By using this website, you agree to our use of cookies to provide you with a great experience and to help our website run effectively. See our privacy policy.
Our Privacy Policy is a statement that informs individuals about how their personal data is being used and processed by Corsight Ai in accordance with data protection laws. In that regard the contents of our Privacy Policy also serves as a Privacy Notice for the purposes of those jurisdictions and actions to which the General Data Protection Regulation (GDPR) of the European Union (EU) and the United Kingdom GDPR may be applicable.
This document is supplemented by our Data Protection Policy which is accessible on the ‘Trust Centre’ file of our public facing web site.
Corsight AI Ltd. (“Corsight”, “we”) is committed to maintaining the privacy of its users (“user”,“you”) and all data subjects where we process their personal data. The following information describes how Corsight AI collects and processes information about you.
Our Privacy Policy explains:
1. What information we collect.
2. Why we collect the information.
3. How we use that information.
4. Our lawful basis for processing personal data.
5. Your rights with regard to the collection of such information.
6. Retention and disposal of information.
7. Data Controller, Data Privacy Officer and Further Information.
8. Additional Jurisdictional Information
Organisational and Customer/third party information. We may collect the name, contact information of those that we employ and who work in support of the lawful function of our business, as well as those who are users of our goods and services.
Information provided to us from any source. We may collect and store personal information which is lawfully provided to us from any source in connection with the legitimate conduct of our business such as name, address, email and phone numbers, job title, employing organisation and photograph. In addition; where messages or other communications by any reasonable and auditable means are transacted with us we will collect any personal or non-personal information provided in or with the communication. This information may be used to respond to your communication, to improve our products and services, or for other purposes as described in this Privacy Policy.
Our on-line services and website usage details, IP address and Cookies. When any user accesses our services including our web site or other available digital resources we may automatically collect certain information about usage activity. This may include the user’s IP address, browser information, location data, search history within our services, user website preferences, settings, and login history. The information does not directly identify you unless you have chosen to provide us with identifying information. Our website provides information regarding Corsight’s solution for real time facial recognition, advanced analytics and object detection (the: “Platform”). Corsight’s Platform maintains high accuracy in large and densely populated crowds while it enables environments to stop real-time threats and maximize enterprise safety. Some information may be automatically collected, and some is collected when you interact with our website or other on-line services. The type of information that may be automatically collected may or may not amount to being personal information and includes your session durations, the content you accessed on the website, the frequency and scope of your use of the website and information about your computer and internet connection including the operating system you use and browser type. Information from which you can be personally identified may also be collected, including but not limited to your name, email address and the location of the computer through which you used the website.
Photographs and inherent biometric/special category data. We may collect personal information in the form of photographs and data of facial images in circumstances where it is lawful for us to do so. We may process those images to produce a template of features, otherwise known as being a biometric facial template, for the purposes of producing, training, developing, reviewing and improving the effectiveness of the algorithms within the technology we produce. This type of data amounts to being ‘special category data’ and will also enable us to identify and assess risk and issues such as consistency and effectiveness in demographic accuracy so that we may assure the integrity of our goods and services. We will also process data of this nature when exposing our technology for independent third party assessment by accredited assessors, those with a lawful purpose to assess our products and those having a statutory obligation to conduct due diligence upon the equality, Human Rights and compliance credentials of our goods and services. Examples of such a statutory undertaking include the Public Sector Equality Duty inherent in the Equalities Act 2010 within the UK jurisdiction also Conformity Assessments required by the AI Act within the EU.
Information provided by individuals seeking to exercise their data rights. Where we receive a request to exercise a right identified in this notice, in order to fulfil the individual’s request, we may collect that individual’s email address, contact information, photo, an image of the requester or other information required by applicable law to process such request.
