This policy was last updated on 25th May, 2023.
Unless your organization has arranged separate terms and provided you those terms in writing, or you have been provided different terms in writing by us, the terms of this policy apply to you and your relationship with us. Please take the time to familiarize yourself with this Policy and if you have any questions, please contact us at firstname.lastname@example.org. This policy is incorporated into and is subject to our Terms of Service.
Client or Organization RemoteDesk Sponsor – the subscriber of RemoteDesk SaaS services which may require or recommend the use of RemoteDesk within its organization.
Data Controller – The Organization which requires data collection of its employees to operate RemoteDesk. The requirements needed for the Organization to deliver a high level of remote workplace integrity is dictated by the Organization, and often federally mandated by Federal Compliance Regulation (ex. PCI, HIPAA, etc) and/or is required by the Organization’s work from home policies.
Data Processor – Verificient and its product (RemoteDesk) acts as a processor of data for the Organization or Data Controller. The processing includes identity verification of employees and anomaly detection using AI to ensure federal compliance policy and/or work from home policy as outlined by the Organization or Data Collector meets Organization requirements. Verificient temporarily stores the data in encrypted Data Cloud Storage facilities for a Data Retention period requested and configurable based on Organization requirements (default 7 days) and destroys / purges the data thereafter.
Services We Provide
We provide Services on behalf of the Client. They may be an Organization of which you are an Employee or a Member (in any form, including but not limited to a User of their services). Data Controllers are Organizations or Companies that offer and control any data we collect as a result of an express Work Compliance Monitoring and Data Protection Agreement with them. We collect and/or receive personal information about you in order to comply with workplace or federal compliance policies as required by the Organization. “Personal Information” is any information, such as name or email address, that identifies or can be used to identify the person to whom such information pertains, or is associated with a person. While providing Personal Information is voluntary, it is necessary if you are to obtain the service, or credential that you seek from the Organization. We handle and treat the Personal Information collected or received while providing our Services in a manner that is consistent, first and foremost, with any binding agreement we have with our Clients. In the absence of a binding agreement, we will handle and treat your Personal Information in a manner that is consistent with this Policy and the applicable law.
This Policy describes how we collect, use, store, and share information about you in connection with your use of the Services.
Information We Collect
Personal Information that you provide through the Services: We collect Personal Information (as per the requirements set by your Organization after receiving consent from you, the user, such as when you:
- Register for and/or login to the Platform; request customer support, a demo, or more information;
- Communicate with us via email, our website or social media sites;
- Provide biometric data, including as part of onboarding to the Services, to create your baseline profile.
Personal Information collected through our Services may include the following:
- Employee ID card (based on Organization requirement).
- Name of the Organization
- E-mail Address
- Screen Captures / Desktop Screenshots (based on Organizations requirement and configuration)
- Video recordings or image snapshots from webcam (based on Organizations requirement and configuration )
- DeskScan (based on Organization requirement and configurations)
- Biometric data : Face scan, which may be considered as biometric information under certain regulatory regimes
- Hardware and software details (background process list, system configuration information, etc)
Please be assured that the actual data collected is limited to the agreed categories (out of the above) with your Organization as per their requirements and configurations. You may check with your Organization’s Privacy Officer for details.
Information Provided to us by your Organization to enable our Services may include the following:
- First and Last Name
- Email Address
- Company ID Number
- Allowed IP address(es)
We may collect information about you from your Organization such as your email address, to provide you a registration link to our Services. This information may also be combined with the Personal Information collected from you.
Information which may be required but is not stored: Depending on the configuration of the Services by the the Organization, you may be required to provide the following information, which is not stored on our System:
- Keystroke/mouse analytics: We do not collect and store Keystroke Data but we may collect the number and timing of keystroke events or other connected I/O device events. We may also detect and restrict certain keystrokes to facilitate the workplace compliance requirements.
Cookies and Other Tracking Technologies:
If you do not want to receive cookies, you can change your browser settings. If you use our Services without changing your browser settings, we will assume that you’ve agreed to receive all cookies on the Company websites. Please note that our Services will not function properly without cookies.
Our Services may use two types of cookies, session and persistent. A session cookie expires after a set time, normally when you close your web browser. A persistent cookie remains after you close your web browser and may be used on subsequent visits to our Services to enable us to recognize you as an existing user.
We record certain information and store it in log files when you interact with our Services. This information may include IP address, browser information, device information, internet service provider, operating system, date/time stamp, and other system configuration information. We and our analytics providers also collect and store analytics information when you use our Services to help us improve our Services.
