Privacy Statement

INTRODUCTION

Daon has created and adopted this Privacy Statement to demonstrate our firm commitment to your privacy.

This Privacy Statement describes how Daon, as a data controller, collects, uses, processes, and shares the personal information that we collect from you directly or via a third party, or that you provide to us through. www.daon.com (collectively, the “Services”).

It also describes how Daon in limited instances handles your data from a Data Processor perspective.

We encourage you to read this Privacy Statement carefully to understand our use of your Data in connection with our Services (defined below). Our Services are intended primarily for the trade (i.e., business-to-business) and not for consumers of personal or household goods or services and should only be accessed by persons acting in a commercial business capacity. This Privacy Statement does not address data that we process as the service provider of a data controller or the VeriFLY service (www.myverifly.com).

TABLE OF CONTENTS

1. Changes to this Privacy Statement
2. Definition of Personal Information
3. Collection of Information
4. Purpose of Collection and the Associated Legal Basis
5. Information Sharing
6. Cookies and Similar Tracking Technologies
7. How to Manage Cookies and Similar Tracking Technologies
8. Data Retention
9. Security
10. Children’s Privacy
11. “Do-Not-Track” Signal
12. Links to Third Parties
13. Data Subject Rights
14. International Users and Data
15. Additional Data Processing Disclosures for California Residents
16. Who We Are
17. Contact Us

Appendix 1:
Data Protection Framework Privacy Notice of Daon

Daon complies with the EU-U.S., UK Extension to the EU-U.S., and Swiss-U.S. Data Privacy Frameworks. To learn more, see the Data Protection Framework Privacy Notice in this appendix, and visit the U.S. Department of Commerce’s Data Privacy Framework website.

1. CHANGES TO THIS PRIVACY STATEMENT

We reserve the right to modify this Privacy Statement at any time. If we make any changes we will post those changes here and update the “Effective Date” at the top of this Privacy Statement. Each time you use the Services the current Privacy Statement will apply and you should review it each time you access or use the Services.

2. DEFINITION OF PERSONAL INFORMATION

Generally speaking, “personal information” is any data that can be used to identify or contact you. However, while this Privacy Statement broadly addresses all types of personal information that we may collect, some of the data we describe below may not be considered personal information according to the data protection laws of the jurisdiction in which you reside. Therefore, you should understand that certain parts of this Privacy Statement will not apply to you depending on the laws of the jurisdiction in which you reside.

3. COLLECTION OF INFORMATION

This Privacy Statement applies to the processing of personal information collected by Daon when you:

• Visit our website or other online services (other than www.myverifly.com);
• Visit our branded social media pages;
• Visit our offices;
• Receive communication from us or otherwise communicate with us via email, phone calls or text;
• Register for, attend or take part in one of our events or webinars;
• Submit your information as part of an identity verification or fraud prevention process; or
• Act or work as a service provider or supplier to us to the extent Daon acts as a data controller of your personal information (collectively the “Services”)

Any additional information you provide to us is voluntary.

1. Information we collect directly from you

The personal information we collect directly from you includes identifiers, professional or employment-related information, commercial information and internet activity information, among others. We collect such information in the following situations:

Information you provide to us when accessing, visiting or using the Services. When you visit our website or our offices, engage with us as a vendor or customer, or otherwise access or use the Services, we collect information you provide to us as a controller, including, but not limited to:

• Registration information. By registering on the Services, we will collect any information that you make available to us. For example, we may collect your name, physical address, and e-mail address.
• Communications with us. When you communicate with us in any way, such as e-mail or telephone, we will receive your contact information and any other information you choose to provide to us.
• If you visit our offices, you may be required to register as a visitor and to provide your name, email address, phone number, company name and time and date of arrival;
• If you visit our offices or attend an event, you may be required to register as a visitor and to provide your name, email address, phone number, company name and time and date of arrival;
• If you are a supplier or service provider to Daon (or work for a supplier or service provider), you may also be required to provide us with personal information such as your contact details and payment and billing information.
• If you are a client or potential client of Daon, you may provide us with certain data where we, and not the business or other organization you represent, is the data controller, such as business contact information.
• If you provide us or our affiliates with any personal information relating to other individuals, you represent that you have the authority to do so, and where required, have obtained the necessary consent, and acknowledge that it may be used in accordance with this Privacy Statement.

