Log In
Sign Up

Privacy Policy

1. INTRODUCTION

Adaptive Recognition Nordic A/S (hereinafter referred to as „we”/„us”/„our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how information about you is collected, used, and disclosed by us and our subsidiaries, affiliated companies, consultants, employees. This Privacy Policy applies to information we collect when you use the Carmen Cloud EU website (the „Cloud Console”) and all Carmen Cloud EU APIs (the „Cloud APIs”, collectively the „Cloud Services”) or when you otherwise interact with us.

Contacts:
Data controller: Adaptive Recognition Nordic A/S
Address: Ørestads Boulevard 73, DK-2300 København S, Denmark
Email: dataprotection@arnordic.dk

2. USER CONSENT

By submitting or making available personal data through the Cloud Console or the Cloud APIs, you agree to the terms of this Privacy Policy and you expressly consent to the processing of your personal data in accordance with this Privacy Policy.

3. A NOTE ABOUT CHILDREN

We do not intentionally gather personal data about visitors who are under the age of 13/14. If you are under the age of 13, you are not permitted to visit the Cloud Console or use the Cloud APIs.

4. DATA PROCESSING IN RELATION TO CONTRACTS

4.1. PURPOSE OF DATA PROCESSING

We might process your personal data for the preparation, conclusion, performance and/or termination of a contract and in order to be able to contact you during the contracting period.

We collect your email address and password, first and last name, company name, phone number, and country code when you register an account on the Cloud Console.

We collect additional personal data, billing name, billing address, tax ID, and credit card information (card number, expiration date, CVC code) when you subscribe to a prepaid package on the Cloud Console.

The above data processing is considered legitimate even if the data processing is necessary before the contract is concluded to take action on the request of the person concerned.

4.2. SCOPE OF PROCESSED DATA

Information required for authentication: email address and password.

Contact information: first and last name, company name, country code, email address, phone number, information included in any email.

Financial information: billing name and address, tax ID, credit card information (card number, expiration date, CVC code).

4.3. LEGAL GROUNDS FOR PROCESSING DATA

If you enter into a contract on your own behalf, the processing of the data is for the purpose of the processing, performance and termination of the contract with you, cf. Article 6(1)(b) of the GDPR.

4.4. RETENTION TIME OF PROCESSED DATA

We process your personal data as long as the contract is in force and for a defined period after the termination of the contract.

We will retain the personal data until the deadline for enforcing legal claims in relation to a contract expires. For bookkeeping reasons we will retain the relevant data for 5 years after termination of the contract.

4.5. POSSIBLE CONSEQUENSES OF FAILURE TO PROVIDE DATA

Providing your personal data is required to establish a contractual relationship and to maintain contact with you.

If you do not provide the necessary personal data, it is not possible to fulfill the contract and/or maintain a business relationship with us.

4.6. DATA TRANSMISSION

We will not forward your personal data to third parties except in the following cases:

      a) Data processors participating in the performance of the contract (see Appendix A for the list of our data processors); or

      b) If the transmission of the data to a third party is necessary to provide you with the Cloud Services.

In addition, we use a number of third parties, which store and process personal data on behalf of us. These data processors are not entitled to use your personal data for their own purposes. We only use data processors within the EU and the EEA or countries providing a sufficient level of protection.

5. WHEN YOU VOLUNTARILY PROVIDE DATA DURING REGISTRATION

5.1. PURPOSE OF DATA PROCESSING

We collect your use case and the type of camera you mainly use when you register an account on the Cloud Console to improve our Cloud Services.

5.2. SCOPE OF PROCESSED DATA

Your use case and the type of camera you mainly use.

5.3. LEGAL GROUNDS FOR PROCESSING DATA

You have given consent to the processing of your personal data for one or more specific purposes, cf. Article 6(1)(a) of the GDPR.

5.4. RETENTION TIME OF PROCESSED DATA

We process your personal data until you close your account.

5.6. DATA TRANSMISSION

We will not forward your personal data to third parties.

