HID Global Corporation
Effective Date: May 25, 2018
This Policy applies solely to information collected by HID via: (i) HID's Secure Identity Services websites ("Site(s)") through which HID offers its HID Mobile Access and HID Reader Manager services ("Services") and (ii) the HID Mobile Access or Reader Manager mobile applications ( "App(s)"). This Policy does not apply to Personal Data processed outside of the Sites, Services or Apps. "Client(s)" means third parties that purchase the Services from HID or an authorized HID reseller. "Constituent(s)" means the individuals whose Personal Data may be provided to HID by the Constituent and/or by and on behalf of a Client (for example, a Client employer may disclose certain information of its Constituents employees' information to HID for purposes of obtaining Services from HID). The use of information collected through the Services shall be limited to the purpose of providing the Services for which the Client has engaged HID.
EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework
HID is responsible for the processing of Personal Data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. HID complies with the Privacy Shield Principles for all onward transfers of Personal Data from the EU and Switzerland, including HID's potential liability under the onward transfer liability provisions.
With respect to Personal Data received or transferred pursuant to the Privacy Shield Framework, HID is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. The TRUSTe dispute resolution process shall be conducted in English.
Under certain conditions, more fully described on the Privacy Shield website [https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint], you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Notice, Collection and Use of Personal Data
HID collects no Personal Data about individuals when they generally visit HID's Site. If an individual chooses to complete a Services customer application process, download and use our Services, engage HID in the performance of Services or have or will receive a personalized credential, HID will collect Personal Data as set forth in this Policy below:
a. HID will collect the following Personal Data that a Client provides to HID as part of the Services application process: Client's company name and address; Constituent's name, title, email, phone number, and password.
b. When you download and use the App(s), we automatically collect technical data and related information about the mobile devices being used for the Services, including information on the device hardware type and capabilities, operating system version, App information, settings and error logs as well as unique identifiers for the device, App and credential(s). We may also record beacon and location data (e.g. GPS positions) in conjunction with usage of the service.
c. HID may also collect Personal Data of a Client's Constituents, either indirectly from the Client or directly from a Constituent, based on the information that a Client or Constituent provides to HID for publication on a credential and additional add-on services, including, without limitation:
HID will use such Personal Data to perform a contract with the Client, namely to respond to Clients' or Constituents' requests and inquiries, assist Clients with password retrieval, send email notifications to Clients and Constituents related to the Services, and provide the Services for Constituents on behalf of Clients.
HID will also track individual devices and user behavior; purely to improve support, perform root cause analysis, improve experience, improve processes, enhance security, and provide new services.
HID discloses Personal Data as set forth in the Section titled "Onward Transfer" below.
HID recognizes the privacy interests of children and HID encourages parents and guardians to take an active role in their children's online activities and interests. The Sites and the Services are not intended for children under the age of 13. HID does not target the Sites or its Services to children under 13. HID does not knowingly collect Personal Data from children under the age of 13.
HID will not disclose to a third party (except to its service providers as set forth in the Section titled "Onward Transfer") or use Personal Data other than as set forth in this Policy without first giving individuals the right to opt in to such other use. HID does not sell your Personal Data to third parties. Individuals will have the choice to opt in to allow HID to disclose their Personal Data to a third party (except to its service providers as set forth in the Section titled "Onward Transfer") or to use it for a purpose incompatible with the purpose for which it was originally collected or authorized. HID will allow individuals to exercise this opt in option by sending a written request.
Information Related to Data Collected through the Services
HID collects information under the direction of its Clients, and has no direct relationship with the Constituents whose Personal Data it processes. We may transfer Personal Data to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our Clients.
Retention of Data Controlled by our Clients
We will retain Personal Data we process on behalf of our Clients for as long as needed to provide Services to our Client. HID will retain this Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. The default data retention period is 1 year.
As is true of most websites, we gather certain information automatically. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exist pages, the files viewed on our Sites (e.g. HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the Sites.
Cookies and Other Tracking Technologies
If an individual uses the Sites, HID may also collect and store certain information about that individual's visit automatically including: 1) internet domain and IP address from which the individual accessed HID's Site; 2) the date and time the individual accessed HID's Site; and 3) the pages the individual visited. HID may also collect general demographic and profile data at HID's Site from time to time. HID will use this data internally in order to better understand and assist HID's customers and to help improve the Sites and Services. This data is used in aggregate form.