In the event you choose not to provide us with the minimum amount of data necessary we may not be able to complete your request and you may be denied access to our services or officers.

Biometric Data.

We may collect your facial geometry, voiceprint, or other biometric information when you submit information (such as a selfie and passport or other photo ID) as part of our verification services. As described in our biometric information privacy policy, Daon generally collects biometric information to provide services to its business customers (such as identity verification, fraud detection, and for safety purposes) only after you have received notice and provided consent. For more information about how we collect and process biometric information, please visit our biometric information privacy policy.

2. Personal information we collect from other sources

We also collect information about you from other sources from publicly available information. We may combine this information with personal information provided by you. This helps us update, expand, and analyze our records, identify new customers, and create more tailored advertising to provide services that may be of interest to you. The personal information we collect from other sources includes identifiers, professional or employment-related information, education information and commercial information we collect such personal information from the following sources:

• Third party providers of business contact information, including mailing addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), IP addresses, social media profiles, LinkedIn URLs, and custom profiles, for purposes of targeted advertising, delivering relevant email content, event promotion, determining eligibility and verifying contact information;
• Third parties that you have authorised to share such information with us. For example, if you link your social media account with our Services, we may receive information about you from your social media account; and
• Another individual at your organization who may provide us with your personal information, which may include personal information to the extent you consent to providing it and sharing it, for the purposes of obtaining services and pertaining to our vendors.

Information about your use of the Services. We collect information about you passively when you visit the Services. We will combine this information with information you give to us and information we collect about you. Examples of the types of information we collect include, but are not limited to:

• Third-party plugins. We may have integrated third-party plugins in the Services, and the use of such third-party plugins results in data collection by both Daon and the relevant third-party. For example, the Services may feature a Facebook “Like” button and other widgets, such as the “Share” button or interactive mini-programs. If you use or interact with a third-party plugin, then both the third-party company and Daon will collect information about your access and use of the Services. Please see section 6 for further information.
• Cookies and similar tracking technologies. We use both first-party and third-party cookies, and other similar tracking technologies on the Services. A cookie is a small data file that is stored on your device and collects information such as your IP address or information about your use of and/or activities on the Services (for example, what pages you visited or on which part of our Services you spent the most time). We may also use pixels, such as to track opening of emails. Please see section 6 below for more information. We sometimes use session-replay technologies to record your interactions and to help us diagnose problems and improve our Services. These technologies allow us to capture date and time.
• Log data. We collect log data about your use of the Services, which may include your IP address, IP data and the time of your access or use of the Services, page views, the referring URLs, and any other information about your activities on the Services.
• Accessing and using the Services in any other way. When you use or access the Services, we may collect information such as search terms, interactions with other users, and any other activities on the Services.

These types of passive collection may include tracking of a device across time and third-party services. Some browsers have so-called “do not track” signals, but different browsers have different default settings and there is not an industry consensus as to what these mean. Accordingly, we do not look for or address these signals.

WHERE DAON OPERATES AS A DATA PROCESSOR

In certain situations Daon acts as a processor for its Customers. If you have landed here from one of our Customers (i.e. you are one of their end users of customers) we will be processing your personal data and/ or biometric information on their behalf to provide the service(s).

Customer and end user grants to Daon a limited, non-exclusive, worldwide license to access and use certain of the data provided by Customer and its end-users (“Training Data”) for the purposes of configuring, updating, testing, creating, and improving the Documentation, software, and the algorithms or machine learning (AI) that underpins such software (“Improvements”). Customer and end-user agrees, acknowledges, and accepts that Daon shall not gain any IPR in such Improvements by the use of Daon of such Training Data and that all IPR in any Improvements is the sole property of Daon.

In such instance Daon will act as a Controller and comply with all Applicable Data Protection Laws during this processing.

4. PURPOSE OF COLLECTION AND THE ASSOCIATED LEGAL BASIS

In accordance with Section 3 above, we collect your personal information for the purposes of providing you with and improving upon the Services and our legitimate business interests, as set out below. If we identify any new purposes outside of the stated purposes listed below, we will update this Privacy Statement or provide you with notification as required by applicable law.
We collect and process your personal information (including, where legally permissible, special categories of personal information) for the legitimate purposes set out in below in Section 4.1. Additionally, where required by law, we obtain your consent to use and process your personal information for the below purposes. Otherwise, we rely on another authorized legal basis (including but not limited to the (a) consent (b) performance of a contract or (c) complying with a legal obligation or (d) legitimate interest) to collect and process your personal information, as further detailed below.

