We are Regula - the team who operates worldwide through subsidiary and affiliate companies (hereinafter collectively referred to as “Regula” or “Company”, or “We”) - one of the world’s foremost producer of forensic equipment for authenticating documents, banknotes, and securities. Not only convenience and opportunities provided by our products, but also the right of each person to private life and protection of their personal data are equally important for us. In our everyday practice Regula does everything to prevent illegal distribution of personal data, as well as strives towards the protection of privacy of all parties.
In order to ensure service provision and assess the need for the improvement of the content and structure of the websites, information on website visitors and users of services provided therein, contained within the files of access to the website, for instance, IP address, time of the visit, pages viewed, etc., similarly as in other websites, is collected and processed.
2. Basic Definitions
2.2. User — a natural person, who is using the Website or any other product and/ or service of Regula.
2.3. Personal data — any information that enables direct or indirect, i.e. in connection with other data, identification of you as a natural person (data subject), including name, surname, patronymic, contact information, Face image data, data that identify user device, as well as data that permit identification of the procedures and methods of Website and/or service use by the User.
2.4. Data subject — natural person, who either directly, or indirectly is identified or can be identified by means of personal data.
2.5. Data processing — means any action or a set of actions implemented with the data by using automated equipment or without such equipment, for instance, collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, etc.
2.6. Third party — a person that is not a representative of the Company, its employee, subsidiary, representative office, associated company and (or) a partner, which is bound with the Company by contractual liabilities regarding non-disclosure of personal data, as well as persons that are not identified by the respective personal data.
2.7. User device – a personal computer, notebook, tablet, smartphone or any other device operated by the user to use the services of Regula.
2.8. Cookies – identification technologies that are integrated by the Website into the web browser of the User with the purpose of ensuring the operation of a service and\or collection of data on the User device, as well as, on the procedures and methods of Website use.
3. Area Of Policy Application
3.1.1. Natural persons - users (including potential, former and current users) of the products or services of Regula;
3.1.2. Visitors of office, production and other premises of Regula, including persons subject to video surveillance;
3.1.3. Visitors of marketing events, training sessions and other similar events organised or attended by the representatives of Regula.
3.3. The policy determines the category of personal data collected by the Company, procedures and objectives of the use of data, as well as the conditions of granting access to such data.
4. moved to clause 10.3 after revision of 05/02/2021
5. Categories Of Personal Data Processed By Us And Methods Of Obtaining Them
The Company receives personal data in the following ways:
5.1. Personal data can be provided by the data subject themselves in order to draw up contracts and/or conclude contractual liabilities between the Company and the data subject, between the Company and the user, etc.; in order to receive the support service of Support RegulaForensics, in order to process the subscription for the mailout of Regula Forensics: the Company may require contact information (name, surname, patronymic (if applicable), e-mail address, contact phone number). Personal identity number, date of birth, signature and position may be additionally required to draw up contracts and/ or perform contractual liabilities.
5.2. From the correspondence of the Company with the user or another data subject. The company may collect personal data from letters sent to the offices of the company, from user messages sent to the information support center of RegulaForensics and to e-mails of Regula employees, as well as to save the texts of the messages itself. Personal data that are collected by using the aforementioned method include: name, surname, patronymic, mail, contact phone, name of the network user and any other data submitted by the User themselves.
In certain cases, the contact data of the data subject may be at the disposal of Regula from the partners of the company or other third parties. Regula undertakes not to use these data for any other purposes except communication with data subject, if it is required in accordance with the interests of data subject.
5.4. Collection of Personal Data by automatic saving thereof in registration logs (Log files). Every time, when you visit one of the websites of Regula, your internet browser automatically submits certain information that is stored by us in so called Log files of registration (logs) files.
Registration files (logs) are stored by us for a short period of time in order to detect violations, as well as for security reasons (for instance, to investigate attempted attacks, unsanctioned interference with the functionality of computers or servers, automated systems, computer systems or electronic communication systems), and are deleted afterwards. Registration files, further storage of which is required for the purposes of proving evidence, shall not be deleted until complete clarification of the respective incident and, in some cases, can be submitted to law enforcement institutions.
The following information is stored in registration files (logs):
- IP-address of the terminal, from which the access to the on-line offer management platform is performed;
- Internet address of the website, from which the on-line platform was referred to (so called uniform resource locator or URL-address of the referrer);
- The name of service provider, through which the access to on-line offer management platform is performed;
- The names of the requested files or information;
- Date, time and duration of request;
- Amount of transferred data.
