HID® DigitalPersona® One-Time Password Authentication Mobile Application Privacy Notice

This Privacy Notice was last updated: September 30, 2021

HID provides this Privacy Notice to demonstrate our commitment to privacy. This Privacy Notice applies to your use of the DigitalPersona One Time Password Authentication Mobile Application (“Application”) on a mobile device.

You should bear in mind that your use of the Application is at the request of an HID customer (“HID Customer”). The HID Customer may also collect and use your personal data independently of us. This Privacy Notice does not apply to any personal data you provide directly to the HID Customer.

Changes to the Privacy Notice

This Privacy Notice may be updated from time to time for any reason. You are advised to consult the Privacy Notice regularly for changes via the Application. By continuing to use the Application after such notification, you are expressly acknowledging and accepting the changes.

What information does the Application obtain and how is it used?

When you register with us and use the Application we collect:

  • Mobile device IP addresses
  • UPN (User Principal Name)
  • UserUUID – unique identifier of the user account in Active Directory
  • Device token – as provided by APNS (Apple Push Notifications Service) or FSM (Google Firebase Cloud Messaging)
  • Device Operating System

This information is used to:

  • To prompt users via a push notification for authentication or transaction requests related to the use of the service
  • Provide related services to the specified HID Customer
  • Enable us to provide you with access to the Application
  • Fulfill our legal and administrative obligations

Does the Application collect precise real time location information of the device?

No, the Application does not collect real time location information.

Do third parties see and/or have access to information obtained by the Application?

Yes. We will share your information with third parties only in the ways that are described in this privacy notice.

We may share the data we collect about you:

  • as required by law, such as to comply with a subpoena, or similar legal process;
  • when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
  • with our trusted service providers who work on our behalf – such service providers do not have an independent use of the information we disclose to them and have agreed to adhere to rules and standards substantially similar to those set forth in this Privacy Notice;
  • if HID is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of this information, as well as any choices you may have regarding this information; or
  • to enable HID to address fraud or technical issues

What are my opt-out rights?

Opt-out of all information collection by uninstalling the Application – You can stop collection and access of information by the Application by uninstalling the Application. You may use the standard uninstall processes as may be available as part of your mobile device or via the mobile application marketplace or network.

Managing Your Information

In order to delete the user information, the user should contact the HID Customer who is the Controller of the information.

Children

We do not use the Application to knowingly solicit data from or market to children under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at: [email protected]. We will delete such information from our files within a reasonable time.

Security

We are concerned about safeguarding the confidentiality of your information. We provide physical, electronic, and procedural safeguards to protect information we process and maintain. For example, we limit access to this information to authorized employees and contractors who need to know that information in order to operate, develop or improve our Application. Please be aware that, although we endeavor to provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.

USERS IN THE EUROPEAN UNION

If you’re a user in the European Union, you should know that HID is the processor of your personal information, which means that we are providing a service to an HID Customer. Under certain circumstances you have the following rights under data protection laws in relation to your personal data:

  • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be provided to you, if applicable, at the time of your request.
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
    1. if you want us to establish the data’s accuracy
    2. where our use of the data is unlawful but you do not want us to erase it
    3. where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims or
    4. you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

International Transfers

HID may process personal information related to individuals in the European Union (EU) and may transfer that information from the EU through data processing agreements based on the EU Standard Contractual Clauses. We are committed to ensuring your information is protected and apply safeguards in accordance with applicable law. Data collected in the EU and European Economic Area (the “EEA”), may be stored, processed or transferred outside of the EEA.

Complaints

If you’re based in the EU, you can file a complaint with the supervisory authority in your Member State. For example, if you’re based in the UK, you can file a complaint with the Information Commissioner’s Office.

Contact Us

Contact Us
HID Global Corporation
611 Center Ridge Drive
Austin, TX 78753
[email protected]