4.1 Purpose

• Providing and promoting our website and online services (including necessary functionality): We process your personal information to perform our contract with you for the use of our website and online services and to fulfil our obligations under the applicable terms of use and service; if we have not entered into a contract with you, we base the processing of your personal information on our legitimate interest to operate and administer our website and online services and to provide you with content you access and request (e.g., to download content from our website);
• Promoting the security of our Services: We process your personal information by tracking use of our website and other Services, creating aggregated non-personal data, verifying accounts and activity, investigating suspicious activity, and enforcing our terms and policies to the extent it is necessary for our legitimate interest in promoting the safety and security of the Services, , systems and applications and the security of Daon generally, and in protecting our rights and the rights of others;
• Managing user registrations for Support: If you have registered for a customer support account with us, we process your personal information by managing your user account for the purpose of performing our contract with you according to applicable terms of service;
• B2B Marketing: we may contact you to market our services in the B2B environment based on our legitimate interest of promoting our services.
• Handling contact and user support requests: If you fill out a “Contact Me” web form or request user support, or if you contact us by other means including but not limited to via phone, we process your personal information to perform our contract with you and to the extent it is necessary for our legitimate interest in fulfilling your requests and communicating with you;
• Managing event registrations and attendance: We process your personal information to plan and host events or webinars for which you have registered or that you attend, including sending related communications to you or to perform our contract with you or where we receive your consent;
• Contract fulfilment: We may process your personal information for the purposes of fulfilling our contract with you or our customers. We do this where it is necessary for the performance of the relevant contract;
• Employment application: We may process your personal information for the purpose of your application for employment with the company and we do this on the basis that it is necessary to take steps for entering into a contract with you or for the performance of our contract with you.
• Developing and improving our Services: We process your personal information to analyze trends and to track your usage of and interactions with our Services to the extent it is necessary for our legitimate interest in developing and improving our Services and providing our users with more relevant content and service offerings, or where we seek your consent;
• Assessing and improving user experience: We process device and usage data which in some cases may be associated with your personal information, to analyze trends and assess and improve the overall user experience to the extent it is necessary for our legitimate interest in developing and improving the service offering or Services, or where we seek your consent;
• Registering and hosting visitors to the office or at events: We process your personal information for security, health, and safety reasons, to register visitors and to manage non-disclosure agreements that visitors may be required to sign, to the extent such processing is necessary for our legitimate interest in protecting our offices, staff and visitors and our confidential information against unauthorized access. In addition, certain health data (which may include special categories of personal information) may be processed for office visits and at events to ensure the safety and security of our visitors and employees (where legally permitted) with your consent or where necessary for reasons of public interest in the area of public health;
• Sending communications: We will process your personal information, or device and usage data, which in some cases may be associated with your personal information, to send you marketing information, product recommendations and other non-transactional communications (e.g., marketing newsletters, telemarketing calls, SMS, or push notifications) about us and our affiliates and partners, including information about our products, promotions, news or events as necessary for our legitimate interest in conducting direct marketing or to the extent you have provided your prior consent;
• Compliance with legal obligations: We process your personal information when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws. For example, we may process your personal information to protect our rights or is necessary for our legitimate interest in protecting against misuse or abuse of our Services.

5. INFORMATION SHARING

We will share your personal information with third parties only in the ways that are described in this Privacy Statement.

