Zenus Privacy Policy

This is the Privacy Policy for Zenus, Inc. and its affiliates (“Zenus”). It covers Zenus’s handling of two categories of information:

  1. Personal data we handle through our facial recognition platform (“Service Data”): Under data protection laws, Zenus is considered a “processor” of this data.
  2. Personal data we handle for our own business (“Business Data”):This includes certain data collected on our websites, such as newsletter signup forms and our chat tool, as well as data collected through other marketing-related efforts. Under data protection laws, Zenus is a “controller” of this data.

This Privacy Policy has details specific to Service Data, details specific to Business Data, and information relevant to our handling of both kinds of data.

This Privacy Policy does not apply to Zenus’s handling of personal data for Zenus’s own recruiting or human resources functions. It also does not apply to the handling of personal data by End Users or Channel Partners (defined below) or other third parties.

1. Privacy Practices Specific to Service Data

a. Overview

Our facial recognition platform (the “Service”) allows event hosts (“End Users”) to offer a fast event check-in option based on our facial recognition technology. Customers use our Service with help from our resellers or distributors, and companies that offer traditional online and on-site registration tools related to event check-in such as badge printing (“Channel Partners”).

We require Channel Partners to use the following approach when deploying the Service for event check-in:

  • It’s optional and requires the attendee’s explicit consent
  • To use our Service, the attendee provides a photo of themselves prior to the event
  • The Channel Partner submits the image to the Zenus Service through an encrypted connection (we leverage Secure Socket Layer technology to protect the privacy and integrity of this transmission process)
  • The Channel Partner does not provide Zenus with the individual’s name, contact information, username, etc. as part of this process
  • Zenus scans the photo to create a “Facial Geometry,” which is a unique collection of measurements of the face in the photo. A good Facial Geometry can be used to recognize the same face in a different photo or video
  • If the photo is not high quality, the Service offers feedback and gives an opportunity for the attendee to submit a better photo
  • Once the Facial Geometry for the event has been created, Zenus discards the original photo (Zenus does not store the original photos; it stores only the Facial Geometry)
  • At the event, the attendee can then use the special check-in option. With this option, our Service will create Facial Geometries of an image or video of the attendee at the event and compare them with the Facial Geometries of all attendees who chose to use the Service for that event. When a match is found, check-in is completed
  • Zenus deletes all Facial Geometries by one week after the event
  • Facial Geometries created for one event are not used for other events

In some jurisdictions, we may allow Channel Partners to use the Services for other purposes, either with or without the attendee registration and check-in process described above.

b. Types of Service Data

Our Service handles the following types of data:

  • The original photos that participating attendees submit
  • The original Facial Geometries created from those photos
  • A unique number we assign to each attendee submitting a photo to keep track of the Facial Geometries prior to deleting the photo
  • An attendee number/code provided by the Channel Partner to create an association with the corresponding Facial Geometry and allow the systems to communicate effectively
  • Still images or video at the event, and Facial Geometries of relevant attendees created from those images and video
  • If required under our contract with the Channel Partner or End User, other data about the relevant individuals

If Channel Partners use our sign-up widget, we may also keep a record of the individual’s consent, and we may use cookies and other automated data collection tools described in Section 3 (but not for advertising or related analytics).

c. Uses and Disclosures of Service Data

Subject to our contractual obligations to Channel Partners and End Users, Zenus uses and discloses the Service Data as follows:

  • To provide the Service (which involves providing with information about an attendee’s use of the Service to the Channel Partner orEnd User);
  • To improve the Service (such as by noting which methods of generating a Facial Geometry work fastest);
  • To enforce the legal terms that govern the Service;
  • To comply with law and protect rights, safety and property;
  • In connection with a business sale, merger, consolidation, change in control, transfer of substantial assets or reorganization; or
  • For other purposes authorized by the Customer or, if applicable, their representative (usually a Channel Partner or Registration Provider).

For those purposes, we may share Service Data with our affiliates and other entities that help us with any of the above.

d. Personal Data Rights and Choices

To exercise any rights you have under privacy or data protection law regarding your Service Data (such as rights to delete your Facial Geometry), please contact the company with whom you signed up to use our Service. Some of these companies may offer self-service tools for your rights at the online location where you signed up.

