EXPERTUM LTD, a limited liability company, with registration number ΗΕ 415235, having its registered address at Arch. Makarios III 240, Office 301, 3105, Limassol, Cyprus (collectively referred to as “EXPERTUM “we”, “us” or “our” in this privacy policy respects your privacy and is committed to protecting your personal data. This privacy policy explains as to how we collect and process your personal data and informs you about your privacy rights under the Processing of Personal Data (Protection of individuals) under the Processing of Personal Data (Protection of individuals) Law 125 (I)/2018) as amended from time to time and the EU General Data Protection Regulation (“GDPR”) 2016/679 (the “Law”).

  • This Privacy Policy is directed to natural persons who are either current or potential clients of Expertum.
  • It is also directed to natural persons who had such a contractual or other legal relationship with Expertum in the past.
  • It also contains information about sharing your personal data with other third parties, such us other service providers or suppliers.

It is important that you read this privacy policy together with any other privacy policy or fair processing notice we may provide on specific occasions when we are collecting or processing your personal data so that you are fully aware of how and why your data is being used. This privacy policy supplements the other policies and it is not intended to override them.

  1. WHO WE ARE AND IMPORTANT INFORMATION

    PURPOSE OF THIS PRIVACY POLICY

    EXPERTUM LTD, a limited liability company, with registration number ΗΕ 415235, having its registered address at Arch. Makarios III 240, Office 301, 3105, Limassol, Cyprus.

    Expertum has a facial recognition and facial search technology which allows to extract unique facial features from photos and save them in proprietary format that can be later used to compare faces between themselves and return percentage similarity level.

    Thanks to this technology and our know how in big data industry, we offer dedicated software solution thanks to which our clients can create own faces collections, populate them with their own photos, and later search through them with their own photo in order to find matching photos in their own database.

    The two services that the company provides is available as:

    • Fully managed cloud service with data stored on our infrastructure.
    • Or self-hosted version where data are stored and maintained on external infrastructure.

    This Privacy Policy aims to provide you with information on how we collect and process your personal data through your use of this website, including any data you may provide through this website when signing up to our newsletter/when you select a plan and/or during our contractual relationship.

    This website is not intended for children and we do not knowingly collect data relating to children.    We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to privacy issues. If you have, any questions about this privacy policy, including any requests to exercise your legal rights, please contact the DPO using the details set out below:

    Email address: [email protected]

    Postal address: Arch. Makarios III 240, Office 301, 3105, Limassol, Cyprus  

    YOUR DUTY TO INFORM US OF CHANGES    

    It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

  2. THE DATA WE COLLECT ABOUT YOU

    Personal data, or personal information, means any information about an individual from which that person can be identified.

    We take care to collect only your absolutely necessary Data, which is appropriate and clear for the intended purpose. This Data includes the following: 1. Data when creating a user account on our websites: e-mail address*, login password*,first name, last name, surname, postal address, telephone number. From protecting your account from fraud and other illegal activities we may use your data to maintain, update and protect your account. We also monitor browsing activity with us to quickly identify and resolve any issues and protect the integrity of our website. We may also use automated IP address tracking to detect potential fraudulent logins from unexpected locations. 2. Payment information (we may have access to billing but never have access to credit card details).   We may also collect, use, store different kinds of personal data about you as follows:

    a. Name, Surname

    b. Location/Address

    c. Contact Number such as phone number

    d. E-mail address

    e. We may collect details about payments to and from you and other details of services you have purchased from us.

    f. From our website we may process and may save internet protocol (IP) address, Cookies and if the client requested our services we may process emails, Name, Surname, Telephone, Address Country and Postal Code.

    IF YOU FAIL TO PROVIDE PERSONAL DATA  

    Where we need to collect personal data by law, or under the terms of a contract we have with you or to provide a service and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we may have to cancel the service you have with us but we will notify you if this is the case at the time.  

  3. HOW IS YOUR PERSONAL DATA COLLECTED?

    We use different methods to collect data from and about you providing you forms in cases that you request our services or by corresponding with us by post, phone, e-mail or otherwise. This includes personal data you provide when you:

    1. request our services; customer registration at Expertum portal
    2. subscribe to our paid service;
    3. request marketing to be sent to you;
    4. Third parties: We may receive personal data about you from other third parties and public sources if you consented to it.
    5. Business communication

  4. PURPOSE OF DATA PROCESSING AND LEGAL BASIS

    We will use your personal data in accordance with the Law for one or more of the following reasons:

    1. Where we need to perform the contract we are about to enter into or have entered into with you and/or for the provision of our services.

    2. We process personal data so as to safeguard the legitimate interests pursued by us or by a third party. A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. Examples of such processing activities include:

    • Initiating legal claims and preparing our defence in litigation procedures.
    • Means and processes we undertake to provide for Expertum network security, preventing potential crime, asset security, admittance controls and anti-trespassing measures and generally for running securely our business.
    • To recover debts and/or invoices due to us.
    • Measures to manage business and for further developing services.

    1. Where we need to comply with a legal or regulatory obligation; there are a number of legal obligations emanating from the relevant laws to which we are subject as well as statutory requirements, e.g. Tax Laws.

    2. You have provided your consent; Provided that you have given us your specific consent for processing (other than for the reasons set out above) then the lawfulness of such processing is based on that consent. You have the right to revoke consent at any time. However, any processing of personal data prior to the receipt of your revocation will not be affected.  

    CHANGE OF PURPOSE

    We will only use your personal data for the purposes for which we have collected it. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis, which allows us to do so.

