By using this website, you agree to our use of cookies to provide you with a great experience and to help our website run effectively. See our privacy policy.
Our Privacy Policy is a statement that informs individuals about how their personal data is being used and processed by Corsight Ai in accordance with data protection laws. In that regard the contents of our Privacy Policy also serves as a Privacy Notice for the purposes of those jurisdictions and actions to which the General Data Protection Regulation (GDPR) of the European Union (EU) and the United Kingdom GDPR may be applicable.
This document is supplemented by our Data Protection Policy which is accessible on the ‘Trust Centre’ file of our public facing web site.
Corsight AI Ltd. (“Corsight”, “we”) is committed to maintaining the privacy of its users (“user”,“you”) and all data subjects where we process their personal data. The following information describes how Corsight AI collects and processes information about you.
Our Privacy Policy explains:
1. What information we collect.
Organisational and Customer/third party information. We may collect the name, contact information of those that we employ and who work in support of the lawful function of our business, as well as those who are users of our goods and services.
Information provided to us from any source. We may collect and store personal information which is lawfully provided to us from any source in connection with the legitimate conduct of our business, whether provided by individuals themselves, third parties or collected from public or licensed sources.
Types of information that we process. We may collect and store personal information about you which is lawfully provided to us such as your name, address, email and phone numbers, job title, employing organisation and photograph. In addition, where messages or other communications by any reasonable and auditable means are transacted with us we will collect any personal or non-personal information provided in or with the communication. This information may be used to respond to your communication, to improve our products and services, or for other purposes as described in this Privacy Policy.
Our on-line services and website usage details, IP address and Cookies. When any user accesses our services including our web site or other available digital resources, we may automatically collect certain information about usage activity. This may include the user’s IP address, browser information, approximate location data, search history within our services, user website preferences, settings, and login history. The information does not directly identify you unless you have chosen to provide us with identifying information. Our website provides information regarding Corsight’s solution for real time facial recognition, advanced analytics and object detection (the: “Platform”). Corsight’s Platform maintains high accuracy in large and densely populated crowds while it enables environments to stop real-time threats and maximize enterprise safety. Some information may be automatically collected, and some is collected when you interact with our website or other on-line services. The type of information that may be automatically collected may or may not amount to being personal information and includes your session durations, the content you accessed on the website, the frequency and scope of your use of the website and information about your computer and internet connection including the operating system you use and browser type. Information from which you can be personally identified may also be collected, including but not limited to your name, email address and the approximate geographic location of the computer through which you used the website as determined by its IP address.
Photographs and inherent biometric/special category data. We may collect personal information in the form of photographs and data of facial images in circumstances where it is lawful for us to do so. We may process those images to produce a template of features, otherwise known as being a biometric facial template, for the purposes of producing, training, developing, reviewing and improving the effectiveness of the algorithms within the technology we produce. This type of data amounts to being ‘special category data’ and will also enable us to identify and assess risk and issues such as consistency and effectiveness in demographic accuracy so that we may assure the integrity of our goods and services. We will also process data of this nature when exposing our technology for independent third party assessment by accredited assessors, those with a lawful purpose to assess our products and those having a statutory obligation to conduct due diligence upon the equality, Human Rights and compliance credentials of our goods and services. Examples of such a statutory undertaking include the Public Sector Equality Duty inherent in the Equalities Act 2010 within the UK jurisdiction, as well as Conformity Assessments required by the AI Act within the EU.
Information provided by individuals seeking to exercise their data rights. Where we receive a request to exercise a right identified in this notice, in order to fulfil the individual’s request, we may collect that individual’s email address, contact information, photo, an image of the requester or other information required by applicable law, solely to the extent necessary to verify the identity of the requester and to fulfil the request in accordance with legal obligations.
Children’s Data. Ordinarily we as an organisation will not process the personal data of children. However, we may process children’s data in limited circumstances as specified below. The facial recognition technology (FRT) that we produce has a number of applications which are specifically targeted at protecting children from risks of harm or causing harms, pursuant of our legitimate purpose of helping to deliver safer societies. Examples are the safeguarding and searching for lost, kidnapped, trafficked and vulnerable children, identifying children of an age where they are criminally culpable and are wanted for criminal offences or otherwise vulnerable to criminal exploitation. This is not an exhaustive list. It is with these circumstances in mind that the datasets with which we train our algorithms to recognise faces, need to have the ingredient of children’s images within so that they have the capability to recognise young faces and thereby help to protect. We will only use such personal data of children in the form of facial images where such data is lawfully obtained, where we have a legitimate interest for doing so and a substantial public interest for processing any special category data derived therefrom. We do not share personal data of children which may be part of our training datasets. However, as part of our FRT we may provide the capability to recognise children through algorithms trained on datasets that contain children’s data. These matters are the subject of particular assessment in our organisational Data Protection Impact Assessment (DPIA). Those organisations employing our technology will similarly conduct assessments of their own where such circumstances arise.