• Third parties authorised by you. We will disclose your personal information to a third party with your authorisation. This includes, for example, our customers who use Daon Services for identity verification or fraud detection purposes.
• Third-party service providers. We may provide your personal information to companies that provide services to help us with our business activities. These companies are authorised to use your personal information only as necessary to provide these services to us, based on our instructions and in compliance with this Privacy Statement and any other appropriate confidentiality and security measures.
• Professional Advisors We may share your personal information with professional advisors acting as service providers, processors or controllers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services and to the extent that we are legally obliged to share or have a legitimate interest in sharing your personal information;
• Compliance with legal obligations. We may also disclose your personal information as required by law, such as: to comply with a subpoena or similar legal process; when we believe in good faith that disclosure is necessary to protect our rights; to protect your safety or the safety of others; to investigate fraud; or, to respond to a government request. Where possible and legally permissible, we will consult you in advance of any such disclosure. We will reject any third-party requests for personal information that are not legally binding.
• Business transaction. If we are involved in a merger, acquisition, or sale of all or a portion of our assets, we may disclose your personal information to a third party involved in the transaction as permitted by applicable law.
• Affiliated businesses. Daon may share your personal information with affiliates to provide the services including access to the Services and to improve or develop the Services.
• Third-party plugins. Your interactions with third-party plugins are governed by the privacy policy of the company providing the third-party plugin. For the purposes of data protection laws, Daon and any third-party plugin company are “joint controllers” of the processing of your personal information described in this statement. This means that both businesses decide why and how your personal information is processed. We do not perform all processing of your personal information as joint controllers. Daon makes decisions regarding certain processing of your personal information independently of any third-party plugin company, for which Daon is solely responsible. Similarly, any third-party plugin company makes decisions for certain processing of your personal information independently of Daon, for which that third-party plugin company is solely responsible. Please visit the website of the relevant business to find out more about processing performed by each business independently. Daon is not the data controller in respect of the data processing activities carried out by any third-party plugin company after your personal data has been transferred to such third-party plugin company. Daon is not responsible for the privacy and security practices of such third parties, and it is your choice to use such third-party plugins. Therefore, Daon is not responsible for data protection compliance with respect to those later processing activities and the responsibility would remain with the relevant third-party plugin company. Daon is not responsible for the privacy and security practices of such third parties, and it is your choice to use such third-party plugins. We encourage you to read the privacy policy of any third party you interact with on or through the Services.
• Protection and safety of Daon and others. We are committed to providing a safe environment on the Services. Daon may disclose your personal information for purposes of: fraud prevention and detection; protecting the rights, property, and safety of Daon, you, or others in connection with a mandatory requirement from an authorised authority, regulatory body or court, or to enforce or protect our legal rights or to establish, bring or defend legal claims and ; and, enforcing or applying our Terms of Use and other agreements.
• Cookies. Please see below

We may also share anonymous or de-identified usage data the purpose of helping Daon in such analysis and improvements to show trends about the general use of our services.

6. COOKIES & SIMILAR TRACKING TECHNOLOGIES

Generally, we use cookies, web beacons, pixels and tags to: optimise and improve the Services; identify your device; distinguish you from other visitors; record your IP address to understand your use of the Services; provide user authentication; monitor and maintain information about your use of the Services; identify the name of the Services from which you linked to the Services; and, to conduct fraud prevention and management services.

COOKIES. A cookie is a small text file that is stored on a computer or device when you visit the Services. If you reject our cookies and/or similar tracking technologies, you may still use the Services, but your ability to use some or all of the Services will be limited. We use both session ID cookies and persistent cookies. A “session ID” cookie expires when you end your session (i.e., close your browser). We use session cookies to make it easier for you to navigate the Services. A “persistent” cookie remains on your hard drive which means that when you end your session and return to the same web Services later, the cookie information is still available. We set a persistent cookie to store your passwords so you don’t have to enter it more than once. Persistent cookies also enable us to track and target the interests of our users to enhance their experience on the Services. We use the following types of cookies:

• Strictly Necessary Cookies. These cookies are essential because they enable you to move around the Services and use certain features on the Services. For example, strictly necessary cookies allow you to access secure areas. Without these cookies, some content cannot be provided.
• Performance/Analytics Cookies. These cookies collect information about how you use the Services. For example, a performance/analytics cookie will collect information about which pages you go to most often, how much time you spend on that page, or if you get error messages from certain pages. These cookies do not gather information that identifies you. The information these cookies collect is anonymous and is used to improve how the Services works.
• Functionality Cookies. These cookies allow us to remember the choices you make and to tailor the Services so we can provide relevant content to you. For example, a functionality cookie can remember your preferences (e.g., country or language selection), or your username.
• Targeting/Advertising Cookies. These cookies are used to provide advertisements that are more appealing to you and your interests, and to help measure the effectiveness of an advertising campaign. For example, a targeting/advertising cookie can remember that you have visited the Services, and it may share this information with other organisations, such as advertisers. This means that after you have visited the Services, you may see advertisements about our products and services elsewhere on the Internet.
• Third-Party Cookies.  Cookies from third-party providers that fall into one of the above categories, who may use information about your visits to other websites and online services to target advertisements for products and services available from Daon. We do not control the types of information collected and stored by these third-party cookies. You should check the third-party’s privacy policy for more information on how they use cookies. One way to do that is to download and use the Ghostery browser plug-in: www.ghostery.com/ghostery-browser-extension. We are not responsible for the completeness or accuracy of these third-party notices or the effectiveness of their opt-outs or other features or functionality.