External Websites and Third Parties
From time to time, our Services may contain links to third party websites for providing support. The policies and procedures we describe in this Policy do not apply to the third party websites. The links from our Services do not imply that the Company endorses or has reviewed the third party websites. We suggest contacting those sites directly for information on their privacy policies before providing any of your personal information to them.
GCP (Google) is our cloud service provider. All the Data stored on the cloud servers is encrypted.
How We Use Your Personal Information
Verificient does not share or sell any information (including user data) to third parties.
We use your Personal Information generally as a Data processor on behalf of your Organization to provide, improve, and develop our Services as per their specific requirements. We do not use your Personal Information for any purpose other than delivering what is required by your Organization. For instance, we use your Personal Information to register you for our services , answer any Tech Support questions or concerns you may have. We may also use your Personal Information to contact you about Scheduling, Technical, Security or other remote monitoring and work compliance related issues or to contact you for other administrative purposes, such as customer service. We use biometric data that we collect from you during onboarding to create your baseline profile for the Services and for confirming your identity when you log on to our services.
To Whom We Disclose Your Personal Information
When you onboard to use our Services, we provide your Personal Information to your Organization to enable them to validate your identity. For further information about how your Organization may use your Personal Information, please contact your Organization’s Privacy Officer.
We may also disclose your Personal Information in the following situations:
- When we believe it is reasonably necessary to comply with laws and regulations, or in response to a subpoena, court order, or other legal processes.
- To protect against misuse or unauthorized use of our Services, or to protect the security or integrity of our Services or any facilities or equipment used to make our Services available.
- To limit our legal liability and protect our property or other legal rights, or the rights of our Remote Desk service availing clients and Organization.
- To address actual or suspected fraud or other illegal activities.
- In the case of any merger, sale, acquisition, bankruptcy, liquidation, or other transfer of assets involving the company, any of your personal information which remains on the company’s servers at that time, may be transferred to and / or managed by the acquiring company or entity.
We may also seek your consent for additional disclosures of information, including your Personal Information, and will share it only as described to you.
We take the security of your Personal Information seriously. We employ industry standard practices to protect your Personal Information in accordance with this Policy and applicable law. However, you should be aware that we do not control the security of your own equipment or your own network connection and therefore any information you transmit to us through the equipment or internet connection you use, you transmit at your own risk.
We take reasonable steps to ensure that the data we collect is reliable for its intended use. However, it is your responsibility to update us with any relevant changes in your Personal Information so that we can provide you with our Services. We collect Personal Information that is relevant for the purposes for which it is to be used. Furthermore, we take reasonable steps to ensure that we process Personal Information in a way that is consistent with the purposes for which it is collected.
Data Retention and Deletion
By default, data collected for remote desk monitoring (including biometric data) are held for up to seven (7) days after submission and your baseline profile and data collected for identity verification purposes (including the biometric data we use to create your baseline profile) is retained based on your Organizations requirement and configuration from the time the baseline is created on our Platform.
The Organization has the capability to configure a custom Data Retention Period as per their requirements, which shall always take precedence over our default Data Retention period.
After the applicable retention period, we will automatically purge (delete) your Personal Information from the Platform and our systems and maintain only the minimal amount of data required for use of our services and necessary business purposes and legal compliance – which in most cases means the bare minimum, non-identifiable data, stored in an anonymised form to show certain session details such as the date, time, duration, and volume of sessions that took place. After the retention period, only your Organization has your data if they have exported from our system and retained it.
As explained above, we provide our Services as a Data Processor on behalf of your Organization who have the right to receive your data. We do not control what your Organization does with your data. Your Organization has their own policies with respect to data retention and deletion. For further information on such policies, to revoke consent related to biometric data, or to request deletion of any Personal Information outside of the retention policies described above, please contact your organization’s Privacy Officer.
Please be aware: for any Data Deletion or Data Editing or Data Information or exercising any of your rights with regards to the Data should be directed to the Privacy Officer or Officer of your Organization, who is the Data Controller.
The Choices You Have With Your Information
Right to Know – Decisions regarding any request you make about your personal information data generally rest with your Organizationas the Data Controller for whom Verificient is a Data Processor as they by law, will generally have to approve any such request.
Most of the time you would not be creating an account with us, rather you would be using single-sign-on via your organization. However, if you created an account directly with us in connection with your use of the Services, you may modify or update some of your Personal Information by logging in and accessing your profile. You should be aware, however, that it is not always possible to completely remove or modify information in our databases. If you wish to access or modify any other Personal Information that we hold about you, you may contact your Organization’s Privacy Officer who will forward your request to us for further action. If you have not created an account with us in connection with your use of the Services and wish to access or modify any Personal Information that we hold about you, we may ask you for some Personal Information in order to verify your identity and your rights to the data, subject to your request.
