trueSA Application Privacy Policy

The trueSA Application (“Application”), developed by iCrypto Inc., provides ubiquitous cyber-physical access control solution for critical infrastructure through a security overlay with minimal changes to current workflow utilizing current data from personnel vetting, trouble ticketing, work assignment and physical electronic lock operation

iCrypto, Inc. (iCrypto) is a privately held software company that provides a full-stack implementation of omnichannel mission-critical access control technologies for large enterprises and service providers. Our solution provides a mobile-centric, automated, highly accurate and user-friendly identity vetting solution combined with standards based OAUTH2 and OpenID Connect (OIDC) verification systems that allow Single-SignOn for embedded and legacy applications. Mobile based authenticators (FIDO2, etc.) provide cryptographic signed operations to verify identity for any Enterprise transaction.

iCrypto understands that you entrust us with your personal information with the expectation that it will be used only for specific purposes. We respect your expectation and place a high priority on protecting this information by limiting its use. At iCrypto, protecting your privacy is fundamental to the way our company conducts its business and we leverage the latest state of the art technology in order to aim for maximum protection.

This Privacy Policy (Policy) applies only to the personal information collected by the trueSA Application (Application) both within the Application and when accessing services online, through websites and applications. This Privacy Policy is provided by trueSA(“us,” “we,” or “our”).

We collect and process information about you as described in this Privacy Policy (“Policy”). We are committed to protecting the privacy of those with whom we interact. This Policy contains details about how we collect, use, and share Personal Information that we obtain from and about you when you interact with us through your use of the trueSA Application. Please read this Policy carefully.

Whenever you interact with us on behalf of another individual or entity, such as by providing or accessing Personal Information about another individual, you represent that your interactions and exchanges comply with applicable data protection laws. You shall have sole responsibility for any violation of privacy laws as a result of a failure to inform the other individual about how their Personal Information will be processed or to obtain any necessary consent from such individual.
We may update this Policy from time to time. The current Policy will be effective when posted. Please check this Policy periodically for updates. If any of the changes are unacceptable to you, you should cease interacting with us. When required under applicable law, we will notify you of any changes to this Policy by posting an update on our website. When required under applicable law, we will seek affirmative consent from you before making material changes to the way we handle Personal Information previously collected from you. If you do not provide such consent, Personal Information will continue to be used in a manner that is consistent with the version of this Policy under which it was collected.

Personal Information refers to any information relating to an identified or identifiable natural person or household.
We collect information about you and how you interact with us in several ways, including:

• Information you provide to us directly. We collect the information you provide to us directly, including to the applications acting on our behalf.
• Information you provide to us indirectly. We collect the information from sources, such as lock servers, you authorize us to provide information on your behalf.
• Information automatically collected or inferred from your interaction with us. We automatically collect technical information about your interactions with us (such as IP address, mobile device ID, and browsing preferences).
• Information from public sources, including government entities from which public records are obtained
• Information from third parties. We receive information about you and your interactions with us from third parties, such as iCrypto Employee Databases, Lock Servers, Workforce Management Systems

 

We may combine information that we receive from the various sources described in this Policy, including third party sources and public sources, and use or disclose it for the purposes of securing iCrypto assets at properties under our operational care

The types of information that we may collect about you are: 

• Identifiers, such as your unique personal identifier, online identifier, identifier for mobile notification services, internet protocol address, or other similar identifiers. These identifiers will be used by us to confirm your identity and to communicate with trueSA Application.
• Personal Biometrics such as a video selfie of your face. These identifiers will be used to match your data with that on the ID document you have provided and then will be stored securely. Face images will be stored in an encrypted form on our servers. You will be asked for your specific consent to collect a visual image of your face via the phone CAMERA for face match purposes. You can refuse to provide this, but it means that we will be unable to register you and provide you with the Services. All Face image data will be stored securely after onboarding and will be stored only on iCrypto servers and will not be shared with any other entity.
• Personal information protected by Personal Information Act 4 of 2013, including its Regulations (POPI Act), such as passport number, driver’s license or state identification card number. This information will be used by us to confirm your identity. These identifiers will be used to confirm your identity and then will be stored securely on our servers.
• Internet or other electronic network activity information, information regarding your interactions with us (including interacting with us online, by the mobile application, and through advertisements). This information will be stored in a de-identified manner and will not be associated with your identity. We will use this data to improve application experience and usability.
• Mobile phone Geolocation can be collected from the device for reporting purposes but only with your explicit consent via the trueSA Application. Your exact location will be utilized to ensure compliance with access control requirements at physical infrastructure sites. Your geolocation will also be utilized in reports, alarms, alerts and other workflow as associated with the operation of trueSA.