HID may use data analytics software to allow us to better understand the functionality of our Services and Apps to provide improved services. This software may record information such as how often you use the Service(s) and/or App(s), the events that occur within the Service(s) and/or App(s), aggregated usage, performance data, and where the App was downloaded from.
HID may provide Personal Data, the data generated by cookies and the aggregate information to the vendors and service agencies that HID may engage to assist us in providing HID's Services to Clients and Constituents for their internal use solely to provide HID with such assistance (for example, HID's hosting providers). For additional information, please see the Section titled "Data Security" below.
From time to time, HID may purchase a business or sell HID's business (or a portion thereof) and Personal Data may be transferred as a part of the purchase or sale. In the event that HID purchases a business, the Personal Data received with that business will be treated in accordance with this Policy. In the event that HID sells a business, HID will use reasonable efforts to include provisions in the selling contract requiring the purchaser to treat Personal Data in substantially the same manner required by this Policy (including any amendments). You will be notified via email and/or a prominent notice on the Site(s) of any change in ownership or uses of your Personal Data, as well as any choices you may have regarding your Personal Data.
HID may also disclose Personal Data as set forth in the "Disclosures Required by Law" Section below.
Disclosure Required by Law
HID may cooperate with law enforcement agencies in identifying users who use the Sites or Services for illegal activities. Therefore, HID will respond to subpoenas, warrants, or other court orders regarding information concerning any user. HID will, at HID's discretion, disclose information, including Personal Data, if HID reasonably believes that HID is required to do so by law, that such disclosure is necessary to protect HID from legal liability, or that HID should do so to protect the integrity of the Site or the Service.
Wherever Personal Data is within HID or on its behalf, HID will take reasonable steps to protect the Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction. HID trains employees on its Policy guidelines and makes the Policy available to its business partners. In addition, HID and its business partners enter into confidentiality agreements that require that: (i) care and precautions be taken to prevent loss, misuse, or disclosure of Personal Data and (ii) any service providers only use Personal Data to perform services on behalf of HID. It is important for each Client to protect against unauthorized access to Client's online account password and to Client's account which holds Personal Data of Client and its Constituents.
In addition, HID takes precautions to protect Personal Data processed by the Services: HID uses industry-standard security measures, such as firewalls and encryption technology, that are reasonably designed to safeguard the confidentiality of Personal Data. HID also periodically conducts security reviews and assessments both internally and via third party independent professionals. HID stores Personal Data on secured servers and only authorizes access to certain authorized personnel.
If you have any questions about the security of our Sites, Services and Apps, you can contact us at email@example.com.
HID processes Personal Data only in ways required to operate and provide HID's Services. To the extent necessary for such purposes, HID will take reasonable steps to make sure that Personal Data is accurate, complete, current, and otherwise reliable as set forth in the "Disclosure Required by Law" Section above and by enabling each Client to access Client's own account and update Client's and its Constituents' Personal Data. At such as time as HID determines that it no longer requires Personal Data in connection with the Services, or as required by applicable law, HID will return or permanently delete Personal Data in each Client account and remove it from HID's systems and records. HID may retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce its agreements.
Upon request, HID will provide you with information about whether we hold any of your Personal Data. Except where the burden or expense of providing access would be disproportionate to the risks to the individual's privacy in the case in question, or where the rights of persons other than the individual would be violated, HID provides Client's approved administrator with the ability to: (i) reasonably access the Personal Data that HID holds about Client and its Constituents by logging into Client's account; (ii) correct or amend Personal Data in Client's account by logging into Client's account; and (iii) delete information about Client and its Constituents where it is inaccurate by sending HID a written request (see Contact Us section below). If a Constituent wishes to request access to its Personal Data held by HID, the Constituent may send a written request to HID. HID will respond to your request to access Personal Data within 30 business days from the date HID receives your request.
We will retain your information for as long as your account is active or as needed to provide you Services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Links to 3rd Party Sites
You may receive emails from us as part of our Service(s). If you no longer wish to receive these emails, you may opt out of them by email request. Email: firstname.lastname@example.org
This Policy may be updated from time to time as the Services and Apps change and expand. HID suggests that each individual review the Policy periodically. In the event of a material change to the Policy, HID will post a change notice on the Site(s) and HID may notify individuals of such changes through contact information that HID has for such individuals prior to the change becoming effective. If HID amends the Policy, the new Policy will apply to Personal Data previously collected by HID only insofar as the rights of the individual affected are not reduced.
HID Global Corporation
611 Center Ridge Drive
Austin, TX 78753