Effective as of 10 Sep 2021
This Privacy Policy explains how Nirovision Holdings Pty. Ltd. (“Nirovision”, or “we”, “us” or “our”) collects, uses and shares your personal information if you visit our websites or register to use our services, and explains your choices for how we handle your personal information. For convenience, our online and/or mobile services, websites, SDKs, APIs, identity management portal, documentation, models, features, functions, software, technical support, updates, upgrades and anything else we make available for use are collectively referred to as “Services.”
We adhere to the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act) and to the extent applicable, the EU General Data Protection Regulation (GDPR).
If you do not agree with this policy, do not access or use our Services or interact with any other aspect of our business. Where we provide the Services under contract with an organisation (for example, your employer) that organisation controls the information processed by the Services. For more information, please see Organization-Administered Accounts section below.
Nirovision respects your privacy rights and is committed to transparency in how we collect, use and share your personal information. If you have any questions or concerns about your personal information or this Privacy Policy, email us at [email protected].
We collect personal information about you in the following ways:
Personal information that you may provide through the Services or otherwise communicate to us includes:
Our servers may automatically record certain information about how you use the Services, such as your Internet Protocol (IP) address, device and browser type, operating system, the pages or features of the Services that you browsed and the time spent on those pages or features, the frequency with which you use the Services, search terms, the links that you click on or use, and other statistics. We collect this information in server logs and by using cookies and similar tracking technologies to analyse trends, administer the website, track users’ movements around the website, gather demographic information about our user base as a whole, and deliver advertising.
For more information, please see our Cookies Policy, which includes information on how to control or opt out of these cookies and tracking technologies. You may be able to change the preferences on your browser or mobile device to prevent or limit your acceptance of cookies, but this may prevent you from taking advantage of some of our Services’ features.
When you, or an organisation for whom you work or whose premises you attend, uses our Services, camera(s) may capture footage of you for the purpose of automated biometric verification or biometric identification. In order to perform automated biometric verification, the system generates an “embedding” to represent a face. Embeddings are multidimensional numbers used to represent something. They are not human readable. These embeddings are unique to our system and are not useable in any other system. It is also impossible to “reconstruct” a face purely from an embedding.
Other users of our Services may provide information about you when they submit content through the Services. We receive your email address from other Services users when they provide it in order to invite you to the Services.
It is important that the personal information we hold about you is accurate and current. Please let us know if your personal information changes during your relationship with us by emailing us at [email protected]
Data captured by camera(s) or by other means at a customer site is stored on an on-premise server, with video footage having a rolling-delete functionality. Biometric information is also stored in the server as embeddings and metadata.
Generally, but subject to any terms of this Privacy Policy to the contrary, all client data, including embeddings, thumbnails, results and metadata are stored and encrypted in disparate cloud systems for 60 (sixty) days, built on the Sydney Node of the AWS (Amazon Web Services) platform. Nirovision stores data solely in Australia.
User and usage information stored in the Nirovision platform is actively destroyed after its useful purpose has passed. Specifically:
The retention time can be increased or decreased, if required and by arrangement.
How we use the information we collect depends in part on which Services you use, how you use them, and any preferences you have communicated to us. Below are the specific purposes for which we use the information we collect about you.
We use your information in the following ways:
When you use the Services, we share certain information about you with other Service users, however we do not share biometric information with other Service users, other than for the purpose of provision of the Services and then only to specified members of staff of the customer organisation that you are connected with for the purpose of their use of the Services, which may include the organisation being alerted in certain circumstances, reporting on time and attendance, and collating data for contact tracing if required.
If you register or access the Services using an email address with a domain that is owned by your employer or organization, and such organization wishes to establish an account or site, certain information about you including your name, email address and activity in the Services may become accessible to that organization’s administrator and other Service users sharing the same domain.
We never share biometric information with Third Parties. We share information with third parties that help us operate, provide, improve, integrate, customize, support and market our Services. We neither rent nor sell your Personal Information to anyone. We share your Personal Information (in personally identifiable form) with third parties only as described below.