Children’s Data. Ordinarily we as an organisation will not process the personal data of children. The facial recognition technology (FRT) that we produce has a number of applications which are specifically targeted at protecting children from risks of harm or causing harms, pursuant of our legitimate purpose of helping to deliver safer societies. Examples are the safeguarding and searching for lost, kidnapped, trafficked and vulnerable children, identifying children of an age where they are criminally culpable and are wanted for criminal offences or otherwise vulnerable to criminal exploitation. This is not an exhaustive list. It is with these circumstances in mind that the datasets with which we train our algorithms to recognise faces, need to have the ingredient of children’s images within so that they have the capability to recognise young faces and thereby help to protect. We will only use such personal data of children in the form of facial images where such data is lawfully obtained, where we have a legitimate interest for doing so and a substantial public interest for processing any special category data derived therefrom. We do not share personal data of children which may be part of our training datasets, only the capability to recognise by an algorithm which is trained thereon. These matters are the subject of particular assessment in our organisational Data Protection Impact Assessment (DPIA). Those organisations employing our technology will similarly conduct assessments of their own where such circumstances arise.
Enabling organisational integrity and compliance as an operating business entity. We collect the personal data of employees for employment purposes such as biometric data of employees for purpose of access. We collect the name, email address and the content of communications with those with whom we have contact, including contacts from our web site and online services so that we can comply with the obligations required of us to operate as a lawful and legitimate business entity, to enable us to provide you with technical and professional assistance, the provision of information, goods and services and to effectively discharge our obligations as an organisation lawfully.
Internal efficacy. We process personal data in order to deliver and assure the management and administration of our business and maintenance of compliance with our internal policies and procedures and external regulation, accountability, testing, accreditation of other lawful third party undertaking.
Design, Development, Review and Improvement of our goods and Services. We process personal information where it is necessary to do so for the design, development ongoing review and improvement of the technology that we produce to ensure that it is secure, accurate, equitable, meet organisational, regulatory and statutory requirements. Also, to ensure that we providing high quality services to those with whom we engage to their and our satisfaction and in accordance with our contractual obligations, and laws which are applicable to our clients in the context of the use of our goods and services.
Surveys and Research. We may process personal data in order to conduct surveys and research, test features in development, and analyse the information we have so as to evaluate and improve our Platform, develop new features, and conduct audits and troubleshooting activities.
Maintaining a Secure Environment. We may use your information to detect and prevent fraud, abuse and security incidents in the following ways;
a) Verify and authenticate your identity and prevent unauthorised or illegal activity;
b) To test and enhance the safety and security of our organisational processing including our platform and website;
c) Conduct security investigations and risk assessments;
d) Prevent or take action against activities that are, or may be, in breach of our terms of
service or applicable laws.
e) Improve our data processing activities and platform and website while enabling our users to browse in a secure environment.
Personalize Content, Advertising and Marketing. Where you may have used Corsight’s services in the past, we may seek to match your personal data with data that we have previously collected and held in storage. This enables us to understand your needs and interests, optimise the content we send you and make it more suitable and relevant to your needs. This also enables us to improve your experience on our website with our organisation, goods and services by providing you with personal communications, recommendations, and features. We process this information in light of our legitimate interest to personalize your experience and customize our content.
We use the personal information we collect from you for a range of different legitimate business purposes where it is necessary for us to do so and in accordance with relevant laws.
We may use or process your personal information for the following purposes depending upon which lawful purpose may apply in any given circumstance;
Images and associated meta and biometric data on our database. Lawfully obtained images held in our data sets may be disclosed, along with the source of the image, in a searchable format with our users where it is lawful and necessary for us to do so in pursuit of our legitimate interest and/or to facilitate a lawful obligation of an end user – for example those conducting independent assessment of the equality, security and integrity of our goods and services for accreditation, testing, evaluation risk assessment purposes.
Lawful Obligation. The law may either require or permit us to use or disclose the information we collect with other parties in response to legal proceedings, in response to a request from a competent law enforcement or government agency, to protect our rights, privacy, safety or property, or the public, to enforce the terms of any agreement, or for any other purpose that is required or permitted by law. We also process data to ensure that it is accurate and up to date and held securely.
