Futurae Technologies AG, Uetlibergstrasse 137, 8045 Zurich, Switzerland (hereinafter referred to as “Futurae”) is the author of this Privacy Policy and, depending on the case, either the owner or processor of the information (data) collected about you hereunder. In all other respects, the Futurae General Terms of Use, located at https://www.futurae.com/legal/terms, shall apply.

We know that the careful handling of your personal data is important to you. That is why protecting your personal data is our priority. This statement of privacy applies to all the websites, online services and mobile applications of Futurae (hereinafter collectively referred to as “Futurae services”) and governs data collection and usage. The Futurae services inherently require the collection of certain classes of data (see below for more info), in order to provide their respective functionality, for example, end user and employee authentication as a service to our customers. By using the Futurae services, you consent to the data practices described in this statement. If you do not agree with any part of this Privacy Policy, then we cannot make our services available to you and you should stop accessing and using them.

Contact Information

We welcome your questions or comments regarding this Privacy Policy. You can contact us at:

Futurae Technologies AG

Uetlibergstrasse 137

8045 Zurich, Switzerland

+41 (0) 44 500 88 26

privacy@futurae.com

Moreover, you can reach our Data Protection Officer (DPO) at: dpo@futurae.com

Terminology

  • A Data Subject is an identifiable natural person, e.g., you.
  • A Data Controller is the organization that defines the purpose(s) for the processing of personal data of the Data Subject.
  • A Data Processor processes personal data on behalf of a Data Controller. The processing is regulated by a Data Processing Agreement (DPA) between the Data Controller and the Data Processor.
  • Personal data is any data that directly or indirectly is linked to an individual (Data Subject).
  • Traffic data is data generated through the use of a network. A popular example of traffic data is IP addresses. As another example, when an individual is using the mobile network, information about who is sending and receiving a message or a phone call, start and end time, and the location of the mobile phone is generated. If traffic data directly or indirectly can be linked to you as an individual, these are classified as personal data. Traffic data can for example be used for billing purposes or for monitoring purposes to enhance system stability and security.
  • Anonymous data is data where all identifying items have been removed making it impossible to associate the data with an individual.
  • The Processing of personal data is any use of personal data, including collecting, storing, modifying, transferring or deleting.

Collection of Personal Data

Futurae may collect personal data, such as your name, email address and IP address, either through the use of the Futurae services, or if you request us to contact you. You may be using the Futurae services directly, for example when you interact with one of our websites (in this case Futurae acts as a Data Controller), or indirectly, for example when you use Futurae authentication as part of interacting with an online service who is our customer and uses Futurae to enhance the security of their services (in this case Futurae acts as a Data Processor). More details follow.

Futurae as a Data Processor

How Futurae processes personal data as a Data Processor is defined and described in the agreement between Futurae and our customer, the Data Controller, and in the description of the respective services. The data about you as an individual (Data Subject) that we process as a Data Processor depends on which of our services are used by the Data Controller. Details are set out in the product specific terms of the customer agreements. Futurae’s processing on behalf of the customer is governed by a Data Processing Agreement (DPA), and Futurae will only process personal data to provide our services to the customer, and in accordance with the DPA and the customer’s instructions.

Examples of processing activities:

  • Perform authentication of the end user (Data Subject), i.e., you, on behalf of our customer (Data Controller), as part of the end user accessing a service offered by our customer. Depending on the type of authentication used, this may be achieved through the use of the Futurae mobile application, sending SMS or making a phone call to the end user.
  • Produce message logs, statistics and reports.
  • Monitor traffic to ensure system stability and security.

Depending on the service and the customer’s use of the service in question, we may as Data Processor process personal data within the following categories:

  • Basic personal data (such as name) and contact details (such as email, phone number etc).
  • Usernames, randomly generated identifiers and cryptographic keys.
  • When using our audio-based zero-touch authentication technologies: short audio recordings, which are nevertheless immediately discarded after the end of the authentication operation and never stored in persistent storage.
  • When using our signal-based zero-touch authentication technologies: anonymized sensor data, such as Wi-Fi and Bluetooth scan results.
  • Traffic data, as well as information about device hardware and software. This information includes: IP address, browser/OS/mobile device information, domain names, access times and referring website addresses.
  • Data related to the use of our customers’ services, such as transaction history or communication events.
  • Data related to content of communication, such as e-mails, voice mails, SMS, browsing data etc.

In some cases, Futurae will be able to link personal data collected by several different services, as long as the data is collected for the same purpose.

Futurae as a Data Controller

How Futurae processes personal data as a Data Controller is defined and described in the Futurae Terms and Conditions. The data about the end user (Data Subject), i.e., you, that we process as a Data Controller depends on which of our services you use.