In certain situations, businesses or third party websites we’re affiliated with may sell items or provide services to you through the Services (either alone or jointly with us). We may, for example, sell products or provide services jointly with affiliated businesses. You can recognise when an affiliated business is associated with such a transaction or service, and we will share your Personal Information with that affiliated business only to the extent that it is related to such transaction or service. We may share non-personally identifiable information (such as anonymous usage data, referring/exit pages and URLs, platform types, number of clicks, etc.) with interested third parties to help them understand the usage patterns for certain Nirovision Services.
We may employ third party companies and individuals to administer and provide the Service on our behalf such as authentication, customer support, hosting, backup, storage, virtual infrastructure, website analytics, email delivery, database management services and other services for us. These third parties are permitted to use your personal information only to perform these tasks in a manner consistent with this Privacy Policy and are obligated not to disclose or use it for any other purpose.
When you subscribe to Nirovision, any credit card information you provide as part of your Payment Information is collected and processed directly by our payment processor Stripe through their Stripe Checkout service. We never receive or store your full credit card information. Stripe commits to complying with the Payment Card Industry Data Security Standard (PCI-DSS) and using industry standard security. Stripe may use your Payment Information in accordance with their own Privacy Policy here: https://stripe.com/us/checkout/legal.
You understand that we cannot control what other users do with any content (including without limitation video, images, captions, and comments) you voluntarily disclose for such users to view on the Service (“User Submissions”). For example, we will share your video content with other users as directed by you via the functionality of the Services. We cannot control if other users you have allowed access to your User Submissions make such User Submissions publicly available and to be collected and used by others, or to be redistributed through the internet and other media channels.
Some of our Services contain widgets and social media features. These widgets and features collect your IP address, which page you are visiting on the Services, and may set a cookie to enable the feature to function properly. Widgets and social media features are either hosted by a third party or hosted directly on our Services. Your interactions with these features are governed by the privacy policy of the company providing it.
The Services may include links that direct you to other websites or services whose privacy practices may differ from ours. If you submit information to any of those third party sites, your information is governed by their privacy policies, not this one. We encourage you to carefully read the privacy policy of any website you visit.
We may release Personal Information when we believe in good faith that release is necessary to comply with that law; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of Nirovision, our employees, our users, or others. This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction.
We may choose to buy or sell assets. In these types of transactions, customer information is typically one of the business assets that is transferred. Also, if we (or substantially all of our assets) are acquired, or if we go out of business or enter bankruptcy, Personal Information would be one of the assets transferred to or acquired by a third party.
In some cases we may ask for your consent to collect, use or share your personal information, such as when you let us post your testimonials or endorsements in the Service. Except as set forth above, you will be notified when your Personal Information may be shared with third parties, and will be able to prevent the sharing of this information.
Nirovision Holdings Pty. Ltd. will comply with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use.
We process your personal information as a Processor and/or to the extent that we are a Controller as defined in the GDPR.
We must establish a lawful basis for processing your personal information. The legal basis for which we collect your personal information depends on the data that we collect and how we use it. We will only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose.
We will keep your data safe and secure.
We will also process your personal information if it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation. We process your personal information if it is necessary to protect your life or in a medical situation, it is necessary to carry out a public function, a task of public interest or if the function has a clear basis in law.
We do not collect or process any personal information from you that is considered “Sensitive Personal Information” under the GDPR, such as personal information relating to your sexual orientation or ethnic origin unless we have obtained your explicit consent, or if it is being collected subject to and in accordance with the GDPR.
You must not provide us with your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal information of children without consent.
If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used. Nirovision Holdings Pty. Ltd. complies with your rights under the GDPR as to how your personal information is used and controlled if you are an individual residing in the EU
Except as otherwise provided in the GDPR, you have the following rights:
Please contact us at any time to exercise your rights under the GDPR at the contact details in this Privacy Policy. We may ask you to verify your identity before acting on any of your requests.
