Visage Technologies’ General Notice on Personal Data Processing
Last update:November 11, 2024
Thank You for reading this Visage Technologies’ General notice on personal data processing (“General Notice”) and considering cooperation with, or using services provided by Visage Technologies.
Visage Technologies is a group of companies that work together, cooperate closely, share a unique joint organization structure, and are dedicated to developing software based on computer vision and machine learning (ML). Along with the engineering aspect of our business, we are committed to maintaining high standards of ethics and compliance, especially in Personal data protection. We have placed them among the cornerstones of our business.
This General Notice is a document that outlines our overall approach to Personal data protection in all aspects of our business. Among other relevant information, here you can learn how we are structured and organized and how the roles related to Personal data processing are distributed.
We are dedicated to continuously build and update a robust Personal data protection and information security system. Also, we have implemented specific Individual Notices, Procedures, and Internal Rulebooks for different aspects of our business operations and individual Visage Technologies Products.
This General Notice is an overview of how Visage Technologies collects, uses, discloses, and protects Personal data across our various services and interactions. For more detailed information regarding specific types of Personal data processing, please refer to the relevant Individual Notice that applies to those activities.
We reserve the right to update this General Notice from time to time. The date of the last update is visible at the top.
We encourage You to read this General Notice carefully and contact our DPO if You have any questions or concerns.
3.1 We’ve made efforts to make this General Notice clear and easy to read. If by any chance You have any doubts about the meaning of certain terms or conditions of this General Notice, the rules for interpretation are specified below in Section 14 should help You.
3.2 If You still have doubts, don’t hesitate to contact us and we will clarify what is needed.
4.1 When reading this General Notice, You already have, and will encounter some terms that begin with a capital letter, or some that repeat frequently.
4.2 To ensure You have a clear, consistent, and precise understanding of key terms used herein, below in Section 15, You may find their list and definitions.
5.1 Visage Technologies comprises of two companies:
5.1.1 Visage Technologies Sweden (Visage Technologies AB, having its seat in Diskettgatan 11A, SE-583 30 Linköping, Sweden, VAT number: SE556628691901, Org.no. 556628-6919) and
5.1.2 Visage Technologies Croatia (Visage Technologies d.o.o., having its seat in Zagreb, Ulica Ivana Lučića 2a, Croatia, personal identification number (OIB): 11883765066, VAT number: HR11883765066).
5.2 Visage Technologies Sweden is the holder of IP over all Visage Technologies Products and our Website. When you license a Visage Technologies Product, you will enter into a licensing agreement with Visage Technologies Sweden.
5.3 Visage Technologies Croatia is an Affiliate company fully owned by Visage Technology Sweden.
5.4 However, Visage Technologies Croatia is the development center where the Visage Technologies Products are created. This is where all operations are fully and independently performed and operative business decisions are made: the place of central administration, and Data processing related to Visage Technologies Products.
5.5 In most cases, you will sign an agreement with Visage Technologies Sweden, but a vast majority of operations will be performed by and on the premises of Visage Technologies Croatia.
6 Visage Technologies Croatia is the Data Controller
6.1 Visage Technologies Croatia is the relevant Data Controller, because it:
6.1.1 fully and independently operates and maintains all development, operations, central administration, decision-making, and Data processing related to Visage Technologies Products and Website,
6.1.2 makes all key decisions related to the processing of Personal Data associated with Visage Technologies Products and the majority of business processes of Visage Technologies,
6.1.3 oversees all software development processes, including the processing of Personal Data, and the development of Data and Security Framework,
6.1.4 Visage Technologies DPO operates from Visage Technologies Croatia,
6.1.5 makes all critical decisions regarding the purposes and means of Personal Data processing, including security measures, minimization, and Personal Data retention policies,
6.2 The central administration of Visage Technologies is in Visage Technologies Croatia.
7.1 This General Notice is intended to provide general information about our approach to Personal data protection.
7.2 If we process Your Personal data, processing of Your Personal data will be explained under relevant Individual Notices and applicable agreements applicable to Your relationship with us.
7.3 If an Individual Notice or other document contains a reference to this General Notice, then this General Notice will be applicable by reference.
7.4 If you are still not our Client or a potential Client, or a Website visitor, but are reading this General Notice, this document will serve you as a source of information about Visage Technologies.
8.1 Visage Technologies Sweden processes the following categories of Personal Data:
8.1.1 Personal Data of its employees, and to a limited extent, the Personal Data of the employees of Visage Technologies Croatia.
8.1.2 Personal Data of its Clients and Partners, business contacts, and candidates for employment.
8.2 Therefore, the extent of Personal Data processing performed by Visage Technologies Sweden is mostly limited to the fulfillment of legal obligations (employment and company operations) and entering into commercial agreements, taking steps prior to entering into commercial agreements, and execution of the commercial agreements.
8.3 Visage Technologies Croatia processes the following categories of Personal data:
8.3.1 Personal data of the End-users of some of the Visage Technologies Products only to the extent provided by Individual Notice for a concerned Visage Technologies Product.
