Products
Solutions
Explore
Company
Try Online

en

Language

Privacy Policy

This Privacy Policy provides information on how Regula processes your Personal Data when you use Regula’s Website and products. We have written this policy in simple language to help you make informed decisions, ensuring that you understand and have control over the information we collect, how it is used, and when it is shared.

To review, correct, or erase your Personal Data, to object its processing, or to transfer your Personal Data to another party, please email us at privacy@regulaforensics.com.

1. Definitions

”Client Portal” means Regula’s Client Portal available at https://client.regulaforensics.com/.

”Demo” means Demo-versions of Regula products, such as Document Reader SDK Web API and Face SDK Web API available at https://api.regulaforensics.com/ and https://faceapi.regulaforensics.com/ respectively.

”Personal Data” means any information that enables direct or indirect, i.e. in connection with other data, identification of you as a natural person (data subject), including name, surname, patronymic, contact information, face image data, data that identify user device, as well as data that permit identification of the procedures and methods of Website and/or service use by the User.

”Regula” (”we”, ”us”, ”our/ours”) means Regula group of companies as specified in Section 9 below.

”User” (”you”, ”your/yours”) means the user accessing the Website, the Demo, Regula products or software, or contacting us in any form.

”Website” means Regula website https://regulaforensics.com/ and its subdomains (including, but not limited to https://faceapi.regulaforensics.com/, https://api.regulaforensics.com/, https://docs.regulaforensics.com/, https://support.regulaforensics.com/, https://client.regulaforensics.com/), https://explore.regulaforensics.com/ and https://explore.regula.app/.

2. Regula role

We act as the controller for the most of the Personal Data we collect. For the purposes of the functionality of the Demo, we act as the processor in relation to the encrypted data transferred to us due to the usage of the Demo.

As a group of affiliated companies, we act as joint controllers in relation to the processing of Personal Data. We have implemented necessary agreements and safeguards for the transfer of Personal Data between our affiliated companies, ensuring compliance with applicable data protection laws.

We may act as sub-processors in accordance with the respective contracts with our Customers.

3. Personal Data we collect

We collect the following Personal Data:

- Personal Data you provide to us

In order to contact you or establish a contractual relationship with you, we receive information provided by you in the contact form. This includes first and last name, job title, company name, contact industry, phone number (optional), business email address, contact country and your message to us.

We collect the same information to register you for our webinars or specialized training.

To establish and maintain contract relations, we collect billing information, e-mail correspondence, bank accounts information, and other information, if necessary (such as personal identity number, date of birth, signature and position), for the performance of contracts with you or your firm.

We may request feedback on the usage of our products and services. In order to publish such feedback on the Website, we collect your first and last name, job title, and company name.

You may provide us with your Personal Data by registering at the Client Portal. This Personal Data includes your first and last name, email address, company name and contact country.

We can collect information about you during marketing events, if you agree to provide it to us. This information may include the usual content of a business card, such as your first and last name, business email, business phone number, and your company name.

You may provide us with your email address in order to receive Regula newsletters. You may opt-out of Regula newsletter subscription by clicking the “unsubscribe” link at the end of any email with the newsletter.

A special email joinus@regulaforensics.com for applicants is provided on the contact page of Regula for people looking for open vacancies. If you are using our Website to seek a job or decide to send us your CV in reply to an advertised vacancy, you are giving us your consent to use your personal data in order to perform our recruiting procedures.

Please note that if you provide us with additional data that we do not usually collect (such as your biometric data), we commit to handling this information responsibly and transparently. By providing such data, you acknowledge and consent to its temporary storage and processing. We do not use such data in any way not specifically requested by you, and we will delete such data promptly if it is not relevant to your request or upon fulfillment of your request.

- Personal Data collected by us due to the usage of Website

Cookies

To ensure the functionality of the Website and the collection of Website user statistics, we use cookies. For more information on how we use cookies, please refer to our Cookies Policy here.

Log files

Every time you visit the Website, your internet browser automatically submits certain information that is stored by us in so-called Log files.

Log files are stored by us for a short period of time in order to detect violations, as well as for security reasons (for instance, to investigate attempted attacks, unsanctioned interference with the functionality of computers or servers, automated systems, computer systems, or electronic communication systems), and are deleted afterwards.

Log files, the further storage of which is required for the purposes of proving evidence, shall not be deleted until the complete clarification of the respective incident and, in some cases, can be submitted to law enforcement institutions.