If you are unsure who to contact, you can tell us the name, date and location of the event, as well as the name of the website where you signed up. Although our contracts may limit our ability to respond to you directly, we will try to refer the request to the relevant organization and cooperate with their handling of the request, subject to any special contractual arrangement we have.

2. Privacy Practices Specific to Business Data

a. Types of Business Data

Business Data is personal data about our website visitors and the personnel of current, former and prospective Customers and business partners. It consists of contact details, professional details (e.g., title), information about the individual’s interactions with Zenus or our partners, and payment information that we collect for our own business activities. Service Data is not Business Data.

We obtain Business Data directly from the relevant individuals, and also from third-party sources, such as their employers, publicly available social networking platforms, marketing or lead generation companies, and other data aggregators.

Our websites also use cookies and other automated data collection tools described in Section 3. We use the Business Data collected through such technology as described below.

b. Uses and Disclosures of Business Data

Zenus uses and discloses Business Data as follows:

  • To fulfill the requests of, or facilitate business with, the individuals or their employers;
  • To send the individuals information about our products and services, including marketing communications;
  • To respond to the individuals’ questions, concerns, or customer service inquiries;
  • To analyze market conditions and use of our services;
  • To customize the content and advertising seen on our websites, across the Internet, and elsewhere;
  • To create and use aggregated information for any of the purposes above;
  • To enforce the legal terms that govern our business and online properties;
  • To comply with law and protect rights, safety and property (such as to comply with a legal obligation to provide personal data to a governmental authority; and
  • In connection with a business sale, merger, consolidation, change in control, transfer of substantial assets or reorganization (such as to provide personal data to a new owner of Zenus); or
  • For other purposes requested or permitted by our customers or users.

For those purposes, we may share Business Data with our affiliates and other entities that help us with any of the above.

c. Legal Basis for Processing Business Data

The laws in some jurisdictions require companies to tell you about the legal ground they rely on to use or disclose your personal data. To the extent those laws apply, our legal grounds for processing Business Data are as follows:

  • To honor our contractual commitments to you: Much of our processing of personal data is to meet our contractual obligations to our customers, or to take steps at customers’ request in anticipation of entering into a contract with them
  • Consent: Where required by law, and in some other cases, we handle personal data on the basis of consent
  • Legal compliance: We need to use and disclose personal data in certain ways to comply with our legal obligations
  • Legitimate interests: In many cases, we handle personal data on the ground that it furthers our legitimate interests in commercial activities such as the following in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals:
    • Customer service
    • Marketing
    • Protecting our customers, personnel and property
    • Analyzing and improving our business
    • Managing legal issues

We may also process personal data for the same legitimate interests of our End Users and Channel Partners.

d. Personal Data Rights and Choices (including Direct Marketing Opt-Out) for Business Data

You can unsubscribe from marketing emails by clicking the “unsubscribe” link they contain. Controls related to cookies and other automated data collection are described in the section below.

Residents of the European Economic Area, Canada, Australia and many other jurisdictions have certain legal rights obtain confirmation of whether we hold Business Data about them, to access Business Data we hold about them, and to obtain its correction, update, amendment, or deletion in appropriate circumstances. In limited cases, they have the right to receive information we hold about them in portable form and to have it transmitted to a third party.  They also have rights to to restrict its processing, and to withdraw any consent they have provided (with affecting the lawfulness of prior processing).

Such individuals also have rights to object to our handling of their Business Data,.  For example, they have a right to opt out of our processing of Business Data for direct marketing purposes.

To exercise their rights with respect to Business Data, individuals may contact us as described at the end of this Privacy Policy.

Many of the rights described above are subject to significant limitations and exceptions under applicable law. For example, objections to the processing of personal data, and withdrawals of consent, typically will not have retroactive effect. Individuals also have a right to lodge a complaint with the relevant supervisory authority, but we encourage individuals to contact us first, and we will do our best to resolve any concern.

