Gorilla Technology Inc. (hereinafter called “Gorilla Technology”) respects your privacy and complies with the EU General Data Protection Regulation effective May 25, 2018. This privacy statement describes how Gorilla Technology collects and uses personal data where Gorilla Technology is the data controller or where Gorilla Technology refers to the applicability of this Statement.
Gorilla Technology may give you additional privacy information that is specific to a product or service to this Statement and other notices you may see while using our products or services. If there is a difference between such notices and this Statement, the notices should be considered first.
Gorilla Technology collect your personal data and other information when you make a purchase, use or register into our products and services, take part in campaigns or research or otherwise interact with us. Gorilla Technology may collect and receive a variety of personal data about you through (i) Direct Interaction, (ii) Automated Technologies, and (iii) Publicly Available Information and/or Third Parties. Below, please find a category overview of what data Gorilla Technology collects.
(i) Direct Interaction
|Data Categories||Data example types|
|Personal identification data||Name, telephone number, email address, and company name.|
|Contact information data||Email, telephone number, country/state address|
|Account login information||Log in ID, password or other security codes|
(ii) Automated Technologies
|Data Categories||Data example types|
|Device information||Hardware models, IP addresses, operating system version numbers, and device settings used to access the services.|
|Log information||Time and duration of your collected data while using our digital channel and products|
|Location information||Your actual location (derived from your IP address or other location-based technologies), that may be collected when you enable location-based products or features such as through our apps|
|Cookies||When you access or use our site or interact with our services we may use “cookies,” which store certain information on your device while you are viewing our website|
(iii) Publicly Available Information and/or Third Party Information
To the extent permitted by applicable law, in addition to our websites, applications and other digital channels, we may also obtain information about you from other sources, such as public databases, joint marketing partners, social media platforms and other third parties.
If you choose not to provide your personal data to Gorilla Technology , Gorilla Technology may not be able to provide you with our products or services or all of their functionalities or to respond to queries you have.
Use of Data Collected
Gorilla Technology may use your personal data for different legitimate reasons to operate our business, which includes analyzing our performance, meeting our legal obligations, developing our workforce, and doing research.
Gorilla Technology may process your personal data for the following purposes. One or more purposes may apply simultaneously.
The information collected is also used to help us to maintain and improve the quality of our website and the services Gorilla Technology provides on the website.
Gorilla Technology may use your personal data in order to provide you with our products and services, to process your requests or as otherwise may be necessary to perform the contract between you and Gorilla Technology, to ensure the functionality and security of our products and services, to identify you in order to provide the product or service as well as to prevent and investigate fraud and other misuses.
Gorilla Technology may combine personal data collected in connection with your use of a particular Gorilla Technology product and/or service with other personal data that Gorilla Technology may have about you.
Gorilla Technology may contact you to inform you of new products, services or promotions Gorilla Technology may offer and to conduct market research. We may use your personal data to personalize our offering and to provide you with more relevant services.
Gorilla Technology may also process your personal data when required by law, to protect its customers, and to maintain the security of its products and services.
Gorilla Technology will not disclose, sell or provide such information to unaffiliated third parties. However, Gorilla Technology may provide such information to its subsidiaries.
Gorilla Technology reserves the right to provide such information to its employees, contractors, agents, and designees to the extent necessary to enable them to execute certain web services (such as web hosting or maintenance services) for us. Gorilla Technology also reserve the right to disclose such information to any third party if Gorilla Technology believe that we are required to do so for any or all of the following:
- by law;
- to comply with legal processes or governmental requests;
- to prevent, investigate, detect or prosecute criminal offences or attacks on the Website or our network; and/or
- to protect the rights, property, or security of Gorilla Technology, the users of the Website, or the public.
- Gorilla Technology may share your personal data with other Gorilla Technology companies or authorized third parties who process personal data for Gorilla Technology for the purposes described in this Statement. This may include for example managing and analyzing consumer data, conducting research and managing marketing and other such campaigns.