Security and Crime Detection. We may use or disclose the information we collect in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, cybersecurity threats, situations involving potential threats to the physical safety of any person or as otherwise required by law.
Compliance with standards, regulation, risk assessments and internal policies. We may use or disclose the information we collect in order to ensure that we and our users are complying with all applicable aspects of our policies, external standards, risk assessment and regulation and laws.
Mergers and Acquisition. In the event that our organisation or its assets may be or are acquired by, or merged with, another organisation or company we may use or disclose the information we collect with any of our merged or acquiring entities.
Lawyers and Advisors. We may disclose information with our lawyers and other professional advisors where necessary to obtain legal or other advice or otherwise protect and manage our business interests and those with whom we operate in partnership or in contract.
Research and Development. We may use your personal data as part of our processes to further develop the goods and services that we provide. This includes engaging with academic or other independent research and assessment of our goods and services, the sharing of expertise, experience and good practice with states, regulators, end users and entities with a legitimate purpose of developing the security and use of the technology we produce, and the laws, regulations and safeguards which are applicable to such use.
Service Providers and Others. We may share information with vendors, service providers, independent contractors, processors, and consultants that need access to information to perform services for us, such as companies that assist us with cloud storage, data collection, customer service and support, marketing, software, payment, and other technology services. We may also share information where it is necessary and lawful for us to do so to demonstrate our technology or submit it for review, compliance or other assessment purposes as required by law and regulation, or on a voluntary basis for independent testing for security/equality/effectiveness standards.
Disclosure of Information and Transfer of Data – Except as otherwise provided in this Privacy Policy, we reasonably attempt to ensure that we never intentionally disclose any of your personal information, to any third party without having received your permission in circumstances where your consent is required, except as provided for herein or otherwise as permitted or required under law. In order to perform our contractual and other legal responsibilities or purposes, we may, from time to time, need to share your personal information with third parties. We may share your personal information with our affiliates, subsidiaries or any third party service providers and individuals to facilitate our services or any portion thereof, such as marketing, data management or maintenance services. We may also share your information with analytics service providers for analytics services. Such analytics service providers may set their own cookies or other identifiers on your computer, through which they can collect information about your usage of our organisation, goods and services website. This helps us compile aggregated statistics about the effectiveness of our organisation, goods and services and our website.
Transfer of Data Outside the European Union. Corsight operates across the globe. It has offices and data servers located around the world and has a global client base. Necessarily we will process personal data of data subjects outside of their country of origin and applicable jurisdiction and may transfer that data out of or in to those jurisdictions, or otherwise manage that data outside of those jurisdictions in their entirety. We will only do so in accordance with relevant jurisdictional laws and in legitimate circumstances which are commensurate to the safeguards arising from the GDPR which protect the rights of data subjects. The rights of data subjects within the EU and UK remain exercisable to the extent permitted by law in respect of the data that we control wherever the data lands and is stored. In that regard prior to transferring personal data to another country we shall establish whether the country to which we transfer data has been made the subject of an ‘Adequacy Decision’ and where this is not the case, we shall establish safeguards in respect of any data transferred which are commensurate with the GDPR.
The above mentioned third parties may be located in countries other than your own, and we may send them information we receive. When such third party service providers process your personal information on our behalf, we will assure that they comply with obligations similar to those which are set forth in this Privacy Policy. We will also assure that they will abide by our data privacy and security requirements, and will be allowed to use the personal
Information solely for the purposes that it was collected.
Furthermore, information about you may also be shared in order to comply with any valid legal obligation or inquiry or process such as a search warrant, subpoena, statute or court order. We will also release specific information in special cases, such as if you use our website to perform an unlawful act or omission or take any act or omission that may damage Corsight, its property and goodwill, or if there is an attempted breach of the security of the website or a physical or property threat to you or others. Ordinarily in such matters where misuse of our website is concerned, unless other jurisdictional laws direct otherwise, the authority supervising such activities is the Israeli Privacy Protection Authority, and you have the right to file a complaint to it or any other relevant supervisory authority.