The following information is stored in Log files:

  • IP-address of the device;
  • Internet address of the website, from which the Website was referred to;
  • The name of service provider, through which the access to the Website was performed;
  • The names of the requested files or information;
  • Date, time and duration of request;
  • The amount of transferred data.

Registration logs do not allow direct identification of the User as a natural person.

- Personal Data processed by us due to the usage of the Demo

While using the Demo, you may share with us some biometric data for the purposes of the Facial Liveness check or the Face matching, or use sensitive information for the purposes of data extraction from identity documents via the Demo.

All data transfers via the usage of the Demo are performed in encrypted form, then processed by Regula servers. The result of processing will be sent back to your device/browser also in encrypted form in order to demonstrate to you the functionality of our software. After such processing, the data are instantly deleted from Regula servers.

This processing is handled automatically, and we do not have access to your data or use your data for any other purpose.

Please note that the type of processing may be selected on the relevant Demo pages. For Demo Apps for Android/iOS, only the Facial Liveness check and the Face matching require sending us the encrypted data as described above.

- Video surveillance

In order to provide the safety of our property, employees and visitors of the Company, video surveillance systems and access control systems have been installed in the offices of the Company, in the territory of the Company and along its perimeter (if applicable). The access to these areas is granted to certain groups of responsible persons only. The video is recorded cyclically (the latest video is written over the oldest one), stored on the server for up to 20 calendar days, after which it is automatically deleted, unless the video is needed for the investigation of an incident.

- Implementation of marketing activities

We may take photos and make video recordings during product presentations, thematic exhibition visits or specialized training. We may ask for your explicit consent for you to be captured in photos and / or video, or ask to provide other Personal Data for the purpose of preparing and submitting a report on the conducted event. Such reports may be published on our corporate accounts in social media (such as LinkedIn and Facebook).

- Personal Data provided to us from third parties

In some cases, we may receive the Personal Data from our partners, as allowed by applicable law. We ensure that Personal Data are processed according to General Data Protection Regulation principles and obligations.

- Personal Data collected by us due to the usage of our products or services

Our products or services do not collect any Personal Data for us, except for the Demo applications as described herein. We may collect information on the usage of our products or services for billing purposes. Additionally, for processing maintenance requests from our customers, or in case of errors occurred during usage of our products or services, we may receive logs or other information containing Personal Data. This data may be transferred to us solely at the discretion of the respective customer and may be anonymized before the transfer. After processing of such a request, we securely delete such Personal Data.

4. Legal basis of collection of Personal Data

Consent

We may ask for your explicit consent to collect and process certain types of Personal Data. This consent shall be clear, specific and provided voluntarily. You have the right to withdraw your consent at any time.

Contract

We may collect and process certain types of Personal Data when it is necessary for the performance of a contract to which you are a party or for taking steps prior to concluding a contract.

Legitimate Interest

In specific situations, we may collect and use your Personal Data to pursue our legitimate interests in a manner that might reasonably be expected as part of running our business and that does not materially impact your rights, freedom, or interests. Our legitimate interests include:

  • Performance of commercial activity;
  • Analysis of the activities of users of the Website, development and implementation of upgrades of the Website;
  • Administration of accounts of customers on the Website;
  • Interaction with customers and potential customers and keeping history of interactions;
  • Conducting of customer surveys regarding goods, services and user experiences;
  • Segmentation of the customer database for efficient provision of our services;
  • Improvement of existing products and services, development of new ones;
  • Administration of payments, due payments, debt collection, including the application to the state authorities, courts, in order to protect our legal interests;
  • Storage of the claims and applications of customers regarding the purchases of goods and provision of services, other claims and applications, annexes to them;
  • Fraud prevention and detection;
  • Network and information systems security;
  • Direct marketing, advertising, and promotion of our products and services;
  • Understanding our customers' behavior, activities, preferences, and needs;
  • Enhancement, modification, personalization, or other improvement of our services and communications for the benefit of our customers.

We have conducted balancing tests for all data processing based on our legitimate interests, ensuring that your fundamental rights and freedoms are protected. You have the right to object to the processing of your Personal Data on such grounds at any time. To exercise this right, please email us at privacy@regulaforensics.com.

Legal Obligation

We may collect and use your Personal Data where it is necessary for compliance with a legal obligation to which we are subject. For example, we may be required by law to collect certain information for tax purposes or to fulfill our obligations in response to legal requests or government regulations.

