Privacy Policy

This Personal Data Protection Policy (hereinafter referred to as “Privacy Policy” or the “Policy”) describes the manner in which we, FaceUp Technology Inc. headquartered at 75 Port City Landing Suite 110, Mt Pleasant, SC 29464, the United States of America, applicable for United States data processing and FaceUp Technology s.r.o with registered address at Jiráskova 222/18, 602 00 Brno - střed for processing in the rest of the world (hereinafter referred to as “we”, “our” or “us”) collects, processes and protects your personal data. We undertake to protect your personal data in accordance with applicable data protection laws and regulations, such as the GDPR, the California Consumer Privacy Act, California Civil Code §§1798.100 et seq., including as modified by the California Privacy Rights Act (“CPRA”). Residents of certain states may have additional rights regarding the collection and sale of their personal information. Please see Your State Privacy Rights for more information.
 

This Policy applies to the processing of personal data within all services, applications and websites operated by us in which the personal data are processed and that contain this Policy or link thereto. They apply to the processing of personal data of visitors of our website https://www.faceup.com/en (hereinafter “our website”), users of our services and also representatives of our business partners and persons who contact us through our website or otherwise. This Privacy Policy applies when we process personal data as a data controller.

In the event of any conflict between this Privacy Policy and any specific privacy policy applicable to any of our products or services, the specific privacy policy shall prevail. The provisions of this Privacy Policy are effective as of the above effective date.

A. Privacy Policy for the use of our website

The terms and conditions outlined in this Section of the Privacy Policy do not extend to or govern the purchased products and services. This Section of the Privacy Policy is solely intended to inform you about how we process your data when you visit our website.

I. Which data do we process? 

When you create an account on our website, visit our website, subscribe to our newsletter, access our services or create a user account on our application, we may process the following categories of personal data: 

• identification data: e.g. name, surname, nickname, date of birth, age, gender, weight
• contact details: e.g. address, phone number, email
• information about whether you have subscribed to the newsletter,
• information about your preferences and behaviour on the website,
• payment details,
• any other information you choose to share with us. 

II. How do we process your data?

When you create an account on our website or within FaceUp mobile application (“our application”), we process your data that are necessary to create your account, such as your first name, last name, email, etc. We also process the data required to process your purchase, which may include your contact, identification and payment details.

By creating an account on our application or our website, you enter into a contractual relationship with us. The legal basis for the processing of this personal data is the performance of a contract or pre-contractual relationship within the meaning of Article 6 (1) (b) GDPR.

With respect to the services we provide to you, we will process the information we obtain from the data and information you provide when using the Services. We may also process other information that you provide to us through questionnaires that you may complete. You may withdraw your consent at any time by contacting us at support@faceup.com, but withdrawal of this consent will result in us being unable to provide you with the services you have ordered.  

We may use your data for marketing purposes, i.e. if you subscribe to our newsletter or other marketing communications. This communication is carried out in accordance with the applicable legal regulations. Advertising and marketing communications will only be sent to you if you have opted in for receiving these communication or you have not refused them, via email on our website or otherwise. The legal basis for the processing of your data for marketing purposes is your consent within the meaning of Article 6 (1) (a) GDPR. In the case of personalised marketing communications, the legal basis for processing your data for marketing purposes is your explicit consent pursuant to Article 9 (2) a) GDPR.

You can withdraw your consent to receive marketing newsletters at any time by unsubscribing. You may also unsubscribe by contacting us directly at support@faceup.com. If you unsubscribe, we will only retain the data that is necessary to provide you with the services in accordance with the rules set out in this Policy.

In some cases, legal regulations imposes obligations on us to process your personal data, such as tax and accounting laws, anti-money laundering laws and the provision of certain data to public authorities by law. This means that we may process your personal data to ensure compliance with these obligations. The legal basis for processing such personal data is compliance with legal obligations within the meaning of Article 6 (1) (c) GDPR.

In instances when we defend our rights and claims, we may process your personal data serving legitimate purposes to assert or defend against legal claims. As necessary to protect our legitimate interest, such as identification details (name, surname); contact details, such as address, phone number, e-mail address; content of our communication and contractual arrangements; and any other information provided to us throughout our relationship and necessary to defend our rights or against the claims. Legal grounds for processing this personal data: legitimate interest according to Article 6 (1) f) of GDPR.

