OZ FORENSICS LLC
We, Oz Forensics, LLC Company, (hereinafter referred to as Company, or We) - the producer of products for the face biometric authentication. Not only convenience and opportunities provided by our products, but also the right of each person to private life and protection of their personal data are equally important for us. In our everyday practice Company does everything to prevent illegal distribution of personal data, as well as strives towards the protection of privacy of all parties.
2. BASIC DEFINITIONS
2.2. User – a natural person, who is using the Application
2.3. Application – Oz Forensics Device SDKs, Oz Forensics API, Oz Forensics Demonstration tool that performs different facial recognition checks.
2.4. Personal data – any information Application may collect includes user data, images, device information, operating system information, usage metrics and usage statistics. Any data that is transferred to the server via Oz Forensics s API is secured including a unique identifier, associated IP address, software version number, image data, biometric data, and information about which tools and/or services in the SDK are being used.
2.5. Data subject — natural person, who either directly, or indirectly is identified or can be identified by means of personal data.
2.6. Data processing - means any action or a set of actions implemented with the data by using automated equipment or without such equipment, for instance, collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, etc.
2.7. Third party – a person that is not a representative of the Company, its employee, subsidiary, representative office, associated company and (or) a partner, which is bound with the Company by contractual liabilities regarding non-disclosure of personal data, as well as persons that are not identified by the respective personal data.
2.8. User device – tablet, smartphone or any other device operated by the user to use the Application of Company.
3. AREA OF POLICY APPLICATION
3.2. The policy determines the category of personal data collected by the Company, procedures and objectives of the use of data, as well as the conditions of granting access to such data.
4. CATEGORIES OF PERSONAL DATA PROCESSED BY US AND METHODS OF OBTAINING THEM
The Company receives personal data in the following ways:
4.1. To provide our demo application of our Biometric Tools(hereinafter jointly - Application). The exact information needed depends on the check that’s being carried out on behalf of our client. For example, when verifying the identity of a user, we’ll ask for an image of their identity document as well as a picture or video of their face. We’ll then seek to verify whether the identity document is likely to be genuine and whether the person in the photo or video is likely the same person pictured in the identity document. We will also look to identify signs of fraud (for example, someone wearing a mask to impersonate another person or conceal their own real identity). If the user is successful on both the document and facial verification checks, Oz Forensics demo application will likely consider the user to have proven their identity.
In some cases, our application may also further check whether we have previously verified a user on behalf of a specific client by comparing the picture of their face to the pictures previously provided by that client. This helps our client not only verify identity but further protects them and their users by helping them understand when a user may be generating multiple identities.
To do all of this, we closely examine the information contained in the images, including the machine readable data (such as an identity document’s barcode) and the image metadata (such as the name of the camera model used to take the image), video content- our system uses this data to understand the wide variety of facial structures from people all around the world and we may use this data to remove duplicate identities from our systems as deemed necessary by Oz Forensics.
For demo Application - non-production deployments only - enrollment and authentication session information collected will include the above information as well as the following information, which is never shared or used for any other purpose except to positively identify the user and to improve Oz Forensics services:
Email address provided - In the event we have questions about how you intend to use our service or what issues you might have had with it, we will use your email address only to contact you directly with questions and to send you only our own product updates if you desire.
4.2. The User. Users are individuals whose identities we verify. We collect users’ information from the users themselves who download our Application. This information might include an image of any identity document (e.g. a passport or a driver's license), photos (at times, taken in quick succession for anti-fraud purposes) or a video of the user, and the biometric facial identifiers in those images. This enables our application to provide necessary checks and verify that the user is the true owner of the identity document and has not shown signs of fraud. We may also collect device identifiers (metadata).
4.3. Facial Biometric Comparison. When providing our Application, we will frequently extract and compare numerical biometric data from facial images to understand whether two faces are likely to be a match. We do this on behalf of our clients for two reasons. Primarily, we will check whether a user owns their identity document by comparing an image of their face to the facial image contained in the identity document. When we do this, we do not retain the extracted numerical biometric data for any length of time beyond this comparison.
In addition, we may also check whether we have previously verified a user on behalf of a specific client to help that client understand when a user may be generating multiple identities. We do this by comparing the facial image of a user to the facial images of other users previously verified on behalf of that specific client. To provide this check quickly, we store the numerical biometric data extracted from the previously collected facial images until the client deletes those original images.
4.4. Automated Decision Making and Reports. When we verify an identity or carry out a check on behalf of a client, we provide a Report to that client. This Report details the results of matching. The results are generated from the different machine learning models. We have no human powered processes, that can be used to verify an identity or perform a check.
4.5. Sharing information outside our demo Application. As well as sharing information with users, Oz Forensics do not share information with external parties: other companies, organizations, government bodies, and individuals outside Oz Forensics. Data collected is only used to operate our business, provide our products and services, improve existing products and services, develop new products and services, and to improve and personalize User experiences interacting with the software.
5. MEASURES IMPLEMENTED FOR DATA PROTECTION PURPOSES
5.1. Personal data collected by the Company are stored on secured networks, the access to which can be granted to representatives, employees, subsidiaries, associated companies, representative offices and partners of Company that are bound to Oz Forensics by contractual obligations on non-disclosure of personal data to third parties.
5.2. Company takes the following technical measures for the protection of Personal Data:
- For data security and retention, we use servers compliant with Russian Federal Law-152, GDPR, and certified by ISO 27001, ISO 27017, ISO 27018 standards https://storage.yandexcloud.net/yc-compliance/certificates/ISO-27001-RU.pdf, which has signed an agreement to ensure all possible safeguards to the data and their confidentiality;
- To prevent physical access of unauthorized personnel, all premises owned by the Company have been equipped with means of technical security alarm, fire alarm, video surveillance and access control system;
- Data encryption during data transfers (SSL encryption);
- Intrusion detection and protection software;
- Other protective measures in accordance with the current possibilities of technology.
5.3. Measures for the protection of personal data indicated in Paragraphs 5.1, 5.2 of the present section shall be used until the moment of their depersonalization thereof.
5.4. Access to Manage User Data. We are providing Users the ability to do the following:
- Request your data be erased
- Request a copy of what data is captured
- Withdraw your consent at any time
- Lodge a complaint with the authoritative body in your region
Third party data collection
- We do not send the data we collect and process for our authentication process to any other organization or individual.
The period for which the data is stored:
- We store your collected data only for a time period that meets our development needs.
5.5. Your Rights. If you would like to access a copy of your information, have your information deleted, or otherwise exercise control over how your information is used, please contact Oz Forensics at firstname.lastname@example.org, or the postal address below in Paragraph 7.
6. POLICY CHANGES
6.1. The amendments to the provisions of the Policy may be implemented occasionally, within the limits permissible by the legal enactments of the Russian Federation and the EU, as well as generally adopted standards of international laws and regulations in the area of personal data protection.
All queries regarding the provisions of the Policy may be sent to the one of our office:
Oz Forensics LLC
Moscow, Skolkovo, Nobel St. 5, 1 floor, Russia, 143026
Office e-mail: email@example.com
E-mail for GDPR enquire: firstname.lastname@example.org