Vital Interests

We may collect and use your Personal Data where it is necessary to ensure the safety of Regula employees, customers and visitors. Such collection and use will only be conducted when no other legal basis is available.

5. How we use Personal Data

We use Personal Data for the following purposes:

  • for identification of the Customer/User;
  • for maintaining information on the Customer (or potential Customer) in our CRM, saving the history of communication;
  • for drafting, conclusion and performance of contracts;
  • for the provision/maintenance of Regula services;
  • for communication with the User/Customer;
  • for registration and providing access to the Client Portal;
  • for requesting customer's feedback on the provision of our products and/or services and sharing such feedback on the Website, if agreed;
  • for the performance of warranty liabilities;
  • for the improvement of the products and services, development of new goods and services;
  • for monitoring user activity at the Website to ensure its security and availability;
  • for elimination of technical errors and failures (if any);
  • for the review and processing of complaints and applications;
  • for customer retention, increase of loyalty, and customer satisfaction measurements;
  • for administration of accounts;
  • for the return and recovery of debts;
  • for the maintenance and improvement of the Website, mobile applications and other services;
  • for the performance of recruitment activities (when applicable);
  • for the submission of the information to state authorities when necessary and required by the applicable law;
  • for performance of business analysis:
    • for statistical, analysis and business planning purposes;
    • for efficiency measurements;
    • for the provision of service quality;
    • for the conducting of market research;
    • for the conduct of customer surveys;
    • within the framework of risk management measures.
  • For the provision of security (in the broadest sense of this word) in the territory of Regula and over its perimeter:
    • to ensure the safety of the property;
    • to implement visual situation control in the territory of Regula, to evaluate the situation in order to take urgent measures for the prevention of illegal activities;
    • to perform analysis of a situation/ incident that has already occurred;
    • to control production, technological processes that pose direct threat to the health and life of the servicing personnel;
    • to ensure the safety of the employees and company visitors.

We may adopt automated decisions regarding the User. The User shall be informed on these actions of Regula separately, in accordance with the regulatory enactments. The User may object against adopting automated decisions in accordance with the procedures of the regulatory enactments, however, the User must be aware that, in certain cases, this may limit the rights of the User to use certain options that otherwise may be accessible to them (for instance, to receive commercial offers).

6. How long do we keep Personal Data

We will keep Personal Data for as long as necessary for the purposes for which we collect it.

We retain Personal Data received with consent until such consent is withdrawn or until it is no longer necessary for the purposes for which it was collected.

We retain Personal Data received in order to establish a contractual relationship with us for the term of the contract, and in case the contract was terminated or was not concluded - for 3 years after the last contact with you or your firm.

In case of processing the request from you unrelated to the contractual relations, we will retain your Personal Data as long as it is necessary to fulfill the request.

In some cases, such as compliance with money laundering legislation or the necessity to comply with obligations under respective agreements, we may be required to retain Personal Data for longer periods to comply with legal obligations, resolve disputes, enforce our agreements, or meet regulatory requirements. The specific retention period depends on the type of data and the reason for processing and usually do not extend 5 years. The retention period for compliance with legal obligations is determined by the respective legislation to which we are subject.

Once the retention period expires, or when your data are no longer needed, we will securely delete or anonymize it to ensure your privacy.

7. Your rights

You have the following rights:

- To request information about the processing of your Personal Data and get access to the Personal Data held about you

You have a right of access that entitles you to obtain a copy of your Personal Data, along with other supplementary information. This helps you understand how and why we are using your data, and verify the lawfulness of the processing.

- To request correction of any incorrect, inaccurate or incomplete Personal Data

You have the right to have inaccurate Personal Data corrected. You may also request completion of incomplete Personal Data, although this depends on the purposes for the processing.

- To request erasure of Personal Data

You have the right to obtain from us the erasure of your Personal Data and we are obliged to erase Personal Data where one of the following grounds applies:

  • Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • you exercise your right to withdraw consent on which the processing is based, and there is no other legal ground for the processing;
  • you exercise your right to object to the processing and there are no overriding legitimate grounds for the processing;
  • Personal Data have been unlawfully processed;
  • Personal Data have to be erased for compliance with a legal obligation in the law to which we are subject.

- To request restriction of processing of your Personal Data in specific cases

You have the right to restrict the processing of your Personal Data in certain circumstances. This means that you can limit the way that we use your data. This is an alternative to requesting the erasure of your data.