Examples of processing activities:

  • Navigate on and interact with the Futurae websites and subdomains (for example, the Futurae web administration interface).
  • Notify end user of changes to services, terms and conditions or this privacy notice.
  • Respond to enquiries or questions related to services, terms and conditions or this privacy notice.
  • Mediate information and membership offers.

Depending on the service and the end user’s use of the service in question, we may as Data Controller process personal data within the following categories:

  • Basic personal data (such as name) and contact details (such as email, phone number etc).
  • Usernames and hashed passwords.
  • When using our audio-based zero-touch authentication technologies: short audio recordings, which are nevertheless immediately discarded after the end of the authentication operation and never stored in persistent storage.
  • When using our signal-based zero-touch authentication technologies: anonymized sensor data, such as Wi-Fi and Bluetooth scan results.
  • Traffic data, as well as information about device hardware and software. This information includes: IP address, browser/OS/mobile device information, domain names, access times and referring website addresses.
  • Data related to the use of our services, such as transaction history or communication events.
  • Data related to content of communication, such as e-mails, voice mails, SMS, browsing data etc.

In some cases, Futurae will be able to link personal data collected by several different services, as long as the data is collected for the same purpose.

Mobile Applications

When you use the mobile applications published by Futurae through an app store, Futurae collects, stores and processes unique installation identifiers, IP addresses and device information (such as mobile operating system, mobile device model etc.). When using our sound-based zero-touch authentication methods, Futurae applications will record audio from the device microphone, but will never receive and store the audio recordings from its applications without the user’s explicit consent. Even then, the data will be stored securely and used exclusively for debugging purposes of our applications. When using our signal-based zero-touch authentication technologies, Futurae applications will collect anonymized sensor data, such as Wi-Fi and Bluetooth scan results.

Newsletter and E-mail

You have the option to subscribe to our newsletter via our website. For this we need your e-mail address and your declaration that you agree with the subscription to the newsletter. As soon as you have subscribed to the newsletter, we will send you a confirmation e-mail with a link to confirm the registration (double opt-in).

In order to provide you with targeted information, we also collect and process information voluntarily provided, such as your first and last name, selected subject areas and usage behavior of the sent newsletters. If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails regarding products or services you have requested. We may also send you certain non-promotional communications regarding Futurae and our Services and you will not be able to opt out of those communications (e.g. communications regarding updates to our Terms or this Privacy Policy).

Use and Sharing of Personal Data

Futurae collects and uses your personal data to operate its website, mobile applications and online services and provide these services to you.

Futurae may also use your personal data to inform you of other products or services available from Futurae and our partners. Futurae may also contact you via surveys to conduct research about your opinion of our websites, mobile applications and other current or future products.

Futurae does not sell, rent or lease or provide in any other way its customer data to third parties.

Futurae may disclose personal data to third-party vendors and hosting partners who perform services for Futurae, in order to be able to deliver the services. These third-party vendors will only use the personal data for the purposes they were collected, and in order to perform their services towards Futurae. By signing up for or using Futurae services, and/or by communicating with us by email, you acknowledge and expressly consent to the transfer and processing of your personal data in this way. The relationship to such third-party vendors will be governed by a Data Processing Agreement and will be in accordance with all applicable laws. The disclosure of personal data to public bodies may occur if and to the extent required by law and current regulations.

Futurae may keep track of the websites and pages our users visit within Futurae and which functionality in our mobile applications or services our users access, in order to determine what Futurae products and application features are the most popular. This data is used to deliver customized content within Futurae to customers whose behavior indicates that they are interested in a particular subject area.

Futurae will disclose your personal data, without notice, only if required to do so by law or in the good faith belief that such action is necessary to:

  • conform to the edicts of the law or comply with legal process served on Futurae or the site
  • protect and defend the rights or property of Futurae; and,
  • act under exigent circumstances to protect the personal safety of users of Futurae, or the public.

Legal Basis for the Processing

Your data will be processed in accordance with Article 6(1)(b) of the GDPR for the purposes of contract execution and offering the Futurae services to our customers and their end users. The subject matter of the contract is the services mentioned above, for example offering authentication as a service for the end users and employees of our customers.

Likewise, your data will be processed as described above to protect the legitimate interests of Futurae (Article 6(1)(f) of the GDPR). These are the improvement of our products and services (for example, the Futurae website, web administration interface, mobile applications etc.) in order to monitor and improve the performance of the offering, and to recognize, prevent, or clear up any illegal activities.

In addition, the data is processed in accordance with Article 6(1)(c) of the GDPR for the fulfillment of legal obligations (e.g., storage and documentation requirements).

