Date: May 4, 2020
- Personal Data shall mean any information that relates to an identified or identifiable individual;
- Biometric data shall mean a photo image or video recording of your face.
While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information we request, includes:
- First name and last name;
- Identification information and other background verification data such as name, surname, personal identity code, date of birth, address, nationality, gender, passport or ID card copy (or any other document, that contains personal data and is accepted by the Identomat software), title, visually scanned or photographed image or video recording of your face or image that you provide through a mobile application or camera, video and audio recordings for identification where applicable;
- Biometric data such as photo image or video recording of your face;
- Contact Data, such as registered/actual place of residence, phone number, e–mail address.
We process the Personal Data that we collect from you for at least one of the following purposes:
- we have to take necessary steps before the conclusion of the contract – You are our potential client, or an employee of a potential client or a client or potential client of our potential client. Therefore, in order to conclude the contract, you need to be aware of the capabilities of the Identomat software;
- we have the legitimate interest to do so – as a business, we need to expand our services and to provide you with the best and most secure experience;
- we need the personal data that you voluntarily submit to us to improve our Service – functions, process flow, processing times, visuals, or other technological processes are revised, improved and adapted based on the timing and quality of the Service that you receive, as well as feedback that you may choose to provide;
- We need to process your biometric data in order to maintain and imrove the Service and thereby continue existance and operation as a company. Identomat is our main product. Currently, we face serious competition from many other companies, who provide distant identification services. If we do not process your Personal data, more specifically – biometric data, we will not be able to continue operation since we will not be able to improve Identomat.
- Identomat Inc is in the process of certification for compliance with the ISO/IEC 27001:2013 standard. The Organization has introduced physical, as well as technological and procedural mechanisms to ensure the security of information kept with the Company, including, but not limited to Your Personal Data), namely:
- The management of the Company has a leading role in the implementation of the information security system, in addition, an overarching approach has been introduced – information security requirements are reflected in the company’s policies and processes.
- The Company has been pursuing an information security policy, the purpose of which is to (a) ensure the confidentiality, protection and accessibility of sensitive information and to (b) establish a modern and adequate information security management system in the company.
- The company is working consistently and continuously to identify and mitigate information security risks. The company introduced and has been implementing a risk management strategy; the relevant risks are described and the mechanisms for risk mitigation – defined. The obligation of updating the list of risks on a regular basis is envisaged;
- The Company has defined and has been implementing information classification policies, which means that Your Personal Data is confidential and can only be accessed by a Company employee only in case of the permission issued by a duly authorized person and only if he or she needs access to it in order to fulfill his/her job;
- The company has introduced a mechanism for identifying, reporting and responding to incidents;
- Since the information processed through the “Identomat” is only in electronic format, the mechanism for recording (logging) actions related to personal data is implemented;
- The employment contract and the company’s Internal Regulations define the concept of confidential information, which includes personal data. The obligation to maintain confidentiality of the Personal Data survives the termination of employment. The Company implements adequate administrative penalties, in case of breach of confidentiality;
In order to ensure the continuity and security of data processing through the “Identomat”, servers located in Frankfurt and Amsterdam are used to store data. It means that this information may be transferred to — and maintained on — computers located outside of Your country’s jurisdiction where the data protection laws may differ than those from Your jurisdiction. The following services have been selected:
- Service provider of the server based in Frankfurt is the DigitalOcean LLC;
- Service provider of the server based in Amsterdam is the Paperspace Co.
These jurisdictions have been selected with the objective of ensuring best possible protection of your data under the rules and regulations applicable in the EU. The transmission of your Personal Data as well as storage takes place in encrypted format, therefore, no third party can access the information.
Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit). Usage Data may include information such as Your Device’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Website that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data. When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data. We may also collect information that Your browser sends whenever You visit our Website or when You access the Service by or through a mobile device.
The Identomat may use Usage Data for the following purposes:
- To improve the Website and any of the services accessible thereupon;
- To provide and maintain our Services, including to monitor the usage of our Services;
The contact information that we collect (email, telephone number) or other equivalent forms of electronic communication, such as a mobile application’s push notifications will be used to contact you for the purpose of sending you the link to the website providing demo version of the Identomat software.
The Identomat will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a short period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.
We will not share or disclose your personal information with anyone, unless such sharing and/or disclosure is specifically required by law or in response to valid requests by public authorities (e.g. a court or a government agency).
Insofar as it is compliant with the applicable laws, the Identomat may also disclose Your Personal Data in the good faith belief that such action is necessary to:
- Comply with a legal obligation;
- Protect and defend the rights or property of the Identomat or its legitimate interests;
- Prevent or investigate possible wrongdoing in connection with the Services;
- Protect the personal safety of Users of the Service or the public;
- Protect itself against legal liability;
- Security of Your Personal Data.
Our Service does not address and We do not knowingly collect personally identifiable information from anyone under the age of 18. If We become aware that We have collected Personal Data from anyone under the age of 18 without verification of parental consent, We take steps to remove that information from Our servers without undue delay.
At any time, while Your Personal Data is being processed by us, You have the right to
- request the details of such processing. We will provide You the requested info within 10 days;
- request us to correct, renew, add, block, delete or destroy the Personal Data, if it is incomplete, incorrect, outdated, or it has been collected or processed in violation of requirements of the law; We will comply with Your request or reject it, as case may be, within 15 days (3 days – for block requests);