2. Why We collect the information.
Enabling organisational integrity and compliance as an operating business entity. We collect the personal data of employees for employment purposes such as biometric data of employees for purpose of access. We collect the name, email address and the content of communications with those with whom we have contact, including contacts from our web site and online services so that we can comply with the obligations required of us to operate as a lawful and legitimate business entity, to enable us to provide you with technical and professional assistance, the provision of information, goods and services and to effectively discharge our obligations as an organisation lawfully.
Internal efficacy. We process personal data in order to deliver and assure the management and administration of our business and maintenance of compliance with our internal policies and procedures and external regulation, accountability, testing, accreditation of other lawful third party undertaking.
Design, Development, Review and Improvement of our goods and Services. We process personal information where it is necessary to do so for the design, development, ongoing review and improvement of the technology that we produce to ensure that it is secure, accurate, equitable, meet organisational, regulatory and statutory requirements. Also, to ensure that we provide high quality services to those with whom we engage to their and our satisfaction and in accordance with our contractual obligations, and laws which are applicable to our clients in the context of the use of our goods and services.
Surveys and Research. We may process personal data in order to conduct surveys and research, test features in development, and analyse the information we have so as to evaluate and improve our Platform, develop new features, and conduct audits and troubleshooting activities.
Maintaining a Secure Environment. We may use your information to detect and prevent fraud, abuse and security incidents in the following ways;
service or applicable laws.
Personalize Content, Advertising and Marketing. Where you may have used Corsight’s services in the past, we may seek to match your personal data with data that we have previously collected and held in storage. This enables us to understand your needs and interests, optimise the content we send you and make it more suitable and relevant to your needs. This also enables us to improve your experience on our website with our organisation, goods and services by providing you with personal communications, recommendations, and features. We process this information in light of our legitimate interest to personalize your experience and customize our content.
3. How we use that information and whom we share that information with; Transfer of information.
We use the personal information we collect from you for a range of different legitimate business purposes where it is necessary for us to do so and in accordance with relevant laws.
We may use or process your personal information for the above mentioned purposes depending upon which lawful purpose may apply in any given circumstance, and the actual processing operation per each purpose of use and lawful basis detailed in above may differ. The transfer of personal information to third-party countries, as further detailed in the “Transfer of Data Outside the European Union” sub-section below, is based on the same lawful basis as stipulated in the section above.
Images and associated meta and biometric data on our database. Lawfully obtained images held in our data sets may be used and disclosed, along with the source of the image, in a searchable format with our users where it is lawful and necessary for us to do so in pursuit of our legitimate interest and/or to facilitate a lawful obligation of an end user – for example those conducting independent assessment of the equality, security and integrity of our goods and services for accreditation, testing, evaluation risk assessment purposes.
Lawful Obligation. The law may either require or permit us to use or disclose the information we collect with other parties in response to legal proceedings, in response to a request from a competent law enforcement or government agency, to protect our rights, privacy, safety or property, or the public, to enforce the terms of any agreement, or for any other purpose that is required or permitted by law. We also process data to ensure that it is accurate and up to date and held securely.
Security and Crime Detection. We may use or disclose the information we collect in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, cybersecurity threats, situations involving potential threats to the physical safety of any person or as otherwise permitted or required by law.
Compliance with standards, regulation, risk assessments and internal policies. We may use or disclose the information we collect in order to ensure that we and our users are complying with all applicable aspects of our policies, external standards, risk assessment and regulation and laws.
Mergers and Acquisition. In the event that our organisation or its assets may be or are acquired by, or merged with, another organisation or company we may use or disclose the information we collect with any of our merged or acquiring entities. In the event of the above, our affiliated companies or acquiring company will assume the rights and obligations as described in this Privacy Policy.
