Ditto’s respective products collect the following facial, biometric, and personal data for the purpose of showing virtual eyewear on a user’s face, providing insights about a user’s face, and customizing eyewear recommendations for a user.
Clients subject to the EU data laws, rules, and regulations (e.g., the GDPR) must enter into a EU Data Processing Agreement (“DPA”) before Ditto is lawfully permitted to process personal data that the Client collected. Under some scenarios, a Client may demand that all end-user data be processed and remain in the EU with the exception of limited data transfers to facilitate Ditto troubleshooting and investigations. Ditto uses the Standard Contractual Clauses (an exhibit to Ditto’s DPA) to make this limited data transfer lawful. All other data is processed in Ireland.