- Gorilla Technology may conduct joint marketing and other communications with our authorized third-party partners. To avoid duplication of or unnecessary communications and to tailor the message to you we may need to match information that Gorilla Technology has collected with information that the partner has collected where this is permitted by law.
- International personal data transfers. Our products and services may be provided using resources and servers located in various countries around the world. Therefore, your personal data may be transferred across international borders outside the country where you use our services, including to countries outside the European Economic Area (EEA) that do not have laws providing specific protection for personal data or that have different legal rules on data protection. In such cases we use measures to provide adequate protection for your personal data as required by applicable law.
- Mergers and Acquisitions: If Gorilla Technology decides to sell, buy, merge or otherwise reorganize its businesses in certain countries, this may involve it disclosing personal data to prospective or actual purchases and their advisers, or receiving personal data from sellers and their advisers.
Gorilla Technology retains your personal data as long as it remains necessary for the purposes described above, all in accordance with applicable laws, or until you express a preference to opt out. Gorilla Technology may at its sole discretion, remove information from its systems, without notice to you or once it deems it no longer is necessary for such purposes.
Linking to Other Sites
You have the right to correct, update, delete, obtain a copy of and/or withdraw your consent to use your personal data if (i) your personal data changes (such as zip code, phone, email or postal address), (ii) you would like to know what personal data we hold on you, (iii) you would like a copy of some or all of your personal data we currently hold, or (iv) you no longer desire our services.
Steps to Safeguard Personal Data
Gorilla Technology enforces its internal policies and guidelines through an appropriate selection of activities. Gorilla Technology takes appropriate steps to address online security, physical security, risk of data loss and other such risks taking into consideration the risk represented by the processing and the nature of the data being protected. Also, Gorilla Technology limits access to its databases containing personal data to authorized persons having a justified need to access such information.
You have the following rights regarding personal data that Gorilla Technology processes about you:
Access: You have a right to know what personal data we hold about you and to obtain a copy.
Data portability: Subject to law, you have a right to obtain in machine readable format the personal data you have provided to Gorilla Technology.
Rectification and erasure: You have a right to have incomplete, incorrect, unnecessary or outdated personal data about you deleted or updated.
Withdraw your consent: You have a right to withdraw your consent for Gorilla Technology to process your personal data.
Unsubscribe and object: You have a right to unsubscribe from direct marketing messages and to request that Gorilla Technology stop processing your personal data for direct marketing purposes or Gorilla Technology delete your personal data on other grounds.
In some cases, if you withdraw your consent or wish us to delete or stop processing your personal data we may not be able to continue to provide the services to you.
Your Personal Data Controller
Gorilla Technology Inc. of 7-1F, No.301, Ruey Kuang Road, Neihu District, Taipei, Taiwan is the controller of your personal data.
In addition, the Gorilla Technology Inc affiliate providing the product or service may be a controller of your personal data. In matters pertaining to Gorilla Technology’s privacy practices you may also contact us or our Group Data Protection Officer at 7-1 F, No.302, Ruey Kuang Rd., Neihu District, Taipei , Taiwan.
Gorilla Technology’s Policy Concerning Children
Gorilla Technology recognizes the privacy interests of children and encourages parents and guardians to take an active role in their children’s online activities and interests. Children under 13 (or under 16 in the European Economic Area or under 18 in Taiwan) should not use our product(s) and/or service(s). if Gorilla Technology learns it has collected personal data from a child under the aforementioned age groups, Gorilla Technology will take reasonable steps to delete it.
We will retain Your Personal Data only for as long as is necessary (taking into consideration the purpose for which it was originally obtained). The criteria We use to determine what is ‘necessary’ depends on the particular Personal Data in question and the specific relationship We have with You (including its duration).
