Noah Facial Recognition Pty Ltd ("NoahFace") is committed to privacy and adheres to the requirements of the UK General Data Protection Regulation ("UK GDPR").
You can learn about the UK GDPR from the Information Commissioner's Office.
Using the terminology of the UK GDPR:
NoahFace adheres to the UK GDPR Principles as follows:
NoahFace only uses data in a manner that is both lawful and fair. This is covered further in the Lawful Basis of Processing section.
NoahFace provides complete transparency as to:
These questions are answered in detail in our Privacy Statement.
The NoahFace System stores Personal Data only for the purpose of allowing our Customers to perform the business functions they decide they need, which may include:
NoahFace does not use the stored data for its own purposes, nor does it provide access to the stored data to any third parties for their own purposes.
The NoahFace System only stores data that is needed to perform the business functions our Customers decide they need. The NoahFace System provides features to help Customers further minimise stored data. Specifically, our Customers can choose to:
The NoahFace System provides features to synchronise Personal Data from source systems (eg: a payroll system or an access control systems), so that this data is as accurate as these source systems. When capturing event data, the NoahFace System uses automated sources of data (eg: the date/time, the location on a device, or a specific button that was pressed) so that the captured data is accurate.
The NoahFace System only retains event data for as long as our Customers decide they need it (or for 90 days by default).
NoahFace has appropriate security measures in place to protect the data held in the NoahFace System. This is covered further in the Security section.
NoahFace has appropriate measures and records in place to be able to demonstrate compliance with the UK GDPR. This is covered further in the Accountability and Governance section.
NoahFace enters into a Contract with our Partners to process data on their behalf. In turn, our Partners enter into a Contract with each of their Customers to process data on their behalf.
The NoahFace System can capture, store, and process biometric data, which is considered a Special Category of Personal Data under the UK GDPR. The UK GDPR allows for the processing of biometric data when explicit Consent is provided by Data Subjects, as is required by the NoahFace system. This is covered further in the following section.
Data Subjects are required to provide explicit Consent to the capture and processing of Personal Data, and biometric data in particular. The NoahFace System:
NoahFace recognises and supports the fundamental Individual Rights defined by the UK GDPR:
NoahFace has developed specific product features to make it easy for Customers to deliver these rights to individuals.
The NoahFace System clearly discloses in the privacy statement (which Data Subjects consent to) what data is captured and what it is used for. Customers can augment this privacy statement if they want to add additional disclosures.
The NoahFace System allows Customers to export all of the Personal Data for an individual. When an individual makes a request for their data, all of their data (including event photos) can be packaged up into a "ZIP" file, which can be easily provided to them.
The NoahFace System allows Customers to edit data the Personal Data for an individual.
The NoahFace System allows Customers to immediately and permanently erase all of the Personal Data for an individual. This includes all of their profile data (eg: their name), their profile picture, their recorded events and associated photos, and their biometrics.
The NoahFace System allows Data Subjects to withdraw their consent. This deletes their biometrics and they will no longer be recognised.
The NoahFace System allows Customers to export all of the Personal Data for individuals. Data is exported using industry standard file formats (eg: JPEG, CSV, etc) for ease of portability.
The NoahFace System allows Data Subjects to withdraw their consent. This deletes their biometrics and they will no longer be recognised.
The NoahFace System:
NoahFace is committed to Accountability and Governance as defined by the UK GDPR:
NoahFace enters into a Contract with each of our Partners to process data on their behalf. NoahFace has entered into an agreement with its Sub-Processors (ie: Amazon Web Services).
NoahFace maintains comprehensive documentation regarding our data processing.
NoahFace has formally conducted a Data Protection Impact Assessment (DPIA).
NoahFace has formally appointed a Data Protection Officer. If you have any questions or concerns about data protection, please contact our Data Protection Officer at: [email protected]
NoahFace has designed data protection into our core processes and systems. In particular:
The NoahFace System uses appropriate encryption techniques to protect data including:
The NoahFace System uses appropriate password management techniques to protect data including:
The NoahFace Cloud service is hosted on Amazon Web Services (AWS) and utilises an Australian based data centre. As such, when a UK based Customer is utilising the NoahFace service an International Transfer of data takes place.
NoahFace enters into a Contract with each of our Partners to process data on their behalf. This contract incorporates standard data protection clauses recognised or issued in accordance with the UK data protection regime. These are known as ‘Standard Contractual Clauses’ (‘SCCs’ or ‘model clauses’). The SCCs contain contractual obligations on the Partner (the data exporter) and NoahFace (the data importer), and rights for the individuals whose personal data is transferred.