Security of your Personal Data

We use technical and organizational security measures in accordance with the recognized market standards in order to protect personal data stored with us against unintentional, illegal or unauthorized manipulation, deletion, modification, access, disclosure, or use, as well as against partial or complete loss. The Futurae websites and server infrastructure, responsible for providing Futurae’s online services are located at secure, certified data centers in Switzerland and in the United Kingdom. When personal data is transmitted over the network, it is protected through the use of state-of-the-art encryption, such as the Transport Layer Security (TLS) protocol. We back up customer data on a regular basis. Our security measures are continuously adapted and improved in line with technological developments. We assume no liability for the loss of data or for such data becoming known to and being used by third parties.

Use of Cookies

The Futurae websites may use cookies to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.

One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the web server that you have returned to a specific page. For example, if you register with a Futurae site or subscribe for a Futurae service, a cookie helps Futurae to recall your information on subsequent visits. This simplifies the process of recording your personal data, such as billing addresses, shipping addresses, and so on. When you return to the same Futurae website, the information you previously provided can be retrieved, so you can easily use the Futurae features that you customized.

You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Futurae services or websites you visit.

Futurae may also use other technologies with similar functionality to cookies, such as web beacons and tracking URLs. Futurae may also use web beacons and tracking URLs in emails to determine whether a recipient opened the email or accessed a certain link.

Tracking and Analytics / Social Media

The use of the Futurae online services is measured and evaluated by means of various technical systems, mainly from third-party providers such as Google Analytics. These measurements can be carried out in an anonymous or personalized form. The collected data may be passed on by us or the third-party providers of such technical systems to third parties in Switzerland and abroad for processing. The most frequently used and the most popular analysis tool is Google Analytics, a service provided by Google Inc. Thus, the collected data can generally be transmitted to a Google server in the United States.

Our websites use Google Analytics, a web analysis service of Google LLC, located in Mountain View, CA 94043, US (“Google”). Google Analytics uses cookies to help analyze your use of our websites. The information generated by the cookie about your use of the websites (including your IP address) will be transmitted to and stored on a Google server in the United States. Google will use this information for the purpose of evaluating your use of the websites, compiling reports on website activity for us, and providing other services relating to website activity and Internet usage. Google may also transfer this information to third parties if this is required by law or if third parties process this data on behalf of Google. Google will not associate your IP address with any other data held by Google.

According to the list published by the U.S. Department of Commerce at  https://www.privacyshield.gov/, as per May 25, 2018, Google LLC is covered both under the EU-U.S. as well as the Swiss-U.S. Privacy Shield. If you do not want your website activity to be available to Google Analytics, you can install the browser add-on to disable Google Analytics. This prevents the JavaScript running on the websites from sharing activity data with Google Analytics.

The analysis of data by other tools of the website owner is not disabled when you use the add-on. Data may still be sent to the website or other web analytics services.

Integration of Third-Party Offerings / Social Media

Some of our online services, in particular our website, are networked with third-party functions and systems in many ways, for example through the integration of plug-ins from third-party social networks such as Facebook, Twitter etc. If you have a user account with these third parties, they may also be able to measure and evaluate your use of our digital offerings. Further personal data such as IP address, browser settings, and other parameters may be transmitted to and stored by these third parties. We have no control over the use of such personal data collected by third parties and assume no responsibility or liability for it.

Children

Futurae does not knowingly collect personally identifiable information from children under the age of eighteen. If you are under the age of eighteen, you must ask your parent or guardian for permission to use this website or our mobile applications. The website and applications of Futurae as well as their content are directed to people who are at least 18 years of age or older.

User Rights, Consent and Unsubscribe

You have the following rights with regard to your personal data:

  • the right to information under Article 15 of the GDPR,
  • the right to correction under Article 16 of the GDPR,
  • the right to deletion under Article 17 of the GDPR,
  • the right to restrict processing under Article 18 of the GDPR,
  • the right to data portability under Article 20 of the GDPR, and
  • the right of objection pursuant to Article 21 of the GDPR.

If you are asked to provide your consent in connection with the Futurae services, you shall grant this consent by clicking on the corresponding checkbox to confirm that Futurae may collect, process, and use your personal data accordingly.

You can of course revoke your consent at any time without affecting the legality of the processing carried out on the basis of the consent until revocation. The revocation can be sent in writing to the aforementioned Futurae address. Sending an email to privacy@futurae.com shall also be sufficient. Please note that some or all of the Futurae services and features will no longer be available to you afterwards.

Moreover, you can opt-out of receiving any or all communications from Futurae by unsubscribing using the link provided at the end of each marketing communication. Sending an email to privacy@futurae.com shall also be sufficient.

Links to Other Websites

The Futurae websites contain hyperlinks to third-party websites that are not operated or controlled by Futurae. Futurae is not responsible for their content or data protection practices.

Changes to this Statement

Futurae will occasionally update this Statement of Privacy to reflect company and customer feedback and any changes in data protection regulations. We encourage you to periodically review this Statement to be informed of how Futurae is protecting your information.