Our normal practice is to determine whether there is/are any specific EU law(s) (for example tax or corporate laws) permitting or even obliging Us to keep certain Personal Data for a certain period of time (in which case We will keep the Personal Data for the maximum period indicated by any such law). For example, any data that can be deemed to be ‘accounting records’ must be kept for ten (10 years).
We would also have to determine whether there are any laws and/or contractual provisions that may be invoked against Us by You and/or third parties and if so, what the prescriptive periods for such actions are (this is usually five (5) years). In the latter case, We will keep any relevant Personal Data that We may need to defend Ourselves against any claim(s), challenge(s) or other such action(s) by You and/or third parties for such time as is necessary.
Where Your Personal Data is no longer required by Us, We will either securely delete or anonymise the Personal Data in question.
GDPR COMPLIANCE STATEMENT
Gorilla Technology Group’s (Gorilla) video surveillance solutions are to the best of our knowledge and ability in compliance with the GDPR regulation and/or shall be brought into compliance in specific future cases as stated as below.
- Personal Data & ConsentGorilla video analytics solutions provide several video analytics capabilities, including for people, vehicles, objects and behavior analytics (no profiling is done by Gorilla). Only the Facial Recognition feature is related to personal data collection although it is not collected by Gorilla under normal circumstances, only in special cases upon request from our client. Other analytics data do not extract and store any “personal data” (refer to definitions of GDPR Article 4).
- For Facial Recognition used in public security surveillance: according to GDPR Article 2: “This Regulation does not apply to the processing of personal data:” “(d) by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.” As such the exception applies to the solution implementation.
- For Facial Recognition used in commercial situations (For example, employee attendance/ clock-in / secure location access, visitor access control, retail VIP recognition): According to GDPR Article 7: “1. Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data.” Gorilla shall provide the template of “written declaration of consent” for end client to be signed by their employee/visitor and customer to comply with the regulation as a clear, unambiguous affirmation. In addition the employer customer shall be informed to revise its employment rules and workbook and employment contract to allow for collection of data in terms of GDPR Article 88.
- As mentioned the Facial Recognition data is collected for the purposes in (a) and (b) above and will be deleted once it is no longer needed.
- Data Protection
- In compliance with the GDPR Article 29, all the face signature data, if any, stored in Gorilla’s systems has undergone pseudonymization. The face signature data is not stored together with any other identifiable personal data.
- All the face signature data stored in Gorilla system has been protected to comply with GDPR Article 25 by encryption.
- Joint Controller (GDPR Article 26) or Processor (GDPR Article 28)
- In terms of the requirements of GDPR articles 13 and 14 where Gorilla has access to or the ability to contact the data subject, the data subject shall be informed of the collection. In any event, Gorilla will publish disclaimers on its website and in its contractual documents.
- Gorilla shall stipulate contractual terms with the client setting out the respective duties as joint controllers or processors. Gorilla and client shall decide on a joint single designated contact point/person for data subject requests in terms of GDPR Article 26.
- Where Gorilla is the data processor it shall only process the data in strict accord with written instructions from the controller and on behalf of such controller in terms of GDPR Article 28. The contract with the controller shall stipulate the same.
- Transfers of Data to Third Countries (on non-adequacy basis)
- As of February 2019, Gorilla is not transferring any personal data outside of the EU in terms of Article 44 of GDPR.
- In future situations where it is required by clients for Gorilla to transfer data outside of the EU, Gorilla shall draft and implement the Binding Corporate Rules for data processing and transfer as under GDPR Article 46 and 47.
- Keeping Records (GDPR Article 30)
- Gorilla shall keep all relevant records related to any processing activities.
- Data Subject’s Rights
- In terms of GDPR Article 15, the data subject has a right to request access to any records of personal data processed. Gorilla shall cooperate with the client to manage all such requests.
- In terms of GDPR Article 16, 17 and 18, the data subject has a right to rectification, erasure or restriction of data processed. Gorilla shall cooperate with the client to manage all such requests.