  5. DISCLOSURES OF YOUR PERSONAL DATA

    Your personal data may be provided to different departments within Expertum and/or third party/ies for the purposes and/or in the context of the provision of our services. Consequently, third parties may also receive your personal data so that we may perform our services and/or legal obligations. Such third partiers enter into contractual agreements with us by which they observe confidentiality and data protection according to the data protection law and GDPR.

    It must be noted that we may disclose data about you for any of the reasons set out hereinabove, or if we are legally required to do so, or if we are authorised under our contractual and statutory obligations or if you have given your consent. We require all third parties to respect the security of your personal data and to treat it in accordance with the Law. We strictly prohibit our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. We only provide the necessary information they need to perform their specific services. Specific third parties and/or recipients of personal data may be, for example: police, vendors and/or associates. Other third parties are as set out below:

     - email provider, payment providers such as TransactionCloud and accounting company.

  6. INTERNATIONAL TRANSFERS  

    We do not transfer your personal data outside the European Economic Area (EEA).  

  7. DATA SECURITY

    Appropriate security measures have been put in place, in order to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to employees, agents, contractors and other third parties.

    Procedures have been put in place, to deal with any suspected personal data breach and we shall notify you and any applicable regulator of a breach where we are legally required to do so.

    Some examples of our technical measures are also summarised below:

    (a) the pseudonymisation and encryption of personal data;

    (b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.

    (c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.

    (d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

    Our website uses SSL, for secure online commercial transactions. This encrypts all Data you provide, including your credit card number, name, address and passwords, so that it cannot be decrypted or changed in transit over the Internet.

    These measures are reviewed and amended when deemed necessary.

  8. DATA RETENTION

    HOW LONG WILL YOU USE MY PERSONAL DATA FOR?

    We will only retain your personal data for as long as necessary, to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements, unless a longer retention period is required or permitted by certain laws.

    The criteria used to determine our retention periods include:

    After the completion of our business relationship with you or another relevant person, we may retain your data for up to 5 (five) years unless there is a legal obligation or other pending matter. Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of data for a certain period of time before we can delete them e.g. national labour law, tax law, money-laundering legislation).

    Whether retention is advisable considering our legal position (such as, litigation or regulatory investigations).

  9. YOUR LEGAL RIGHTS

    You have the following rights in terms of your personal data we hold about you:

    • Request access to your personal data: You may request a confirmation as to whether or not personal information is being processed by us and to obtain a copy of that information.
    • Request correction of your personal data: You may request rectification if your personal information is inaccurate.
    • Request erasure of your personal data: You may request that your personal information is erased in certain situations.
    • Object to processing of your personal data: You may object to the processing of your personal data in certain situations e.g. for use of your data for ad targeting.
    • Request restriction of processing your personal data: You may request restrictions of the processing of your personal data in certain situations e.g. if your personal information is inaccurate or unlawfully processed.
    • Request transfer of your personal data: You may request to obtain and reuse your personal data for your own purposes across different services.
    • Right to withdraw consent that you gave us with regard to the processing of your personal data at any time. Note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn or revoked by you.

  10. REGULATION DESCRIPTION-RESTRICTIONS:

    Union or Member State law to which the data controller or processor is subject may restrict by way of a legislative measure the scope of the obligations and rights in so far as its provisions correspond to the rights and obligations provided in the Data Protection Law, when such a restriction respects the essence of the fundamental rights and freedoms and is a necessary and proportionate measure in a democratic society to safeguard:

    a) national security

    b) defence;

    c) public security;

    d) the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security;

    e) other important objectives of general public interest of the Union or of a Member State, in particular an important economic or financial interest of the Union or of a Member State, including monetary, budgetary and taxation a matters, public health and social security;

    f) the protection of judicial independence and judicial proceedings;

    g) the prevention, investigation, detection and prosecution of breaches of ethics for regulated professions;

    h) a monitoring, inspection or regulatory function connected, even occasionally, to the exercise of official authority in the cases referred to in points (a), (b), (c), (d), (e) and (g);

    i) the protection of the data subject or the rights and freedoms of others;

    j) the enforcement of civil law claims.  

  11. RIGHT TO LODGE A COMPLAINT

    You have the right to make a complaint at any time to Office of the Commissioner for Personal Data (the “Commissioner”), the Cyprus supervisory authority for data protection issues http://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/home_el/home_el?opendocument. We would, however, appreciate the chance to deal with your concerns before you approach the Commissioner so please contact us in the first instance.

    We would, however, appreciate the chance to address your queries, so you may contact us at: [email protected]

  12. COOKIES

    "Cookies" are small files that are stored on a user's computer. Cookies can store different kinds of data. Cookies are primarily used to store information about users. They are stored on the users' devices during and/or after users visit our website or user panel. "Temporary cookies", "session cookies", or "transient cookies" are cookies that are deleted after users leave the page and close their browsers. Other cookies are referred to as "permanent" or "persistent" and remain stored even after the browser is closed. For example, users login status is saved for several days.

    Likewise, permanent cookies can measure the "range" of a website (where the users are geographically located) or information on the users' interests. This information is used for marketing purposes. "Third-party cookies" are cookies that are offered by the original providers (who operate the website) to other parties. It is useful to know the above terms so that you understand our cookie policies and data protection agreement.

    If, as our customer or as a visitor to our websites, you do not wish cookies to be stored on your computer, we ask you to deactivate the corresponding option in the system settings of your browser. You can also delete stored cookies in the system settings of your browser. However, if you do these things, it will likely lead to problems when you try to use our websites and user panel.

  13. CHANGES TO THE PRIVACY POLICY AND YOUR DUTY TO INFORM US

    This version was last updated on 05/10/2023. This Privacy Policy may be amended from time to time. We do however encourage you to review this statement periodically so as to be always informed about how we are processing and protecting your personal information.