FORXAI Mirror Privacy Policy

PRIVACY POLICY – FORXAI Mirror

(Version 1.0, effective as of 14/02/2024)

Introduction


Our commitment to Data Protection compliance ensures that the deployment of the FORXAI Mirror, which is an artificial intelligence powered tool for personal protective equipment monitoring, aligns with data protection regulations for data protection by design and default, technical measures and security controls. We, as the team behind FORXAI Mirror, are dedicated to transparent and ethical data processing practices, prioritising the privacy and security of individuals’ personal data within our solutions.

It is important to note that the customer is the data controller- in case of Konica Minolta showroom usage, the customer is the national operating company (NOC) of Konica Minolta – and solely responsible for the protection of the data that is collected, processed and stored when using the FORXAI Mirror solution.

No data is transmitted outside of the FORXAI Mirror hardware itself, by default.
However, Konica Minolta (NOC) may organise data collections events from time to time. These events are voluntary, and its’ purpose is solely to enhance and improve the machine learning models used by FORXAI Mirror. These events are conducted as invite-only, and the participants can manage their explicit consent within the Booking Product event invitation.
During these events, the Data Collection ON mode is enabled by the admin (assigned person in the NOC) and images classed as personal data can be collected, processed and stored by Konica Minolta Business Solutions Italia Spa (BIT) as a sub-processor of the NOC.
If you wish to learn more, the Privacy Policy below describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Product, and it tells You about Your privacy rights and how the law protects You.

Interpretation and Definition

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
For the purposes of this Privacy Policy:

YOUThe individual accessing or using the Service, typically and employee, contractor or visitor of the NOC. You can be also referred to as the Data Subject or as the User, as you are the individual using the Product.
COMPANYReferred to as either “the Company”, “We”, “Us” or “Our”, refers to the Konica Minolta National Operating Company of which the Product is situated. The Company is the Data Processor.
CONTRACTThe contract under which the Product is supplied to the NOC, so it can be used by You.
PRODUCT or FORXAI MIRRORRefers to the FORXAI Mirror, a hardware with artificial intelligence powered software for personal protective equipment monitoring.
SERVICERefers to any services connected with the use of the Product.
COUNTRYRefers to the country, where the Product is geographically located.
USAGE DATARefers to all data collected automatically under DATA COLLECTION ON.
DATA COLLECTIONThe process of data collection via the Product.
DATA COLLECTION ONwhere the Product´s ‘toggle’ is enabled (on) by the Admin. In this mode, data is collected, stored and used for training and enhancing the machine learning models for further development of the Product. All PPE detections recorded will be tagged, as accepted for collection by the specialist team of Konica Minolta Business Solutions Italia Spa (BIT).
DATA COLLECTION OFFmeans that ‘toggle’ is set (off), data is not collected, stored or used for training and enhancing the machine learning models for further development of the Product.
THE TERMS “CONTROLLER,” “DATA SUBJECT,” “PERSONAL DATA,” “PERSONAL DATA BREACH,” “PROCESSING,” “PROCESSOR,” AND “SUPERVISORY AUTHORITY”These terms have the same meaning as in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or GDPR).
ADMINis the user with administrative permissions that has access to the Admin Control Panel and can action ON/OFF the DATA COLLECTION Mode.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data:
While using the FORXAI Mirror with Data Collection ON, We may collect the following Personal Data:
Full body image (including face)

Usage Data:
Usage Data is only collected when using the Data Collection ON. Usage Data may include information such as: the time and date of Your login during usage of the Product.

Use of Your Personal Data

We may use Your Personal Data for the following specific purposes under Data Collection ON:
Training and enhancement:
To improve the accuracy and efficiency of the machine learning models used in the Product,
Managing Your requests:
To attend and manage Your requests to Us.
For Data Collection OFF, we do not use Your Personal Data for any other reason than to simply use the features of the given FORXAI Mirror Product.

Retention of Your Personal Data

Under Data Collection OFF: 10 days from the time of collecting them.
Under Data Collection ON: until Your consent is revoked by You.

Transfer of Your Personal Data

Your Personal Data is processed solely within the Product´. For Data Collection ON, Your Personal Data is processed in the data center in Italy – Konica Minolta Business Solutions Italia Spa.
Your information will not be transferred and/or maintained outside of European Union.
We will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

Securing your Personal Data

At Konica Minolta we are committed to protecting your privacy, we follow strict security procedures to ensure that your personal information is not damaged, destroyed, or disclosed to a third party without your permission, and to prevent unauthorised access. The servers that store your information are kept up to date and secured with appropriate firewalls/malware/data encryption and virus protection as part of our wider technical and organisational measures. Hard copies, if any, of your data is stored on our premises where access is restricted, and physical security measures are deployed.

