We, Oz Forensics, LLC Company, (hereinafter referred to as Company, or We) - the producer of products for the face biometric authentication. Not only convenience and opportunities provided by our products, but also the right of each person to private life and protection of their personal data are equally important for us. In our everyday practice Company does everything to prevent illegal distribution of personal data, as well as strives towards the protection of privacy of all parties.
In order to ensure service provision and assess the need for the improvement of the content and structure of the websites, information on website visitors and users of services provided therein, contained within the files of access to the website, for instance, IP address, time of the visit, pages viewed, etc., similarly as in other websites, is collected and processed.
If you have any questions, or you think that we can jointly improve the present policy, feel free to contact us via the electronic mail: email@example.com.
2. BASIC DEFINITIONS
2.2. User – a natural person, who is using the Website or any other product and/ or service of Company.
2.3. Personal data – any information that enables direct or indirect, i.e. in connection with other data, identification of you as a natural person (data subject), including name, surname, patronymic, contact information, data that identify user device, as well as data that permit identification of the procedures and methods of Website use by the User.
2.4. Data subject — natural person, who either directly, or indirectly is identified or can be identified by means of personal data.
2.5. Data processing - means any action or a set of actions implemented with the data by using automated equipment or without such equipment, for instance, collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, etc.
2.6. Third party – a person that is not a representative of the Company, its employee, subsidiary, representative office, associated company and (or) a partner, which is bound with the Company by contractual liabilities regarding non-disclosure of personal data, as well as persons that are not identified by the respective personal data.
2.7. User device – a personal computer, notebook, tablet, smartphone or any other device operated by the user to use the services of Company.
3. AREA OF POLICY APPLICATION
3.2. The policy determines the category of personal data collected by the Company, procedures and objectives of the use of data, as well as the conditions of granting access to such data.
4. CATEGORIES OF PERSONAL DATA PROCESSED BY US AND METHODS OF OBTAINING THEM
The Company receives personal data in the following ways:
4.1. Personal data can be provided by the data subject themselves in order to draw up contracts and/or conclude contractual liabilities between the Company and the data subject, between the Company and the user, etc.; in order to receive the support service of Support Oz Forensics, in order to process the subscription for the mailout of Oz Forensics: the Company may require contact information (name, surname, patronymic (if applicable), e-mail address, contact phone number). Personal identity number, date of birth, signature and position may be additionally required to draw up contracts and/ or perform contractual liabilities.
4.2. From the correspondence of the Company with the user or another data subject. The company may collect personal data from letters sent to the offices of the company, from user messages sent to the information support center of Oz Forensics and to e-mails of Company employees, as well as to save the texts of the messages itself. Personal data that are collected by using the aforementioned method include: name, surname, patronymic, mail, contact phone, name of the network user and any other data submitted by the User themselves. In certain cases, the contact data of the data subject may be at the disposal of Company from the partners of the company or other third parties. Company undertakes not to use these data for any other purposes except communication with data subject, if it is required in accordance with the interests of data subject.
4.4. Collection of Personal Data by automatic saving thereof in registration logs (Log files). Every time, when you visit one of the websites of Company, your internet browser automatically submits certain information that is stored by us in so called Log files of registration (logs) files. Registration files (logs) are stored by us for a short period of time in order to detect violations, as well as for security reasons (for instance, to investigate attempted attacks, unsanctioned interference with the functionality of computers or servers, automated systems, computer systems or electric communication systems), and are deleted afterwards. Registration files, further storage of which is required for the purposes of proving evidence, shall not be deleted until complete clarification of the respective incident and, in some cases, can be submitted to law enforcement institutions.
The following information is stored in registration files (logs):
- IP-address of the terminal, from which the access to the on-line offer management platform is performed;
- Internet address of the website, from which the on-line platform was referred to (so called uniform resource locator or URL-address of the referrer);
- The name of service provider, through which the access to on-line offer management platform is performed;
- The names of the requested files or information;
- Date, time and duration of request;
- Amount of transferred data.
Registration logs do not allow direct identification of the user as a natural person.