– If there is no Individual Notice, this means that Visage Technologies does not process Personal data via such Product.
8.3.2 Personal Data of its employees, and to a limited extent, the Personal Data of the employees of Visage Technologies Sweden.
8.3.3 Personal Data processed via our Websites.
8.3.4 Personal Data of its Partners, business contacts, and candidates for employment.
9.1 To ensure a unified Personal data protection framework, Visage Technologies has appointed a Data Protection Officer – DPO on a strictly voluntary basis.
9.2 Our DPO is located in Zagreb, Croatia, and can be communicated with in English and Croatian language.
9.3 Should you require communication in Swedish language or some other international language, we’ll endeavor to fulfill your request as reasonably possible.
10.1 Visage Technologies is continuously working on implementing and updating a robust, by-design, and multi-layered Data and Security Framework.
10.2 Our Data and Security Framework has the following general hierarchical structure (top-to-bottom):
10.2.1 Internal Rulebooks and Procedures. These documents are binding employment documents that regulate the processing of Personal data, information security, and confidentiality.
(i) These documents are confidential and binding on our employees.
10.2.2 This General Notice.
10.2.3 Individual Notices.
10.2.4 Business documents. In our regular business, all our Business documents (forms, contracts, terms, data processing agreements, materials etc.) are drafted and reviewed by our legal team to ensure compliance and encompass all the aspects of our Data and Security Framework and bring it to life.
10.2.5 IT infrastructure. Under our Data and Security Framework, we place a strong emphasis on the security of Data, recognizing the critical role of IT infrastructure in safeguarding this information.
(i) We are continuously implementing and developing security measures, including encryption, access controls, and regular audits, to ensure that Personal data is protected against unauthorized access, loss, or breaches.
(ii) Our IT infrastructure is designed to support these security protocols, ensuring that Data is processed and stored securely.
(iii) By continuously monitoring and updating our Data and Security Framework, we ensure compliance with GDPR requirements and maintain the trust of our clients and partners.
11.1.1 any processes that involve the processing of Personal Data, as well as the execution of contracts to which Visage Technologies is a contracting party, must comply with Internal Rulebooks and Procedures and the fundamental principles of Personal Data processing,
11.1.2 under our Internal Rulebooks and Procedures:
(i) it is not permitted to process Personal Data if there is no legal basis or a valid purpose for the processing, both in business processes and/or the execution of contracts to which Visage Technologies is a contracting party,
(ii) it is not permitted to process Personal Data without relevant information provided to Data subjects prior to processing, or without obtaining valid consent of data subjects when applicable, either through Individual Notices or Business documents.
11.2 Individual contexts of Personal Data processing, such as individual Visage Technologies Products, Websites, etc, are explained in Individual Notices and Business documents.
12.1 The Lead Supervisory Authority for Visage Technologies is the Croatian Data Protection Agency (AZOP), located in Croatia, Zagreb, Selska cesta 136.
13.1 In our business activities, we do our best to ensure that Data (including Personal Data), is safe. We do this by applying reasonable technical and organizational measures, for example:
13.1.1 We are continuously developing our Data and Security Framework,
13.1.2 we expect a certain level of Data security from our Data processors, and we ensure that through Data protection agreements.
14.1 The rules for interpretation of this General Notice (as mentioned above in the Section 15) are:
14.1.1 The headings of the sections in this General Notice do not affect its interpretation.
14.1.2 Reference to sections and items implies a reference to sections and items of this General Notice
14.1.3 When a specific word is stated in the singular, it also implies its plural and vice versa, unless the context of this General Notice clearly states otherwise.
14.1.4 References to regulations, contracts, agreements, or other documents imply all later changes to these sources unless expressly stated otherwise.
14.1.5 The words “including”, or “in particular”, imply that the list is not exhaustive.
14.1.6 The word “any” or “all” is a term used to indicate that no limitation or specific selection is being made, thus encompassing the full range of possibilities and excluding possible exceptions that aim to circumvent the intent of this General Notice.
14.1.7 The word “in writing” means a permanent and tangible form, which includes e-mail.
14.1.8 When the word “written” is used against a document (e.g. agreement), this implies a paper or digital (e.g. pdf) document that is signed by legal representatives of a company or by an individual.
14.1.9 Reference to this General Notice also includes all the items to which it is referred, which form an integral part of it.
14.1.10 This General Notice shall not be maliciously interpreted to find “loopholes” or any other ways to override its original intent and purpose.
14.1.11 When counting deadlines, the day of an action or event that triggers the deadline is not counted. The counting starts on the following day. If a deadline falls on a Saturday, Sunday, or public holiday in Croatia, it is extended to the next working day.
15.1 To help you understand this General Notice, here You can read the explanations of its terms.
Applicable laws
mean: General Data Protection Regulation 2016/679 (GDPR);Law on Implementation of General Data Protection Regulation (Official Gazzette No. 42/18)Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of Personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications)Electronic Communications Act (Official Gazzette No. 76/22)their subsequent amendments, andother relevant laws of Croatia, Sweden, and the EU.
