Privacy Policy

Last Updated: March 24, 2025

This Privacy Policy (“Policy”) explains how XR Double and its associated sub-brands (including but not limited to XR Double Lab, XR Double Records, and Xarrallax) (“we,” “us,” or “our”) collect, use, disclose, and protect personal information (“Personal Data”) from users (“you,” “your”) who access or use any of our websites, mobile applications, products, or services (collectively, the “Services”). By accessing or using our Services, you acknowledge that you have read and understood this Policy.

We are committed to complying fully with global data protection laws, including but not limited to the EU General Data Protection Regulation (GDPR), the UK Data Protection Act (UK GDPR), and the California Consumer Privacy Act (CCPA).

If you do not agree with any part of this Policy, please discontinue using our Services immediately.

I. INTRODUCTION

I.I WHO WE ARE

XR Double is a global brand providing various online services and product offerings under multiple sub-brands (for example, XR Double Lab, XR Double Records, Xarrallax). Depending on the circumstances, we may act as a data controller (when we determine the purposes and means of the processing of Personal Data) or as a data processor (when we process Personal Data on behalf of third parties).

For instance, we act as a data controller when you create an account or purchase a product from us, and as a data processor when processing data on behalf of artists or partners using our Services.

I.II SCOPE

This Policy applies to any Personal Data collected through our Services, including websites, mobile apps, social media pages, online marketplaces, or offline activities that link or refer to this Policy.

II. INFORMATION WE COLLECT

II.I INFORMATION YOU VOLUNTARILY PROVIDE

  • Identity Data: Full name, date of birth, gender.
  • Contact Data: Email address, phone number, billing/delivery address, country of residence.
  • Account Data: Username, password, and associated profile information; data from social media accounts if you choose to log in via those platforms.
  • Payment Data: Credit/debit card details, transaction history, billing information, payment method details.
  • User-Generated Content: Comments, reviews, photos, videos, images, personal descriptions, or other content you choose to upload or share.
  • Important: If you upload or share third-party data (for example, photos containing someone else’s personal information), you must have the legal right to do so.

II.II AUTOMATICALLY COLLECTED INFORMATION

When you access or interact with our Services, we may automatically collect certain data, which may include:

  • Technical Data: IP address, browser type/version, operating system, device identifiers, network data.
  • Usage Data: Pages visited, page interaction details (clicks, scrolling), time spent, response times, download errors, user journey analytics.
  • Location Data: Approximate or precise geolocation based on your IP address or device settings, in compliance with applicable laws.
  • Preference Data: Language preferences, time zone, or other personalized settings.

II.III INFORMATION FROM THIRD PARTIES

We may obtain Personal Data about you from third-party sources, such as:

  • Social Media Platforms: If you link or log in via your social media account.
  • Analytics Providers & Advertising Partners: Aggregated data on how users interact with our ads or content.
  • Other Publicly Accessible Sources: Public forums, directories, or government registries (where lawful).

III. LEGAL BASIS FOR DATA PROCESSING (GDPR & UK GDPR)

Under the EU GDPR and UK GDPR, we rely on one or more of the following legal bases to process your Personal Data:

  • Consent: You have given clear consent for specific purposes (e.g., receiving marketing emails, targeted advertising).
  • Contractual Necessity: Processing is necessary to fulfill our contractual obligations (e.g., when you purchase a product or create an account).
  • Legal Obligations: Compliance with applicable laws or regulations (e.g., tax, audit, or law enforcement requests).
  • Legitimate Interests: Processing is required to serve our legitimate business interests (e.g., improving Services, fraud prevention, ensuring network security), provided these interests do not override your fundamental rights and freedoms.

Where we rely on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing before the withdrawal.

IV. HOW WE USE YOUR PERSONAL DATA

We use your Personal Data for the following (collectively, the “Processing Purposes”):

  • Service Delivery
    Providing, operating, and maintaining our Services, including order processing, digital content delivery, and subscription management.
  • Account & Transaction Management
    Managing your user account, verifying your identity, processing payments, and communicating regarding your transactions.
  • Customer Support & Communication
    Responding to inquiries, providing troubleshooting, or offering customer support via email, chat, or phone.
  • Marketing & Promotions
    Sending marketing communications, newsletters, or promotional materials (where legally permitted and subject to your consent).
    Conducting market research and user analytics.
  • Security & Fraud Prevention
    Detecting, preventing, and investigating fraudulent or unauthorized activities, enforcing our Terms & Conditions, and protecting our users and infrastructure.
  • Legal & Regulatory Compliance
    Complying with applicable laws, regulations, court orders, and lawful requests.

V. SHARING AND DISCLOSURE OF YOUR PERSONAL DATA

V.I NO SALE OF PERSONAL DATA

We do not sell your Personal Data to third parties. We may disclose your information only in the ways described below:

V.II SERVICE PROVIDERS (PROCESSORS)

We work with third-party service providers who help us operate and improve our Services. These may include payment processors, analytics platforms, hosting providers, marketing tools, and customer support services. All service providers are bound by confidentiality agreements and must comply with relevant data protection regulations.

V.III LEGAL COMPLIANCE

We may disclose Personal Data if required by law, court order, or governmental request, or when we believe disclosure is necessary to:

  • Protect our rights, safety, or property.
  • Investigate or prevent suspected wrongdoing in connection with the Services.
  • Comply with any applicable legal or regulatory requirements.

V.IV CORPORATE TRANSACTIONS

In the event of a merger, acquisition, sale of assets, or restructuring, your Personal Data may be transferred as part of the transaction, subject to appropriate confidentiality obligations.