Registration logs do not allow direct identification of the user as a natural person.
5.5. During the use of some products or services (for example Regula Document Reader mobile application) for the service correct operation, the data obtained from the encrypted form might be forwarded to the Regula server and then processed. The result of processing will be sent back to the mobile device in encrypted form and instantly deleted from Regula server.
5.6. Video surveillance in office premises. In order to provide the safety of the property, employees and visitors of the company, video surveillance systems and access control systems have been installed in the offices of the Company, in the territory of the company and along its perimeter. The access to these areas is granted to certain groups of responsible persons only. The video is recorded cyclically (the latest video is written over the oldest one), stored on the server for up to 20 calendar days, after which it is automatically deleted, unless the video is needed for the investigation of a incident.
5.7. During the implementation of marketing activities – during product presentations, thematic exhibition visits or user training, after the subject has been informed and he/she has given his/her explicit consent, the event may be captured in photos and / or video for the purpose of preparing and submitting a report on the conducted event.
6. Purposes For The Processing Of Personal Data By Us
Regula may process personal data for the following purposes:
6.1. To provide services and sell products:
- for identification of the Customer/User;
- for drafting of and conclusion and implementation of contracts;
- for the provision/ maintenance of service functionality;
- for the servicing and provision of communication with the User/ Customer;
- for the performance of warranty liabilities;
- for the improvement of the products and services, development of new goods and services;
- for the review and processing of complaints and applications;
- for customer retention, increase of loyalty, for customer satisfaction measurements;
- for administration of accounts;
- for the assessment of the credit capacity, for supervision of loans;
- for the return and recovery of debts;
- for the maintenance and improvement of website operation, operation of mobile applications and other services.
6.2. To plan and perform business analysis:
- for statistical, analysis and business planning purposes;
- for efficiency measurements;
- for the provision of service quality;
- for the conducting of market research;
- for the conduct of customer surveys;
- within the framework of risk management measures.
6.3. Improvement of the quality of Web service operation, information posted on-line, including by conducting statistical and marketing research.
6.4. Elimination of technical errors and failures. During the analysis of the procedures and methods of user work with the Web-service, the company can identify the fact of the occurrence of a technical error, failure, detect the causes thereof and promptly eliminate them.
6.5. For the submission of information to state administration bodies and to subjects of operative work in the cases and in the amount provided for by internal regulatory enactments.
6.6. For the provision of security (in the broadest sense of this word) in the territory of Regula and over its perimeter:
- to ensure the safety of the property;
- to implement visual situation control in the territory of Regula, to evaluate the situation in order to take urgent measures for the prevention of illegal activities;
- to perform analysis of a situation/ incident that has already occurred;
- to control production, technological processes that pose direct threat to the health and life of the servicing personnel;
- to ensure the safety of the employees and company visitors.
6.7. For other specific purposes, that are communicated to the User prior to the transfer of such data to the Company.
7. Legal Basis For The Processing Of Personal Data
7.1. The Company processes personal data for particular purposes only and based on the following legal grounds:
- to conclude, execute or amend contracts - in order to conclude sales, purchase, service contracts or cargo transportation contracts, as well as provision of resources (water, electricity, etc.) and to ensure performance of such contracts;
- to ensure the compliance with regulatory enactments - to perform duties that are binding to Regula as provided for by the external regulatory enactments;
- pursuant to the consent of data subject;
- for the purposes of legitimate interests - to implement legitimate interests of Regula or third party that arise from the duties existing between Regula and data subject, and/or from the concluded contract, and/or applicable legal enactments;
- to ensure the vital interests of the data subject or another natural person - for the purposes of ensuring physical safety and safety of the property of Regula employees, customers and visitors.