WEB BEACONS / GIFS. Web beacons, or “clear gifs,” are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of web users. In contrast to cookies, which are stored on a user’s computer hard drive or device, clear gifs are embedded invisibly on web pages and are about the size of the period at the end of this sentence. We and our third-party service provider employ web beacons for the reasons stated above (under “Cookies”), but primarily to help us better manage content on the Services by informing us which content is effective.

7. HOW TO MANAGE COOKIES & SIMILAR TRACKING TECHNOLOGIES

Below we describe how you can manage first-party or third-party cookies.
Our Cookies (or, “First-Party Cookies”). You can use the browser with which you are viewing the Services to enable, disable, or delete cookies. To do this, follow the instructions provided by your browser (usually located within the “Help”, “Tools” or “Edit” settings). Please be advised that if you set your browser to disable cookies, you may not be able to access parts of the Services or the Services may not work properly. You can find more information about how to change your browser cookie settings at http://www.allaboutcookies.org.

Third-Party Cookies. For more information about third-party advertising networks and similar entities that use these technologies, please see http://www.aboutads.info/consumers, and to opt-out of such ad networks’ and services’ advertising practices, go to http://www.aboutads.info/choices. Once you click the link, you may choose to opt-out of such advertising from all participating advertising entities or only receive advertising provided by specific advertising entities. We are not responsible for the completeness or accuracy of these third party notices or the effectiveness of their opt-outs or other features or functionality.

8. DATA RETENTION

We will retain your personal information in accordance with our Record Retention and Protection Policy and only for as long as necessary for the purposes of providing access to the Services and related services to you, to comply with our legal obligations, resolve disputes, enforce our agreements or for carrying out scientific research. Doan’s scientific research team conduct research in accordance with the Policy on Good Research Practice and research teams are required to adhere to the Record Retention and Protection Policy.

9. SECURITY

The Services have security measures in place to protect against the loss, misuse and alteration of the personal information under our control. Daon will endeavour to use appropriate security measures including firewalls and monitoring.
However, no data transmission over the Internet or storage of data can be guaranteed as 100% secure, thus we cannot ensure or warrant the security of any personal information you transmit to or store with us, and you transfer and store such data at your own risk. You are also responsible for the security of your personal information by taking precautionary measures, such as keeping any account password confidential and using secure wireless connections.

10. CHILDREN’S PRIVACY

Our Services are for a business audience and intended for persons above the age of majority. We do not knowingly request or collect personal information from any person under the age of 16. Children under 16 should not provide personal information to us on the Services. If we learn that we have collected personal information of a person under 16 years of age, we will act as required by applicable law.

11. “DO-NOT-TRACK” SIGNAL

You may disable cookies through your browser settings, but Daon does not change the way it responds to a “Do-Not-Track” signal.

12. LINKS TO 3RD PARTY SERVICES

Our Services include links to, and plug-ins for, other websites and online services whose privacy practices may differ from those of Daon. If you submit personal information to any of those third-party services, your information is governed by their privacy policies. We encourage you to be aware when you leave the Services and carefully read the privacy policy of any third-party services you visit.

13. DATA SUBJECT RIGHTS

If you wish to request access to, rectification, erasure or restriction of your personal information, or object to the processing of your personal information, please email us at [email protected]. We will respond to reasonable requests in accordance with relevant data protection laws.