III. Cookies and other monitoring technologies on our website. 

Our website uses cookies to collect information about persons who visit our website. Cookies are small text files that are stored on device used to visit our website or application. Cookies help us operate our website and provide important features and functionality on our website. They help us understand how our website is used. At the same time, we use cookies for statistical and analytical purposes, for example to track and monitor from which country, what website and how they were used to visit our website, as well as to enable personalization.

We use the following types of cookies:

(i) essential (strictly necessary) cookies that are necessary to provide access to our website and to provide the services you have specifically requested, to enable basic website functions such as tagging your data inputs, network management and accessibility; (if these cookies are disabled, our website may not function properly);

(ii) analytic (performance) cookies help us analyse how you move around our website and what content is relevant to our users. Based on this, we are able to track user navigation on our website/application (we track automated events, custom events and event logging and store them in a database). Analytic and performance cookies are also used to measure and improve performance.  

(iii) functional cookies allow us to remember choices you have made in the past, such as what language and currency you prefer, remember your name and email, and automatically fill out forms and allow for personalization, such as live chats, videos and the use of social media.

(iv) advertising cookies that help deliver tailored and personalised advertising, such as Google Analytics, Google Tag Manager, Facebook Pixel, LinkedIn Insight Tag, TikTok Pixel and UET Tag.

(v) Residents in certain states may have additional personal information rights and choices. Please see Your State Privacy Rights for more information.

We may collect the following information through cookies: IP address, gender, time zone, browser settings, operating system, website traffic information including URL, searched terms, information about what you have viewed or searched for on our website, website response time, download errors, length of visits to certain pages, information about how you interact with the website (such as scrolling, clicking and hovering).

When you visit our website, you will be informed via the cookie banner located at the bottom of the website that we collect cookies, if required by law. This banner allows you to manage what cookies we can collect. You can change your settings and withdraw your consent at any time via the privacy settings at the bottom of our website.

If we store data or access data already stored on your end device, such as a computer or mobile device, for analytical, functional or advertising purposes, we do so only with your consent within the meaning of Article 6 (1) (a) GDPR.

When collecting essential cookies, the legal basis for processing these data is a legitimate interest within the meaning of Article 6 (1) f) GDPR. It is not possible to disable these cookies through your privacy settings as our website may not function properly if you disable this type of cookies, however, if you still wish to do so, you can follow the instructions below under Blocking the cookies.

If you do not want us to use cookies, you can withdraw your consent for each type of cookie or re-grant it at any time after you have given it on the page dedicated to managing the cookie consent, which is available in the footer of our website under the title Managing the cookie consent. 

Blocking the cookies

If you do not want cookies to be collected, you can restrict, block or delete them at any time by adjusting your browser configuration. Although each browser has different parameters, the configuration of cookies can usually be found in the “Preferences” or “Tools” menu. If you disable cookies, the functionality of our website may be limited (in the case of essential cookies, you may not be able to access our website).

If you wish to prevent the installation of new cookies or if you wish to delete existing cookies, you can find instructions at the links below. The exact procedure depends on the browser you are using:

• Internet Explorer: here
• Firefox: here and here
• Google Chrome: here
• Safari: here

For mobile devices, you can limit tracking through your device's privacy settings (by turning off the advertising identifier), see https://www.networkadvertising.org/mobile-choice/.

In addition, you can use a third-party tool to opt out of targeted advertising. Third party opt-out tools available include Digital Advertising Alliance, Network Advertising Initiative and European Interactive Digital Advertising Alliance (Europe only).

To opt out of receiving cross-device web advertising (i.e., tracking a user across devices), you can access your device settings or visit and use the controls described on NAI Mobile Choices.

