Privacy Policy and GDPR Compliance Statement

AUTHENTIC VISION GMBH

(Effective date of 14 March 2022.)

Address
Authentic Vision GmbH
Ludwig-Bieringer-Platz 1
5071 Salzburg
Austria

Commercial Register No.: FN 386580 a
VAT Identification Number: ATU67525056

Managing Director
Thomas Weiß

Contact

tel: +43 720 98 44 60
privacy@authenticvision.com

CheckIfReal is a mobile application developed by Authentic Vision GmbH (“AV”).
This Privacy Policy and GDPR Compliance Statement (“the Privacy Notice”) sets out how AV collects data via its authentication application CheckIfReal on handheld mobile devices and how such data is processed.
AV may from time to time update this Privacy Notice. The date specified in brackets above indicates the last revision to this Privacy Notice.
We have authorized AppInChina Inc. to run our distributions in the mainland China Android market for mobile apps.


1. Who is the controller of personal data?
Authentic Vision GmbH is the controller of personal information processed through its authentication application on supported handheld mobile devices. The relevant contact details are specified above.

2. What kind of data is collected?
The data collected includes date and time of use, installation ID, manufacturer and model of device, the authentication result and related performance telemetry data. In addition, the App collects the following personal data:

Personal information name: Geographic location.
Personal information function: Geolocate tamper and fraud attempts.
User able to decline providing: Yes.
Application functions effected: None.

No additional data will be collected without your consent.
If an end user chooses to provide feedback or report counterfeit product or services, the user may choose to provide its contact details to AV. If the end user provides contact details, these may be used by AV and its customers and licensees for the purposes of providing feedback or a response to the end user.

3. What is the legal basis for the collection of data?
The collection of data is based on the user`s consent to the end user license agreement and this Privacy Notice upon installing the application. On using the application for the first time, a user must provide consent to the processing of personal data by AV.

4. What permissions does the app require?
The app will request the following permissions in order to function:

Permission name: User Location.
Permission function: Geolocate scans.
Able to turn off: Yes.
App functions effected: Localized intelligence cannot be applied to the scan.
Permission name: Camera.
Permission function: Enable use of the camera to be able to scan in order to authenticate AV labels.
Able to turn off: No.
App functions effected: Cannot scan and authenticate AV labels without camera, renders app useless.

5. How will the information be used?
AV uses the data to perform the AV services advertised and to optimize the user experience, fix errors and improve usability and effectiveness of the service. AV may update the use of your data and will ask for your consent to any changes regarding how your data is processed. AV operates a secure web portal for its business customers and licensees which shows the geographic location of where products with AV labels have been scanned and the result of such scans. AV may also aggregate the data specified above. The data may be used for the provision of authentication and anti-counterfeiting services and marketing (consumer and business) purposes.
Where required by applicable law, AV may be required to share data with government agencies, regulatory bodies and law enforcement authorities. AV will share said data in accordance with applicable privacy laws.

6. Online tracking and “Do Not Track” settings
Please note that AV’s website and application do not support “Do Not Track” browser settings regarding the collection of personal data.

7. How long will the data be stored for?
The data is stored as long as necessary to provide our service to you in accordance with mandatory law.

8. What rights does the data subject have?
At all times, AV guarantees the following individual’s rights:

  • the right to be informed
  • the right of access
  • the right to rectification
  • the right to erasure
  • the right to restrict processing
  • the right to data portability
  • the right to object and withdraw consent
  • rights in relation to automated decision making and profiling

9. How can the data subject raise a complaint?
If you have any concerns about privacy at AV, or you want to erase all your personal information and data, please contact us at privacy@authenticvision.com with a thorough description and we will try to resolve the issue for you. You can file a complaint with our principal supervisory authority, the Austrian Data Protection Agency (DSB), Barichgasse 40-42, 1030 Wien, Austria or with the applicable local data protection authority. AV will process all such requests within one month.

10. The key principles of data collection and storage

  • AV will process all data fairly and lawfully
  • AV will only process pseudonymised data for specified and lawful purposes
  • AV will not keep any data for longer than is necessary
  • AV will keep all data secure and all data is stored on ISO 27001 certified servers located within the European Economic Area (EEA) with back-up nodes to reduce latency of scans outside of the EEA in accordance with applicable privacy laws
  • AV will ensure that data is not transferred to countries outside of the country in which it is collected without adequate protection in accordance with applicable privacy laws.

11. What about cookies?
AV may use cookies to enable our systems to recognise your browser or device and to provide the AV authentication service to you.

12. What about links to third party services?
AV uses the following SDKs and APIs:

SDK name: sentry.io
SDK function: Error tracking and application performance monitoring (https://sentry.io/)
Data collected: This SDK collects errors and device information.
License: The MIT License (https://open.sentry.io/licensing/)


13. What about links to third-party services?
AV may include links to third-party services. Your use of such third-party services and how your data is processed by such third party is regulated by the privacy notice of such third parties. All licensees of AV utilise their own infrastructure and web server for marketing campaigns, product registration and cross-selling. AV licensees will never use personal data without the user’s consent and such activities are subject to the terms and conditions of the relevant AV licensee. AV may use third party services for incident reporting and push notification services. Our website utilizes third-party plugins and scripts to enhance functionality and gather statistical information.
These plugins and scripts include:

Additionally, these third-party tools may collect and process certain data. We recommend reviewing the privacy policies of these third-party providers for more information on their data handling practices. Please note that your use of our website may be subject to the privacy policies of these third-party providers.

14. Are children allowed to use AV services?
AV does not intend to provide services to children. If you are under 18 or under the age of majority, you may use AV services only with the involvement of a parent or guardian.

15. Does AV share personal data with third parties?
AV may share data with its authorized processors for processing on its behalf. AV shall use processors providing sufficient guarantees in respect of the technical security measures and organizational measures governing the processing carried out and will ensure compliance with those measures. AV will ensure that the processing is governed by a contract requiring the processor to only act in accordance with AV’s instructions and in compliance with data protection and privacy laws.

The data collected may be shared with third party customers and licensees for the purpose of anti-counterfeiting and marketing (consumer and business) or to government agencies, regulatory bodies and law enforcement authorities. All data processed by such third parties shall be in accordance with applicable data protection and privacy laws.

16. Does AV transfer my data internationally outside the market of collection?
AV may transfer personal data to countries outside of the country where such data is collected in the course of sharing information with parties as set out above. Whenever AV transfers personal information, we will ensure that the information is transferred in accordance with this Privacy Notice and as permitted by the applicable laws on data protection.

17. How secure is my data?
AV protects the security of your information during transmission by using Secure Sockets Layer (SSL) software, which encrypts information you input. It is important for you to take measures to protect against unauthorised access to your password and to your computers, devices, and applications.

18. Revisions to this Privacy Notice
AV may from time to time update this Privacy Notice. The date specified below indicates the last revision to this Privacy Notice.
Authentic Vision GmbH, GDPR Compliance Statement and Privacy Notice, dated March 2022.