Privacy Notice for Project Aria Partner Services
Last updated December 12, 2022
For context, Meta entered into research collaborations with certain academic and industry partners (each a "Partner") to enable the Partner to use Project Aria devices and related services in connection with its research in the area of augmented reality. References to “Meta”, “us”, “we”, or “our” means either Meta Platforms, Inc. (“Meta Platform”) or Meta Platforms Ireland Ltd. (“Meta Ireland”), as appropriate. If you work for an EEA Partner, Meta Ireland is the controller of the Personal Information we collect about you; if you work for a non-EEA Partner, Meta Platforms is the controller. For purposes of this Privacy Notice, “EEA Partner” means any Partner with a principal place of business in the EEA, Switzerland, or UK.
To help facilitate this research, we provide the Partner and its personnel access to Project Aria devices (each, an “Aria Device”) and related services, which can include a web portal, a companion app, desktop companion tool and an AWS service (“Aria Services”). The Aria Services are designed to facilitate Partner’s research in connection with data it collects with the Aria Device.
You are receiving this notice (“Privacy Notice”) because you are requesting or require access to the Aria Device and Aria Services to perform work on behalf of a Partner. This Privacy Notice applies to the Personal Information we collect about you in connection with your use of (or your application to use) the Aria Services, including the onboarding process to provide you with the Aria Device and access to the Aria Services.
This Privacy Notice does not apply to the processing of Personal Information by Partners in connection with its research. To learn about such processing, reach out to the Partner on whose behalf you are conducting the research.
When we say “Personal Information” in this Privacy Notice, we mean information related to any identified or identifiable individual. In other words, it is information about a specific individual who can be identified and does not include information that is aggregated or information that cannot be reasonably linked to you.
1. What Personal Information do we collect about you?
The following categories of information are collected when you register your interest in using the Aria Device (i.e. via the Partnership Intake Form), during Partner onboarding when you are provided with the Aria Device and access to the Aria Services and when you use the Aria Services:
- Contact Information, such as first and last name, address, Partner name, country, and email.
- Device Information, such as the serial number, operation system and authentication token of the Aria Device we send you.
- Account Information, such as the username and password for the account to access certain Aria Services.
- Telemetry Information, such as the duration and number of recordings made using Aria Devices issued to university Partners.
- Device Location Information, with an approximate accuracy of 10 miles (16 kilometers).
- Usage information relating to your use of certain Aria Services; for example, the IP address used to access the AWS service, and total number of sequences processed, active users, actions taken, and services requested and rendered.
- Authentication information collected through cookies. We use an AWS session cookie on the web portal, which is necessary to authenticate you to login to the Aria Services.
- Other Information you may choose to provide (e.g., if you include Personal Information in feedback you share through the Aria Services).
Collection of Telemetry and Device Location Information is limited to university Partners.
2. How do we use your Personal Information?
We use the categories of Personal Information collected above to do the following:
- Register the interests of potential Partners to use the Aria Device.
- Communicate with potential Partners.
- Onboard Partners, including:
- Assessing the Partner’s project plan.
- Executing the relevant contract with the Partner, as well as retaining a record of the signed contract.
- Providing Partners with the Aria Device.
- Setting Partners up with a Partner Account to supply them with the web portal, desktop tool and AWS service.
- Providing Partners with a test account to supply them with the companion app.
- Authenticate login to the web portal.
- Maintain the Aria Services and enable continued access to them.
- Help facilitate the research performed by the Partner, for example, in response to a request for assistance from the Partner.
- Assess and facilitate Partner use of Aria Devices to collect egocentric data to advance augmented reality research.
- Promote safety, integrity, and security of the Aria Services (i.e., to ensure the correct Aria Device is returned).
- Comply with our legal obligations or to exercise or defend our legal rights, (i.e., to establish or defend legal claims or as part of legal inquiries or investigations).
3. How long do we retain information?
We retain your Personal Information until it is no longer necessary for the purposes described above. This is a case-by-case assessment — for example, we retain information to help ensure we can defend legal claims based on the limitation periods in the countries in which we operate. When determining this period, we consider the nature of the data, the purposes for which it is processed, our legal obligations, audit procedures and other relevant legal or operational retention needs.
