UpPass Data Retention and Disposal Policy
As the integral elaborating part of UpPass Privacy Notice declared, Collective Wisdom Company Limited (the “Company”), the owner and developer of “UpPass” intends to declare and announce this Data Retention and Disposal Policy (the “Policy”) in particular to define the principle and framework to be implemented by the Company for the retention and the disposal of personal data (as defined under UpPass Privacy Notice) of UpPass end-users (the “User”) who is the customer of the relevant client who signed up as the UpPass user (the “Client”).
Unless defined otherwise under this Policy, the defined terms as well as the terms and conditions under UpPass Privacy Notice declared by the Company (the “Privacy Notice”) shall be applicable under this Policy. For the avoidance of doubt, therefore the retention and disposal policy of the relevant user of UpPass shall be governed under the Privacy Notice.
Scope of the Policy
This Policy is prepared and announced to all of the User to describe how long the Company will retain the User Personal Data and how the Company will dispose of, delete, or destroy User Personal Data collected via UpPass system during the service provision to the relevant Clients.
Retention Period of User Personal Data
On-process Data. The Company shall retain the User Personal Data that is still in the verification process for 7 (seven) days upon receipt of those raw data from the Client Platform;
Verified Data. The Company shall retain the User Personal Data collected after the completed verification for the period of time as instruction specifically by each Client that may range from a period of 1 day, 7 days, 30 days, 90 days, 180 days, 365 days, or any period by on-demand basis; provided that the Client shall also be entitled, at their sole discretion, any time log-in to the respective User Account on UpPass to manually delete the User Personal Data one by one.
For the avoidance of doubt, the retention period of the User Personal Data for each Client shall be agreed upon in writing between the Company and the Client and shall prevail the general provisions defined under this Policy.
Non-identifiable Data. The Company will retain non-identifiable data generated from the identity verification process of the User Personal Data such as liveness detection log, face comparison score, facial detection landmark, etc. for as long as the Company consider necessary for the improvement of UpPass products and services; provided that the Company shall ensure to implement the appropriate information security measures for these data.
Disposing of, Destroying, or Making the User Personal Data Personally Non-Identifiable
Upon the expiry of the retention period as defined and instructed by the Client, the Company shall permanently dispose of or destroy the User Personal Data or make such data personally non-identifiable; provided that the Company shall process the following methods, as applicable and feasible as determined at the sole discretion of the Company by adopting the best market practice:
any personally identifiable User Personal Data and any inputs from User shall be deleted from UpPass production database and data warehouse by the method that prevents such data from being accessed by any person;
User Personal Data on any Company devices shall be permanently deleted from such devices; and
in case that the User Personal Data cannot be deleted from the Company devices, such devices shall be destroyed by any authorized person or entity.
It should be noted that the User Personal Data can also be deleted or destroyed before the retention period by the Client that accesses UpPass User Account to delete any User Personal Data from UpPass database at any time upon their sole determination. In such circumstance, pursuant to the Terms of Services defined, the Company shall be bound by such instruction and the Company shall not be held liable for any deletion undertaken by anyone logging in via the Client’s User Account.
Change of this Policy
The Company may review and update this Policy from time to time as appropriate to ensure that the Policy shall comply with relevant laws and regulations of any jurisdiction and be in accordance with UpPass function and/or services; provided that the Company will notify the amendment of this Policy on UpPass or via other communication channels that the Company may have with the Client.