7.2. The legitimate interests of Regula are as follows:
- Performance of commercial activity;
- Checking of the identity of the customer prior to the conclusion of the contract;
- Ensuring the performance of contractual liabilities;
- Prevention of unsubstantiated financial risks for the commercial activities of the Company (including the assessment of credit risk prior to the sales of the products and services and during the performance of the contract);
- Storage of the claims and applications of Customers regarding the purchases of goods and provision of services, other claims and applications, annexes to them;
- Analysis of the activity of home pages, websites and mobile applications of Regula, development and implementation of upgrades thereof;
- Administration of the customer account on the home pages, websites and mobile applications of Regula;
- Segmentation of the customer data base for efficient provision of services;
- Development and upgrading of products and services;
- Advertising of Company products and services;
- Forwarding of other notifications on the performance of the contract and important actions for the performance of the contract, as well as conducting of customer surveys regarding goods, services and user experiences;
- Prevention of fraud;
- Provision of records and analysis of corporate management, finance and business;
- Provision of efficient Company management processes;
- Efficiency of service provision, product sales and deliveries;
- Provision and improvement of service quality;
- Administration of payments;
- Administration of payments due;
- Application to state administration authorities, operative services and courts in order to protect the legal interests of the Company;
- Enforcement of debt liabilities;
- Informing the existing and potential customers on Company operations.
8. Procedures For The Processing And Storage Of Personal Data
8.1. Regula processes personal data by using the possibilities offered by contemporary technologies, with consideration of the existing confidentiality risks and reasonably accessible organisational, financial and technical resources.
8.2. Regula may adopt automated decisions regarding the User. The User shall be informed on these actions of Regula separately, in accordance with the regulatory enactments. The User may object against adopted automated decisions in accordance with the procedures of the regulatory enactments, however, they must be aware that, in certain cases, this may limit the rights of the User to use certain options that otherwise may be accessible to them (for instance, to receive commercial offers).
8.3. In order to ensure high quality and operative performance of liabilities under the contract concluded with the Customer, Regula may authorise their business partners (including partners based outside EEA) to perform certain operations of the delivery of goods and provision of services, for instance, delivery of products, etc. Regula is entitled to transfer the personal data of the Customer required for this type of operations to such partners in the amount that is required for the implementation of the particular objective.
8.4. The business partners of Regula and Regula group companies (in the status of personal data processor) will ensure data processing and compliance with the personal data protection requirements in accordance with the requirements of Regula and the effective regulatory enactments and will not use personal data for purposes other than the performance of duties under the concluded contract.
8.5. Regula shall store and process the personal data of the User as long as at least one of the following criteria is in effect:
- The contract concluded with the User is in effect;
- The data are required for the implementation of the objective that they were received for;
- As long as Regula or the User can implement their legitimate interests in accordance with the procedures established by external regulatory enactments (for instance, to submit a claim or to file a case in court);
- As long as one of the parties has the legal duty to store the data (for instance, in accordance with the law on accounting, the invoices of the Company must be stored for 5 years, etc.);
- As long as the consent of the User for the respective processing of personal data is in effect, unless other legal justification for the processing of data exists.
8.6. As the period for the storage of personal data indicated in Article 8.5 expires, or the consent for the processing of the data given by data subject is recalled, the Company undertakes to permanently delete the respective personal data, backup copies thereof and to cease processing of such Personal data, unless further data processing is required by another external legislative enactments., and unless it is not required to safeguard the legitimate interests of Regula.
9. Disclosure Of Personal Data To Third Parties
9.1. Regula does not disclose personal data or any information received during service provision or the effective period of the contract to third parties, except for the cases described in Article 9.2.
9.2. The Company may provide personal data to third parties in the following cases:
9.2.1. If the transfer of data to the respective third party is required within the framework of a concluded contract in order to perform a certain function that is required for the performance of the contract or delegated by law;
9.2.2. The User has provided his/her explicit consent for the disclosure of their personal data to third parties;
9.2.3. Processing of personal data results in anonymous statistical or other data being transferred to third parties in order to conduct research, perform works or provide services at the commission of the Company;
9.2.4. In the cases provided for by external regulatory enactments in order to protect the legitimate interests of the Company, for instance, when filing a case in court or other state authorities against parties that have violated such legitimate interests of Regula;
9.2.5. Personal data must be transferred in accordance with the legal enactments that are in effect in the territory, where the representative office of Regula is situated.
9.3. In certain cases, it may be possible that external partners, in co-operation with Regula, determine the objectives and methods of personal data processing (for instance, in the event, where Website analysis tools are used, see Section 11). In this event, these external partners and Regula are deemed to be joint operators of personal data. Joint operators of personal data shall determine their duties themselves in accordance with the requirements of the Regulation in a transparent way, especially regarding the implementation of the rights of subjects and the liabilities of the company to observe transparency of data processing, except for the cases where these liabilities have already been determined by the law.