4. What information do we collect/share about California users?
In the preceding 12 months, we have: (1) collected the following categories of information: identifiers, commercial information, location information and internet or other electronic network activity information (Sections 1 and 2 above provide details about the precise data points we collect, the categories of sources of such collection and the business purposes for which we use the information) and (2) disclosed the following categories of personal information for business purposes to the following categories of recipients:
Category of Personal Information
Identifiers
Categories of Recipients: Service providers and Meta companies. We may also share with law enforcement or other third parties in connection with legal requests, and regulators, law enforcement or others when we believe it is necessary to (a) detect, prevent and address fraud, unauthorized use of Meta products and services, violations of our terms or policies, or other harmful or illegal activity; (b) protect ourselves (including our rights or property), you or others, including as part of investigations or regulatory inquiries; or (c) prevent death or imminent bodily harm
Commercial information
Categories of Recipients: Service providers and Meta companies. We may also share with law enforcement or other third parties in connection with legal requests, and regulators, law enforcement or others when we believe it is necessary to (a) detect, prevent and address fraud, unauthorized use of Meta products and services, violations of our terms or policies, or other harmful or illegal activity; (b) protect ourselves (including our rights or property), you or others, including as part of investigations or regulatory inquiries; or (c) prevent death or imminent bodily harm
Internet or other electronic network activity
Categories of Recipients: Service providers and Meta companies. We may also share with law enforcement or other third parties in connection with legal requests, and regulators, law enforcement or others when we believe it is necessary to (a) detect, prevent and address fraud, unauthorized use of Meta products and services, violations of our terms or policies, or other harmful or illegal activity; (b) protect ourselves (including our rights or property), you or others, including as part of investigations or regulatory inquiries; or (c) prevent death or imminent bodily harm
Device Location Information
Categories of Recipients: Service providers. We may also share with law enforcement or other third parties in connection with legal requests, and regulators, law enforcement or others when we believe it is necessary to (a) detect, prevent and address fraud, unauthorized use of Meta products and services, violations of our terms or policies, or other harmful or illegal activity; (b) protect ourselves (including our rights or property), you or others, including as part of investigations or regulatory inquiries; or (c) prevent death or imminent bodily harm
We do not sell or share (as that term is defined in the California Consumer Privacy Act) your personal information, nor do we knowingly sell personal information about consumers under the age of 16.
5. What is our legal basis in the EEA, UK or Switzerland?
Legitimate Interests
We rely on our legitimate interests or the legitimate interests of a third-party where they are not outweighed by your interests or fundamental rights and freedoms:
Why and How We Process Your Information
We register the interest of potential Partners in using the Aria Device.
Legitimate Interests Relied On: It is in our interest and the interest of potential Partners to facilitate expressions of interest by potential Partners in using the Aria Device.
Information Categories Used: Contact Information
We onboard Partners to help them access the Aria Services.
Legitimate Interests Relied On: It is in our interest and the interest of Partners to provide Partners with the Aria Device and set them up so they can access the Aria Services.
Information Categories Used: Contact Information, Device Information, and Account Information
We maintain the Aria Services so Partners can use the Aria Services.
Legitimate Interests Relied On: It is in our interest and the interest of Partners to continuously maintain the Aria Services and ensure Partners can use the Aria Services at all times.
Information Categories Used: Contact Information, Device Information, Account Information, Telemetry Information, Usage Information and Other Information
We communicate with potential Partners and Partners, including to help facilitate the research performed by the Partner.
Legitimate Interests Relied On: It is in our interest and the interest of potential Partners to communicate with potential Partners who have expressed an interest in using the Aria Device. It is also in our interest and the interest of Partners to communicate with Partners during the term of the Project Aria Evaluation or Research Agreement.
Information Categories Used: Contact Information, Device Information, Account Information, Telemetry Information, Usage Information and Other Information
We share information with others including law enforcement and to respond to legal requests where we are not compelled by applicable law but have a good faith belief it is required by law in the relevant jurisdiction.
Legitimate Interests Relied On: It is in our interest to prevent and address harmful or illegal activity.
It is in our interest to protect ourselves (including our rights, personnel, property, or products), our users or others, including as part of investigations or regulatory inquiries; or to prevent death or imminent bodily harm.
Relevant law enforcement, government authorities and Partners have a legitimate interest in investigating and combating illegal behavior.
Information Categories Used: Contact Information, Device Information, Account Information, Usage Information, Location Information, and Other Information
We exercise or defend our legal rights, for example to establish or defend legal claims.
Legitimate Interests Relied On: It is in our interest to seek legal advice and protect ourselves (including our rights, personnel, property or products), our Partners or others, including as part of investigations or regulatory inquiries and litigation or other disputes.