Lawyers and Advisors. We may disclose information with our lawyers and other professional advisors where necessary to obtain legal or other advice or otherwise protect and manage our business interests and those with whom we operate in partnership or in contract.
Research and Development. We may use your personal data as part of our processes to further develop the goods and services that we provide. This includes engaging with academic or other independent research and assessment of our goods and services, the sharing of expertise, experience and good practice with states, regulators, end users and entities with a legitimate purpose of developing the security and use of the technology we produce, and the laws, regulations and safeguards which are applicable to such use.
Service Providers and Others. We may share information with vendors, service providers, independent contractors, processors, and consultants that need access to information to perform services for us, such as companies that assist us with cloud storage, data collection, customer service and support, marketing, software, payment, and other technology services. We may also share information where it is necessary and lawful for us to do so to demonstrate our technology or submit it for review, compliance or other assessment purposes as required by law and regulation, or on a voluntary basis for independent testing for security/equality/effectiveness standards.
Marketing partners. We engage with marketing partners and share personal information to market and promote our services, including for targeted ads, as well as for analytical purposes in order to compile aggregated statistics about the effectiveness of our website and marketing campaigns. These may include social media partners or other marketing services operators, including by way of placing their cookies or other tracking technologies on our website. These marketing partners may combine your personal information with other data they collect independently from you through other websites you visit online.
Disclosure of Information and Transfer of Data – Except as otherwise provided in this Privacy Policy, we reasonably attempt to ensure that we never intentionally disclose any of your personal information, to any third party without having received your permission in circumstances where your consent is required, except as provided for herein or otherwise as permitted or required under law. In order to perform our contractual and other legal responsibilities or purposes, we may, from time to time, need to share your personal information with third parties, as outlined above.
Transfer of Data Outside the European Union. Corsight operates across the globe. It has offices and data servers located around the world and has a global client base. Necessarily we will process personal data of data subjects outside of their country of origin and applicable jurisdiction and may transfer that data out of or in to those jurisdictions, or otherwise manage that data outside of those jurisdictions in their entirety. We will only do so in accordance with relevant jurisdictional laws and in legitimate circumstances which are commensurate to the safeguards arising from the GDPR which protect the rights of data subjects. The rights of data subjects within the EU and UK remain exercisable to the extent permitted by law in respect of the data that we control wherever the data lands and is stored. In that regard prior to transferring personal data to another country we shall establish whether the country to which we transfer data has been made the subject of an ‘Adequacy Decision’ and where this is not the case, we shall establish safeguards in respect of any data transferred which are commensurate with the GDPR.
The above mentioned third parties whom we share personal information with may be located in countries other than your own, and we may send them information we receive. When such third party service providers process your personal information on our behalf, we will assure that they comply with obligations similar to those which are set forth in this Privacy Policy. We will also assure that they will abide by our data privacy and security requirements, and will be allowed to use the personal
Information solely for the purposes for which it was collected.
Furthermore, information about you may also be shared in order to comply with any valid legal obligation or inquiry or process such as a search warrant, subpoena, statute or court order. We will also release specific information in special cases, such as if you use our website to perform an unlawful act or omission or take any act or omission that may damage Corsight, its property and goodwill, or if there is an attempted breach of the security of the website or a physical or property threat to you or others. Ordinarily in such matters where misuse of our website is concerned, unless other jurisdictional laws direct otherwise, the authority supervising such activities is the Israeli Privacy Protection Authority, and you have the right to file a complaint to it or any other relevant supervisory authority.
Data Security. The processing of personal data is conducted by Corsight using state of the art security measures including encryption, firewalls and cyber security methodology which meets accredited ‘cyber essentials’ accreditation. Our data processing activities are globally the first to achieve independent accreditation of ISO/27001
4. Our Lawful Basis for Processing Personal Data.
We process personal data in accordance with applicable laws. The legal basis upon which we will rely to process your personal data will depend upon the relevant circumstances associated with that processing. The common legal basis’s upon which we rely are shown below. If you reside in, or use the Platform or our services within, a jurisdiction where privacy laws require “consent” as the sole or primary legal basis for processing personal data (whether generally, for specific categories of personal data you choose to process, or due to the nature of such processing), your acceptance of our Term and Conditions and/or this Privacy Policy and/or use in the Platform, Website or services, will constitute your consent to the processing of your personal data for all purposes outlined in this Privacy Policy, unless applicable law mandates a different form of consent.