5. PURPOSES FOR THE PROCESSING OF PERSONAL DATA BY US
Company may process personal data for the following purposes:
5.1. To provide services and sell products:
- for identification of the Customer/User;
- for drafting of and conclusion and implementation of contracts;
- for the provision/ maintenance of service functionality;
- for the servicing and provision of communication with the User/ Customer;
- for the performance of warranty liabilities;
- for the improvement of the products and services, development of new goods and services;
- for the review and processing of complaints and applications;
- for customer retention, increase of loyalty, for customer satisfaction measurements;
- for administration of accounts;
- for the assessment of the credit capacity, for supervision of loans;
- for the return and recovery of debts;
- for the maintenance and improvement of website operation, operation of mobile applications and other services.
5.2. To plan and perform business analysis:
- for statistical, analysis and business planning purposes;
- for efficiency measurements;
- for the provision of service quality;
- for the conducting of market research;
- for the conduct of customer surveys;
- within the framework of risk management measures.
5.3. Improvement of the quality of Web service operation, information posted on-line, including by conducting statistical and marketing research.
5.4. Elimination of technical errors and failures. During the analysis of the procedures and methods of user work with the Web-service, the company can identify the fact of the occurrence of a technical error, failure, detect the causes thereof and promptly eliminate them.
5.5. For the submission of information to state administration bodies and to subjects of operative work in the cases and in the amount provided for by internal regulatory enactments.
5.6. For the provision of security (in the broadest sense of this word) in the territory of Company and over its perimeter:
- to ensure the safety of the property;
- to implement visual situation control in the territory of Company, to evaluate the situation in order to take urgent measures for the prevention of illegal activities;
- to perform analysis of a situation/ incident that has already occurred;
- to control production, technological processes that pose direct threat to the health and life of the servicing personnel;
- to ensure the safety of the employees and company visitors.
5.7. For other specific purposes, that are communicated to the User prior to the transfer of such data to the Company.
5.8. The legitimate interests of Company are as follows:
- Performance of commercial activity;
- Checking of the identity of the customer prior to the conclusion of the contract;
- Ensuring the performance of contractual liabilities;
- Prevention of unsubstantiated financial risks for the commercial activities of the Company (including the assessment of credit risk prior to the sales of the products and services and during the performance of the contract);
- Storage of the claims and applications of Customers regarding the purchases of goods and provision of services, other claims and applications, annexes to them;
- Analysis of the activity of home pages, websites and mobile applications of Company, development and implementation of upgrades thereof;
- Administration of the customer account on the home pages, websites and mobile applications of Company;
- Segmentation of the customer data base for efficient provision of services;
- Development and upgrading of products and services;
- Advertising of Company products and services;
- Forwarding of other notifications on the performance of the contract and important actions for the performance of the contract, as well as conducting of customer surveys regarding goods, services and user experiences;
- Prevention of fraud;
- Provision of records and analysis of corporate management, finance and business;
- Provision of efficient Company management processes;
- Efficiency of service provision, product sales and deliveries;
- Provision and improvement of service quality;
- Administration of payments;
- Administration of payments due;
- Application to state administration authorities, operative services and courts in order to protect the legal interests of the Company;
- Enforcement of debt liabilities;
- Informing the existing and potential customers on Company operations.
6. ACCESS TO PERSONAL DATA BY SUBJECTS FROM THIRD COUNTRIES
6.1. In the event, the data are transferred to third countries within the process of data processing, Company undertakes to ensure high standard of personal data protection in accordance with the strict requirements of the General Data Protection Regulation of the EU. In the event of international transfer of personal data, Company undertakes to inform the subject on the intention to transfer their personal data to the third country or an international organization and on the presence or the absence of the respective decision of the European Commission. At the same time, Company will notify the data subject on the appropriate data protection measures and methods of obtaining a copy of data or the place, where the data will be available, as well as on whether the data transfer complies with the respective protective measures in accordance with Article 46 of the GDPR regarding the application of special binding corporate rules in accordance with Article 47 of GDPR, or, if applicable, Sub-paragraph 2, Paragraph 1, Article 49 of GDPR. Any transfer of personal data to third countries shall be performed in accordance with Chapter V of GDPR.