Affiliate
a company in which another company holds the majority of shares.
Business documents
are records and papers that are used during business operations. They serve various functions, including documenting transactions, maintaining legal compliance, and supporting business activities. These documents can include contracts and agreements, invoices, and documents required for compliance with legal and regulatory requirements, such as consent and information forms.
Client
is a natural or legal person who has concluded a licensing agreement with Visage Technologies Sweden for the use of one of the Visage Technologies Products.
Data Controller
is defined under Article 4 (7) of the GDPR, and in a nutshell means a person that determines the purposes and means of the processing of Personal data.
Data subject
is defined under Article 4 (1) of the GDPR, and means an identified or identifiable natural person. If You are a natural person, You are a data subject.
Data Processor
is defined under Article 4 (8) of the GDPR, and means a a natural or legal person, public authority, agency, or other body which processes Personal data on behalf of the controller – for the controller and based on the controller’s instructions.
DPO
is the Visage Technologies’ Data Protection Officer.
IP
means intellectual property rights such as copyright, trademark, patent, and other intellectual property rights as they are defined by the laws of Sweden, including by Swedish laws of unfair practice, competition, trade secret, criminal, property, obligations, contract, or other relevant laws.
Individual Notice
is a Visage Technologies’ notice on processing of personal datathat governs aspects of Personal data processing of the subject matter it refers to. This can be a Visage Technologies Product, or any other aspect of business that includes processing of Personal data. For example, a Website’s notice on processing of personal data is an Individual Notice.
Internal Rulebooks
are Visage Technologies’ internal i.e. employer’s legal acts that regulate various aspects of operations within the organization. They define the rules, procedures, and standards that employees must adhere to during their work. These acts cover a wide range of topics, including working hours, workplace safety, discipline, employee rights and obligations, procedures for handling complaints, and many other aspects of the employment relationship.
Partner
is a natural or legal person who cooperates with Visage Technologies on a different basis than licensing a Visage Technologies Product (e.g. consultants, suppliers, service providers, etc.)
Procedures
are Visage Technologies’ internal implementing acts issued based on Internal Rulebooks, that regulate individual business processes and/or aspects of Personal Data processing.
Personal data
is defined under Article 4 (1) of the GDPR, and means any Data relating to the data subject, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
processing
has its meaning as provided under the General Data Protection Regulation (GDPR), and refers to any operation or set of operations performed on Personal Data or sets of Personal Data, whether or not by automated means.
Data and Security Framework
is Visage Technologies’ internal custom set of policies, guidelines, Internal Rulebooks, Business documents, and Procedures that govern the protection of Personal Data, information security, and confidentiality.
Data
means any information that is collected, stored, and processed for various purposes. Data can but does not have to be Personal Data.
End-user
is a person who is a user of our Client’s services, and is interacting with a Visage Technologies Product. End-user is our Client’s customer and not our customer. In some cases, the interaction of a End-user with a Visage Technologies Product doesn’t include processing of End-user data by us, but in some cases it does.
„You“ or “Yours”
means the natural or legal person that is reading this General Notice and/or in any way using Arbelle, by opening it on our Customer’s website.
Lead Supervisory Authority
is the primary data protection authority responsible for overseeing and ensuring compliance with GDPR for organizations that engage in cross-border data processing activities. It is designated based on the location of the organization’s main establishment within the EU and plays a central role in coordinating with other relevant supervisory authorities, handling major compliance issues, and addressing cross-border data protection concerns.
Need-to-know basis
means that certain information or data is disclosed only to the person that needs the data or information to carry out tasks, during the concerned task, and only to the extent that is relevant for the concerned task.
„we“, „us“, „our“
means Visage Technologies Croatia and Visage Technologies Sweden, when referred to collectively.
is the company Visage Technologies d.o.o., having its seat in Zagreb, Ulica Ivana Lučića 2a, Croatia, personal identification number (OIB): 11883765066, VAT number: HR11883765066.
Visage Technologies Sweden
is the company Visage Technologies AB, having its seat in Diskettgatan 11A, SE-583 30 Linköping, Sweden, VAT number: SE556628691901, Org.no. 556628-6919.
Visage Technologies Products
are software products owned and licensed by Visage Technologies Sweden, such as Visage SDK, and Arbelle.
This website uses cookies to provide you with the best possible user experience. You can adjust your cookie preferences here. To learn more, please read our Privacy notice.
Marketing Cookies
Marketing cookies are used by third parties like Facebook, Google, and LinkedIn to track how you use our website and deliver more relevant ads.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website, you will need to enable or disable cookies again.
Performance Cookies
Performance cookies, preference cookies, and other unclassified cookies are used to optimize your user experience of the website.
Strictly Necessary Cookies are necessary for the website’s functioning and you accept them if you want to use this Website.
Statistical Cookies
Statistical cookies give us insights into how people use our website. They collect and report data anonymously to help us improve your experience without invading your privacy.
Strictly Necessary Cookies are necessary for the website’s functioning and you accept them if you want to use this Website.
