Privacy Notice for Project Aria Partner Services
Last updated December 12, 2022
For context, Meta entered into research collaborations with certain academic and industry partners (each a "Partner") to enable the Partner to use Project Aria devices and related services in connection with its research in the area of augmented reality. References to “Meta”, “us”, “we”, or “our” means either Meta Platforms, Inc. (“Meta Platform”) or Meta Platforms Ireland Ltd. (“Meta Ireland”), as appropriate. If you work for an EEA Partner, Meta Ireland is the controller of the Personal Information we collect about you; if you work for a non-EEA Partner, Meta Platforms is the controller. For purposes of this Privacy Notice, “EEA Partner” means any Partner with a principal place of business in the EEA, Switzerland, or UK.
To help facilitate this research, we provide the Partner and its personnel access to Project Aria devices (each, an “Aria Device”) and related services, which can include a web portal, a companion app, desktop companion tool and an AWS service (“Aria Services”). The Aria Services are designed to facilitate Partner’s research in connection with data it collects with the Aria Device.
You are receiving this notice (“Privacy Notice”) because you are requesting or require access to the Aria Device and Aria Services to perform work on behalf of a Partner. This Privacy Notice applies to the Personal Information we collect about you in connection with your use of (or your application to use) the Aria Services, including the onboarding process to provide you with the Aria Device and access to the Aria Services.
This Privacy Notice does not apply to the processing of Personal Information by Partners in connection with its research. To learn about such processing, reach out to the Partner on whose behalf you are conducting the research.
When we say “Personal Information” in this Privacy Notice, we mean information related to any identified or identifiable individual. In other words, it is information about a specific individual who can be identified and does not include information that is aggregated or information that cannot be reasonably linked to you.
1. What Personal Information do we collect about you?
The following categories of information are collected when you register your interest in using the Aria Device (i.e. via the Partnership Intake Form), during Partner onboarding when you are provided with the Aria Device and access to the Aria Services and when you use the Aria Services:
Collection of Telemetry and Device Location Information is limited to university Partners.
2. How do we use your Personal Information?
We use the categories of Personal Information collected above to do the following:
3. How long do we retain information?
We retain your Personal Information until it is no longer necessary for the purposes described above. This is a case-by-case assessment — for example, we retain information to help ensure we can defend legal claims based on the limitation periods in the countries in which we operate. When determining this period, we consider the nature of the data, the purposes for which it is processed, our legal obligations, audit procedures and other relevant legal or operational retention needs.
4. What information do we collect/share about California users?
In the preceding 12 months, we have: (1) collected the following categories of information: identifiers, commercial information, location information and internet or other electronic network activity information (Sections 1 and 2 above provide details about the precise data points we collect, the categories of sources of such collection and the business purposes for which we use the information) and (2) disclosed the following categories of personal information for business purposes to the following categories of recipients:
Categories of Recipients: Service providers and Meta companies. We may also share with law enforcement or other third parties in connection with legal requests, and regulators, law enforcement or others when we believe it is necessary to (a) detect, prevent and address fraud, unauthorized use of Meta products and services, violations of our terms or policies, or other harmful or illegal activity; (b) protect ourselves (including our rights or property), you or others, including as part of investigations or regulatory inquiries; or (c) prevent death or imminent bodily harm
Categories of Recipients: Service providers and Meta companies. We may also share with law enforcement or other third parties in connection with legal requests, and regulators, law enforcement or others when we believe it is necessary to (a) detect, prevent and address fraud, unauthorized use of Meta products and services, violations of our terms or policies, or other harmful or illegal activity; (b) protect ourselves (including our rights or property), you or others, including as part of investigations or regulatory inquiries; or (c) prevent death or imminent bodily harm
Categories of Recipients: Service providers and Meta companies. We may also share with law enforcement or other third parties in connection with legal requests, and regulators, law enforcement or others when we believe it is necessary to (a) detect, prevent and address fraud, unauthorized use of Meta products and services, violations of our terms or policies, or other harmful or illegal activity; (b) protect ourselves (including our rights or property), you or others, including as part of investigations or regulatory inquiries; or (c) prevent death or imminent bodily harm
Categories of Recipients: Service providers. We may also share with law enforcement or other third parties in connection with legal requests, and regulators, law enforcement or others when we believe it is necessary to (a) detect, prevent and address fraud, unauthorized use of Meta products and services, violations of our terms or policies, or other harmful or illegal activity; (b) protect ourselves (including our rights or property), you or others, including as part of investigations or regulatory inquiries; or (c) prevent death or imminent bodily harm
We do not sell or share (as that term is defined in the California Consumer Privacy Act) your personal information, nor do we knowingly sell personal information about consumers under the age of 16.