International Users and International Data Transfer
In order to provide the Services, here is how we manage your Personal Information data:
Data collected for your Organization located in Canada is stored within the Canada region. Data collected for your Organization located in the EU is stored within the EU region. Other data by default is stored in the United States. In case of Multi tenant SaaS solution, data will be stored in the US and in case of a Single tenant client, data is stored as per the requirement of the Organization. Also, we may allow access to your data to other countries or regions in connection with the processing of data, fulfilling Organization’s requirements and for providing you the required Services. We make such access available only to our own Employees or Authorized Users (as defined by the Organization), as necessary to provide you the Services.
In the case of any such transfer or access, the personal information is subject to the law of the jurisdiction in which it is used or stored, including any law permitting or requiring disclosure of the information to the Government, Government Agencies, Courts and Law Enforcement in that jurisdiction. By providing your information on or to the Services, you consent to any such storage, transfer and processing in accordance with this Policy and applicable law.
Representation for Data Subjects in the EU and UK
We value your privacy and your rights as a data subject and have therefore appointed Verasafe as our Privacy Representative and your point of contact.
Verasafe gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative Verasafe or make use of your data subject rights, please visit: https://verasafe.com.
It may however be quicker to exercise your privacy rights by contacting the Data Privacy Officer of your organization or the Remote Desk Sponsor.
Verificient Technologies Inc. adheres to the EU-U.S. and Swiss-U.S. Privacy Shield Principles.
Note: Verificient adheres to EU General Data Protection Regulation (“GDPR“). Refer to our GDPR page for more information.
Verificient Technologies Inc. is subject to the jurisdiction and enforcement authority of the US Federal Trade Commission (FTC).
In compliance with the Privacy Shield Principles, Verificient Technologies Inc. commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Verificient Technologies Inc. at: email@example.com, or contact our Support team at : firstname.lastname@example.org, or chat with us via the chat window on our website – www.remotedesk.com.
Verificient Technologies Inc. has further committed to refer unresolved Privacy Shield complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. The services of BBB EU PRIVACY SHIELD are provided at no cost to you.
Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration before a Privacy Shield Panel when other dispute resolution procedures have been exhausted.
Verificient Technologies Inc. may be required to release the personal data of EU and Swiss individuals in response to lawful requests from public authorities including to meet national security and law enforcement requirements.
Verificient Technologies Inc. may be liable for the onward transfer of personal data of EU and Swiss individuals to Agent Third Parties unless it can be proven that we were not responsible for the actions giving rise to the damages.
You can view the complete Terms of Service here.
Your California privacy rights
This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under the California Privacy Rights Act ‘CPRA’ which works as an addendum to the California Consumer Privacy Act or ‘CCPA’.
For more details about the personal information we have collected over the last 12 months, including the categories of sources of personal information collected, please see the “Information We Collect” section above. We collect this information for the business and commercial purposes described in the “How We Use Your Personal Information” section above. We share this information with the categories of third parties described in the “To Whom We Disclose Your Personal Information” section above. Verificient does not sell the personal information we collect. Please note that we do use third-party cookies due to the technology of how Remote Desk is integrated with the platforms utilized by the Remote Desk Sponsor and for continuous use of the App (Desktop app, mobile app or browser plugin/extension app) and for purposes as further described in our “Cookies and Other Tracking Technologies” section above.
Subject to certain limitations, the CPRA provides California consumers the right to request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information), the ‘Right to request deletion’ of their personal information should be directed to the Remote Desk sponsor. The CPRA also provides the ‘Right to opt out’ of any onward sharing of their personal information that may be occurring and the ‘Right to not be discriminated against’ for exercising these rights subject to certain limitations as specified by CPRA.
California consumers may make a request pursuant to their rights under the CPRA by contacting the Remote Desk Sponsor Privacy Officer, or if for any reason you cannot contact your Remote Desk Sponsor Privacy Officer, you may contact us at email@example.com or may create a ticket request on https://www.remotedesk.com/support. We will verify your request using the information associated with your account along with the steps within our identifying process, including email address with the assistance of the Remote Desk Sponsor. Government identification may be required.
Information from Children
Changes to this policy
Company reserves the right to change this Policy from time to time by posting an updated Policy to this site and the “Last Updated Date” at the top of this page will be updated. We may also provide you additional notice, such as adding a statement to the Home Screen or sending you an email notification. Please review this Policy periodically and especially before you provide any Personal Information. Your continued use of the Services after any changes or revisions to this Policy shall indicate your agreement with the terms of such revised Policy. The prior version of this policy can be found here.
Our Contact Information
Please contact us with any questions or comments you may have about this Policy, your information, our use and disclosure practices, or our Services by email at firstname.lastname@example.org.