GDPR Compliance Statement and Privacy Notice

Address
Authentic Vision GmbH
Ludwig-Bieringer-Platz 1
5071 Salzburg
Austria

Commercial Register No.: FN 386580 a
VAT Identification Number: ATU67525056

Managing Director
Thomas Weiß

Contact

tel: +43 720 98 44 60
[email protected]

This GDPR Compliance Statement and Privacy Notice (the “Privacy Notice”) sets out how Authentic Vision GmbH (“AV”) collects data via its authentication application on handheld mobile devices and how such data is processed.

Who is the controller of personal data?

Authentic Vision GmbH is the controller of personal information processed through its authentication application on supported handheld mobile devices.

What kind of data is collected?

The data collected includes date and time of use, geographic location, installation ID, manufacturer and model of device, the authentication result and related performance telemetry data. No additional data will be collected without your consent.

If an end user chooses to provide feedback or report counterfeit product or services, the user may choose to provide its contact details to AV. If the end user provides contact details, these may be used by AV and its customers and licensees for the purposes of providing feedback or a response to the end user.

What is the legal basis for the collection of data?

The collection of data is based on the user`s consent to the end user license agreement and this Privacy Notice upon installing the application. On using the application for the first time, a user must provide consent to the processing of personal data by AV.

How will the information be used?

AV uses the data to perform the AV services advertised and to optimize the user experience, fix errors and improve usability and effectiveness of the service. AV may update the use of your data and will ask for your consent to any changes regarding how your data is processed. AV operates a secure web portal for its business customers and licensees which shows the geographic location of where products with AV labels have been scanned and the result of such scans. AV may also aggregate the data specified above. The data may be used for the provision of authentication and anti-counterfeiting services and marketing (consumer and business) purposes.

Where required by applicable law, AV may be required to share data with government agencies, regulatory bodies and law enforcement authorities.  AV will share said data in accordance with the GDPR.

Online tracking and “Do Not Track” settings

Please note that AV’s website and application do not support “Do Not Track” browser settings regarding the collection of personal data.

How long will the data be stored for?

The data is stored as long as necessary to provide our service to you in accordance with mandatory law and is in all cases pseudonymised.

What rights does the data subject have?

At all times, AV guarantees the following individual´s rights

• the right to be informed;
• the right of access;
• the right to rectification;
• the right to erasure;
• the right to restrict processing;
• the right to data portability;
• the right to object and withdraw consent; and
• rights in relation to automated decision making and profiling.

How can the data subject raise a complaint?

If you have any concerns about privacy at AV, please contact us at [email protected] with a thorough description and we will try to resolve the issue for you. You can file a complaint with our principal supervisory authority, the Austrian Data Protection Agency (DSB), Barichgasse 40-42, 1030 Wien, Austria or with the applicable local data protection authority.

The key principles of data collection and storage

• AV will process all data fairly and lawfully;
• AV will only process pseudonymised data for specified and lawful purposes;
• AV will not keep any data for longer than is necessary;
• AV will keep all data secure and all data is stored on ISO 27001 certified servers located within the European Economic Area (EEA) and outside of the EEA; and
• AV will endeavour to ensure that data is not transferred to countries outside of the EEA without adequate protection or your consent to such transfer.

What about cookies?

AV may use cookies to enable our systems to recognise your browser or device and to provide the AV authentication service to you.

What about links to third party services?

AV may include links to third party services. Your use of such third-party services and how your data is processed by such third party is regulated by the privacy notice of such third parties. All licensees of AV utilise their own infrastructure and web server for marketing campaigns, product registration and cross-selling. AV licensees will never use personal data without the user`s consent and such activities are subject to the terms and conditions of the relevant AV licensee. AV may use third party services for incident reporting and push notification services.

Are children allowed to use AV services?

AV does not intend to provide services to children. If you are under 18 or under the age of majority, you may use AV services only with the involvement of a parent or guardian.

Does AV share personal data with third parties?

AV may share data with its authorized processors for processing on its behalf. AV shall use processors providing sufficient guarantees in respect of the technical security measures and organizational measures governing the processing carried out and will ensure compliance with those measures. AV will ensure that the processing is governed by a contract requiring the processor to only act in accordance with AV’s instructions and in compliance with data protection and privacy laws.

The data collected may be shared with third party customers and licensees for the purpose of anti-counterfeiting and marketing (consumer and business) or to government agencies, regulatory bodies and law enforcement authorities for the purposes of anti-counterfeiting and all other purposes set out in Art. 23 GDPR. All data processed by such third parties shall be in accordance with applicable data protection and privacy laws.

Does AV transfer my data outside of the European Economic Area (EEA)

AV may transfer personal data to countries outside of the EEA in the course of sharing information with parties as set out above. Whenever AV transfers personal information to countries outside of the European Economic Area in the course of sharing information as set out above, we will ensure that the information is transferred in accordance with this Privacy Notice and as permitted by the applicable laws on data protection.

How secure is my data?

AV protects the security of your information during transmission by using Secure Sockets Layer (SSL) software, which encrypts information you input.  It is important for you to take measures to protect against unauthorised access to your password and to your computers, devices, and applications.

Revisions to this Privacy Notice

AV may from time to time update this Privacy Notice. The date specified below indicates the last revision to this Privacy Notice.

Authentic Vision GmbH, GDPR Compliance Statement and Privacy Notice, dated January 2020.