5. What is our legal basis in the EEA, UK or Switzerland?
Legitimate Interests
We rely on our legitimate interests or the legitimate interests of a third-party where they are not outweighed by your interests or fundamental rights and freedoms:
Legitimate Interests Relied On: It is in our interest and the interest of potential Partners to facilitate expressions of interest by potential Partners in using the Aria Device.
Information Categories Used: Contact Information
Legitimate Interests Relied On: It is in our interest and the interest of Partners to provide Partners with the Aria Device and set them up so they can access the Aria Services.
Information Categories Used: Contact Information, Device Information, and Account Information
Legitimate Interests Relied On: It is in our interest and the interest of Partners to continuously maintain the Aria Services and ensure Partners can use the Aria Services at all times.
Information Categories Used: Contact Information, Device Information, Account Information, Telemetry Information, Usage Information and Other Information
Legitimate Interests Relied On: It is in our interest and the interest of potential Partners to communicate with potential Partners who have expressed an interest in using the Aria Device. It is also in our interest and the interest of Partners to communicate with Partners during the term of the Project Aria Evaluation or Research Agreement.
Information Categories Used: Contact Information, Device Information, Account Information, Telemetry Information, Usage Information and Other Information
Legitimate Interests Relied On: It is in our interest to prevent and address harmful or illegal activity.
It is in our interest to protect ourselves (including our rights, personnel, property, or products), our users or others, including as part of investigations or regulatory inquiries; or to prevent death or imminent bodily harm.
Relevant law enforcement, government authorities and Partners have a legitimate interest in investigating and combating illegal behavior.
Information Categories Used: Contact Information, Device Information, Account Information, Usage Information, Location Information, and Other Information
Legitimate Interests Relied On: It is in our interest to seek legal advice and protect ourselves (including our rights, personnel, property or products), our Partners or others, including as part of investigations or regulatory inquiries and litigation or other disputes.
Information Categories Used: Contact Information, Device Information, Account Information, Usage Information, Location Information, and Other Information
Compliance with a legal obligation
Where we comply with a legal obligation including, for example, to access, preserve or disclose certain information if there is a valid legal request from a regulator, law enforcement or others.
Contact Information, Device Information, Account Information, Telemetry Information, Usage Information, Location Information, and Other Information
6. With whom do we share and where do we process your Personal Information?
We share all the above categories of Personal Information with the following recipients:
We share information globally, both within the Meta Companies and externally with the other recipients listed above. We may process your information in the countries other than the country in which you live (including the United States). We utilize the European Commission’s Standard Contractual Clauses and rely on the European Commission's adequacy decisions about certain countries, as applicable, for data transfers from the UK, Switzerland or the EEA to the United States and other countries. You may request a copy of the Standard Contractual Clauses that we have entered into with the entity processing your data by using the contact information provided below.
7. Your privacy rights
Subject to the laws in the country in which you live, you have the following rights to:
If you work for an EEA Partner, you also have the right to object to Meta’s processing of your Personal Information where Meta is relying upon legitimate interests to process your Personal Information. If you object, we will stop the processing unless we can demonstrate on compelling legitimate grounds for the processing that overrides your interests, rights and freedoms.
Although some of these rights apply generally, certain rights apply only in certain limited circumstances.
You can exercise your rights by using the contact information provided below. Although some of these rights apply generally, certain rights apply only in certain limited circumstances. We may verify your request by asking you to provide information related to your recent interactions with us, such as asking you to answer questions regarding your use of our Services. We will not discriminate against you if you exercise any of these rights. If we receive your request from an authorized agent who does not provide a valid power of attorney, we may ask the authorized agent to provide proof that you gave the agent signed permission to submit the request to exercise rights on your behalf. In the absence of a valid power of attorney, we may also require you to verify your own identity directly with us or confirm to us that you otherwise provided the authorized agent permission to submit the request. If you are an authorized agent seeking to make a request, please contact us as set out in Section 9 below.
If you work for an EEA Partner, you have the right to lodge a complaint with Meta’s lead supervisory authority under the GDPR, the Irish Data Protection Commission, or any other competent data protection supervisory authority. If you are located in the United Kingdom, you have the right to lodge a complaint with the Information Commissioner’s Office. If you are located in Switzerland, you have a right to lodge a complaint with the Federal Data Protection and Information Commissioner.
8. Updates to this Privacy Notice.
We may make changes to this Privacy Notice from time to time. Any changes to this Privacy Notice will take effect upon posting at www.fburl.com/ariawiki, in accordance with applicable law. We will display the “Last Updated” date on those updates so you can check the Privacy Notice for any changes. We will also proactively notify you if we make material changes to this Privacy Notice (e.g., changes to the purposes for which we use your Personal Information).
9. Contact information
If you work for an EEA Partner, you can contact Meta Ireland by email at ariaprivacy@fb.com or by post at:
Meta Platforms Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland
You can also contact Meta Ireland’s DPO by filling out the contact form available here.
If you work for a non-EEA Partner, you can contact Meta Platforms at ariaprivacy@fb.com.