 

We may use each category of your information described above in the following ways:

• To enable interactions between you and us, such as to process account creation and registrations; register and administer your account; provide you with services and support your interactions with us; diagnose, repair and track service and quality issues; provide requested product information; communicate with you about your account or our data practices; install and configure changes and updates to programs and technologies related to interactions with us; authenticate those who interact with us; or to respond to your requests, complaints, and inquiries.
• For internal business purposes of trueSA, such as to evaluate or audit the usage and performance of programs and technologies related to interactions with us; evaluate and improve the quality of your interactions with us and programs and technologies related to interactions with us; design new services; process and catalogue your responses to surveys or questionnaires; perform internal research for technological development and demonstration; conduct data analysis and testing; maintain proper business records and other relevant records.
• For legal, safety, or security reasons, such as to comply with legal requirements; protect our safety, our property, or rights of those who interact with us, or others; and detect, prevent, and respond to security incidents or other malicious, deceptive, fraudulent, or illegal activity.
• In a de-identified, anonymized, or aggregated format. When converted to a de-identified, anonymized, or aggregated format, data no longer constitutes Personal Information in certain jurisdictions, and we may use this information for any purpose as legally permissible.
  As part of using the trueSA Application, we will put your data in a large database for broad sharing with iCrypto community.
  These databases are commonly called data repositories. The information in this database will include but is not limited to extracts from the employee records and site access audit trails that you have shared.
  If your individual data are placed in one of these repositories, they will be labelled with an alphanumeric code (de-identified) and not with your name or other information that could be used to easily identify you in case of a security breach
  
• For any other purposes for which you provide consent.

 

We may share your Personal Information with:

• Any member of our group, our ultimate holding company and its subsidiaries, who support our processing of Personal Information under this policy;
• Appropriate third parties including our business partners, customers, suppliers and sub-contractors for the performance of any contract we enter into or other dealings we have in the normal course of business with you or the person that you work for and subject to contractual and other safeguards;
• Our auditors, legal advisors and other professional advisors or service providers;
• If we are under a duty to disclose or share your Personal Information in order to comply with any legal obligation, or in order to enforce or apply supply terms and other agreements with you or the organization you work for; or to protect the rights, property, or safety of our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction and to prevent cybercrime.

 

We maintain reasonable security procedures and technical and organizational measures to protect your Personal Information against accidental or unlawful destruction, loss, disclosure, alteration, or use.

We will retain your personal information, for no longer than is necessary to enable you to use the Application, unless we need to keep your information to comply with applicable legal, regulatory, or other obligations, or the information is required for business reasons (such as to resolve disputes, provide service and enforce agreements). In any event, we will retain your information for the period stated in our retention schedule, at which point company policy will decide to take steps to securely and permanently dispose of your personal information, according to applicable laws and regulations.

Interactions with us are intended for individuals who are licensed contractors or employees. Our interactions are not directed at, marketed to, nor intended for, anyone who is not directly or indirectly under employment.

If you believe that we have inadvertently collected Personal Information from a person who is not an employee or a contractor, please contact us at the address below and we will use reasonable efforts to delete the person’s information from our databases. In all cases where we may be provided with personal information relating to unauthorized personnel, with your authorization, the information in the relevant parts of this Policy applies to unauthorized personnel, as well as authorized personnel.

If you have questions regarding this Policy, please contact us at:

• Attention: trueSA Application
• EMAIL: support@icrypto.com
• U.S. MAIL: 4701 Patrick Henry Drive, Bldg. 16, Suite 1M, Santa Clara, CA 95054 U.S.A.

To opt-out of receiving promotional email messages from us, please click on the “Unsubscribe” link contained at the bottom of each email or by contacting us using the information above.

Purpose of Processing
The business and/or commercial purposes for which we process personal information are detailed in the Section 6 and are part of the following general purposes: (a) performing services, (b) auditing, (c) legal and compliance, (d) quality assurance, (e) security, (f) debugging, (g) short term, transient use, (h) internal research, and (i) corporate transactions.
If we intend to process your personal information for any additional purpose(s), we will provide you with information on the other purpose(s) and seek your prior consent.

Legal Basis
You have the following rights in relation to your Personal Information (subject to certain limitations at law):

• Access - The right to access Personal Information about you, as well as obtain further information relating to its processing.
• Rectification - The right to correct or update any Personal Information about you that is inaccurate or incomplete.
• Restriction of Processing - The right to require us to limit the purposes for which we process your Personal Information if the continued processing of the Personal Information in this way is not justified, such as where the accuracy of the Personal Information is contested by you.
• Restriction of Processing - The right to require us to limit the purposes for which we process your Personal Information if the continued processing of the Personal Information in this way is not justified, such as where the accuracy of the Personal Information is contested by you.
• Erasure - The right to request the erasure of Personal Information about you without undue delay if the continued processing of that Personal Information is not justified.
• Portability - The right to obtain a copy of Personal Information about you in an easily accessible format and the right to have that data transmitted to another responsible party.
• Objection to Processing - You also have the right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your Personal Information, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.