IV. How long will we process your data? 

In general, personal data shall be retained for as long as necessary for the purpose for which they were processed. The period for which we will retain your personal data also depends on the legal basis on which your data are processed. If the processing is based on a legitimate interest, your data will be processed for the duration of our legitimate interest. In the case of data retained on the basis of legal obligations, the retention period is determined by applicable legal regulations. For data processed on the basis of the performance of a contract, the data are processed for the duration of the contractual relationship and for the relevant limitation period. If the processing is based on your consent within the meaning of Article 6 (1) (a) GDPR, your personal data will be deleted after the withdrawal of consent. You can withdraw your consent to the processing of your personal data at any time by sending a message to support@faceup.com. Please note that the same data may also be processed on more than one legal basis, in which case your withdrawal of consent or request for erasure of personal data may not result in the complete erasure of your personal data. Withdrawal of consent does not affect the lawfulness of processing based on consent given before its withdrawal.

We will not collect excessive amounts of personal data or other information that is not relevant to the purposes for which the personal data are collected.

If you create an account on our website or application, we will process your personal data for the duration of that registration. You can request deletion of your account at any time.

V. Data sharing, processors and transfers to third countries.

Your personal data will not be shared with any third party except in the following situations:  

• data are necessary for the provision of our services,
• based on your consent, 
• entrusting personal data to processors who process personal data on behalf of us, 
• we are obliged to provide personal data based on the law or order of a public authority.

These third parties may use tracking technologies to collect information about you when you use the services or our website. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites, apps, and other online services websites. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.

We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.

Processors

We use the services of verified suppliers (hereinafter referred to as “Processors”) to assist us in providing our services. These Processors process your personal data based on instructions from us. We use the following categories of Processors:

• hosting, 
• analytical tools,
• marketing tools,
• IT tools, 
• our contractors and other partners who assist us in providing our services 

Transfers to third countries

In some cases, we may transfer your data to countries outside the EU/European Economic Area.  Such a transfer can only take place if it complies with the GDPR. This means, for example, that the provider is based in a country for which the European Commission has issued a decision that it provides an adequate level of protection for personal data, or that standard contractual clauses issued by the European Commission and/or other transfer mechanisms are in place that provide adequate safeguards with respect to the protection of your personal data. It may be necessary to apply certain additional measures in order to provide the data subject with a level of protection substantially equivalent to that guaranteed by the GDPR.

VI. Data security.

We undertake to ensure that your personal data is stored securely. Therefore, we have taken appropriate technical and organizational measures to secure the personal data processed by us, including, for example:

• encryption of data,
• use of passwords and other barriers to access user data (multiple levels of
• system logs, strong password policy)
• implementation of sufficient physical barriers to enter the premises where the
• data is stored (access control), 
• automated and manual QA tests,
• two-factor authentication when logging into the development environment.

These measures do not relieve you of the obligation to take appropriate measures to secure your personal data. You should, among other things, change your passwords regularly. On the other hand, you should not, among other things, use predictable usernames and/or passwords, share your passwords with others or provide access to your administrator account and/or disclose your personal information to others. We will never ask you for your password in any unsolicited communication. Immediately notify us of any unauthorized use of your administrator account or any other suspected breach of security.

B. Privacy Policy for the use of the FaceUp Whistleblowing System

The terms and conditions outlined in this Section of the Privacy Policy govern the purchased products and services, especially provided within our whistleblowing solution, referred to as "the Application". 

I. What Personal Data is Collected?

We collect personal data related to the use of our whistleblowing Application, including, but not limited to:

• Categories of Data Subjects: Individuals using the Application, such as employees, contractors, business partners, customers, and other authorized users designated by our customers.
• Categories of Personal Data: This includes contact information and other data submitted or processed through the Application, as determined by the customer's instructions and requirements.
• Sensitive Data: We do not intentionally collect or process special categories of sensitive data unless required by specific circumstances.

II. How Do We Use the Data?

The personal data collected through the Application is used for the following purposes:

• Providing, Maintaining, and Improving the Application: To ensure the Application functions as intended, continuously enhancing the user experience and addressing any performance issues.
• Offering Technical Support: Assisting users with technical issues and ensuring smooth operation.
• Compliance with Legal Obligations: Fulfilling legal requirements and adhering to instructions provided by our customers.

III. How Long Will We Process the Data?

Data retention is governed by the terms of our agreement with customers. Personal data is retained only for the duration specified and is securely deleted once processing is no longer required, in accordance with legal and operational needs.