- To receive your Personal Data in a machine-readable format and transfer it to another controller («data portability»)

You have the right to data portability, allowing you to receive Personal Data you provided to us in a structured, commonly used and machine-readable format. It also gives you the right to request that we transmit those data directly to another controller.

- To object to the processing of your Personal Data for marketing purposes, or based on your particular situation

You have the right to object to the processing of your Personal Data at any time. This effectively allows you to stop or prevent processing of your Personal Data.

- Not to be subject to decisions based solely on automated processing

You have the right to request that decisions significantly affecting you, based on automated processing of your Personal Data, be made by natural persons rather than solely by computers. You also have the right to express your point of view and challenge the decision in such cases.

- To withdraw your consent at any time

You have a right to withdraw your consent for processing your Personal Data.

The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

In the event of the withdrawal of consent, the data processing that is performed on the basis of other legal grounds is not terminated.

- To lodge a complaint with a supervisory authority

As a data subject, you have the right to lodge a complaint with a supervisory authority, particularly in the country of your habitual residence, place of work, or where an alleged infringement has occurred. You can find the information on the supervisory authorities here.

If you have any questions about the protection of your Personal Data or would like to exercise any of your rights, you can contact us by email at privacy@regulaforensics.com.

In order to process your requests regarding the rights stipulated herein, we may request the confirmation of your identity. If you refuse to provide us such confirmation, we are entitled to refuse the provision of the respective information to you.

We undertake to process requests within the shortest period possible, but not later than within a month since the moment of the provision of the confirmation of your identity or, if such confirmation was not requested by us, since the moment of the receipt of your request and to transfer the respective information to you. Considering the complexity of the received request or the quantity of requests, we are entitled to extend the indicated time period of information provision by two more months, by notifying you in advance.

8. Children and Minors

We do not knowingly collect or process Personal Data from anyone who is under 18 years old. If you are a parent or a guardian and believe that your child has provided us with Personal Data, please contact us immediately. If we become aware that we have collected Personal Data from a child without parental consent, we will promptly delete such data.

9. Transfer of Personal Data within Regula

Regula is an international group of companies with offices inside and outside of the EEA. For various purposes related to our business activities, such as development, support, and maintenance of our products, we may share your Personal Data within the Regula group of companies. Our companies include:

  • Regula Forensics Inc., a corporation organized and existing under the laws of the Commonwealth of Virginia, USA, registered address: 1851 Alexander Bell Drive. STE 402 Reston, VA 20191;
  • Regula Baltija SIA, a company organized and existing under the laws of Latvia, registered address: Višķu street 34, Daugavpils, LV-5410, Latvia;
  • Regula Poland Sp. z o.o., a company organized and existing under the laws of Poland, registered address: Chmielna 73, CIC, Warsaw, 00-801;
  • Regula Forensics GmbH, a company organized and existing under the laws of Germany, registered address: Johannstraße 37, Düsseldorf, D-40476.

10. Transfer of Personal Data to third parties

We may share your Personal Data with third parties who provide various services to us, such as email services, CRM services, hosting, website development, support, and other similar services. Personal Data provided to such third parties are strictly limited, and we take all reasonable measures to protect your Personal Data and ensure its confidentiality.

11. International transfer of Personal Data

We may transfer your Personal Data to countries outside of your country of residence, including transfers to the U.S. We only transfer your Personal Data to any party after ensuring that appropriate data protection measures have been taken.

For transfers to countries that are not subject to an adequacy decision by the European Commission or your local legislature and/or regulator, we use Standard Contractual Clauses approved by the European Commission.

12. Measures Implemented For Data Protection Purposes

Personal Data collected by us are stored on secured networks, the access to which can be granted to representatives, employees, subsidiaries, associated companies, representative offices and partners of Regula that are bound to Regula by contractual obligations on non-disclosure of Personal Data to third parties.

We take the following technical measures for the protection of Personal Data:

  • For data security and retention, we use not only our servers located in our offices, but also the services of a data center in Germany, which has signed an agreement to ensure all possible safeguards to the data and their confidentiality;
  • To prevent physical access of unauthorized personnel, all premises owned by Regula have been equipped with means of technical security alarm, fire alarm, video surveillance and access control system;
  • Data encryption during data transfers (SSL encryption);
  • Firewall;
  • Intrusion detection and protection software;
  • Other protective measures in accordance with the current possibilities of technology.

