II. PERSONAL DATA
“Personal Data” means any information that may be used, either alone or in combination with other information, to personally identify an individual, including, but not limited to, a first and last name, a personal profile, an email address, or other contact information, one or more factors specific to his/her physical, physiological, mental, economic, cultural, or social identity, and biometric information. Personal Data does not include data from which you can no longer be identified, such as anonymized data.
III. BIOMETRIC DATA
“Biometric Data” means information about your physical or biological characteristics (some jurisdictions call these “biometric identifiers”) that identify you. Information like eye, hand, or facial images; fingerprints; and voiceprints may be considered biometric data if they are being used to identify you. This list is not exhaustive, and the definitions of biometric data may vary under different laws.
IV. WHAT INFORMATION DO WE COLLECT ABOUT YOU, HOW DO WE COLLECT IT AND WHAT DO WE USE IT FOR?
Personal Data We Collect
The kinds of Personal Data we collect may include but may not be limited to:
- your first and last name;
- your title and your company’s name;
- your home, billing, or other physical address (including street name, name of a city or town, state/province, postal code);
- your e-mail address;
- your telephone number;
- (for job applicants submitting electronic information) your educational background, employment experience, and job interest;
- your biometric information;
- any other identifier that permits Aware to make physical or online contact with you;
- any information that Aware collects online from you and maintains in association with your account, such as: (a) your Aware username, (b) your Aware password, and/or (c) your credit card account information.
Our Basis for Processing Your Personal Data
We will process your Personal Data if and to the extent applicable law provides a lawful basis for us to do so. We will therefore process your Personal Data only:
- if you have consented to us doing so, and only for the purposes for which you have consented;
- if we need it to perform the contract we have entered into with you;
- if we need it to comply with a legal obligation; or
- except in the case of biometric information, if we (or a third party) have a legitimate interest which is not overridden by your interests or fundamental rights and freedoms.
Some processing of your Personal Data by Aware or its affiliates, subsidiaries, or agents may require us to transfer it from where it was collected to a third country. If your Personal Data was collected from a European Economic Area country or Brazil, we will transfer your Personal Data to a third country only if the appropriate authority has issued a decision that the third country provides adequate protections for your Personal Data, we include appropriate standard contractual clauses in our agreement pursuant to which the data is transferred, or with your consent.
How We Collect Personal Data
Aware collects Personal Data when:
- you make purchases of products or services;
- you provide biometric information when using the Service;
- you request support for an Aware product or service;
- you request free software downloads;
- you create a user account (login username and password) on an Aware Site;
- you register for webcasts, seminars, and roundtables;
- you request information or materials (e.g., whitepapers or newsletters);
- you participate in surveys and evaluations;
- you participate in promotions, contests or giveaways;
- you apply for a job or submit your resume to Aware;
- you submit questions or comments to us.
Aware may also collect Personal Data from individuals (with their consent) at conventions, trade shows and expositions.
What Do We Use Personal Data For?
We will use your Personal Data to operate and improve our sites and the Service and deliver the Service or carry out the transactions you have requested. These uses may include providing you with more effective customer service; making the sites or services easier to use by eliminating the need for you to repeatedly enter the same information; performing research and analysis aimed at improving our products, services, and technologies; and displaying content and advertising that are customized to your interests and preferences.
We also use your Personal Data to communicate with you. We may send certain mandatory service communications such as welcome letters, billing reminders, information on technical service issues, and security announcements. We may also contact you to inform you of other products or services available from Aware and its affiliates.
How Do We Transfer Personal Data?
We may transfer your Personal Data to our third-party service providers (such as a server hosting provider), but only to provide our services to you. We require third parties to whom we transfer your Personal Data to protect your Personal Data at least as strongly as we do. We may disclose your Personal Data to others under the same conditions as those under which we may process your Personal Data. See “Our Basis for Processing Your Personal Data,” above.
V. WHAT WE MAY NEED FROM YOU
We may need to request specific information from you to help us confirm your identity and ensure your right to access Personal Data (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.
VI. WHAT IF YOU DO NOT PROVIDE THE PERSONAL DATA WE REQUEST?
It is in your sole discretion to provide Personal Data to us. If you do not provide us with all or some of the Personal Data we request, we may not be able to enter into a contract with you or send you the requested information and you may be unable to access certain programs and services that involve our interaction with you.