IV. Access, Transfer, and Deletion Requests

Users have the right to request access to, transfer of, or deletion of their personal data. Such requests can be made by contacting us via email at support@faceup.com. We are committed to processing these requests promptly and in compliance with applicable laws.

V. Frequency and Nature of Processing

Data processing activities are continuous and include various operations necessary for the Application's functionality, such as data storage, retrieval, and consultation. These activities are essential for providing technical support and ensuring compliance with our customers' needs.

VI. Purpose and Subject Matter of Processing

The purpose of data processing is to support the Application, improve user experience, and comply with the instructions provided by our customers. Our aim is to ensure a safe and effective platform for whistleblowing activities.

VII. Additional Provision

For more detailed information regarding data processing within the Application, including data transfers and the use of subprocessors, please refer to the applicable Data Processing Addendum (DPA), which is available here.

C.  Joint clauses for Sections A) and B)

 I. Your rights.

Under the EU General Data Protection Regulation 2016/679 (“GDPR”), you are entitled to the following rights:

Right to access

You have the right to be informed about, among other things, what personal data we process about you, for what purposes and who the recipients of your personal data are. If you wish to obtain such information, please contact us via our email support@faceup.com. If we process your personal data, we will provide you with the following information:

• purposes of processing such data,
• categories of personal data concerned, 
• recipients or categories of recipients of your personal data,
• if possible, the period for which your personal data will be retained or at least the criteria that determine this period,
• existence of the right to require the controller to rectify or erase personal data or to restrict the processing of personal data concerning the data subject or to object to such processing, 
• right to lodge a complaint with the supervisory authority,
• information about the source of your personal data that is not obtained directly from you, and
• information about the existence of automated decision-making, including profiling 

Right to rectification (right to have the data completed)

You have the right to have any of your incomplete, inaccurate or outdated personal data rectified. 

Right to erasure (right to be forgotten)

You have the right to have certain personal data we have collected and processed about you erased without undue delay. Please note that we may be entitled or even obliged to retain some personal data despite your request for erasure. This is particularly the case where we need to process your personal data to comply with legal obligations or to establish, exercise and defend legal claims. 

Right to restriction of processing

In cases, such as 

• when you dispute the accuracy of the personal data, for a period of time that allows us to verify the accuracy of the personal data, 
• the processing is unlawful and you do not consent to the erasure of your personal data and request the restriction of its use,
• we no longer need your data for processing purposes, but your personal data are necessary for the establishment, exercise or defence of legal claims,
• you have objected to processing in connection with profiling until it is verified whether our legitimate grounds override yours,

you can request restriction of processing. 

Right to data portability

You have the right to obtain the personal data you provide to us in a structured, commonly used and machine-readable format and to request that it be transferred to another controller, if technically feasible. Please note that the right to data portability only applies to data that you have provided to us and that we process as controller on the basis of your consent or the performance of a contract.

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you that is carried out in the public interest or for the purposes of our legitimate interests, including profiling.

The exercise of your rights may be limited where we are required to retain any of your personal data for the purposes of complying with legal obligations, establishing, exercising or defending legal claims or for other compelling reasons set out in applicable data protection legislation.

Right not to be subject to the automated individual decision-making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:

• is necessary for entering into, or performance of, a contract between you and us; 
• is authorised by the law and the law lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
• is based on your explicit consent.

We do not make decisions based solely on automated processing that would have significant effects on its users. For the sake of completeness, we note that we use cookies and similar technologies, the use of which may constitute profiling. Information on how to withdraw your consent to the use of cookies or disable cookies can be found in Chapter III. Cookies of this Privacy Policy.

Right to lodge a complaint

If you believe that your data has been processed unlawfully, please contact us and we will try to resolve the issue. Under the GDPR, you have the right to file a complaint with the Office for personal data protection, which is located at Pplk. Sochora 727, 170 00 Praha 7-Holešovice, Czech Republic.

II. No Sale of Data.

In no case do we sell, trade, or rent your personal information to anyone, under any circumstances. Our use of your information is solely for the purpose of providing and improving our services to you. For details or concerns, please contact us at support@faceup.com.