13. «Do Not Track» signal

Some web browsers have a “Do Not Track” feature that, when activated, sends a signal to websites you visit indicating that you do not want to be tracked. At this time, there is no universally accepted standard for what a company should do when it receives a "Do Not Track" signal.

We currently do not respond to “Do Not Track" signals. In the meantime, you can adjust your browser settings to control tracking preferences. For more information on how to do this, please refer to your browser’s documentation.

14. Third Party Plug-ins

In order to ensure the operation of some of our services, we use third party applications or plug-ins.

Plug-ins - are independent extensions of social network providers and other services. Therefore, we do not control the amount of data collected and saved by the providers of the social network performed via a plug-in.

The objectives and the scope of data collection, further data processing by social network, as well as the rights and parameters of settings for the protection of your privacy associated with them can be found in the data protection policy of the respective social network. You should not use the respective plug-ins, if you do not wish the providers of social networks to receive or use your data.

15. California Consumer Privacy Act (CCPA) compliance

In the preceding 12 months, we have collected Personal Data of California residents. The methods of collecting Personal Data and the types of such data are described in Section 3 above. In particular, we may collect the following Personal Data:

  • first and last name, email address, correspondence/living address, phone number;
  • Social Security number, age, date of birth;
  • biometric data (for the purposes of the functioning of the Demo or provided to us voluntarily);
  • billing details;
  • purchase history of our products and services;
  • device identifier, such as IP address;
  • geolocation data, approximately determined by the the collected IP address;
  • activity details about the usage of the Website and Demo;
  • employment information, such as position and employer for signing the contracts on behalf of a legal entity;
  • other personal information provided by you during interactions with us.

We retain Personal Data of California residents for the duration specified in Section 6 above.

We collect Personal Data of California residents to operate our business and conduct our business activities. The purposes for using Personal Data are described in Section 5 above.

In the preceding 12 months, we shared the aforementioned categories of Personal Data with third parties as described in Section 10 and 11 above. Additionally, we share such data for conducting cross-context behavioral advertising to contact you with advertisements for our products and services. This sharing was carried out subject to your consent to use marketing cookies. Please note that such sharing may be considered a «sale» of your Personal Data. Furthermore, please note that we do not sell sensitive personal information or any Personal Data of individuals under 16 years old.

Under the CCPA, you have the following rights:

  • ”Right to Access”: You have the right to access the Personal Data we have collected from you. We will provide you with the information in a readily usable format, free of charge, within 45 days from the receipt of the relevant request.
  • ”Right to Delete”: You can request us to delete your Personal Data, except for the cases when we are legally obliged to keep it.
  • ”Right to Contact Information”: You can submit requests related to your rights described herein to our email: privacy@regulaforensics.com
  • ”Right to Opt-out”: You may opt-out from the usage of marketing or other unnecessary cookies using the relevant cookies widget available at the bottom left corner of the Website. Additionally, you may opt-out of future marketing efforts by contacting us via the aforementioned email.
  • ”Right to Fair Treatment”: You shall not be discriminated against for exercising your rights under the CCPA.
  • ”Right to Correct”: You have the right to correct inaccurate personal information that we have about you.
  • ”Right to Limit Use and Disclosure of Sensitive Personal Information”: You have the right to limit the use and disclosure of sensitive personal information collected about you.

You may designate an authorized agent to exercise your rights according to this Section. Such an authorized agent is entitled to make requests and claims on your behalf, provided that appropriate proof of authorization is submitted to us. Additionally, we may require you to verify your identity directly with us for proceeding with such requests or claims.

We do not provide any financial incentives related to the collection, sale, or deletion of your Personal Data.

16. Changes and updates

We may update this Privacy Policy from time to time. Please visit this page regularly to stay updated on any changes. The updated Privacy Policy will include a date indicating when the changes will come into effect. If you keep using the Website and/or our services, it means that you have read, understood and agreed to the current version of the Privacy Policy.

17. Contact information

For all matters related to this Privacy Policy you may contact us via email: privacy@regulaforensics.com. You may also contact our office in Poland: 00-801 Chmielna str. 73, Warsaw, Poland.

Archived versions

Privacy policy, 07.11.2022

Date of Last Revision: 19.11.2024

Copyright © 1992-2024 Regula. All rights reserved.

On our website, we use cookies to collect technical information. In particular, we process the IP address of your location to personalize the content of the site

Cookie Policy rules