VII. WITH WHOM WILL WE SHARE YOUR INFORMATION?
Aware shares Personal Data with companies working on our behalf. Except as described in this statement, we will not disclose your Personal Data to third parties for their own marketing purposes unless you have provided consent.
Some Aware services may be co-branded and offered in conjunction with another company. If you register for or use such services, both Aware and the other company may receive information collected as part of the co-branded services.
In some cases, Aware uses contractors to collect, use, analyze and otherwise process information on its behalf. It is Aware’s practice to require such suppliers to handle information in a manner consistent with Aware’s policies. Aware may also allow carefully selected Aware partners to participate in limited marketing campaigns solely to promote Aware’s products and services to you.
If you request something from an Aware Site (for example, a product or service, a callback, or specific marketing materials), we will use the information you provide to fulfill your request. As part of a transaction, we may also contact you as part of our customer satisfaction surveys or for market research purposes.
We may hire other companies to provide limited services on our behalf, such as handling the processing and delivery of mailings, providing customer support, hosting websites, processing transactions, or performing statistical analysis of our services. Those companies will be permitted to obtain only the Personal Data they need to deliver the service. We require them to process the data only when they have a lawful basis for doing so.
VIII. YOUR RIGHTS IN RELATION TO YOUR INFORMATION
You may have some of the following rights as an individual which you can exercise, based on the jurisdiction in which you live, in relation to your Personal Data that we hold. These rights may include:
- request that we confirm the existence of the processing of your Personal Data;
- request access to your Personal Data and request to the following information about its processing;
- the purpose of processing;
- the categories of Personal Data processed;
- the recipients or categories of recipient to whom your Personal Data have been or will be disclosed;
- the source of the Personal Data if not obtained from you;
- whether the processing of your Personal Data involved automated means, and, if so, information about the logic of the automated processing and the significance and envisaged consequences of the automated processing;
- request us to rectify (i.e., correct) your Personal Data;
- request us to anonymize your Personal Data;
- request to send you your data so that you may transfer it to another person, subject to commercial and industrial secrecy;
- request us to erase your Personal Data;
- request us to restrict the processing of your Personal Data;
- object to the processing of your Personal Data.
If you want to exercise one of these rights, please contact us at email@example.com. We will in general respond to European residents’ requests within one month, although we may extend the period for two further months if necessary. We will respond to Brazilian residents’ requests to confirm the existence of processing and access their Personal Data within 15 days, and Brazilian residents’ other requests within the relevant regulated time-period.
You also have the right to make a complaint at any time to the supervisory authority for data protection issues or, for EU residents, any other competent supervisory authority of an EU member state. You may request from us the contact information for the appropriate authority.
IX. RIGHT TO WITHDRAW CONSENT
In case you have provided your consent to the collection, processing, and transfer of your Personal Data, you have the right to withdraw your consent fully or partly. To withdraw your consent, please contact firstname.lastname@example.org. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless we have another lawful basis for processing your Personal Data.
X. HOW LONG WILL WE RETAIN YOUR INFORMATION?
We will only retain your Personal Data for as long as necessary to fulfil the purposes for which we have a lawful basis to process it.
To determine the appropriate retention period for your Personal Data, we will consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Upon expiry of the applicable retention period, we will securely destroy your Personal Data in accordance with applicable laws and regulations.
XII. users of aware software as a service (sAAS)
Aware Business Client. An Aware customer/client who has subscribed to an Aware SaaS product to utilize the Service. Aware makes the Service available to an Aware Business Client for integration into those third parties’ websites, applications, and online services or for direct use through the Aware Authenticator Application.
Data Processor. Aware collects, uses, and discloses individual users’ information only as directed by the Aware Business Client and, accordingly, under applicable data protection laws, Aware is a processor or service provider (“data processor”) of user information with respect to the Service and not a controller, owner or business (“data controller”).
Customer Data Controller. Aware shares the personal information that Aware collects on behalf of a particular Aware Business Client with that particular Aware Business Client, sometimes called a “Customer Data Controller.”
