HID Origo™ Management Portal Privacy Notice

This Privacy Policy was last updated: October 10, 2018

HID Global Corporation (collectively "HID") provides this HID Origo Management Portal Privacy Notice (this "Notice") in order to demonstrate HID's commitment to privacy. HID recognizes the importance of safeguarding personal data that can be used to personally identify or contact an individual person ("Personal Data"), and HID wants you to feel confident about the privacy of Personal Data you provide to HID.
This Notice applies solely to information collected by HID via the following website portals ("Portal(s)") and the services offered through the Portal (“Services”):

  1. HID Origo Management Portal; and
  2. HID Reader Manager Portal;

Services currently include HID Origo™ Mobile Identities and HID Reader Manager services.

This Notice does not apply to Personal Data processed outside of the Portals and Services. "Customer" is the entity that purchases the Services. "End User(s)" are the individuals whose Personal Data is provided to HID by the Customer for the purpose of providing the Services (for example, an End User could be an employee of the Customer or a visitor). “Account Administrators” are individuals authorized by the Customer to administer the Customer’s Services account. HID’s use of information collected through the Services shall be limited to the purpose of providing the Services for which the Customer has engaged HID.

Personal Data We Collect
HID collects, processes, and retains information about you when you visit our Portals, which may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exist pages, the files viewed on our Portal (e.g. HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the Portal.

HID collects the following types of information in the performance of the Services:

Account Administrators
HID collects Personal Data belonging to Account Administrators for enrollment in the Services, identification purposes, password reset and to send notifications about the Services (releases, disruptions, maintenance, EULA changes, etc.) to these users. The following Personal Data belonging to Account Administrators is collected:

  1. First and last name
  2. Email
  3. Phone number (for multi-factor authentication purposes)

End Users
In order to provide the Services, Account Administrators enter the following Personal Data belonging to End Users into the Portal. Alternatively, End User information is sent from the Customer to HID through web services APIs:

  1. First and last name
  2. Photo
  3. Title
  4. Email
  5. External identifier, which is typically used to reference a user identifier in a different system

Additionally, when End Users download and use the HID Mobile Access app, we automatically collect technical data and information about the device and usage. For more information, please refer to the HID Mobile Access Application Privacy Notice.

How We Use Personal Data
HID will use Personal Data to provide the Services for End Users on behalf of Customers, respond to Customers' requests and inquiries, assist Account Administrators with password retrieval and send email notifications to Account Administrator and End Users related to the Services.

HID discloses Personal Data as set forth in the Section titled "Transfer of Personal Data" below.

HID processes Personal Data only in ways required to operate and provide the Services. To the extent necessary for such purposes, HID will take reasonable steps to make sure that Personal Data is accurate, complete, current, and otherwise reliable as set forth in the "Disclosure Required by Law" Section below and by enabling Account Administrators to access Customer's own account and update Account Administrators’ and its End Users' Personal Data. At such time as HID determines that it no longer requires Personal Data in connection with the Services, or as required by applicable law, HID will permanently delete Personal Data in each Customer account and remove it from HID's systems and records. HID may retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce its agreements.

Reasons We Share Personal Data
HID will not disclose to a third party (except to its service providers as set forth in the Section titled "Transfer of Personal Data") or use Personal Data other than as set forth in this Notice without first obtaining documented permission from the Customer. HID does not sell Personal Data obtained during the provision of this service to third parties.

Disclosure Required by Law
HID may cooperate with law enforcement agencies in identifying users who use the Portals or Services for illegal activities. Therefore, HID will respond to subpoenas, warrants, or other court orders regarding information concerning any user. HID will, at HID's discretion, disclose information, including Personal Data, if HID reasonably believes that HID is required to do so by law, that such disclosure is necessary to protect HID from legal liability, or that HID should do so to protect the integrity of the Portal or the Service. HID will inform the Customer of that legal requirement before processing, unless the law prohibits such information on important grounds of public interest.

How to Access & Control Your Personal Data
Upon request, HID will assist Account Administrators with the fulfillment of the Customers’ obligation to respond to End User requests for access to Personal Data. If an End User wishes to request access to his or her Personal Data held by HID, the End User should contact the Customer. Through the Services the Account Administrator has the ability to:

  1. Reasonably access the Personal Data that HID holds belonging to the Account Administrator and End Users by logging into Customer's account;
  2. Correct or amend Personal Data in Customer's account by logging into Customer's account via the Portal;
  3. iii. Delete Personal Data belonging to Account Administrators and End Users by sending HID a written request (see Contact Us section below).

