Skip to content
Close
SEARCH
CONTACT
PHONE HOTLINE: +1 631 952 2288E-MAIL: sales@vicon-security.com
GET A DEMO
PHONE HOTLINE: +1 631 952 2288E-MAIL: sales@vicon-security.com
GET A DEMO

Biometric Privacy Consent

TABLE OF CONTENTS
loading...

BIOMETRIC DATA PRIVACY CONSENT AND SECURITY POLICY

  1. General Information. By using the biometric recognition feature (the “ Services”), provided by and through Vicon Industries, Inc., a New York corporation (the “Company”), its vendors and/or licensors, the user (“You” or the “ Customer”) agree to be bound by the following terms and conditions (“Terms of Use”) set forth in this Biometric Data Privacy Consent and Security Policy (“Policy”). Please read the Terms of Use carefully before using the Services. If you do not agree with any part of these Terms of Use, you should not use the Services, or enter a property or facility that is utilizing the Services.
  2. Consent and Release to Use Biometric Data and other Personal Information. By using or subjecting yourself to the Services, you explicitly release and consent to the collection, storage, and use of your Biometric Data (defined below), images, personal identifiable information, and other Personal Data (defined below) by the Company, its vendors and/or licensors for the purpose set forth below in Section 4 and any other purpose set forth in this Policy. You further explicitly consent that your Biometric Data may be used by the Company, its vendors, and licensors to provide, maintain, and improve the Services.
  3. Definitions.
    1. Biometric Data” comprises: 1) biometric identifiers including data captured by a retina or iris scan, fingerprint scan, voiceprint, or scan of hand or facial geometry; and 2) other biometric information, regardless of how it is captured, converted, stored, or shared, that is based on an individual’s biometric characteristics used to identify an individual.
    2. Controller,” “Commissioner,” “Processor,” “Data Subject,” “Personal Data,” “Personal Data Breach,” and “Processing” all have the meanings given in the applicable data protection and privacy legislation in force from time to time, including the Data Protection Act 2018, and the UK GDPR (as defined in in section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018.
    3. Law” means any statute, law, ordinance, regulation, rule, code, order, constitution, treaty, common law, writ, determination, decree, or other requirement or rule of law, of any federal, state, local, or foreign government (including, specifically, the Data Protection Act 2018 and the UK GDPR), or political subdivision thereof, school district, any regulatory authority, or any arbitrator, court, or tribunal of competent jurisdiction.
  4. Role of the Parties: You and the Company agree and acknowledge that you are the Controller, and the Company, its vendors, and/or licensors are the Processor with respect to the Processing of Biometric Data collected through the use of the Company’s Services. You retain control of the Biometric Data and remain responsible for your compliance obligations under applicable Law, including but not limited to, providing any required notices and obtaining any required consents, and for the written processing instructions you give to the Company, its vendors, and/or licensors.
  5. Purpose for Collection of Biometric Data. The Company, either directly or indirectly through its vendors and/or licensors, collects, stores, and uses Biometric Data, images, personal identifiable information, and other Personal Data for the purpose of access control, security, safety, employee and visitor identification, operational needs, and preventing fraud or other misappropriation or theft in association with your property or facility.
  6. Nature of Processing. In the provision of the Services, the Company may Process some or all of the following categories of Personal Data relating to types of Data Subjects: name, user credentials, biometric facial templates, and contact information (mobile telephone number and/or email). You and the Company acknowledge that Biometric Data used to monitor individuals for the purpose of detecting or preventing crimes is a special category of Personal Data. The Processing activities undertaken by the Company, its vendors, and/or licensors in the provision of the Services may include the recording, temporary storage and retrieval (at your direction) of Biometric Data.  The Company shall only Process such Biometric Data for the term of your agreement with the Company, its vendors, and/or licensors and up to 60 days after termination of such agreement.
  7. Company Obligations. The Company will only Process the Biometric Data to the extent, and in such a manner, as is necessary to provide the Services in accordance with these Terms of Use and your instructions. The Company will not Process Biometric Data for any other purpose or in a way that does not comply with these Terms of Use or applicable Law.
    As required by applicable Law, the Company:
    1. will take reasonable measures in accordance with accepted industry practice to maintain the confidentiality of the Biometric Data and will not disclose or sell the Biometric Data to third parties, aside from its contractors, vendors, and licensors (its “Subcontractors”), without specific authorization from you or as required by Law, court or regulator (including the Commissioner);
    2. will take reasonable steps to ensure its employees and Subcontractors understand the confidential nature of the Biometric Data, are bound by confidentiality obligations, and are suitably trained and aware of the responsibilities for handling Biometric Data under applicable Law;
    3. will take reasonable steps to ensure the reliability and integrity of those individuals with access to the Biometric Data;
    4. will provide details of its current Subcontractors upon request, and the Company will only authorize any other party to process Biometric Data for a specific purpose in connection with the provision of the Services who is bound by terms similar to those in this Policy to ensure appropriate technical and organizational measures to protect the Biometric Data. The Company acknowledges its responsibility for Processing activities conducted by its Subcontractors;
    5. will implement and maintain appropriate measures to ensure the integrity and availability of Biometric Data which is stored in the Company equipment until such time as it is downloaded by you into your own repositories, including regular testing and evaluation of the effectiveness of those measures;
    6. will implement and maintain appropriate technical and organizational measures against accidental, unauthorized or unlawful Processing, access, copying, modification, reproduction, display or distribution of the Biometric Data, and against accidental or unlawful loss, destruction, alteration, disclosure or damage of Biometric Data appropriate to the risk associated to the Biometric Data, and in particular to the special category Biometric Data which may be processed in the provision of the Services. Details of those measures are available on request and are reviewed and updated by the Company from time to time;