10. Access To Personal Data By Subjects From Third Countries
10.1. Since the offices of the Company and strategic partners of the Company are based in several countries of the world, including the USA, in order to reach previously indicated objectives (see Section 6), the processing of your data may be performed in the territory of the EEA, as well as beyond that. For instance, in order to perform its contractual liabilities and to send the products outside the EEA, or in the event, where the particular product is sent to the recipient from beyond the EEA, the contact information of the recipient and other information required for the loading of the cargo shall be forwarded to the division of Regula in the country of the sender.
10.2. In the event the data is transferred to third countries within the process of data processing, Regula undertakes to ensure a high standard of personal data protection in accordance with the strict requirements of the General Data Protection Regulation of the EU. In the event of international transfer of personal data, Regula undertakes to inform the subject on the intention to transfer their personal data to the third country or an international organisation and on the presence or the absence of the respective decision of the European Commission. At the same time, Regula will notify the data subject on the appropriate data protection measures and methods of obtaining a copy of data or the place, where the data will be available, as well as on whether the data transfer complies with the respective protective measures in accordance with Article 46 of the GDPR regarding the application of special binding corporate rules in accordance with Article 47 of GDPR, or, if applicable, Sub-paragraph 2, Paragraph 1, Article 49 of GDPR. Any transfer of personal data to third countries shall be performed in accordance with Chapter V of GDPR.
11. Third Party Plug-ins
11.1. In order to ensure the operation of some of our services, we use third party applications or plug-ins. We will inform you on these plug-ins within this section.
11.2. Plug-ins - are independent extensions of social network providers and other services. Therefore, we do not control the amount of data collected and saved by the providers of the social network performed via a plug-in. The objectives and the scope of data collection, further data processing by social network, as well as the rights and parameters of settings for the protection of your privacy associated with them can be found in the data protection policy of the respective social network. You should not use the respective plug-ins, if you do not wish the providers of social networks to receive data regarding this on-line offer or to continue using these data.
12. Measures Implemented For Data Protection Purposes
12.1. Personal data collected by the Company are stored on secured networks, the access to which can be granted to representatives, employees, subsidiaries, associated companies, representative offices and partners of Regula that are bound to Regula by contractual obligations on non-disclosure of personal data to third parties.
12.2. Regula takes the following technical measures for the protection of Personal Data:
- For data security and retention, we use not only our servers located in our offices, but also the services of a data center in Germany, which has signed an agreement to ensure all possible safeguards to the data and their confidentiality;
- To prevent physical access of unauthorised personnel, all premises owned by the Company have been equipped with means of technical security alarm, fire alarm, video surveillance and access control system;
- Data encryption during data transfers (SSL encryption);
- Intrusion detection and protection software;
- Other protective measures in accordance with the current possibilities of technology.
12.3. Measures for the protection of personal data indicated in Paragraphs 12.1, 12.2 of the present section shall be used until the moment of their depersonalisation thereof.
13. Right To Receive Information On The Storage And Processing Of Personal Data
13.1. You are entitled to receive information regarding the processing of your personal data provided for by regulatory enactments and to send the request containing the requirement to provide information on your personal data that are stored and processed by the Company to Support RegulaForensics center (see Feedback section).
13.2. Regula is entitled to request the confirmation of your identity in order to provide the information on your personal data that can be processed by Regula. If you refuse to provide such confirmation, we are entitled to refuse the provision of the respective information to you.
13.3. Regula undertakes to process the request that has been received by the enquiries center Support RegulaForensics in accordance with Article 12.1, 12.2 of the present section within the shortest period possible, but no later than within a month since the moment of the provision of the confirmation of the identity of the subject or, if such confirmation was not requested by the Company, since the moment of the receipt of subject’s request and to transfer the respective information to the subject. Considering the complexity of the received request or the quantity of requests, the Company is entitled to extend the indicated time period of information provision by two more months, by notifying the person, who has submitted the request in advance.
13.4. If Regula does not process the requested data, Regula will inform the subject on the causes why the processing of the requested data is not performed in accordance with the queue, but no later than within a month.
14. The Right Of The Subject To Access Personal Data And Change Thereof
14.1. In accordance with the regulatory enactments, you are also entitled to request the Company to provide access to your personal data. You may request to supplement, correct, delete or limit the processing of the data associated with you. You are entitled to object to processing (including the processing of personal data, which is performed on the basis of the legitimate interests of the Company), as well as you have the right to the transfer of data. This right shall be exercised to the extent that such processing does not result from Regula's obligations under applicable law, the safeguarding of Regula's legitimate interests and the performance of contractual obligations between the data subject and Regula.