Legal purposes. Aware may also use or share your personal information with third parties when we have reason to believe that doing so is necessary:
- To comply with applicable law or a court order, subpoena, or other legal process;
- To investigate, prevent, or take action regarding illegal activities, suspected fraud, violations of our terms and conditions, or situations involving threats to our property or the property or physical safety of any person or third party;
- To establish, protect, or exercise our legal rights or defend against legal claims; or
- To facilitate the financing, securitization, insuring, sale, assignment, bankruptcy, or other disposal of all or part of our business or assets.
How Aware uses your Biometric Data as part of the Aware Authenticator Application. Aware may use your biometric data to allow you to enroll in and/or authenticate in the service(s) you have selected from an Aware Business Client.
By consenting to use the application, Aware may collect one or more biometric identifiers that are captured by the device through the mobile application and transmitted to Aware’s biometric cloud service for analysis. Aware may analyze those biometric identifiers for liveness and may compare your facial image to a facial image scanned from an identification document solely for the purposes of verifying identity. The verified identity may be enrolled and stored by the Aware Business Client who maintains ownership of the stored data.
By consenting to use the authentication services, Aware may collect biometric identifiers at the time of authentication to compare one or more of the biometric identifiers captured during enrollment which are stored and owned by the Aware Business Client.
Aware will retain the biometric data, including the photo of your face and photo or scan of your identification document, for the amount of time requested by the Aware Business Client through which you used Aware’s Service. In no event will Aware store your biometric data after Aware ceases to have a customer relationship with the Aware Business Client through which you used Aware’s Service.
Information for California Residents. Aware process your personal information on behalf of the Aware Business Client pursuant to a written agreement for the Service. As such, Aware acts as a service provider to the Aware Business Client. Moreover, Aware does not sell your personal information as the terms “sell” and “personal information” are defined by the California Consumer Privacy Act (the “CCPA”) and, in providing its services to the Aware Business Client, Aware will not retain, use, or disclose your personal information to any other third parties that would constitute “selling” as the term is defined in the CCPA. Any questions or requests regarding Aware’s processing of your personal information in respect to your rights under the CCPA should be directed to the Aware Business Client that is responsible for your personal information.
Information for Illinois residents. Aware’s collection of personal information may include Biometric Data, and Aware may share such Biometric Data with the Aware Business Client. Aware may collect, process and store your Biometric Data for the purpose of the Service and long-term proof of inspection of your provided form of identification, on behalf of and as instructed by the Aware Business Client (e.g., the duration of your use of its services), which shall be no longer than the earlier of the date when (i) the Aware Business Client ceases to have a relationship with Aware or (ii) within three (3) years after the Aware Business Client informs Aware that its last interaction with you has occurred.
XIV. GENERAL INFORMATION
Links to Other Sites. The Service may contain links to third party websites that are not owned or controlled by us. We are not responsible for the privacy practices or the content of such other third-party websites, and you visit them at your own risk.
Security. The security of your Personal Data is important to us. We follow generally accepted industry standards, including the use of appropriate administrative, physical, and technical safeguards to protect the Personal Data submitted to us. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect Personal Data, we cannot guarantee its absolute security or confidentiality. If you have any questions about security, you can contact us at email@example.com.
Please be aware that certain Personal Data and other information provided by you in connection with your use of the Service may be stored on your device (even if we do not collect that information). You are solely responsible for maintaining the security of your device from unauthorized access.
Merger, Sale or Bankruptcy. If we are acquired by or merged with a third-party entity, or if we are subject to a bankruptcy or any comparable event, we reserve the right to transfer or assign Personal Data in connection therewith.
California Online Privacy Protection Act Notice
On September 27, 2013, California enacted A.B. 370, amending the California Online Privacy Protection Act to require website operators like us to disclose how we respond to “Do Not Track Signals”; and whether third parties collect personally identifiable information about users when they visit us.
(1) We do not track users who do not interact with the website sharing functionality across the web, and therefore do not use “do not track” signals.
(2) We do not authorize the collection of personally identifiable information from our users for third party use through advertising technologies without separate member consent.
California Civil Code Section 1798.83 also permits our customers who are California residents to request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org. Please note that we are only required to respond to one request per customer each year.
email@example.com or (781) 276-4000
Aware is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
XV. FURTHER INFORMATION
If you have any concerns or require any further information, please do not hesitate to contact firstname.lastname@example.org.