We at Viisights Solutions Ltd. (“Company,” “Viisights,” “our” or “we“) believe in the importance of complying with applicable data protection regulations (“Data Protection Regulations“).
Data Protection Regulations set out rules and standards for the use and handling of personal data belonging to identifiable individuals (i.e., “data subjects” or “consumers”, etc.) (“Personal Data“) by organizations and companies. The laws apply to all sectors, both public and private and to all electronic records as well as many paper records.
The EU General Data Protection Regulation (“GDPR”) came into effect on May 25, 2018 and set out a worldwide standard for processing Personal Data. In turn, the California Consumer Privacy Act of 2018 (“CCPA”) came into effect in January 2020 and provided residents of the State of California with additional privacy rights. At Viisights, we aim to provide our services (“Services“) in compliance with all applicable Data Protection Regulations including, as applicable and without limitation, the CCPA and the GDPR.
For this purpose, we have appointed a data protection officer (“DPO“) to ensure all required actions are taken in order to be compliant with applicable Data Protection Regulations. We further pay close attention (with the assistance of our legal counsel) to regulatory guidance with respect to the Data Protection Regulations and make changes as necessary to our services in order to maintain our compliance with such applicable Data Protection Regulations.
PLEASE BE ADVISED THAT THIS OVERVIEW IS NEITHER A MAGNUM OPUS ON DATA PRIVACY NOR SHALL IT BE CONSIDERED TO BE LEGAL ADVICE FOR YOUR COMPANY TO USE IN ORDER TO COMPLY WITH APPLICABLE DATA PROTECTION REGULATIONS. INSTEAD, IT PROVIDES BACKGROUND INFORMATION TO HELP YOU BETTER UNDERSTAND HOW WE, AT VIISIGHTS, HAVE ADDRESSED SOME IMPORTANT LEGAL POINTS WITH RESPECT TO DATA PRIVACY.
We may collect the Personal Data of your employees, including their names, work email addresses, and access authorizations to the Services that we will be providing you (i.e., user name and password). We will use this information in order to: (i) provide you with our Services; (ii) process transactions made on the Services; (iii) identify employees authorized by you to access the Services; (iv) resolve any disputes, communicate with you and resolve any support issues; and (v) respond to your questions or comments and help resolve any additional problems you may have.
Our product and Services include the processing of data which are collected by sensors (i.e., the cameras that are installed by our customers in various locations). The data that is processed through the product is the Personal Data of our customer’s data subjects and our customers are the controller of such Personal Data. Our customers determine the jurisdiction in which the data subjects are located which is dependent on where the customer chooses to install our product.
Our product is installed on our customer’s premises and data processed by our product is stored on a local disk, and is processed in the computer’s memory. The server is installed on our customer’s premises and is a part of our customer’sinternal network. Nonetheless, during the onboarding, and before you become our customer, you are able to connect directly to our cloud or send us the content so that we process the data on our systems to enable you to test our technology and services.
The following is the flow of the processing activities of our product (step by step):
All of the processing activities described above are executed on our customer’s premises. As such, we will not have access to nor will we have control over any Personal Data which is processed by our customers in connection with their use of the Services and our product. We may however, have access to Personal Data that is processed by our Services when we need to provide customers with support with respect to our Services.
To create our technology, we have conducted and continue to conduct AI learning, the data used for this training includes public data base, data provided by the customers (either when sent to us or when processed by us), simulation and synthetic-data. Note, the data does not include personal data or identifying data, hence we cannot recognize a face or person and match the data.
Technological Organizational and Security standards
The Company has completed an in-depth audit and data mapping process and implemented internal technical and organizational measures to safeguard against unauthorized access to Personal Data and protect us in case of a security incident.
More information regarding our security and privacy programs can be found in our Security Policy.
We have annual employee training and created an employee security policy to help guide our employees and teach them how to manage and access Personal Data in a secure and compliant manner. Employees that have access to Personal Data are trusted employees who go through a special screening process in order to prove their trustworthiness.
We will retain the Personal Data that we collect from you for as long as it remains necessary for the purposes of providing our Services to you or as required under applicable law. With regards to our product and services our customers can choose to set up a retention period which be anything from no retention of data at all to the retention of data for up to one month. The data is erased periodically, according to the settings that each customer has chosen.
We have implemented an internal disaster recovery policy in order to enable us to continue to maintain and provide our Services in the event of a security incident or data breach. Our internal disaster recovery policy guides the Company in its response and the actions it must take upon the occurrence of a security incident
Data Protection Regulations provides individuals with various rights with respect to their Personal Data, depending on such individual’s jurisdiction, these rights may include (without limitation): the right to access Personal Data, request the erasure of Personal Data, and restrict the sharing and selling of Personal Data, all as further explained in our Privacy Notice and CCPA Notice. A data subject can contact our DPO at: firstname.lastname@example.org or fill in our form and send it to: email@example.com in order to exercise any of his or her rights under applicable Data Protection Regulations in his or her jurisdiction.
Transferring of Personal Data
On July 16, 2020, the Court of Justice of the European Union (“CJEU”) invalidated the EU-US Privacy Shield. Additionally, on September 8, 2020, the Swiss Data Protection Authority announced in a position statement that it no longer considers the Swiss-U.S. Privacy Shield adequate for the transferring of Personal Data from Switzerland to the U.S.
The Company ensures that any transfer of Personal Data is done in a secure manner and in compliance with the latest EDPB recommendations concerning data transfer. The Company will make sure to sign a DPA with any of its customers, vendors, service providers and partners (as necessary) which incorporates SCCs as this is still considered a valid data export mechanism and automatically applies in accordance with our Data Processing Agreement .
Over the coming months, we anticipate that EU data protection regulators will issue additional guidance on the CJEU decision, including what the supplementary measures could consist of for those transferring data in reliance on the SCCs. In addition, the current form of the SCC was written before the GDPR went into effect and we believe that it will be updated at some point in time. We will continue to keep a close eye on forthcoming guidance to stay up to date and assess whether we need to make any changes to our existing practices.