Information Categories Used: Contact Information, Device Information, Account Information, Usage Information, Location Information, and Other Information
Compliance with a legal obligation
Why and How We Process Your Information
Where we comply with a legal obligation including, for example, to access, preserve or disclose certain information if there is a valid legal request from a regulator, law enforcement or others.
Information Categories Used
Contact Information, Device Information, Account Information, Telemetry Information, Usage Information, Location Information, and Other Information
6. With whom do we share and where do we process your Personal Information?
We share all the above categories of Personal Information with the following recipients:
- New owners in the event of a change of ownership or control of all or part of our products or their assets.
- Vendors and service providers who are supporting our business, such as by providing technical infrastructure services, analyzing how our product and services are used or facilitating the provision of the Aria Service.
- Law enforcement or other third parties in connection with legal requests.
- Meta Companies.
- Regulators, law enforcement or others when we believe it is necessary to: (a) detect, prevent, and address fraud, unauthorized use of Meta products and services, violations of our terms or policies, or other harmful or illegal activity; (b) protect ourselves (including our rights or property), you or others, including as part of investigations or regulatory inquiries; or (c) prevent death or imminent bodily harm.
We share information globally, both within the Meta Companies and externally with the other recipients listed above. We may process your information in the countries other than the country in which you live (including the United States). We utilize the European Commission’s Standard Contractual Clauses and rely on the European Commission's adequacy decisions about certain countries, as applicable, for data transfers from the UK, Switzerland or the EEA to the United States and other countries. You may request a copy of the Standard Contractual Clauses that we have entered into with the entity processing your data by using the contact information provided below.
7. Your privacy rights
Subject to the laws in the country in which you live, you have the following rights to:
- Access your data: You have the right to request that we disclose to you the Personal Information about you we collect, use, or disclose, and information about our data practices.
- Rectification: If your Personal Information is inaccurate or out of date, you have the right to request we rectify it.
- Erasure: In certain circumstances, you have the right to request erasure of your Personal Information that we have collected from you.
- Portability: Where we process Personal Information you have provided to us on the basis of your consent or for the performance of a contract, you have the right to request that we provide it to you in a common digital format.
- Restriction of Processing: In certain circumstances (e.g., if you need it for a legal claim), you have the right to request the restriction of the processing of your Personal Information.
- Opt out of sales. If we sell your Personal Information, you may have the right to opt out of such sales.
If you work for an EEA Partner, you also have the right to object to Meta’s processing of your Personal Information where Meta is relying upon legitimate interests to process your Personal Information. If you object, we will stop the processing unless we can demonstrate on compelling legitimate grounds for the processing that overrides your interests, rights and freedoms.
Although some of these rights apply generally, certain rights apply only in certain limited circumstances.
You can exercise your rights by using the contact information provided below. Although some of these rights apply generally, certain rights apply only in certain limited circumstances. We may verify your request by asking you to provide information related to your recent interactions with us, such as asking you to answer questions regarding your use of our Services. We will not discriminate against you if you exercise any of these rights. If we receive your request from an authorized agent who does not provide a valid power of attorney, we may ask the authorized agent to provide proof that you gave the agent signed permission to submit the request to exercise rights on your behalf. In the absence of a valid power of attorney, we may also require you to verify your own identity directly with us or confirm to us that you otherwise provided the authorized agent permission to submit the request. If you are an authorized agent seeking to make a request, please contact us as set out in Section 9 below.
If you work for an EEA Partner, you have the right to lodge a complaint with Meta’s lead supervisory authority under the GDPR, the Irish Data Protection Commission, or any other competent data protection supervisory authority. If you are located in the United Kingdom, you have the right to lodge a complaint with the Information Commissioner’s Office. If you are located in Switzerland, you have a right to lodge a complaint with the Federal Data Protection and Information Commissioner.
8. Updates to this Privacy Notice.
We may make changes to this Privacy Notice from time to time. Any changes to this Privacy Notice will take effect upon posting at www.fburl.com/ariawiki, in accordance with applicable law. We will display the “Last Updated” date on those updates so you can check the Privacy Notice for any changes. We will also proactively notify you if we make material changes to this Privacy Notice (e.g., changes to the purposes for which we use your Personal Information).
9. Contact information
If you work for an EEA Partner, you can contact Meta Ireland by email at ariaprivacy@fb.com or by post at:
Meta Platforms Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland
You can also contact Meta Ireland’s DPO by filling out the contact form available here.
If you work for a non-EEA Partner, you can contact Meta Platforms at ariaprivacy@fb.com.