7. THIRD PARTY PLUG-INS
7.1. In order to ensure the operation of some of our services, we use third party applications or plug-ins. We will inform you on these plug-ins within this section.
7.2. Plug-ins - are independent extensions of social network providers and other services. Therefore, we do not control the amount of data collected and saved by the providers of the social network performed via a plug-in. The objectives and the scope of data collection, further data processing by social network, as well as the rights and parameters of settings for the protection of your privacy associated with them can be found in the data protection policy of the respective social network. You should not use the respective plug-ins, if you do not wish the providers of social networks to receive data regarding this on-line offer or to continue using these data.
8. FOR CANDIDATES TO VACANCIES
8.1. A special section Vacancies is provided on the home page of Company for people looking for vacancies. If you are using our website to seek a job or decide to send us your CV in reply to an advertised vacancy, you are giving us your consent to use your personal data in order to perform our recruiting procedures. Any CV received by the Company from unsuccessful applicant will be deleted/ destroyed no later than three months after the date of receipt thereof.
8.2. All CVs submitted via the form of the website, shall be received by the support service of Company and then transferred to the Human Resources Department.
9. MEASURES IMPLEMENTED FOR DATA PROTECTION PURPOSES
9.1. Personal data collected by the Company are stored on secured networks, the access to which can be granted to representatives, employees, subsidiaries, associated companies, representative offices and partners of Company that are bound to Oz Forensics by contractual obligations on non-disclosure of personal data to third parties.
9.2. Company takes the following technical measures for the protection of Personal Data:
- For data security and retention, we use servers compliant with Russian Federal Law-152, GDPR, and certified by ISO 27001, ISO 27017, ISO 27018 standards https://storage.yandexcloud.net/yc-compliance/certificates/ISO-27001-RU.pdf, which has signed an agreement to ensure all possible safeguards to the data and their confidentiality;
- To prevent physical access of unauthorized personnel, all premises owned by the Company have been equipped with means of technical security alarm, fire alarm, video surveillance and access control system;
- Data encryption during data transfers (SSL encryption);
- Intrusion detection and protection software;
- Other protective measures in accordance with the current possibilities of technology.
9.3. Measures for the protection of personal data indicated in Paragraphs 13.1, 13.2 of the present section shall be used until the moment of their depersonalization thereof.
10. RIGHT TO RECEIVE INFORMATION ON THE STORAGE AND PROCESSING OF PERSONAL DATA
10.1. You are entitled to receive information regarding the processing of your personal data provided for by regulatory enactments and to send the request containing the requirement to provide information on your personal data that are stored and processed by the Company to Support Oz Forensics center (see Feedback section).
10.2. Company is entitled to request the confirmation of your identity in order to provide the information on your personal data that can be processed by Company. If you refuse to provide such confirmation, we are entitled to refuse the provision of the respective information to you.
10.3. Company undertakes to process the request that has been received by the enquiries center Support Oz Forensics in accordance with Article 13.1, 13.2 of the present section within the shortest period possible, but no later than within a month since the moment of the provision of the confirmation of the identity of the subject or, if such confirmation was not requested by the Company, since the moment of the receipt of subject’s request and to transfer the respective information to the subject. Considering the complexity of the received request or the quantity of requests, the Company is entitled to extend the indicated time period of information provision by two more months, by notifying the person, who has submitted the request in advance.
10.4. If Company does not process the requested data, Company will inform the subject on the causes why the processing of the requested data is not performed in accordance with the queue, but no later than within a month.
11. THE RIGHT OF THE SUBJECT TO ACCESS PERSONAL DATA AND CHANGE THEREOF
11.1. In accordance with the regulatory enactments, you are also entitled to request the Company to provide access to your personal data. You may request to supplement, correct, delete or limit the processing of the data associated with you. You are entitled to object to processing (including the processing of personal data, which is performed on the basis of the legitimate interests of the Company), as well as you have the right to the transfer of data. This right shall be exercised to the extent that such processing does not result from Company's obligations under applicable law, the safeguarding of Company legitimate interests and the performance of contractual obligations between the data subject and Company.