    7. will reasonably assist you in meeting your compliance obligations under applicable Law, taking into account the nature of the Company’s Processing and the information available to the Company, including in relation to Data Subject rights, data protection impact assessments and reporting to and consulting with regulators under applicable Law; and
    8. with respect to Biometric Data collected from Customers located in the United Kingdom or the European Economic Area (“EEA”), will not transfer or Process Biometric Data outside of the UK or the EEA without your prior consent, such consent to include a direction to transfer Biometric Data to a Customer-managed repository which is located outside of the UK.
  8. Customer Obligations. You shall be solely responsible for compliance with Controller obligations under applicable Law, and in particular, you warrant that:
    1. if you are located in the United Kingdom or the EEA, you have valid registration required by the Commissioner to cover the intended Processing activities and you have paid all fees (where appropriate);
    2. you have a lawful basis under applicable Law to allow the Company to Process the Biometric Data, so that the Company’s Processing of Biometric Data is fair and lawful and where the lawful basis is reliant on consent, you have obtained valid consent such that the expected use of the Biometric Data will comply with applicable Law;
    3. you have fully complied with your obligations to provide clear and sufficient information to Data Subjects in connection with applicable Law including providing appropriate visual notification, and privacy information notices that confirm that the Company is providing the Services;
    4. you are solely responsible for ensuring that your staff and personnel who will use the Services are appropriately trained and will comply with any guidance or instructions issued by the Company;
    5. you will take appropriate technical and organizational measures to ensure your own Processing of the Biometric Data is in accordance with applicable Laws; and
    6. you will indemnify the Company against any failure to comply with the provisions in this Section 8.
  9. Data Breach Response. As required by applicable Law, the Company will promptly (and without undue delay) notify you, in writing, if it becomes aware of any loss of use of the Biometric Data or any accidental unauthorized or unlawful Processing of the Biometric Data or a data breach affecting the Biometric Data. To the extent possible, the Company will inform you of the nature of the incident and affected data and the likely consequences and any corrective, mitigating or restorative actions. You and the Company shall cooperate with each other to investigate and/or resolve such incident, and both shall provide reasonable access to relevant records, files or reports to facilitate such resolution. Unless required by Law, the Company shall not notify or inform a third party of any such incident without your prior written approval.
  10. Cooperation with Regulatory Compliance. Subject to reasonable reimbursement of costs, the Company shall cooperate and provide information that you may reasonably require to enable you to comply with your obligations to individual Data Subjects and/or a regulator, including in relation to any complaint or exercise of any rights of a Data Subject.
  11. Retention and Deletion of Biometric Data. The Company will retain Biometric Data for as long as necessary to fulfill the purposes for which it was collected or as required by applicable Law. The Company will delete or permanently de-identify Biometric Data in the Company's possession or control when it is no longer needed for such purpose or as required by applicable Law. For Biometric Data collected from Customers located in the United Kingdom or EEA, Biometric Data recorded with each Hardware, if applicable, will be stored locally for up to sixty (60) days following recording or such longer time as is agreed between the parties where the Customer requests the Company to provide additional local or cloud storage services and the Company shall be responsible for ensuring that the locally stored Biometric Data is secure.
  12. Data Security. The Company is committed to protecting the security of your Biometric Data and does not sell your Biometric Data to third parties. However, you acknowledge that no method of transmission over the Internet or electronically is completely secure, and the Company cannot guarantee the absolute security of your Biometric Data.
  13. Records. You and the Company shall keep detailed, accurate records regarding the Processing of Biometric Data, including but not limited to the access controls and security measures implemented. You shall be responsible for maintaining a record of the Processing purposes and categories of Biometric Data Processed, and the Company shall maintain an accurate record of the technical and organizational measures in place.
  14. Audit. As required by applicable Law, the Company will permit you, on reasonable notice and subject to the guidelines to be provided by Company, to audit Company’s compliance with its obligations under these Terms of Use with regards to the Biometric Data Processing including providing reasonable access to documents, records and personnel subject to you maintaining the confidentiality of any Company data. The Company will make available relevant information and audit reports conducted by external certifying bodies (including but not limited to ISO) where available.
  15. Rights. You are free to decline to provide Biometric Data to the Company, its vendors and/or licensors at any time. You may revoke this release and consent at any time by notifying the Company in writing using the contact information provided in this Policy.
  16. Changes to Terms of Use. The Company reserves the right to modify or update these Terms of Use at any time, and you agree to be bound by such modifications or updates. It is your responsibility to review these Terms of Use periodically for changes. Your continued use of the Services after any changes to these Terms of Use constitutes your acceptance of these changes.
  17. Governing Law and Jurisdiction. These Terms of Use shall be governed by and construed in accordance with the laws of the State of New York, without regard to its conflict of laws provisions. Any disputes arising out of or relating to these Terms of Use or your use of the Services shall be subject to the exclusive jurisdiction of the courts of the State of New York.
  18. Contact. If you have any questions or concerns regarding this Policy, or would like to revoke your release and consent, you may contact the Company using the information located at the following website: vicon-security.com/about-vicon/contact-us/.