Data Security. The processing of personal data is conducted by Corsight using state of the art security measures including encryption, firewalls and cyber security methodology which meets accredited ‘cyber essentials’ accreditation. Our data processing activities are globally the first to achieve independent accreditation of ISO/27001
We process personal data in accordance with applicable laws. The legal basis upon which we will rely to process your personal data will depend upon the relevant circumstances associated with that processing. The common legal basis’s upon which we rely are shown below.
Legitimate Purpose. In general, the primary legal basis upon which we rely to process personal information is where data processing is necessary in pursuit of a ‘legitimate interest.’ Our legitimate interest is explained as follows;
• We are a legitimate commercial organisation operating within a global market specialising in the design manufacture, production and supply of facial recognition FRT;
• We believe that the FRT that we produce has a fundamental and positive role to play as a force for good in societies by helping to deliver healthier, safer and fairer nations and communities across the world and whilst respecting and safeguarding the fundamental rights and freedoms of citizens globally;
• It is in the global public interest in our view that FRT is available to society to enhance and secure nations, societies and the quality of life experience for citizens. We believe that only the most effective, ethical, equitable and lawful FRT technologies are employed by, and within society.
• In a competitive global economy, which attracts a wide spectrum of FRT products of varying quality our mission, organisational values and legitimate interest in doing what we do, commits us to be the best and thereby deliver the best to humanity as a force for good;
• In order to pursue and meet our legitimate interests and to operate efficiently as a business entity, we have to comply with laws, regulations, international and national standards. For us to do so it is necessary for us to process personal data and special category data within the terms of our Privacy Notice including submitting such data to third party scrutiny.
Contract. We may rely upon this legal basis to process personal information where it is necessary for the establishment of a contract which we establish with a client or other third party and where that personal information is necessary to meet the requirements of the contract. These circumstances include actions between ourselves and third parties where a contract is under discussion and negotiation, our engagement with a client throughout the duration of a contract, and activities after a contract has concluded to review and establish the compliance and quality of our service delivery.
Consent. We may on occasions seek your consent to process your personal data where it is necessary for us to do so. To comply with data protection laws, your consent must be specific, informed and be an unambiguous indication of your wishes which is accompanied by a clear and unambiguous affirmative action which signifies agreement to the processing of personal data relating to you. Where we require your consent we will provide you with full details of the personal information that we would like to process and the reason why we wish to process it in that way, so that you can carefully consider whether you wish to consent. Your consent may be indicated in a number of ways, for example within email or other electronic communication medium, or by activating relevant ‘agreement’ or ‘consent’ functionality on our web site and on-line services. You are free to withdraw your consent at any time and can do so by simply contacting the data controller, as described later in this document, by email at; [email protected]. If you withdraw your consent, it will not necessarily affect the lawfulness of any processing based on your consent before you withdrew it. Where applicable, we may ask for your consent to processing at the point where you provide your personal information.
Legal Obligation. We may rely on this legal basis where the processing of personal information is necessary for Corsight to comply with the law (but not a contractual undertaking).
Other legal basis such as “Public Task” and ‘Vital Interest’ are unlikely to apply to the processing of personal information by Corsight, however if they were to apply we will inform you in advance of any data processing activity taking place.
Special Category Data. In addition to the determination of a relevant legal basis for the processing of personal information, we rely upon a substantial public interest condition where we process biometric/facial recognition data. Those substantial public interest considerations include provision of high performing and diversity equitable FRT for the purposes of facilitating; preventing unlawful acts including terrorism, protecting the public, protecting critical and important infrastructure, meeting regulatory requirements, preventing fraud, statutory and government purposes, equality of opportunity and treatment, protecting public health, safeguarding children and individuals at risk, supporting judicial processes, statutory and government purposes. This is not necessarily an exhaustive list.
