Privately SA- Data Privacy Policy

Background

Privately SA  builds technology in the fields of online safety and age estimation. We are  mainly a B2B business so for the most part we do not have any direct contractual ‘end user’ relationships except for test applications which might be used by specific data subjects. We might therefore be mainly sub-processors of end user data. Our technology is built  using on-device edge-AI that facilitates data minimization so as to maximise user privacy and data protection. 

Definitions:

B2B: Business to Business – which means that our technology is built into other parties’ mobile or web applications and we do not directly have a contractual relationship or knowledge of the identity of the end users of our technology.

End User: The final user whose age is being estimated or who is being provided safeguarding. 

On-device edge-AI: The machine learning based technology that we use (for age estimate and safeguarding) processes user’s data on their own devices, thereby avoiding the need for us or for our partners to export user’s personal data onto any form of cloud services. 

Data Subprocessors: We would process user’s data on behalf of our Clients and are therefore sub processors when integrated into our Client’s workflows. Our Clients offer online safety or age estimation services. 

Test Applications: We have a number of test applications which allows our Clients to test our technology using test ‘data subjects’. For these applications we provide specific data collection guidelines for the data subject.

Test Data Subject: An end user of our technology who agrees to test our technology and provide feedback on its performance. We might capture, process and retain the user’s data for the specific purpose including for the purpose of training our classifiers and other R&D purposes.

Privately Showroom : A website that visiting users can use to test our machine learning technology. 

About Us

We are a Swiss company with our headquarters at 109-110, Batiment D, EPFL Innovation Park,  Lausanne, Switzerland. We also have a branch in London,UK. Swiss Registration Number: CHE-286.854.770 and UK Company No: FC037096

User Data Privacy and Data Minimization by design

Our technology solutions are built to operate mostly on user devices and to avoid sending any of the user’s personal data to any form of cloud service. For this we use specially adapted machine learning models that can be either deployed or downloaded on the user’s device. This avoids the need to transmit and retain user data outside the user device in order to provide the service. 

Training Machine Learning Models:

In our current implementations – we do not train our machine learning models on the data of the end users of our technology. Our machine learning models are currently trained ‘offline’ from data sources that we have acquired but not on the user data itself. This might change in the future as we introduce new privacy-preserving technologies like Federated Learning. We will update our privacy policy accordingly.  

Coverage of this Data Privacy Policy

This policy lays out the broad data collection and processing mechanisms across all of the public and private deployments of our technology , namely:

  1. Our website www.privately.eu including Privately Showroom.
  2. OWAS- Safety SDK deployed in Client applications- for online safety 
  3. OWAS- Age SDK deployed in Client applications- for age estimations 
  4. OWAS – Age: Web Browser Based Solution
  5. Test application for online safety: Oyoty
  6. Test application for age estimation: MMAE (Multimodal Age Estimation)
  7. Test Sandbox: We may set up a Sandbox environment independently or within our Client environments to assist our age estimation use cases. In this test environment we would have Test Data Subjects who will give us explicit permission to separately process their Personally Identifiable Information PII (like biometrics) in order to improve or correct the predictions from our age estimation models.
  8. The ‘wup’ application (Online Safety) that we operate on behalf of a client

What data does Privately Collect? 

  1. On website www.privately.eu (including Showroom) we currently use no cookies and do not track users. We plan to use  analytics to measure the performance of the website in the near future.
  2. OWAS Safety SDK deployed in client applications: We do not collect any user data since end user relationships are managed by Clients themselves within their closed environments. 
  3. OWAS Age SDK deployed in client solutions: We do not collect any user data since end user relationships are managed by Clients themselves within their closed environments. 
  4. OWAS- Age Web browser Solution: In this implementation we are subprocessors of data and will process user data on the browser of the user on behalf of our Client. We will only retain a session ID and an age range and no other Personal Identifiable Information about the end user. 
  5. On Oyoty test app: Privately keeps only usage analytics and email of the user.
  6. MMAE (Multimodal Age Estimation) test app: We have only app analytics and the email of the user.
  7. Test Sandbox : Here we might retain biometric data and other PII of the test data subject for an extended period of time depending on the contract signed with such test data subjects.
  8. Special Case of the ‘wup’ app that Privately runs on behalf of Pro Juventute in Switzerland:  Privately has access to user email IDs and usage analytics. We manage this on behalf of Pro Juventute and their privacy policy and data handling policy is specified on their site. https://www.projuventute.ch/app/privacy

Lawful bases of the use of information

Lawful basisExamples
Performance of website We retain neither performance analytics nor any  other visitor information currently. However we might soon retain certain visitor related analytics using cookies in the future.
User Generated Content  and User Face And Voice Pattern AnalysisOn behalf of our Clients who provide online safety solutions, our technology will process data generated by end users including text, and images/photos. In order to provide age estimation our technology will analyse patterns of faces through photos and voice through examining microphone inputs (sometimes patterns of writing) to establish which age bracket the user might fall in. This data is processed within user devices and we have no access to any of the underlying data. The output of these processes – namely a threat assessment or an age estimation – is then transmitted to our Client environments to enable their use cases. 
Legitimate interestsSome personal data may be required to run parts of our business.
Data for setting up a user relationship: In some of our test services or some uses we run for our clients,identifying data like an email address of an end-user might be needed to use some of our services.
Training : For the moment we do not train our machine learning models using any of the user data that we process for our clients. However that might change in the near future once we implement privacy preserving learning technologies.
Analytics: we aggregate the metrics information we get from users to understand how our website and app are performing, to identify bugs and improve our services.
Information to subprocessorsIn use cases where Privately processes directly, we might share the required user session information with our subprocessors like Exoscale, AWS, Mixpanel and Google for them to provide subservices like analytics, notifications, etc. This is required to operate our services. 

Retention

  1. Through our website www.privately.eu we do not acquire any user data.
  2. Through OWAS Safety SDK deployed in client applications: We do not acquire any user data.
  3. Through OWAS Age SDK deployed in client solutions :We do not acquire any user data.
  4. OWAS- Age Web browser Solution: We will retain a session ID and an age range and no other Personal Identifiable Information about the end user for the duration that is required by our Client. 
  5. On Oyoty test app: The email of the user is deleted when they delete the app.
  6. On Agecheck test app: The email of the user is deleted when they delete the app.
  7. On Test Sandbox: Here we might retain biometric data and other PII of the test data subject for an extended period of time depending on a specific contract signed with such test data subjects.
  8. Special Case of the ‘wup’ app that Privately runs on behalf of ProJuventute in Switzerland: On behalf of our client ProJuventure, we retain user email IDs and usage analytics. This information is retained for 6 months of the user deleting their account. https://www.projuventute.ch/app/privacy

Information sharing

Privately does not sell or share our user’s data to third parties. 

In use cases where Privately processes user’s information we might share the required user session information with our subprocessors like Exoscale, AWS, Mixpanel and Google for them to provide subservices like analytics, notifications, etc. This is required to operate our services.