6. WHEN YOU COMMUNICATE WITH US IN ANY WAY

6.1. SCOPE OF PROCESSED DATA

Contact information, e.g. name, email address, any information included in the email or in the feedback form of the Cloud Console, phone number, country, company name and/or purpose of visit.

6.2. LEGAL GROUNDS FOR PROCESSING DATA

Communication with you can be based on either a consent, e.g. when you subscribe for newsletters or any other promotional activity, cf. Article 6(1)(a) of the GDPR.

The communication with you can also be for the purpose of fulfilling our contractual obligations, e.g. when updating or supporting our Cloud Services, cf. Article 6(1)(b) of the GDPR.

6.3. RETENTION TIME OF PROCESSED DATA

If the communication is regarding a contract you have entered into with us, we process your personal data as long as the contract is in force and for a defined period after the termination of the contract. We will retain the personal data until the deadline for enforcing legal claims in relation to a contract expire or 3 years after our last support service contact. For bookkeeping reasons we will retain the relevant personal data for 5 years after termination of the contract.

If you have signed up for a newsletter or any other promotional activities, we will process your personal data as long as you have consented hereto. If you withddraw your consent, we will cease to process your personal data.

6.4. POSSIBLE CONSEQUENSES OF FAILURE TO PROVIDE DATA

If you do not provide us with the required information, we will not be able to provide you with the Cloud Services that you have requested, whether it is in relation to the fulfillment of the contract or promotional activities.

If you do not provide the necessary personal data, it is not possible to fulfill the contract and/or maintain a business relationship with us.

6.5. DATA TRANSMISSION

We will not forward your personal data to third parties except in the following cases:

      a) Data processors participating in the performance of the contract (see Appendix A for the list of our data processors); or

      b) If the transmission of the data to a third party is necessary to provide you with the Cloud Services.

In addition, we use a number of third parties, which store and process personal data on behalf of us. These data processors are not entitled to use your personal data for their own purposes. We only use data processors within the EU and the EEA or countries providing a sufficient level of protection.

7. DATA PROCESSED VIA VISITING THE CLOUD CONSOLE OR USING THE CLOUD APIS

7.1. PURPOSE OF DATA PROCESSING

To make the Cloud Console and Cloud APIs more useful to you, our servers (which are hosted by a third-party service provider) collect data from you, such as browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to your computer when you use the Internet, which may vary from session to session), domain name, and/or a date/time stamp for your visit.

We may also use Cookies (as defined below) and navigational data like Uniform Resource Locators (URL) to gather information regarding the date and time of your visit and the solutions and information for which you searched and which you viewed. Like most Internet services, we automatically gather this personal data and store it in log files each time you visit the Site or access your account on our network.

Cookies” are small pieces of information that a website sends to your computer’s hard drive while you are viewing a web site. We link the information we store in cookies to the personally identifiable information you submit while on the Cloud Console. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on the Cloud Console. Persistent Cookies can be removed by following your browser help file directions. If you choose to disable Cookies, some areas of the Cloud Console may not work properly.

The use of cookies by third-parties is not covered by our privacy statement. We do not have access or control over these cookies. Our third-party partners use cookies to improve the quality of experience when you interact with the Cloud Services.

7.2. SCOPE OF PROCESSED DATA

Browser type, operating system, Internet Protocol (IP) address, domain name, and/or time stamp for your visit, cookies and navigational data.

7.3. LEGAL GROUNDS FOR PROCESSING DATA

We might process your personal data on the basis of you consent, e.g. when we collect data through cookies, cf. Article 6(1)(a) of the GDPR.

8. SECURITY OF YOUR APPLICATION AND PERSONAL DATA – COPY OF DATA MINIMIZATION OR PRIVACY-BY-DESIGN

We are committed to protect the security of your personal data. We use a variety of industry-standard security technologies and procedures to help protect your personal data from unauthorized access, use, or disclosure. We encrypt the transmission of that information using secure socket layer technology (SSL). We also require you to enter a password to access your account information. Please do not disclose your account password to unauthorized people. Despite these measures, you should know that we cannot fully eliminate security risks associated with data, and mistakes and security breaches may happen. If you have any questions about security on the Cloud Services, you can contact us at the information above.

