Scroll Top

Terms & Conditions

Privacy Policy for Mersus Technologies

Last Updated: 27/03/25

Mersus Technologies respects your privacy and is committed to protecting your personal data. Our primary objectives are to defend against information security threats, reduce the risks associated with information processing, and ensure the secure processing and storage of data. This policy explains how we collect, use, and safeguard data when you use AVATAR ACADEMY, our VR training platform, and our website.

Data We Collect

VR Training Data

We collect the following data to deliver and improve our services:

  • Biometric & Behavioural Data: Hand tracking, body movement, head positioning, and (in the future) eye tracking (when commercially available)
  • Training Metrics: Number of sessions completed, pass/fail states, total training duration
  • Technical Data: IP address, device type, browser version, and usage patterns
  • User Identity: Name, email, company/organisation, role, and username

Website Data

  • Cookies: We use Google Analytics for performance tracking. No targeting/advertising cookies are deployed

How We Use Your Data

To deliver VR training services, we process identity data (e.g., name, email), biometric data (e.g., hand/body/head tracking), and training metrics (e.g., session outcomes) under the lawful basis of contractual performance, ensuring we fulfil our obligations to you. To improve platform functionality, we analyse technical data (e.g., device/browser details) and usage patterns (e.g., interaction metrics) under legitimate interest, enabling us to optimise user experience and innovate our services. 

 

For customer support and account management, we rely on contact and identity data (e.g., email, username) to address inquiries or resolve issues, which may involve legal obligations such as retaining transaction records. Finally, for compliance and security monitoring, we process all data types under legal obligations to detect/prevent fraud, safeguard systems, and meet regulatory requirements.

Data Retention & Anonymisation

At Mersus Technologies, we are committed to responsible data management while ensuring compliance with privacy regulations. Personal data collected through AVATAR ACADEMY is retained for a maximum of 5 years, unless legal or regulatory requirements dictate a different retention period. This timeframe allows us to maintain necessary records for operational, auditing, and compliance purposes while respecting data minimisation principles.

We empower our clients with full control over their training data. Through the AVATAR ACADEMY web portal, administrators can easily add, archive, or permanently delete trainee records as needed. When personal data is deleted, our systems automatically anonymise it by stripping all identifiable information (such as names, email addresses, and user IDs), ensuring that no individual can be re-identified from the remaining data. This anonymisation process is irreversible and aligns with GDPR requirements for data erasure.

For analytical and research purposes, we retain aggregated and anonymised data (such as training trends, pass/fail rates, and session durations) indefinitely. This data, which cannot be linked back to any individual, helps us improve our platform, develop new features, and enhance training effectiveness without compromising user privacy.

 

Our approach balances transparency, user control, and compliance, ensuring that personal data is only stored for as long as necessary while preserving valuable insights in a privacy-conscious manner.

Data Security

We implement comprehensive, multi-layered security measures to protect all data processed through AVATAR ACADEMY, ensuring confidentiality, integrity, and availability in line with industry best practices and regulatory requirements.

  • Encryption: AES 256-bit encryption for data at rest and in transit (TLS 1.2)
  • Access Controls: Role-based access, multi-factor authentication, and regular audits
  • Incident Response: Breach notification within 72 hours (per GDPR) and annual penetration testing
  • Device Security: Headsets and devices are monitored for unauthorised activity

Third-Party Data Sharing and Transparency

At Mersus Technologies, we maintain strict protocols regarding third-party data sharing to ensure your information remains protected while enabling us to deliver our services effectively. We only share data when absolutely necessary and under carefully controlled circumstances.

Trusted Service Providers

We engage with select third-party vendors who provide essential services that support AVATAR ACADEMY’s operations. These include:

  • Cloud infrastructure and hosting partners that securely store and process our data
  • IT service providers assisting with system maintenance and technical support
  • Analytics platforms like Google Analytics that help us understand platform usage patterns
  • Customer support and communication tools that facilitate user assistance

All service providers undergo rigorous vetting and must agree to binding contractual obligations that meet or exceed our security and privacy standards. These agreements strictly limit data usage to specified purposes and prohibit any secondary use of your information. We regularly audit our providers to ensure ongoing compliance with these requirements.

Legal and Regulatory Disclosures

In certain exceptional circumstances, we may be legally required to disclose information to:

  • Government agencies or law enforcement, when presented with valid legal requests
  • Regulatory bodies, as part of compliance audits or investigations
  • Judicial authorities in response to court orders or subpoenas

Such disclosures are only made after careful legal review to verify the request’s validity and proportionality. We strive to notify affected individuals about these disclosures when legally permitted to do so, unless such notification would compromise an ongoing investigation or violate a court order.

Your Rights

Under GDPR, you have the right to:

  • Access, correct, or delete your data
  • Object to processing or request data portability
  • Withdraw consent (where applicable)

To exercise these rights, contact our Data Protection Officer:
Geoffrey Allen
Email: geoff@mersus.ie
Address: Suite 14, Inish Carraig Business Centre, Golden Island, Athlone, Ireland.

Contact Us

For questions or concerns, contact hello@mersus.ie or file a complaint with the Irish Data Protection Commission (www.dataprotection.ie).