You may have certain rights relating to your personal information, subject to local data protection laws. Depending on the applicable laws these rights may include the right to:

• Access your personal information held by us;
• Know more about how we process your personal information;
• Rectify inaccurate personal information and, taking into account the purpose of processing the personal information, ensure it is complete;
• Erase or delete your personal information;
• Restrict our processing of your personal information;
• Transfer your personal information to another controller, to the extent possible;
• Object to any processing of your personal information;
• Opt-out of certain disclosures of your personal information to third parties;
• Not be discriminated against for exercising your rights described above;
• Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects (“Automated Decision-Making”); and
• Withdraw your consent at any time (to the extent we base processing on consent), without affecting the lawfulness of the processing based on such consent before its withdrawal.
• Where we process your personal information for direct marketing purposes you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection
• Please note that Automated Decision-Making currently does not take place on our Web Services or any of the processing included in this notice.

14. INTERNATIONAL USERS & DATA

As a global organisation, where legally permissible, Daon may collect, use, disclose, and otherwise process your personal information in countries outside of the country of your residence, which may have different data protection rules.

Personal information from inside the EU may be processed by Daon Inc. in the U.S. and Daon (Australia) Pty Ltd. in Australia, and Daon d.o.o. in Serbia, for the purpose of providing customer service and support. Appropriate safeguards are in place to require that your personal information will remain protected wherever it is transferred. Where we share personal information of individuals in the E.E.A or the UK (we will make use of the standard contractual clauses which have been approved by the via standard data protection clauses adopted by the EU Commission signed between Daon Inc., Daon (Australia) Pty Ltd., and Daon d.o.o. (Belgrade), with Daon Technology which are available on request. If we share your personal information with external third parties outside of the E.E.A. we use specific contracts with external third parties that are approved by the European Commission for the transfer of personal information to third countries. These contracts require the same levels of personal information protection that would apply under the GDPR. However, any transfer of your data out of the E.E.A. may result in access to this data by local public authorities for monitoring purposes or public health, as permitted under local surveillance or public health laws.

Daon will not transfer personal information outside the EU to a third country or international organisation that does not provide an adequate level of data protection or without ensuring that appropriate safeguards are in place to protect the privacy and integrity of such personal information.

• Adequacy Decisions: We rely on decisions from the European Commission where they recognise that certain countries and territories outside of the European Economic Area ensure an adequate level of protection for personal information. These decisions are referred to as “adequacy decisions”. We transfer your personal information from the European Economic Area to UK in reliance on the European Commission’s adequacy decision for the UK.
• Standard Contractual Clauses: We utilise standard contractual clauses approved by the European Commission (and the equivalent standard contractual clauses for the UK, where appropriate) for transfers to the United States, the UK and Australia.

While transfers to countries that don’t have an adequacy decision typically take place on the basis of the standard contractual clauses, in certain circumstances, transfers can also take place on the basis of exemptions provided for under data protection law. For example, sharing with law enforcement, in emergency situations where we learn that a person’s life is at risk.

Data protection law in certain jurisdictions differentiates the data controller and data processor of personal information. Different Daon entities provide the Services in different parts of the world. Section 16 lists the entities that act as controllers to the extent personal information is collected under applicable laws of those regions.

15. Additional Data Processing Disclosures for California Residents
In addition to the disclosures above, this section provides supplemental information about how we process personal information. These additional disclosures apply only to individuals who reside in California as required by the California Consumer Privacy Act (“CCPA”).

Disclosure of Personal Information

Although we have not “sold” personal information for money in the past 12 months, we engage in routine practices with our Services involving third parties that could be considered a “sale” or “sharing” for targeted advertising as defined under California law. We do not knowingly sell or share any personal information of minors under the age of 16.

Below please find a chart detailing the categories of personal information we collected and with whom it was sold, shared, or disclosed for a business purpose in the past 12 months.

Sensitive personal information: We only use and disclose sensitive personal information for the following purposes: (i) performing services or providing goods reasonably expected by an average consumer; (ii) detecting security incidents; (iii) resisting malicious, deceptive, or illegal actions; (iv) ensuring the physical safety of individuals; (v) for short-term, transient use, including non-personalized advertising; (vi) performing or providing internal business services; (vii) verifying or maintaining the quality or safety of a service or device; or (viii) for purposes that do not infer characteristics about you.