Legitimate Purpose. In general, the primary legal basis upon which we rely to process personal information is where data processing is necessary in pursuit of a ‘legitimate interest.’ Our legitimate interest is explained as follows;
Contract. We may rely upon this legal basis to process personal information where it is necessary for the establishment of a contract which we establish with a client or other third party and where that personal information is necessary to meet the requirements of the contract. These circumstances include actions between ourselves and third parties where a contract is under discussion and negotiation, our engagement with a client throughout the duration of a contract, and activities after a contract has concluded to review and establish the compliance and quality of our service delivery.
Consent. We may on occasions seek your consent to process your personal data where it is necessary for us to do so. To comply with data protection laws, your consent must be specific, informed and be an unambiguous indication of your wishes which is accompanied by a clear and unambiguous affirmative action which signifies agreement to the processing of personal data relating to you. Where we require your consent we will provide you with full details of the personal information that we would like to process and the reason why we wish to process it in that way, so that you can carefully consider whether you wish to consent. Your consent may be indicated in a number of ways, for example within email or other electronic communication medium, or by activating relevant ‘agreement’ or ‘consent’ functionality on our web site and on-line services. You are free to withdraw your consent at any time and can do so by simply contacting the data controller, as described later in this document, by email at: [email protected]. If you withdraw your consent, it will not necessarily affect the lawfulness of any processing based on your consent before you withdrew it. Where applicable, we may ask for your consent to processing at the point where you provide your personal information.
Legal Obligation. We may rely on this legal basis where the processing of personal information is necessary for Corsight to comply with the law (but not a contractual undertaking).
Other legal basis such as “Public Task” and ‘Vital Interest’ are unlikely to apply to the processing of personal information by Corsight, however if they were to apply we will inform you in advance of any data processing activity taking place.
Special Category Data. In addition to the determination of a relevant legal basis for the processing of personal information, we rely upon a substantial public interest condition and the Union or EU Member State law where we process biometric/facial recognition data. Those substantial public interest considerations include provision of high performing and diversity equitable FRT for the purposes of facilitating; preventing unlawful acts including terrorism, protecting the public, protecting critical and important infrastructure, meeting regulatory requirements, preventing fraud, statutory and government purposes, equality of opportunity and treatment, protecting public health, safeguarding children and individuals at risk, supporting judicial processes, statutory and government purposes. This is not necessarily an exhaustive list.
5. Your rights with regard to the collection of such information.
In some jurisdictions, in particular those located within the European Union or within the European Economic Area and the US State of Illinois, you may be afforded specific rights regarding your personal information. Depending upon the data protection laws which are applicable to you, you may have the following rights which are enshrined in the GDPR. They are:
In addition to the above, you have the right to lodge a complaint about our handling of your personal information to the relevant competent data authority. In the UK the Information Commissioner’s Office is the competent authority, the address for contact being Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
6. Retention and Disposal of Information.
We retain personal information for no longer is necessary for us to carry out the purposes for which it is originally collected and also where it is necessary for us to comply with our legitimate business purposes, including to meet our legal, regulatory, or other compliance obligations. Information is stored under secure conditions which meet industry standards of accreditation such as ISO/27001. Once the retention of information is no longer necessary and justifiable it shall be disposed of securely.
7. Data Controller, Data Protection Officer and Further Information
A “Data Controller” is a person or organisation who alone or jointly determines the purposes for which, and the manner in which, any Personal Information is, or is likely to be, processed. This Privacy Policy is issued on behalf of Corsight AI Ltd. as the Data Controller and unless we notify you otherwise this company is the controller for your personal Information. For any information with regards to this Privacy Policy or the exercise of your rights as a data subject you may contact the data controller by email at [email protected] or by mail at: Jabotinsky 35 Street, Ramat Gan Israel 5251108.
Corsight AI has appointed its Chief Privacy Officer, Tony Porter QPM LLB, as its UK Data Protection Officer. You can contact the DPO by emailing [email protected]
8.Additional Jurisdictional Information
The following provisions set forth supplementary rights and options afforded to residents of certain jurisdictions. These provisions are intended to supplement, and not to replace or supersede, any other terms contained in this Privacy Policy.
Note to Data Subjects in the US – CAN SPAM Act (Controlling the Assault of Non-Solicited Pornography and Marketing Act 2003).