14.2. To implement your rights you may submit the request:
- In writing by personally submitting your request at one of the office of the Company or at its legal address, by presenting a document that confirms your identity;
- By e-mail, by singing it with a secure electronic signature.
14.3. After the receipt of the request for the implementation of your rights, we must verify your identity, evaluate the request and implement it in accordance with the regulatory enactments.
14.4. In the event of the identification of the subject, we undertake to satisfy the request within the shortest period of time possible, but no later than within one month since the notification of the data subject, or, if the satisfaction of the request is not possible and data processing is not governed by external regulatory enactments, to provide the explanation why we cannot satisfy the request. Considering the complexity of the received request or the quantity of requests, the Company is entitled to extend the indicated time period of information provision by two more months, by notifying the person who has submitted the request in advance.
14.5. In the event the subject, who has submitted the request is not identified, an informative notification on inability to identify shall be sent to him/her at the indicated correspondence address.
14.6. The withdrawal of consent does not affect the processing of data that has been performed, when the consent of the Customer was in force.
14.7. In the event of the recall of consent, the processing of data that is performed on the basis of other legal grounds, for instance, where data processing is performed in accordance with the requirements of the law, may not be terminated.
15. The Right To Withdraw Consent For The Processing Of Data
15.1. You are entitled to withdraw your consent given for the processing of data at any time by using any method that is convenient for you.
15.2. The Company, after the receipt of the refusal to process personal data, is entitled to identify the person who has expressed a wish to withdraw consent.
15.3. The withdrawal of consent does not affect data processing that has been performed, when the consent was in force.
15.4. In the event of the withdrawal of consent, the data processing that is performed on the basis of other legal grounds cannot be terminated.
16. The Right To Apply To A Supervising Authority And Procedure For The Resolution Of Disputes
16.1. To comply with the requirements of personal data processing and protection, Regula considers the requirements of the EU Regulation 2016/679 (General Data Protection Regulation), as well as generally recognized international laws and regulations in the field of personal data protection.
16.2. In the event of objections associated with the compliance of the procedure and/ or conditions of your personal data by the Company and to resolve such objections, you are always entitled to address the responsible representative of the Company or to transfer it to the enquiry centre Support Regula Forensics (see section Feedback).
16.3. The Company undertakes to review the complaint, in accordance with Paragraph 16.2 of the present section, within a month since the receipt thereof and to provide a motivated reply to the sender of the complaint.
16.4. You are also entitled to appeal the decision to the supervising authority for data protection. To do that, you may contact the supervising authority for data processing that has jurisdiction in the territory of your place of residence.
17. Mailing Of Commercial Notifications
17.1. Regula is entitled to forward notifications on new products and/ or services of Regula, as well as information on upcoming events organised by or attended by Regula to the Users, who have subscribed for the mailings of Regula Forensics newsletter.
17.2. You can subscribe for our mailings by authorization on the internet websites of Regula (for instance, by using the subscription form for the receipt of news).
17.3. The consent for the receipt of commercial notifications provided by you will be in effect until you decide to opt-out of receiving newsletters. After subscribing for the mailings of Regula Forensics, you are entitled to opt-out of receiving newsletters by clicking “unsubscribe” link at the end of any commercial notification received to your e-mail.
17.4. We will terminate the sending of commercial notifications, as soon as your request will be processed. The processing of the request depends on technological capacities and can take up to 7 days.
18. Policy Changes
18.1. The amendments to the provisions of the Policy may be implemented occasionally, within the limits permissible by the legal enactments of the EU, as well as generally adopted standards of international laws and regulations in the area of personal data protection.
19. For Candidates to Vacancies
A special email firstname.lastname@example.org for applicants is provided on the contact page of Regula for people looking for open vacancies. If you are using our website to seek a job or decide to send us your CV in reply to an advertised vacancy, you are giving us your consent to use your personal data in order to perform our recruiting procedures. Any CV received by the Company from unsuccessful applicant will be deleted/ destroyed no later than three months after the date of receipt thereof.
All queries regarding the provisions of the Policy or GDRP enquires may be sent to Višķu street 34, Daugavpils, LV-5410, Latvia, electronic mail: email@example.com.