In order to fully exercise the Right to Opt Out of Sales and Sharing for Targeted Advertising, California residents must undertake both of the following steps:

1. Submit an Opt Out of Sales and Sharing for Targeted Advertising request through on our webform.
2. Disable the use of advertising cookies and other tracking technologies in the preference center, accessible by clicking preference center at the bottom of any page. You must complete this step on each of our websites from each browser and on each device that you use. These steps are necessary so that we can place a first-party cookie signaling that you have opted out on each browser and each device you use. Please note:
   1. If you block cookies, we will be unable to comply with your request to opt out of sales and sharing for targeted advertising with respect to device data that we automatically collect and disclose to third parties online using cookies, pixels, and other tracking technologies.
   2. If you clear cookies, you will need to disable the use of all advertising cookies and tracking technologies in the preference center again on each browser on each device where you have cleared cookies.

To the extent required by law, we will honor opt-out preference signals sent in a format commonly used and recognized by businesses, such as an HTTP header field or JavaScript object. We will process opt-out preference signals at the browser level.

Automated Individual Decision-Making: If you choose to share your personal information with us, or for third parties to share your data with us directly, and you have not opted out you consent to our use of individual automated decision making using your special category data, to determine whether you have met the requirements.

Verification: In order to process rights requests, we may need to obtain information to locate you in our records or verify your identity depending on the nature of the request. In most cases we will collect some or all of the following data elements: first and last name, email address, and telephone number. In some cases, we may request different or additional information, including a signed declaration that you are who you say you are, and will inform you if we need such information.

Authorized Agents: Authorized agents may exercise rights on behalf of California residents by submitting a request to [email protected] and indicating that they are submitting the request as an agent. We may require the agent to demonstrate authority to act on behalf of the California resident by providing signed permission from the resident. We may also require the resident to verify their own identity directly with us or to directly confirm with us that they provided the authorized agent permission to submit the request.

16. WHO ARE WE?

In EU/EMEA services are provided by Daon UC, in the UK by Daon UK in the USA services are provided by Daon Inc., and in Asia and Australia services are provided by Daon (Australia) Pty Ltd (collectively, “Daon” or “we”).

Complaint to Data Protection Commission:

We hope you are satisfied with our use of your data. However, you have a right to complain to your local data protection authority. If you are located in the EEA or the UK, you have the right to lodge a complaint with the competent supervisory authority. If you work or reside in a country that is a member of the EU or that is in the EEA, you may find the contact details for your appropriate data protection authority on the following website:

https://edpb.europa.eu/about-edpb/about-edpb/members_en

If you are a resident of the United Kingdom you may contact the UK supervisory authority, the Information Commissioner’s Office:

https://ico.org.uk/make-a-complaint/data-protection-complaints/data-protection-complaints/

17. CONTACT US

If you have any questions about this Privacy Statement, our data handling practices, or your dealings with our Services, you can contact us at: [email protected].

DAON UC
IFSC House
Custom House Quay
Dublin 1, Ireland

DAON INC.
4097 Monument Corner Dr
Suite 550
Fairfax, VA 22030, USA

DAON (AUSTRALIA) PTY LTD
Suite 65, Level 1
10-12 Lonsdale Street, Braddon ACT 2612
Australia

DAON UK
Suite 1, 3rd Floor,
11-12 St. James’s Square,
London SW1Y 4LB

DAON d.o.o.
AK Kompresor
Žorža Klemansoa 19
Belgrade, Serbia

Contact details of the Data Protection Officer

The Contact details of Daon’s Data Protection Officer are :
Name Tracy Elliott
Email : [email protected]
Address : IFSC House, Custom House Quay, Dublin 1, Ireland

This Data Protection Framework Privacy Notice (“DPF Notice”) is part of our Privacy Statement and is provided for purposes of complying with the EU-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework. This DPF Notice pertains to Daon (“Daon”, “we”, “us”, or “our”). This DPF Notice supplements and should be read in conjunction with our Privacy Statement and is made available on our website. For purposes of Daon’s certification to the foregoing frameworks, this DPF Notice should be understood to incorporate Daon’s Privacy Statement.

Daon complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of non-human resources personal data (as defined below) that is transferred from the European Union (“EU”), the European Economic Area (“EEA”), the United Kingdom (“UK”) and Switzerland to the United States within the scope of its certification. Daon has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Daon has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.

