurred. If we sold your PI, we will explain:
    • The categories of your PI we have sold.
    • The categories of third parties to which we sold PI, by categories of PI sold for each third party.

Deletion Request Rights

Except to the extent we have a basis for retention under CCPA, you may request that we delete your personal information that we have collected directly from you and are maintaining. Our retention rights include, without limitation, to complete transactions and service you have requested or that are reasonably anticipated, for security purposes, for legitimate internal business purposes, including maintaining business records, to comply with law, to exercise or defend legal claims, and to cooperate with law enforcement. Note also that we are not required to delete your personal information that we did not collect directly from you.

Do Not Sell

We do not sell your personal information as such is defined under the CCPA, and until such time as we change this policy by updating this notice, will treat personal information collected under that policy as subject to a do not sell request.

Our and Other’s Rights

Notwithstanding anything to the contrary, we may collect, use and disclose your personal information as required or permitted by applicable law and this may override your CCPA rights. In addition, we need not honor any of your requests to the extent that doing so would infringe upon our or any other person or party’s rights or conflict with applicable law.

Changes to Our Privacy Notice

We reserve the right to amend this notice at our discretion and at any time. When we make changes to this notice, we will notify you through a notice on our website homepage.

Contact Information

If you have any questions or comments about this notice, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:

Phone: +46 8 663 69 90
Website: www.tobii.com
Email: dpo@tobii.com
Postal Address: Box 743, S-182 17 Danderyd, Sweden
Attn: Data Protection Officer

Last Reviewed: December 6th, 2021