Disclosure of Your Personal Data

We do not sell or rent user data in principle. A transfer to third-party service providers beyond the scope described in this privacy policy will only take place if this is necessary for the processing of the respective requested service, mainly under Data Collection ON. These may include the following third parties:
Affiliates: We may share Your information with Our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include Our parent company and any other subsidiaries, or other companies that We control or that are under common control with Us.
Law enforcement: Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
Other legal requirements: The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:
Comply with a legal obligation
Protect and defend the rights or property of the Company
Prevent or investigate possible wrongdoing in connection with the Product
Protect the personal safety of You, or the Product or the public

Personal Data Processing

Legal Basis for Processing Personal Data under GDPR
We may process Personal Data under the following conditions:
Consent: You have given Your consent for processing Personal Data for one or more specific purposes. (Art.9 II lit a)
Purpose under Data Collection ON: The enhancement and training of machine learning models to improve accuracy and efficiency of the Product.
Performance of a contract: Provision of Personal Data is necessary for the performance of an agreement and/or for any pre-contractual obligations thereof.
Legal obligations: Processing Personal Data is necessary for compliance with a legal obligation to which the Company is subject.
Legitimate interests: Processing Personal Data is necessary for the purposes of the legitimate interests pursued by the Company.
In any case, we will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

DATA PROCESSING PRINCIPLES

Our commitment to GDPR compliance is based on the following principles:
Lawfulness, Fairness, and Transparency: The Product processes personal data lawfully, fairly, and transparently, the NOC must ensure that individuals are aware of how their data is used.
Purpose Limitation: Data is collected and processed solely for the purpose of workplace safety monitoring, adhering to the specified objectives. Data collected under consent in the form of images may be used to and is limited to the enhancement and improvement of machine learning models.
Data Minimisation: The Product only collects and processes data that is necessary for the intended purpose, minimising the amount of personal data processed.
Accuracy: The NOC must ensure the accuracy of the data is processed and must take steps to rectify inaccuracies promptly for personal data uploaded to the Product.
Storage Limitation: Personal data is retained only for as long as necessary to fulfil the purpose for which it was collected.
Integrity and Confidentiality: The Product deploys security controls to protect the integrity and confidentiality of the processed data as described in this document, such as encryption and access controls. The NOC has the responsibility to ensure the physical integrity and security of the Product.

YOUR RIGHTS AS A DATA SUBJECT

We undertake to respect the confidentiality of Your Personal Data and to guarantee You can exercise Your rights. You have the right under this Privacy Policy, and by law to:
Request access to Your Personal Data (Art.15 GDPR)
The right to access, update or delete the information We have on You. Whenever made possible, you can access, update or request deletion of Your Personal Data directly with you data controller.
Request correction of Your Personal Data (Art.16 GDPR)
You have the right to have any incomplete or inaccurate information we hold about You corrected.
Object to processing of Your Personal Data (Art.21 GDPR)
This right exists where We are relying on a legitimate interest as the legal basis for Our processing and there is something about Your particular situation, which makes You want to object to our processing of Your Personal Data on this ground. You also have the right to object where We are processing Your Personal Data for direct marketing purposes.
Request erasure of Your Personal Data (Art.17 GDPR)
You have the right to ask Us to delete or remove Personal Data when there is no good reason for Us to continue processing it.
Request the transfer of Your Personal Data. (Art.20 GDPR)
We will provide to You, or to a third-party You have chosen, Your Personal Data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which You initially provided (if any) consent for Us to use or where We used the information to perform a contract with You (if any).
Automated Individual decision-making, including Profiling (GDPR Article 22)
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject or similarly, significantly affects them. The FORXAI Mirror does not subject data subjects to any decisions based solely on automated processing, including profiling.
Withdraw Your consent. (Art.7 GDPR)
You have the right to withdraw Your consent on using your Personal Data. If You withdraw Your consent, We may not be able to provide You with access to certain specific functionalities of the Product.
Exercising of Your GDPR Data Protection Rights: You may exercise Your rights of access, rectification, cancellation and opposition by contacting Us if you are a Konica Minolta employee. Please note that we may ask You to verify Your identity before responding to such requests. If You make a request, We will respond within 30 calendar days. You also have the right to complain to a Data Protection supervisory authority (Art.77 GDPR) in the country of your NOC.

CHANGES TO THIS PRIVACY POLICY

We may update our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.
We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the “Last updated” date at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

CONTACT US

If you have any questions about this Privacy Policy, You can contact us:
By Email: oou@konicaminolta.cz

X