Information that we collect may from time to time be stored, processed in or transferred between parties or sites located in countries outside of Australia. These may include, but are not limited to Australia and U.S.A.
We and our other group companies have offices and/or facilities in Australia and U.S.A. Transfers to each of these countries will be protected by appropriate safeguards, these include one or more of the following: the use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website; the use of binding corporate rules, a copy of which you can obtain from Nirovision Holdings Pty. Ltd’s Data Protection Officer.
The hosting facilities for our website are situated in Australia and U.S.A. Transfers to each of these Countries will be protected by appropriate safeguards, these include one or more of the following: the use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website; the use of binding corporate rules, a copy of which you can obtain from Nirovision Holdings Pty. Ltd’s Data Protection Officer.
Our Suppliers and Contractors are situated in Australia and U.S.A. Transfers to each of these Countries will be protected by appropriate safeguards, these include one or more of the following: the use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website; the use of binding corporate rules, a copy of which you can obtain from Nirovision Holdings Pty. Ltd’s Data Protection Officer.
You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
We are committed to ensuring that the information you provide to us is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.
We limit access to personal information about you to employees who we believe reasonably need to come into contact with that information to provide products or services to you or in order to do their jobs.
Where we employ data processors to process personal information on our behalf, we only do so on the basis that such data processors comply with the requirements under the GDPR and that have adequate technical measures in place to protect personal information against unauthorised use, loss and theft.
The transmission and exchange of information is carried out at your own risk. We cannot guarantee the security of any information that you transmit to us, or receive from us. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that personal information that we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.
The Services may contain links to other websites and services operated by third parties, such as social media platforms, advertising services and other websites and applications. These links are not an endorsement of, or representation that we are affiliated with, any third party. We do not control third party websites, applications or services, and are not responsible for their actions. Other websites and services follow different rules regarding their collection, use and disclosure of your personal information. We encourage you to read their privacy policies to learn more.
You may request details of personal information that we hold about you in accordance with the provisions of the Privacy Act 1988 (Cth), and to the extent applicable the EU GDPR.
If you would like a copy of the information which we hold about you or believe that any information we hold on you is inaccurate, out of date, incomplete, irrelevant or misleading, please email us at [email protected]. We reserve the right to refuse to provide you with information that we hold about you, in certain circumstances set out in the Privacy Act or any other applicable law.
Where the Service is provided to you through your employer or another organisation, that organisation is the administrator of the Service and we act only as its service provider. We are not responsible for the privacy or security practices of these organisations, which have their own privacy policies, and we encourage you to contact them with your privacy-related questions or requests to access, correct or delete your personal information.
Please note that your organisation’s administrator may be able to:
Please contact your organisation or refer to your administrator’s organisational policies for more information.
We may change this privacy policy from time to time. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice by adding a notice on the Services homepages, login screens, or by sending you an email notification. We will also keep prior versions of this Privacy Policy in an archive for your review. We encourage you to review our privacy policy whenever you use the Services to stay informed about our information practices and the ways you can help protect your privacy.
If you disagree with any changes to this privacy policy, you will need to stop using the Services and deactivate your account(s), as outlined above.
If you would like to make a complaint about the way we collect, use, disclose, store or administer your personal information, or otherwise consider there may be a breach of the Privacy Act or the APPs, you may lodge a complaint by contacting our Privacy Contact Officer using the contact details set out below.
All complaints will be treated seriously and dealt with promptly.
You may also make a complaint directly to the Office of the Australian Information Commissioner (OAIC) online, by mail, fax or email. Please visit the OAIC website at http://www.oaic.gov.au/privacy/making-a-privacy-complaint for more information.
If you have any questions or concerns about our Privacy Policy, please contact us.
Nirovision Holdings Pty. Ltd. 2/120 Sussex Street Sydney, NSW 2000. Australia
Email: [email protected]