III. Your State Privacy Rights.

State consumer privacy laws may provide their residents with additional rights regarding our use of their personal information.

Additional rights of California residents. 

(i) Under this Privacy Policy you have the following rights as a resident of California:

• The right to notice. You must be properly notified which categories of personal data are being collected and the purposes for which the personal data is being used.
• The right to access / the right to request. The CCPA permits You to request and obtain from us the information regarding the disclosure of your personal data that has been collected in the past 12 months by us or its subsidiaries to a third-party for the third party's direct marketing purposes.
• The right to say no to the sale of personal data. You also have the right to ask us not to sell your personal data to third parties. We do NOT sell any personal data. However, when You use the Service, third-party advertising companies may display interest-based advertising (also called online behavioral advertising) using information collected about your online activities over time across multiple websites, applications, and other online service sites. If You wish to opt out of the use of your personal data for interest-based advertising purposes and these potential sales as defined under CCPA law.
• The right to know about your personal data. You have the right to request and obtain from us the information regarding the disclosure of the following:

1. The categories of personal data collected;
2. The sources from which the personal data was collected;
3. The business or commercial purpose for collecting or selling the personal data;
4. Categories of third parties with whom We share personal data;
5. The specific pieces of personal data We collected about You

• The right to delete personal data. You also have the right to request the deletion of your personal data that have been collected in the past 12 months.
• The right not to be discriminated against. You have the right not to be discriminated against for exercising any of your consumer's rights, including by:

1. Denying goods or services to You.
2. Charging different prices or rates for goods or services, including the use of discounts or other benefits or imposing penalties.
3. Providing a different level or quality of goods or services to You.
4. Suggesting that You will receive a different price or rate for goods or services or a different level or quality of goods or services.

(ii) In order to exercise any of your rights under the CCPA, and if you are a California resident, you can contact as at support@faceup.com.

(iii) We will disclose and deliver the required information free of charge within 30 days of receiving your verifiable request. The time period to provide the required information may be extended once by an additional 30 days when reasonably necessary and with prior notice.

(iv) "Do Not Track" Policy as Required by California Online Privacy Protection Act (CalOPPA).

We do not track your data over time and across third party websites to provide targeted advertising. However, some third-party websites do keep track of your browsing activities. If you are visiting such websites, you can set your preferences in your web browser to inform websites that you do not want to be tracked. You can enable or disable DNT by visiting the preferences or settings page of your web browser.

(v) California Privacy Rights (California Business and Professions Code Section 22581).

California Business and Professions Code section 22581 allows California residents under the age of 18 who are registered users of online sites, services, or applications to request and obtain removal of content or information they have publicly posted. To request removal of such data, and if you are a California resident, you can contact us using the contact information provided below. Be aware that your request does not guarantee complete or comprehensive removal of content or information posted online if the law does not permit or require removal in certain circumstances.

(vi) California's "Shine the Light" law (Civil Code Section § 1798.83).

Permits users of our services or our website who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to support@faceup.com.

IV. Data Security.

We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers behind firewalls. Any payment transactions will be encrypted.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our services or our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the internet and mobile platforms is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted through our services or our website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures we provide.

V. Contact details.

If you wish to exercise any of your rights set out above, please contact us at support@faceup.com.

If you would like to learn more about us, our privacy protection or this Privacy Policy, you may contact us at support@faceup.com.

Please help us to keep your information up to date. If you believe that any data processed by us are incorrect, or if you believe that we are not complying with this Privacy Policy, please contact us at support@faceup.com.

Residents in certain states may have additional personal information rights and choices. Please see Your State Privacy Rights for more information.

VI. Final provisions.

Our website, services and applications are not intended for persons under the age of eighteen (18). If you are under the age of eighteen, please do not provide your personal information to us. We do not knowingly collect any personal information from children under the age of eighteen on our website. Users under the age of eighteen (18) (or the age of majority in the applicable jurisdiction) should not use our website, services and applications.

This Privacy Policy may be amended by us at any time. If we change this Privacy Policy, we will post the changes on our website and/or other places we deem appropriate. We may, but are not obligated to, send you an email or other notice of such a change, but you should check this Privacy Policy from time to time for any significant changes to its text.