Opt-out preferences
You may receive emails from us as part of the Services. If you no longer wish to receive these emails, you may opt out of them by email request. Email: [email protected]

Cookies and Similar Technologies
Technologies such as: cookies, beacons, tags and scripts are used by HID and our affiliates. These technologies are used in analyzing trends, administering the Portals, tracking users' movements around the s and to gather demographic information about our user base as a whole. We use session cookies to handle an authenticated session and such cookies expire when you close your browser. We may receive reports based on the use of these technologies on an individual as well as aggregated basis. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on our Portals and Services.

The following categories of cookies are used to provide the Portal and its Services:

  1. Preferences: These cookies allow the Portal to remember your settings, and browser information, such as region, language or layout.
  2. Security: Security cookies are used to authenticate users and prevent fraudulent use of authentication credentials.
  3. iii. Analytics: These cookies allow us to track and analyze usage of the Portal to improve the service.

If an individual uses the Portals, HID may also collect and store certain information about that individual's visit automatically including:

  1. The internet domain and IP address from which the individual accessed HID's Portal.
  2. The date and time the individual accessed HID's Portal.
  3. The pages the individual visited.

HID also collects general usage data from HID's Portals from time to time. HID uses this data internally in aggregate form in order to better understand and assist to help improve the Portals and Services.

HID uses data analytics software to allow us to better understand the functionality of our Services to provide improved services to our customers. This software may record information such as how often you use the Services, the events that occur within the Services, aggregated usage, performance data.

The following cookies are installed by our web statistics tool Google Analytics to log information about visits and Portal visitors. Statistics are used to improve the use of the Portal by the user:

  1. _utma (2 years)
  2. _utmz (6 months)
  3. _utmc (session)
  4. _utmb (30 minutes)
  5. _utmt (10 minutes)
  6. _ga (2 years)
  7. _gid (24 hours)
  8. _gat (1 minute)
  9. _gac (90 days)

Data Security

Wherever Personal Data is within HID or on its behalf, HID will take reasonable steps to protect the Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction. HID trains employees on its Notice guidelines and makes the Notice available to its business partners. In addition, HID and its business partners enter into confidentiality agreements that require that:

  1. Care and precautions be taken to prevent loss, misuse, or disclosure of Personal Data
  2. Any service providers only use Personal Data to perform services on behalf of HID. It is important for each Customer to protect against unauthorized access to Customer's online account password and to Customer's account which holds Personal Data of Customer and its End Users.

In addition, HID takes precautions to protect Personal Data processed by the Services: HID uses industry-standard security measures, such as firewalls and encryption technology, that are reasonably designed to safeguard the confidentiality of Personal Data. HID also periodically conducts security reviews and assessments both internally and via third party independent professionals. HID stores Personal Data on secured servers and only authorizes access to certain authorized personnel.

Transfer of Personal Data
We may transfer Personal Data to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our Customers (for example, HID's hosting providers). For additional information, please see the Section titled "Data Security" above.

From time to time, HID may purchase a business or sell HID's business (or a portion thereof) and Personal Data may be transferred as a part of the purchase or sale. In the event that HID purchases a business, the Personal Data received with that business will be treated in accordance with this Notice. In the event that HID sells a business, HID will use reasonable efforts to include provisions in the selling contract requiring the purchaser to treat Personal Data in substantially the same manner required by this Notice (including any amendments). You will be notified via email and/or a prominent notice on the Portal(s) of any change in ownership or uses of your Personal Data, as well as any choices you may have regarding your Personal Data.

HID may also disclose Personal Data as set forth in the "Disclosures Required by Law" Section above.

HID collects information under the direction of its Customers, and has no direct relationship with the End Users whose Personal Data is processed via the Services.

Privacy Shield Certification
HID complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework(s), as applicable, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union and Switzerland, as applicable, to the United States. HID has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce's Privacy Shield List, or see our Privacy Shield Statement at https://www.hidglobal.com/about/privacy.

Notice Changes
This Notice may be updated from time to time as the Portals and Services change and expand. HID suggests that each individual review the Notice periodically. In the event of a material change to the Notice, HID will post a change notice on the Portal(s) and HID may notify individuals of such changes through contact information that HID has for such individuals prior to the change becoming effective. If HID amends the Notice, the new Notice will apply to Personal Data previously collected by HID only insofar as the rights of the individual affected are not reduced.

Children's Privacy
HID recognizes the privacy interests of children and HID encourages parents and guardians to take an active role in their children's online activities and interests. The Portals and the Services are not intended for children under the age of 18. HID does not target the Portals or its Services to children under 18. HID does not knowingly collect Personal Data from children under the age of 18.

Contact Us
HID Global Corporation
611 Center Ridge Drive
Austin, TX 78753
[email protected]