Personal data may only be managed for the purpose of the given data management. We ensure the security of the data. To this end, we shall take the necessary technical and organizational measures in respect of the files stored by means of IT. We shall ensure that the data security rules laid down in the relevant legislation are complied with.

We shall also ensure the security of the data, take the technical and organizational measures and establish the procedural rules set out in this Privacy Policy, which are necessary for the enforcement of the applicable legislation, data and confidentiality rules.

According to this, only employees with authorization and access code can access their computer systems, and data-related operations performed in the system can be tracked. Permissions are complete for all accessors.

Paper-based data management is performed by us in such a way that the documents stored on a paper basis are stored in a lockable cabinet, and then, in case of archiving, they are placed in a traceable paper box, a lockable warehouse.

Within the scope of our tasks related to IT protection, we shall in particular ensure:

a) Measures to protect against unauthorized access, including software and hardware protection and physical protection (access protection, network protection);

b) Measures to enable data files to be restored, including regular backups and separate, secure management of copies (mirroring, backup);

c) Protection of data files against viruses (virus protection);

d) The physical protection of data files and the devices carrying them, including protection against fire, water damage, lightning, other elemental damage, and the recoverability of damage resulting from such events (archiving, fire protection).

e) The managed data must be accessible to authorized persons (availability)

f) The authenticity and authentication of the processed data must be ensured (authenticity of data management)

g) The integrity of the data be verified (data integrity)

h) The data must be protected against unauthorized access (data confidentiality)

We provide the required level of protection during the management of the data – in particular their storage, correction, deletion – when requesting or protesting the relevant information.

Us during data management retains

a) confidentiality: it protects the information so that only those who have access to it can access it

b) integrity: protects the accuracy and completeness of the information and the method of processing,

c) availability: ensuring that, when the authorized user needs it, he/she actually has access to the information required and the means to do so.

9. DATA PROTECTION INCIDENT

We shall keep a record of any data protection incidents, indicating the facts related to the data protection incident, its effects and the measures taken to remedy it.

The possible privacy incident:

• shall be reported by the us to the Authority without delay, within 72 hours of becoming aware of it, unless the data protection incident is not likely to pose a risk to the rights and freedoms of natural persons.

• If the data protection incident is likely to pose a high risk to the rights and freedoms of natural persons, the we shall inform the data subject of the data protection incident without undue delay.

• we keep records of data protection incidents.

In the privacy incident report:

• the nature of the data protection incident, including, where possible, the categories and approximate number of data subjects and the categories and approximate number of data affected by the incident shall be described.

• the name and contact details of the Data Protection Officer or other contact person for further information shall be communicated.

• the likely consequences of the data protection incident shall be described.

• the measures taken or planned by us to remedy the data protection incident, including, where appropriate, measures to mitigate any adverse consequences arising from the data protection incident, shall be described.

If we can demonstrate, in accordance with the principle of accountability, that the data protection incident is not likely to pose a risk to the rights and freedoms of natural persons, the notification may be waived. (Eg a letter sent by the data controller to the wrong address is returned without being opened, ie no personal data was accessed by an unauthorized person.)

The data subject does not need to be informed of the data protection incident if

• we have implemented appropriate technical and organizational protection measures, and these measures have been applied to the data affected by the data protection incident (in particular measures such as the use of encryption) which make it incomprehensible to persons not authorized to access personal data the data);

• we have taken further measures following the data protection incident to ensure that the high risk to the data subject’s rights and freedoms is no longer likely to materialize;

• information would require a disproportionate effort. (In such cases, the data subject must be informed through publicly available information or a similar measure must be taken to ensure that the data subject is informed in a similarly effective manner, eg. by releasing a press statement).

10. YOUR RIGHTS

Under the rules of the GDPR, from us you can:

– request access to personal information and information about you;

– request the correction of personal data concerning you, for example if any of your personal data changes;

– request the deletion of personal data concerning you, unless, inter alia, the management of the data is necessary for the submission, enforcement or protection of legal claims;

– request restrictions on the management of personal data concerning you;

– object to the management of personal data.

