Privacy Policy

1. 20face privacy statement

Date of the current version: 21-01-2022
Content will be changed if necessary. The statement has been drafted to meet professional standards and legal requirements in the general data protection regulation (gdpr) and other laws.

2. 20face company details

Address: Hengelosestraat 500 7521 AN Enschede
Contact: [email protected] and +31532032003

3. Use of personal data

Personal data is only processed for the purpose they have been collected for.
Personal data is stored during legal retention periods and contracts with our customers.

3.1 Business contacts

In business support applications we register personal details of representatives from our customers and potential customers. We process name, address, phone and email. From our customers we also process bank account information.

3.2 Customer and users

The customer will buy the 20face service with facial recognition for use in combination with an already installed access management system. Our customer installs the new components to be used in the 20face service in their clients’ buildings to manage access. 20face as a subcontractor takes care of the interface and the basic arrangements in the service. Personal data from users are stored: account name (email), password, facial vector and the customers access management system id. The customer is accountable for the completion of a data privacy impact analyses (dpia) if required before the start of the processing.

3.3 Contact through our website

A website visitor can send an email to request additional information or to ask a question. The email is stored for a maximum of six months to enable us to respond adequately to a possible follow-up.

3.4 Applicants

Personal data is used during the application process. Data concerning other applicants than the hired applicant are deleted within twelve months after the end of the process.
We use curriculum vitae, motivation letter and publicly available information on social media.

An applicant:

– is interviewed during two conversations: one with fellow workers and one with management;
– can be asked to take a knowledge and or a skill test.

Working conditions will be proposed and discussed if 20face wants to hire the candidate.
Data from a non-hired applicant can be stored for another year after collecting if he gives his consent.

3.5 Employees

Personal data is stored in:

– the personnel file to meet our employers obligations;
– applications to plan and execute tasks and to make payments.

The personal data in the personnel file: name, ordinary postal address, date of birth, bank account, copy of identification, payroll tax statement, citizen service number, education, employment contract and conditions, career and performance reviews.

The file content is deleted:

– financial data after 7 years;
– the copy of your identification and payroll tax statement after 5 years;
– other information after 2 years.

When an employee leaves employment, it will be determined in consultation with the employee whether data transfer of mail and or cloud files may occur. This determination will also be transcripted.

4. General rules for data sharing

We share personal data:

– based on contracts with suppliers of specialist services and personnel arrangements;
– with government agencies based on a legal obligation.

Personal data are stored during the legal retention period or longer if needed and allowed.

5. Measures

Data is stored in applications and files secured by 20face in cooperation with our suppliers.
Measures taken assure that data:

– can only be accessed by authorized personnel;
– remain available and correct;
– is only stored if necessary and no longer than the specified retention period.

Security meets legal requirements and professional standards.
Measures are evaluated once a year and prior to changes in the organization or changes in methods and procedures.

6. Data subject rights users 20face service using facial recognition

The data subject can contact the controller named in the user information provided together with the invitation to register.

7. Data subject rights (customer, supplier, applicant and employee)

20face will provide a summary of personal data being processed if a data subject sends an access request accompanied by a copy of his identification through [email protected].
A request to change or erase data is also possible. A request will be answered within four weeks.
Data in the financial and personnel administration are always stored during the immutable regulative period.

Data subjects have the right to lodge a complaint with the supervisory authority if your request is not handled properly and in his opinion the processing infringes the GDPR.

8. Tracking policy

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.