In some jurisdictions, in particular those located within the European Union or
within the European Economic Area and the US State of Illinois, you may be afforded specific rights regarding your personal information. Depending upon the data protection laws which are applicable to you, you may have the following rights which are enshrined in the GDPR. They are:
a) The right to be informed about the collection and the use of your personal data
b) The right to access personal data and supplementary information
c) The right to have inaccurate personal data rectified, or completed if it is incomplete
d) The right to erasure (to be forgotten) in certain circumstances
e) The right to restrict processing in certain circumstances
f) The right to data portability, which allows the data subject to obtain and reuse their personal data for their own purposes across different services
g) The right to object to processing in certain circumstances rights in relation to automated decision making and profiling
h) The right to withdraw consent at any time (where relevant)
In addition to the above, you have the right to lodge a complaint about our handling of your
personal information to the relevant competent data authority. In the UK the Information Commissioner’s Office is the competent authority, the address for contact being Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
We retain personal information for no longer is necessary for us to carry out the purposes for which it is originally collected and also where it is necessary for us to comply with our legitimate business purposes, including to meet our legal, regulatory, or other compliance obligations. Information is stored under secure conditions which meet industry standards of accreditation such as ISO/27001. Once the retention of information is no longer necessary and justifiable it shall be disposed of securely.
A “Data Controller” is a person or organisation who alone or jointly determines the purposes for which, and the manner in which, any Personal Information is, or is likely to be, processed. This Privacy Policy is issued on behalf of Corsight Ai as the Data Controller and unless we
notify you otherwise this company is the controller for your personal Information. For any information with regards to this Privacy Policy or the exercise of your rights as a data subject you may contact the data controller by email at [email protected]
Corsight AI has appointed its Chief Privacy Officer, Tony Porter QPM LLB, as its UK Data
Protection Officer. You can contact the DPO by emailing [email protected]
Note to Data Subjects in the US – CAN SPAM Act (Controlling the Assault of Non-Solicited Pornography and Marketing Act 2003).
The CAN-SPAM Act is a Federal US law that sets the rules for commercial email, establishes
requirements for commercial messages, gives recipients the right to have emails stopped
from being sent to them, and spells out strict penalties for violations.
To be in accordance with CANSPAM, Corsight agrees to the following:
• Not use false or misleading subjects or email addresses.
• Identify the commercial message sent to you as an advertisement when required.
• Include the physical address of our business or site headquarters.
• Monitor third-party email marketing services for compliance, if one is used.
• Honour opt-out/unsubscribe requests quickly.
• Allow users to unsubscribe by using the link at the bottom of each email.
If at any time you would like to unsubscribe from receiving future emails, you can
Note for Information for Data Subjects in California – California Online Privacy Protection Act (CalOPPA) & California Consumer Privacy Act 2018.
CalOPPA – requires commercial websites and online services to post a privacy policy. The
law’s reach stretches well beyond California to require any person or company in the
United States (and conceivably the world) that operates websites collecting Personally
Identifiable Information from California consumers, to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared. See more at: http://consumercal.org/california-online-privacy-
protectionact-caloppa/#sthash.0FdRbT51.dpuf.
According to CalOPPA, Corsight agrees to the following:
a) This Privacy Policy is added by a link to it on our home page or on the first significant page after entering the Website.
b) Corsight’s Privacy Policy link includes the word ‘Privacy’ and can easily be found on
each page on the website and on our Trust Center. You can request to change your Personal Information by emailing us at: [email protected].
California Consumer Privacy Act 2018- permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their Personal Information (if any) in the prior calendar year, as well as the type of Personal Information disclosed to those third parties. Please note that we do not sell your Personal Information. If you choose to exercise your rights, we will not charge you different prices or provide different quality of our services, unless those differences are related to your provision of your Personal Information.