10.1. RIGHT OF ACCESS, RECTIFICATION AND DELETION OF DATA

You may access or change any of your personal data in your account by enterin your profile and editing your profile within the registration portion of the Cloud Console or by sending an email to us at the email address set forth above.

You may request deletion of your account information by us by sending an email to dataprotection@arnordic.dk, but please note that we may be required (by law or otherwise) to keep this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements).

When we delete account information, it will be deleted from the active database, but may remain in our archives. We will otherwise retain your information for as long as your account is active or as needed to provide you services as well as is necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

You have the right to ask the us for information on whether your personal data is being managed through the contact details provided in this Privacy Policy, and if such management is in progress, you have the right to know what personal data we have about you, on what legal basis, for what purpose of data management, for how long, and to whom, when, under what legislation did the we provide access to his personal data or to whom did it transfer your personal data; the source of your personal data (if not provided to us by you), whether we use automated decision-making and its logic, including profiling. You may also request a copy of this information as long as it does not adversely affect the rights of others.

You can request in writing, through the contact details provided in this section, that we modify, correct any of your personal data or supplement your incomplete data.

You may request in writing from us, through the contact details provided in this section, the deletion of personal data concerning you which have been managed with your consent. The request for deletion shall be rejected by us in the event that we have a legal basis for the further storage and use of the data after the withdrawal of the data subject’s consent. 

10.2. RIGHT TO RESTRICT DATA MANAGEMENT

You can request in writing through the contact details provided in this section, that your personal data be blocked by us provided that:

• You dispute the accuracy of your personal information, in which case the restriction applies to the period of time that allows you to verify the accuracy of your personal information;

• the management is unlawful and you oppose the deletion of the data and instead ask for a restriction on its use;

• we no longer need the personal data for the purpose of data management, but the data subject requests it in order to make, enforce or protect legal claims; or

• You objected to the data processing; in that case, the restriction shall apply for as long as it is established whether the legitimate grounds of we take precedence over the legitimate grounds of the data subject.

The blocking lasts as long as the reason given by the data subject requires the data to be stored. The data subject may request the blocking of the data, for example, if he or she believes that his or her application has been treated unlawfully by the Authority, but it is necessary for the official or court proceedings initiated by him or her not to be deleted by the Authority. In this case, the Authority will continue to store the personal data (such as the application) until it is requested by the authority or the court, after which the data will be deleted.

Where management is restricted, personal data may be managed, with the exception of storage, only with the consent of the data subject or for the purpose of bringing, enforcing or protecting legal claims or protecting the rights of another natural or legal person or in the important public interest of the Union or a Member State.

10.3. RIGHT TO OBJECTION

You may object to the management of data at any time, for reasons related to your own situation, through the contact details provided in section I, if you consider that we would manage your personal data improperly in connection with the purpose stated in this privacy statement. In this case, we must prove that the management of personal data is justified by compelling legitimate reasons which take precedence over the interests, rights and freedoms of the data subject or which relate to the submission, enforcement or protection of legal claims.

10.4. WITHDRAWAL OF CONSENT IN CASE OF CONSENT-BASED DATA MANAGEMENT

If we manage any of your personal data with your consent, you have the right to withdraw that consent at any time. However, the withdrawal of consent shall not affect the lawfulness of the data management carried out under the consent prior to the withdrawal.

If you consent, we will periodically send you free newsletters and emails that directly promote the use of or purchase of the Cloud Services. When you receive newsletters or promotional communications from us, you may indicate a preference to stop receiving further communications from us and you will have the opportunity to “opt-out” by following the unsubscribe instructions provided in the email you receive or by contacting us directly (please see contact information below).

Should you decide to opt-out of receiving future mailings, we may share your email address with third parties to ensure that you do not receive further communications from third parties. Despite your indicated email preferences, we may send you notices of any updates to our Terms of Use or Privacy Policy.