11.2. To implement your rights, you may submit the request:
- In writing by personally submitting your request at the office of the Company or at its legal address, by presenting a document that confirms your identity;
- By e-mail, by singing it with a secure electronic signature.
11.3. After the receipt of the request for the implementation of your rights, we must verify your identity, evaluate the request and implement it in accordance with the regulatory enactments.
11.4. In the event of the identification of the subject, we undertake to satisfy the request within the shortest period of time possible, but no later than within one month since the notification of the data subject, or, if the satisfaction of the request is not possible and data processing is not governed by external regulatory enactments, to provide the explanation why we cannot satisfy the request. Considering the complexity of the received request or the quantity of requests, the Company is entitled to extend the indicated time period of information provision by two more months, by notifying the person, who has submitted the request in advance.
11.5. In the event the subject, who has submitted the request is not identified, an informative notification on inability to identify shall be sent to him/her at the indicated correspondence address.
11.6. The withdrawal of consent does not affect the processing of data that has been performed, when the consent of the Customer was in force.
11.7. In the event of the recall of consent, the processing of data that is performed on the basis of other legal grounds, for instance, where data processing is performed in accordance with the requirements of the law, may not be terminated.
12. THE RIGHT WITHDRAW CONSENT FOR THE PROCESSING OF DATA
12.1. You are entitled to withdraw your consent given for the processing of data at any time by using any method that is convenient for you.
12.2. The Company, after the receipt of the refusal to process personal data, is entitled to identify the person who has expressed a wish to withdraw consent.
12.3. The withdrawal of consent does not affect data processing that has been performed, when the consent was in force.
12.4. In the event of the withdrawal of consent, the data processing that is performed on the basis of other legal grounds cannot be terminated.
13. THE RIGHT TO APPLY TO A SUPERVISING AUTORITY AND PROCEDURE FOR THE RESOLUTION OF DISPUTES
13.1. To comply with the requirements of personal data processing and protection, Company considers the requirements of the EU Regulation 2016/679 (General Data Protection Regulation) and other domestic regulatory enactments of the Russian Federation, as well as generally recognized international laws and regulations in the field of personal data protection.
13.2. In the event of objections associated with the compliance of the procedure and/ or conditions of your personal data by the Company and to resolve such objections, you are always entitled to address the responsible representative of the Company or to transfer it to the enquiry center Support Oz Forensics (see section Feedback).
13.3. The Company undertakes to review the complaint, in accordance with Paragraph 17.2 of the present section, within a month since the receipt thereof and to provide a motivated reply to the sender of the complaint.
13.4. You are also entitled to appeal the decision to the supervising authority for data protection. To do that, you may contact the supervising authority for data processing that has jurisdiction in the territory of your place of residence.
14. MAILING OF COMMERIAL NOTIFICATIONS
14.1. Company is entitled to forward notifications on new products and/ or services of Oz Forensics, as well as information on upcoming events organized by or attended by Company to the Users, who have subscribed for the mailings of Oz Forensics newsletter.
14.2. You can subscribe for our mailings by authorization on the internet websites of Oz Forensics (for instance, by using the subscription form for the receipt of news).
14.3. The consent for the receipt of commercial notifications provided by you will be in effect until you decide to opt-out of receiving newsletters. After subscribing for the mailings of Oz Forensics, you are entitled to opt-out of receiving newsletters by clicking “unsubscribe” link at the end of any commercial notification received to your e-mail.
14.4. We will terminate the sending of commercial notifications, as soon as your request will be processed. The processing of the request depends on technological capacities and can take up to 7 days.
15. POLICY CHANGES
15.1. The amendments to the provisions of the Policy may be implemented occasionally, within the limits permissible by the legal enactments of the Russian Federation and the EU, as well as generally adopted standards of international laws and regulations in the area of personal data protection.
All queries regarding the provisions of the Policy may be sent to the one of our offices:
Oz Forensics LLC
Russia, Skolkovo, Nobel st. 5 1 floor, 143026
Office e-mail: firstname.lastname@example.org
E-mail for GDPR enquire: email@example.com