Privacy Policy

This is the Privacy Policy for Noah Facial Recognition Pty Ltd ("NoahFace", "we").

This Privacy Policy was last updated: 28th January 2021 and is effective from 28th January 2021.

This Privacy Policy details:

• What information we collect.
• How we use information.
• How we protect information.
• When we destroy information.
• How we comply with local legislation.
• How we update this privacy policy.
• How to contact NoahFace regarding privacy.
• How to contact Government regarding privacy.

What Information we Collect

Business Information

We collect information about organisations that use or may use our services. This includes information such as the organisations:

• Name.
• Location.
• Industry.
• Size.
• Contact Details (eg: Primary Contact, Email, Phone, etc).
• Subscription Details (eg: Selected Plan, Credit Card details, Payment History, etc).

Collecting this information is essential to us doing business with you.

User Information

The NoahFace platform (which is Cloud based, and accessed using a Web browser) allows you to manage information about the users of the NoahFace Apps (eg: your employees, members, students, or customers). This includes information such as their:

• Unique identifier (eg: employee number, member number, etc).
• Name.
• Contact details (ie: email and mobile phone number).

The NoahFace App (which runs on a mounted iPad and is used by many users) allows each users to register - a process which allows users to submit their:

• Profile picture.
• Biometric data (ie: key facial features).

The NoahFace Go App (which runs on an individual user's mobile phone) allows users to submit their:

• Profile picture (this requires the user's explicit consent).

Collecting this information is essential to the operation of the NoahFace Apps and to you doing business.

Biometric Information

Biometric information is a subset of user information, but is a special form of information for which additional privacy protections are offered. NoahFace provides important capabilities to support the responsible collection and use of biometric data, including:

• Requiring users to acknowledge a simple privacy statement and to actively consent to the capture of biometric data.
• Allowing non-consenters to use an alternative means of identification, such as passcodes.
• Allowing users to remove their consent at any time, at which time biometric data is destroyed.

Usage Information

The NoahFace platform allows you to collect information about each activity (or event) performed using the NoahFace Apps. This includes information such as:

• The date and time.
• The identifier of the user.
• The type of activity (eg: clock in, access, start job, etc.)
• Details of the activity (eg: an entered job number or selected task type).

The NoahFace App (which runs on a mounted iPad and is used by many users) also allows you to collect:

• The user's photo.
• The user's temperature (if an optional temperature sensor is deployed).

The NoahFace Go App (which runs on an individual user's mobile phone) also allows you to collect:

• The user's location (this requires the user's explicit consent).

Collecting this information is essential to the operation of the NoahFace Apps and to you doing business.

How we Use Information

Business Information

We collect information on organisations that use or may use our services so we can keep these organisations informed about relevant and important changes. For example, this allows us to notify organisations of updates to:

• The NoahFace Apps.
• Pricing
• This Privacy Policy.

We may also contact you regarding other related products or services offered by us or our partners. If we do contact you via email, we will provide a mechanism for you to opt out of receiving future email communications.

We do not sell or rent your business information, including your contact details, to others.

User Information

The NoahFace platform allows you to manage information on your users so that you can control which users can make use of the NoahFace Apps, and how they can use it. For example, to control which employees:

• Need to record their time and attendance.
• Have access to restricted areas.

Information on your users is only available to you; NoahFace does not use this information for our own purposes, nor do we sell or rent it to others.

Biometric Information

The biometric data collected by the NoahFace App (which runs on a mounted iPad and is used by many users) allows users to be recognised automatically after registration.

Usage Information

The NoahFace Apps (both NoahFace and NoahFace Go) allow you to collect information about each activity (or event). If you use the NoahFace Apps stand-alone, the usage data is only retained on your device. If you choose to connect the NoahFace Apps to the NoahFace platform (which is Cloud based, and accessed using a Web browser), then this information is retained in the NoahFace platform so that you can perform queries and reports on it.
‍
A subset of the usage information may also be passed to 3rd party systems used by your organisation. For example, it may be passed to:

• Your Payroll System, to automatically populate timesheets, so that employees can be paid.
• Your Access Control System, to evaluate whether a user should have access a restricted area, so that security can be maintained.

Information on the usage of the system is only available to you; NoahFace does not use this information for our own purposes, nor do we sell or rent it to others.

How we Protect Information

Business Information

Information on businesses that use or may use our services are stored in our IT systems. We take your privacy seriously, and take responsible measures to secure this information. For example:

• Network transmisions of data are encrypted.
• Biometric data is encrypted while at rest.
• Data is backed up.
• etc.

User/Usage Information

Information on your users and their usage of the NoahFace Apps may be stored on your devices, in our IT systems, or in linked 3rd party systems (eg: your Payroll System or Access Control System). We take responsible measures to protect the information stored in our IT systems. For example:

• Network transmisions of data are encrypted.
• Biometric data is encrypted while at rest.
• Biometric data is not shared with 3rd party systems.
• Biometric data is not exportable.
• Data is backed up.
• etc.

We recommend you take additional steps to protect this information including:

• Ensuring your premises are physically secured.
• Physically securing your devices (using lockable stands/mounts).
• Backing up your devices using iCloud services.
• Not sharing passwords between users.
• Reviewing the privacy policies of any linked 3rd party systems (such as your Payroll System or Access Control System).

When we Destroy Information

User/Usage Information

User and usage information stored in the NoahFace platform is actively destroyed after its useful purpose has passed. Specifically:

• Information about each activity, such as clocking events or door entry events, is automatically destroyed after 90 days.
• Information about visitors (including photographs and biometrics) is automatically destroyed 90 days after their last visit.
• Information about other users (including photographs and biometrics) is automatically destroyed 90 days after you choose to delete it.
• Abandoned logins are automatically destroyed 1 year after their last use.
• Abandoned businesses are automatically destroyed 1 year after their last use.

‍The default retention period for information is 90 days; you can increase or decrease this retention period if required.

How we Comply with Local Legislation

Privacy legislation differs all over the world. If you collect, store, and process information, and particularly personal data, it is critical you understand and comply with your local privacy legislation. Using a provider such as NoahFace that has a strong commitment to privacy does not absolve your legal obligations around privacy. You should seek your own professional legal opinion on privacy legislation prior to implementing any new process that involves the collection, storage, and processing of information, and prior to using any service such as NoahFace.

The links below explain how NoahFace complies with, and/or helps you comply with, specific local legislation:

• United Kingdom GDPR

Changes

The latest version of the Privacy Policy is held at www.noahface.com/privacy

We reserve the right, at our sole discretion, to modify or replace this Privacy Policy at any time. If a revision is material we will try to provide at least 30 days notice prior to any new terms taking effect. What constitutes a material change be determined at our sole discretion.


Contacting NoahFace about Privacy

Should you have any concerns about your privacy or have any questions about this privacy policy, you can contact us at:

privacy@noahface.com


Contacting Government about Privacy
‍
Should you have further questions about privacy or your rights, you can also contact:
‍‍