VI. DATA SECURITY

We implement robust technical and organizational measures to protect your Personal Data against accidental loss, unauthorized access, misuse, alteration, or disclosure. These measures include:

  • Encryption: Secure Socket Layer (SSL) or Transport Layer Security (TLS) to protect data in transit.
  • PCI DSS Compliance: Applied to all payment processing systems operated by us or our third-party payment providers.
  • Access Controls: Restricted access to databases, firewalls, and multi-factor authentication.
  • Monitoring & Audits: Regular security assessments, system audits, and intrusion detection.

While we implement industry-standard safeguards, no method of transmission or storage can be guaranteed to be completely secure.

VII. DATA RETENTION

We retain your Personal Data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements. When we no longer need your data for these purposes, we will securely delete or anonymize it.

  • Transaction Records: Financial records may be retained for legal or tax obligations, typically up to 7 years, in accordance with applicable regulations.
  • Marketing Data: Maintained until you opt out or request deletion.

VIII. INTERNATIONAL DATA TRANSFERS

Your Personal Data may be transferred to, stored, or processed in countries outside your home jurisdiction, including the United States, the United Kingdom, and the European Union. In such cases, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs), approved by the European Commission
  • Adequacy Decisions, issued by the European Commission for countries deemed to provide an adequate level of data protection
  • Legally Binding Corporate Rules, when adopted by relevant service providers to ensure the protection of your Personal Data

By using our Services, you acknowledge that your Personal Data may be transferred internationally, subject to these protective measures.

IX. YOUR PRIVACY RIGHTS

Depending on your jurisdiction, you may have the following rights over your Personal Data:

  • Right of Access
    Request a copy of your Personal Data.
  • Right of Rectification
    Correct inaccuracies or incomplete information.
  • Right to Erasure (“Right to be Forgotten”)
    Request deletion under specific circumstances (e.g., when data is no longer needed for its original purpose).
  • Right to Restrict Processing
    Temporarily or permanently stop processing your data under certain conditions.
  • Right to Data Portability
    Receive your Personal Data in a commonly used, machine-readable format.
  • Right to Object
    Object to certain processing activities, such as direct marketing or profiling.
  • Withdraw Consent
    Revoke consent at any time where processing is based on consent.
  • Right to Lodge a Complaint
    File a complaint with a data protection authority in your country of residence or the place of an alleged infringement.

To exercise these rights, please contact us at privacy@xrdouble.com. We will respond within 30 calendar days. We may request proof of identity before fulfilling your request.

X. CHILDREN’S PRIVACY

X.I AGE RESTRICTIONS

Our Services are not intended for individuals under the age of 18 (or the minimum age in your jurisdiction). If you are under 18, please do not use or provide any Personal Data through our Services.

X.II NO INTENTIONAL COLLECTION

We do not knowingly collect Personal Data from children. If such data is discovered, it will be promptly deleted.

X.III PARENTAL GUIDANCE

Parents or guardians who believe their child has provided us with Personal Data without their consent may contact us to request deletion.

XI. COOKIES & TRACKING TECHNOLOGIES

We use cookies, web beacons, pixels, and similar tracking technologies to:

  • Enhance Your Experience
    Save preferences, remember login details, and personalize content.
  • Analyze Traffic
    Understand website usage, performance metrics, and user behavior.
  • Marketing & Advertising
    Deliver relevant ads, measure campaign effectiveness, and track conversions.

XI.I TYPES OF COOKIES

  • Essential Cookies
    Required for basic site functionality (e.g., session management).
  • Analytical/Performance Cookies
    Collect information on how you interact with the Services, helping us improve them.
  • Functional Cookies
    Tailor the Services to provide enhanced features and personalization.
  • Marketing Cookies
    Track your browsing habits to deliver relevant advertising.

You can manage or disable cookies in your browser settings. In addition, you may adjust your cookie preferences through the cookie settings panel shown when you first visit our website.

XII. THIRD-PARTY WEBSITES & SERVICES

Our Services may contain links or references to third-party websites, tools, or services. We do not control and are not responsible for the privacy practices or content of third-party websites or services. We encourage you to review the privacy policies of these third parties before providing any Personal Data to them.

XIII. CHANGES TO THIS PRIVACY POLICY

We may occasionally update this Privacy Policy to reflect operational, legal, or regulatory changes. Any changes will be effective immediately upon posting the revised Policy, along with an updated Last Updated date at the top.

  • Material Changes
    If we make material changes that affect how we handle your Personal Data, we will notify you (for example, via email or a prominent notice on our website).

We encourage you to review this page periodically to remain informed about our current privacy practices.

XIV. CONTACT INFORMATION & DATA PROTECTION TEAM

If you have questions, concerns, or requests related to this Privacy Policy or our data practices, please contact:

XR Double Privacy Team
Email: privacy@xrdouble.com

We take your privacy concerns seriously and will respond to any request or complaint in a timely manner.
Please note that we only accept data privacy requests via email.

XV. COMPLIANCE STATEMENTS

XV.I GDPR & UK GDPR

XR Double is fully committed to compliance with the General Data Protection Regulation (EU 2016/679) and UK GDPR. We ensure legal bases for processing Personal Data and maintain records of processing activities.

XV.II CALIFORNIA CONSUMER PRIVACY ACT (CCPA)

If you are a California resident, you have the right to request disclosure of Personal Data collected, request deletion of such data, and to opt out of the sale of personal information (which we do not engage in). For more information, please contact us at the email address provided above.

XV.III GLOBAL COVERAGE

In jurisdictions beyond the EU, UK, and California, we strive to comply with applicable local data protection laws and regulations to the extent they apply to our business operations.

IMPORTANT NOTE
By using our Services, you agree to the collection, processing, and sharing of your Personal Data as described in this Policy. If you do not agree, please discontinue using our Services immediately.