10.5. INFORMATION ON STATUTORY DATA MANAGEMENT

If the legal basis for the management of a personal data is the fulfillment of a legal obligation incumbent on us, in this case you are obliged to provide the given personal data. Failing this, we will not be able to fulfill our legal obligation.

10.6. INFORMATION ON CONTRACTUAL DATA MANAGEMENT

If the legal basis for the management of any of your personal data is a contract, in this case you are obliged to provide that personal data. Failing this, we will not be able to enter into a contract with you. 

11. DATA MANAGEMENT REMEDIES

11.1. AMICABLE SETTLEMENT OF THE DISPUTE

Should you have any complaints about your personal data, please first contact us at one of the contact details provided in this section in order to resolve the dispute amicably.

11.2. DATA PROTECTION AUTHORITY PROCEDURE

Anyone may, by notification to the competent data protection authority, initiate an investigation on the grounds that the management of personal data or the exercise of rights of access to public data or data of public interest or have been infringed or are in imminent danger. Any complaints regarding personal data shall be filed with the Danish Data Protection Agency, Borgergade 28, 5, 1300 Copenhagen K, on www.datatilsynet.dk

11.3. RIGHT TO GO TO COURT

In the event of a violation of his or her rights, regardless of the submission of the complaint, the data subject may apply to the competent court according to the place of residence and stay of ours. The court is acting out of turn in the case.

12. PRINCIPLES RELATING TO PROCESSING OF PERSONAL DATA

We shall comply with the data management principles set out in Article 5 of the GDPR.

We shall specify in this Privacy Policy the specific legal basis/bases and purpose/purposes of the data management.

We shall use and store the personal data provided by you lawfully, fairly and in a transparent manner only for specified purposes determined in this Privacy Policy.

The process of the personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

The processed personal data shall be accurate and, where necessary, kept up to date. Every reasonable step must be taken by us to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.

The personal data shell be processed by us in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

We shall be responsible for, and be able to demonstrate compliance with the provisions of this paragraph.

13. CHANGES TO THIS PRIVACY POLICY

This Privacy Policy is subject to occasional revision, and if we make any substantial changes in the way we use your personal data, we will notify you by sending you an email to the last email address you provided to us and/or by prominently posting notice of the changes on the Cloud Console.

Any material changes to this Privacy Policy will be effective upon the earlier of thirty (30) calendar days following our dispatch of an email notice to you of the changes, thirty (30) calendar days following our posting of notice of the changes on the Cloud Console, or the date that you accept the changes (e.g., by clicking an “I Accept” button or similar means).

These changes will be effective immediately for new users of the Cloud Services. Please note that at all times you are responsible for updating your data to provide us with your most current email address. In the event that the last email address that you have provided us is not valid, or for any reason is not capable of delivering to you the notice described above, our dispatch of the email containing such notice will nonetheless constitute effective notice of the changes described in the notice.

In any event, changes to this Privacy Policy may affect our use of personal data that you provided us prior to our notification to you of the changes. If you do not wish to permit changes in our use of your personal data, you must notify us prior to the effective date of the changes that you wish to deactivate your account with us. Continued use of the Site or the Services following notice of such changes shall indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.

Appendix A: Data processors

NAME OF THE SERVICE

Company Business Reg. no

ADDRESS

DESCRIPTION OF PROCESSING

Web services

B 186284

Amazon Web Services EMEA SARL, Luxembourg

Managing authentication and account information

Payment services

IE513174

Stripe Payments Europe, Limited, Ireland

Managing billing and credit card information, and subscriptions, as well as issuing invoices on behalf of us

Billing services

EIN 45-3529919

Adaptive Recognition America Corporation, 28059 US Highway 19 North, Suite 203, Clearwater, FL 33761, USA

Providing billing services for customers who register from the American continent

Customer Relationship Management

IE256796

Microsoft Ireland Operations, Limited, Ireland

Managing CRM database and email services

Technical support

01-10-049169

Adaptive Recognition Hungary Zrt., Budapest, Hungary

Providing technical support