3. Additional Information About Our Privacy Practices (applicable to both Service Data and Business Data)

a. Security and Data Retention

To manage data security risks, we maintain physical, organizational and technical safeguards, which are subject to periodic changes. Channel Partners, End Users and other third parties handle personal data subject to their own privacy and security policies or procedures, which we do not control.

We will hold your information for as long as necessary to fulfill the purposes set forth in this Privacy Policy or as long as we are legally required or permitted to do so. Information may persist in copies made for backup and business continuity purposes for longer than the original data.

b. Cookies and Automated Data Collection

In our websites, apps and emails, we and third parties may collect certain information by automated means such as cookies, Web beacons, JavaScript and mobile device functionality. Use of this information depends on whether it is Service Data or Business Data.

The information we collect through these automated means may include unique browser identifiers, IP address, browser and operating system information, device identifiers (such as the Apple IDFA or Android Advertising ID), other device information, Internet connection information, as well as details about individuals’ interactions with our apps, websites and emails (for example, the URL of the third-party website from which you came, the pages on our website that you visit, and the links you click on in our websites).

We and third parties may use automated means to read or write information on users’ devices, such as in various types of cookies and other browser-based or plugin-based local storage (such as HTML5 storage).

Cookies and local storage are files that contain data, such as unique identifiers, that we or a third party may transfer to or read from a user’s device for the purposes described in this Privacy Policy, such as recognizing the device, service provision, record-keeping, analytics and marketing, depending on the context of collection.

You may be able to set your web browser to refuse certain types of cookies, or to alert you when certain types of cookies are being sent. Some browsers offer similar settings for HTML5 local storage. However, if you block or otherwise reject our cookies, local storage, JavaScript or other technologies, certain websites (including our own websites) may not function properly.

These technologies help us (a) keep track of whether you are signed in or have previously signed in so that we can display all the features that are available to you; (b) remember your settings on the pages you visit, so that we can display your preferred content the next time you visit; (c) display personalize content; (d) perform analytics, and measure traffic and usage trends, and better understand the demographics of our users; (e) diagnose and fix technology problems; and (f) otherwise plan for and enhance our business.

Also, in some cases, we facilitate the collection of information by advertising services administered by third parties. The ad services may track users’ online activities over time by collecting information through automated means such as cookies, and they may use this information to show users ads that are tailored to their individual interests or characteristics and/or based on prior visits to certain sites or apps, or other information we or they know, infer or have collected from the users. For example, we and these providers may use different types of cookies, other automated technology, and data (a) to recognize users and their devices; (b) to inform, optimize, and serve ads; and (c) to report on our ad impressions, other uses of ad services, and interactions with these ad impressions and ad services (including how they are related to visits to specific sites or apps).

To learn more about interest-based advertising generally, including how to opt out from the targeting of interest-based ads by some of our current ad service partners, visit aboutads.info/choices from each of your browsers and devices.

You can opt out of Google Analytics and customize the Google Display Network ads by visiting the Google Ads Settings page. Google also allows you to install a Google Analytics Opt-out Browser Add-on for your browser.

If you replace, change or upgrade your browser, or delete your cookies, you may need to use these opt-out tools again. We do not respond to browser-based do-not-track signals.

Please visit your mobile device manufacturer’s website (or the website for its operating system) for instructions on any additional privacy controls in your mobile operating system, such as privacy settings for device identifiers.

c. International Data Transfers

We are based in the United States, and recipients of the data disclosures described in this Privacy Policy are located in the United States and elsewhere in the world, including where privacy laws may not provide as much protection as the country in which you are located. Where applicable, Zenus will comply with legal requirements for cross-border data protection, including through the use of European Commission-approved Standard Contractual Clauses. For more information about these clauses, please contact us.

d. Notification of Changes

Zenus may change this Privacy Policy to reflect changes in the law, our data handling practices or the features of our business. The updated Privacy Policy will be posted on zenus-biometrics.com.

e. How to Contact Us

If you have questions regarding our practices or this Privacy Policy, or to send us requests or complaints relating to personal data, please contact us at legal@zenus-biometrics.com or as follows:

Zenus, Inc.
Attn: Privacy Officer
3302 Canal Street, Suite 50
Houston, TX 77003

Last update to this Privacy Policy: August 20, 2018