Please note that you must verify your identity and request before further action is taken. As
a part of this process, government identification may be required. Moreover, you may
designate an authorised agent to make a request on your behalf.
We endeavour to respond to a verifiable consumer request within 45 days of its receipt. If we
require more time (up to 90 days), we will inform you of the reason and extension period in
writing. Any disclosures we provide, will only cover the 12 month period preceding your
verifiable request’s receipt. If, for some reason, we cannot reply within such time frame, our
response will include an explanation for our inability to comply. If you wish to exercise your
CCPA rights, please contact us at: [email protected]
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted
by the CCPA, we will not:
1. Deny you goods or services.
2. Charge you different prices or rates for goods or services, including through granting
discounts or other benefits, or imposing penalties.
3. Provide you with a different level or quality of goods or services.
4. Suggest that you may receive a different price or rate for goods or services or a
different level or quality of goods or services.
Note for information of data Subjects to which the Illinois Biometric Information Privacy Act (BIPA) is applicable.
Where the provision of BIPA is applicable to Corsight being in possession of relevant biometric identifiers or biometric information, we will maintain a written policy, made available to the public, establishing a retention schedule and guidelines for permanently destroying biometric identifiers and biometric information when the initial purpose for collecting or obtaining such identifiers or information has been satisfied or within 3 years of the individual’s last interaction with the private entity, whichever occurs first. Corsight will comply with its established retention schedule and destruction guidelines unless a subpoena, warrant or other legal instruction directs otherwise.
We will not collect, capture, purchase, receive through trade, or otherwise obtain a person’s or a customer’s biometric identifier or biometric information, unless we first:
a) inform the subject or the subject’s legally authorised representative in writing that a biometric identifier or biometric information is being collected or stored;
b) inform the subject or the subject’s legally authorised representative in writing of the specific purpose and length of term for which a biometric identifier or biometric information is being collected, stored, and used; and
c) we receive a written release executed by the subject of the biometric identifier or biometric information or the subject’s legally authorised representative.
Where we are in possession of a relevant biometric identifier or biometric information we will not sell, lease, trade, or otherwise profit from a person’s or a customer’s biometric identifier or biometric information nor shall we disclose, redisclose, or otherwise disseminate a person’s or a customer’s biometric identifier or biometric information unless:
a) the subject of the biometric identifier or biometric information or the subject’s legally authorized representative consents to the disclosure or redisclosure;
b) the disclosure or redisclosure completes a financial transaction requested or authorized by the subject of the biometric identifier or the biometric information or the subject’s legally authorised representative;
c) the disclosure or redisclosure is required by State or federal law or municipal ordinance; or
d) the disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.
Where we are in possession of a relevant biometric identifier or biometric information we shall:
a) store, transmit, and protect from disclosure all biometric identifiers and biometric information using the reasonable standard of care within the private entity’s industry; and
b) store, transmit, and protect from disclosure all biometric identifiers and biometric information in a manner that is the same as or more protective than the manner in which the private entity stores, transmits, and protects other confidential and sensitive information.
Right of action. Corsight acknowledge that any person aggrieved by a violation of BIPA shall have a right of action in a State circuit court or as a supplemental claim in federal district court against an offending party. A prevailing party may recover for each violation:
a) against a private entity that negligently violates a provision of BIPA, liquidated damages of $1,000 or actual damages, whichever is greater;
b) against a private entity that intentionally or recklessly violates a provision of this BIPA, liquidated damages of $5,000 or actual damages, whichever is greater;
c) reasonable attorneys’ fees and costs, including expert witness fees and other litigation expenses; and other relief, including an injunction, as the State or federal court may deem appropriate.
‘Relevant biometric identifier’ for the purposes of this Privacy Notice relates to biometric identifiers as described by BIPA and to which that legislation is applicable in terms of any act of omission by Corsight.