The CAN-SPAM Act is a Federal US law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out strict penalties for violations.
To be in accordance with CANSPAM, Corsight agrees to the following:
If at any time you would like to unsubscribe from receiving future emails, you can do so by clicking the unsubscribe link provided at the bottom of each email.
Note for Information for Data Subjects in California – California Online Privacy Protection Act (CalOPPA) & California Consumer Privacy Act 2018.
CalOPPA – requires commercial websites and online services to post a privacy policy. The law’s reach extends beyond California requiring any person or company in the United States (and potentially other jurisdictions) that operates websites collecting Personally Identifiable Information from California consumers, to post a conspicuous privacy policy on its website. The policy must state: (i) exactly what information is being collected; (ii) those individuals or companies with whom it is being shared; (iii) how users can review and request changes to their information; (iv) how users will be notified of changes to the privacy policy; and (v) the effective date of the policy. See more at: http://consumercal.org/california-online-privacy-protectionact-caloppa/#sthash.0FdRbT51.dpuf.
According to CalOPPA, Corsight agrees to the following:
California Consumer Privacy Act 2018 (CCPA) – grants California residents several rights regarding their personal information. These include the right to request information about the categories and specific pieces of personal information we have collected about them, the categories of sources from which the information is collected, the business or commercial purpose for collecting or selling personal information, and the categories of third parties with whom we share personal information. California residents also have the right to request deletion of their personal information, subject to certain exceptions, and the right to opt out of the sale of their personal information (if applicable). Please note that we do not sell your Personal Information. You may exercise these rights at any time, free of charge, unless otherwise provided by the CCPA. If you choose to exercise your rights, we will not discriminate against you for doing so, except as permitted by the CCPA, such as in connection with financial incentive programs.
Please note that you must verify your identity and request before further action is taken. As a part of this process, government identification may be required. Moreover, you may designate an authorised agent to make a request on your behalf.
We endeavour to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. Any disclosures we provide, will only cover the 12 month period preceding your verifiable request’s receipt. If, for some reason, we cannot reply within such time frame, our response will include an explanation for our inability to comply. If you wish to exercise your CCPA rights, please contact us at: [email protected].
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
discounts or other benefits, or imposing penalties.
different level or quality of goods or services.
Note for information of data Subjects to which the Illinois Biometric Information Privacy Act (BIPA) is applicable.
Where the provision of BIPA is applicable to Corsight being in possession of relevant biometric identifiers or biometric information, we will maintain a written policy, made available to the public, establishing a retention schedule and guidelines for permanently destroying biometric identifiers and biometric information when the initial purpose for collecting or obtaining such identifiers or information has been satisfied or within 3 years of the individual’s last interaction with the private entity, whichever occurs first. Corsight will comply with its established retention schedule and destruction guidelines unless a subpoena, warrant or other legal instruction directs otherwise.
We will not collect, capture, purchase, receive through trade, or otherwise obtain a person’s or a customer’s biometric identifier or biometric information, unless we first:
Where we are in possession of a relevant biometric identifier or biometric information we will not sell, lease, trade, or otherwise profit from a person’s or a customer’s biometric identifier or biometric information nor shall we disclose, redisclose, or otherwise disseminate a person’s or a customer’s biometric identifier or biometric information unless:
Where we are in possession of a relevant biometric identifier or biometric information we shall:
Right of action. Corsight acknowledge that any person aggrieved by a violation of BIPA shall have a right of action in a State circuit court or as a supplemental claim in federal district court against an offending party. A prevailing party may recover for each violation:
‘Relevant biometric identifier’ for the purposes of this Privacy Notice relates to biometric identifiers as described by BIPA and to which that legislation is applicable in terms of any act of omission by Corsight.
Note for information of data Subjects to which the Israeli Privacy Protection Law (IPPL) is applicable
Where the provisions of IPPL are applicable to Corsight’s processing activities, we must inform you that any Personal Data you provide is made at your free will and consent (where required under applicable data protection laws), and you acknowledge that you are not under any statutory obligation to provide us with personal data. However, we must collect or receive some personal data to fulfil certain purposes, and if you will not provide us with such personal data, we will not be able to fulfil certain purposes, for example, provide certain services or enable use of certain features – all as described under Sections 1 & 2 above – “What information we collect” and “Why we collect the information”, which detail the purposes for which personal data is collected.