To learn more about the Data Privacy Framework (“DPF”) program, please visit the DPF site at: https://www.dataprivacyframework.gov/.

For the purposes of this DPF Notice, (i) “personal data” means information about an identified or identifiable individual within the scope of the EU General Data Protection Regulation (“GDPR”) GDPR as transposed into UK national law, together with the UK Data Protection Act 2018, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as amended) and other data protection or privacy legislation in force from time to time in the UK (collectively, “UK GDPR”), and Swiss Federal Act on Data Protection of 19 June 1992 and the revised version of 25 September 2020 when in force (“FADP”), that is received by Daon in the United States, from the EU, EEA, UK or Switzerland, and recorded in any form. Personal data does not include information collected from an employee of Daon and/or its affiliates within the scope of their employment. Personal data covered by this DPF Notice is collected and processed only as permitted by the EU-U.S. DPF Principles and Swiss-U.S. DPF Principles.

DISCLOSURES & ACCOUNTABILITY FOR ONWARD TRANSFERS

Consistent with the EU-U.S. DPF Principles and Swiss-U.S. DPF Principles, Daon may transfer personal data to its affiliates, its service providers, and other third parties, including transfers from one country to another. We will only disclose an individual’s personal data under one or more of the following conditions:

• To a Daon affiliate, purposes of assisting Daon in providing its services.
• To a third-party service provider that provides services to Daon, or to the individual, in connection with the operation of our business, and as consistent with the purpose for which the personal data was collected. We maintain written contracts with these third parties and require that these third parties provide at least the same level of privacy protection and security as required by the EU-U.S. DPF Principles and Swiss-U.S. DPF Principles. To the extent provided by the EU-U.S. DPF Principles and Swiss-U.S. DPF Principles, Daon remains responsible and liable under the EU-U.S. DPF Principles and Swiss-U.S. DPF Principles if a third party that it engages to process personal data on its behalf does so in a manner inconsistent with the EU-U.S. DPF Principles and/or Swiss-U.S. DPF Principles, unless Daon proves that it is not responsible for the matter giving rise to the damage.
• To our accountants, lawyers, and other professional advisors, under an appropriate agreement.
• Where required to the extent necessary to meet a legal obligation to which Daon is subject, including a lawful request by public authorities and national security or law enforcement obligations and applicable law, rule, order, or regulation.
• Where reasonably necessary for compliance or regulatory purposes, or for the establishment or defence of legal claims.
• To other persons or entities in connection with the sale of all or part of our business, or a reorganization or combination of our business with another organization.
• With the individual’s permission to make the disclosure.

YOUR RIGHTS AND CHOICES

Individuals whose personal data is covered by this DPF Notice have the right to access the personal data that Daon maintains about them as specified in the EU-U.S. DPF Principles and Swiss-U.S. DPF Principles. Individuals may contact us to correct, amend or delete such personal data if it is inaccurate or has been processed in violation of the EU-U.S. DPF Principles and Swiss-U.S. DPF Principles (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to the individual’s privacy, or where the rights of persons other than the individual would be violated). Notwithstanding the foregoing, Daon may limit or deny access to personal data to the extent that provided under EU, UK and/or Swiss data protection laws.
If Daon processes your personal data on the basis of consent, you have a right to withdraw consent at any time. We do not generally process personal data based on consent (because we can usually rely on another legal basis).

To exercise any of the foregoing rights, you may use our Data Subject Access Request Form or contact us via email us at [email protected].

As noted above, Daon discloses personal information to its affiliates, its service providers and other third parties. Individuals whose personal data is covered by this DPF Notice do not have the right to opt out of such disclosures, except to the extent the disclosure is made solely on the basis of consent.

COMPLAINTS AND RECOURSE MECHANISM

If you have a complaint regarding how Daon processes personal data covered by this DPF Notice, please contact us directly and we will endeavour to resolve it directly at the following email: [email protected].

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Daon commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. Under certain conditions, a binding arbitration option may be available to you in order to address complaints not resolved by any other means. For further information, please see Annex I of the EU-U.S. Data Privacy Framework Principles at: https://www.dataprivacyframework.gov/ .

Enforcement Authority

The Federal Trade Commission has jurisdiction over Daon’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

QUESTIONS

If you have any questions or complaints related to Daon’s DPF certification, please contact us at: [email protected]