Public research 1.05

Privacy Policy

By accessing https://public-research.typingdna.com (the “Website”) and taking part in the behavioural research study (the “Research Study”) performed through the Website (or through any other native applications running directly on Your device that You may download for the purposes of the Research Study), You consent to Us collecting and further processing the Personal Information (as defined below) You provide to Us or which We otherwise are able to extract from Your use of the Website.

Both TypingDNA Inc. and TypingDNA SRL (referred to as “TypingDNA”, “We” or “Us”) control the purpose for which, and the manner in which, Personal Information (as defined below) about individuals accessing the Website, participating in the Research Study or otherwise using the Website are processed. We are therefore the data controller under applicable data privacy laws with respect to Personal Information collected via the Website or otherwise processed by us in relation to the Website and/or the Research Study. Our contact details are set out at the end of this privacy policy (“Privacy Policy”).

This Privacy Policy outlines the categories of Personal Information the Website collects from You, or that You provide to us in relation to the Research Study, the purposes for which your Personal Information might be used and the safeguards we put in place in the course of our relationship with You to protect your Personal Information.

By continuing to use the Website and participate in the Research Study, You expressly consent to our processing of Your Personal Information (as defined below) as described in this Privacy Policy, and to being bound by the provisions hereof.

Who We are

We are a technology company developing passive authentication and typing biometrics technologies.

The Research Study

We are currently running a research and development programme seeking to identify certain behavioural metrics in the way people type, depending on a variety of stimuli they are subjected to, or circumstances they may find themselves in. The purpose of the Research Study is to identify particular typing patterns defined as behavioural patterns and data that can be related to typing, touch and pointer input (including, but not limited to, speed of typing, pressure applied, intervals between keystrokes, telemetry information, typing rhythms, touch and swipe pattern etc) depending on various emotions participants feel at a given moment and to develop new products and services or to improve our existing ones.

Our primary purpose is to analyse such typing biometrics/keystroke dynamics in order to determine whether an individual’s typing patterns are affected when subject to different stimuli, and whether such typing patterns are repetitive in nature and specific to the relevant individual to a reliable extent and based on the results, we may develop applications to highlight various emotions users might feel when they type, statistics and trends regarding average users, but also to advance the development of applications for continuous authentication

To meet its purpose, the Research Study relies on consistent interaction between You and the Website. We encourage you to access the Website and participate in the activities on the Website, as described within each application.

Participation purely voluntary

Participation in the Research Study performed through the Website is purely voluntary and non-remunerated. By accessing the Website and participating in the Research Study, You confirm We have no obligations whatsoever to remunerate You or provide any financial or other consideration in exchange of your participation in the Research Study.

If You are an employee of Ours (or any of our Group companies or their affiliates, including investors), You hereby confirm that Your participation in the Research Study performed through the Website is purely voluntary, and you have not been requested or required (whether directly or indirectly) by Us, as part of or in the context of your employment with Us, to participate in the Research Study.

You may suspend or terminate Your participation in the Research Study at any time, without any consequence.

Personal Information

So we are clear about the terminology we are using, “personal information" means any information describing or relating to an identified or identifiable individual (where an identifiable individual is an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual).

When we use the phrase “Personal Information” in this Privacy Policy, We refer collectively to the categories of personal data that may be requested by Us and provided by You in various phases of Your accessing of on Our Website and participation in the Research Study.

When We use the term “typing patterns” in this Privacy Policy, We refer to behavioural patterns and data that can be related to typing, touch and pointer input (including, but not limited to, speed of typing, pressure applied, intervals between keystrokes, telemetry information, typing rhythms, device movement and positioning data, mouse, touch and swipe data, etc)

As this is a research and development project, We seek to collect and process limited categories of Personal Information about You – for this purpose, we will only collect Your email address for the purposes of opening a Website account for You and creating a secure database of Your typing patterns resulting solely from Your interaction with the Website (if and whenever You chose to do so).

We will also collect and further process Your typing patterns while interacting with the Website. While Your typing patterns (at this stage of the Research Study and/or of advances in technology) may not qualify squarely as ‘personal data’ under the General Data Protection Regulation (GDPR), We aim to provide – to the greatest extent possible – a similar degree of protection of Your typing patterns collected through the Website as the GDPR requires in respect of ‘personal data’ per se.

To the extent possible/feasible, We will anonymise Your Personal Information (including typing patterns). The purposes of the Research Study may be met without specific knowledge by Us of who specifically (as an identified individual) accesses the Website and participates in the Research Study. The success of the Research Study does however rely on Our ability to pool together (and analyse as such) an individual’s own typing patterns (collected during his/her interactions with the Website over a period of time) on a standalone basis.

When You register on our Website to participate in the Research Study, We can also collect and further process: Your Internet Protocol (IP) address, location data, device type, device fingerprint, cursor movements, pointing devices movements (e.g. mouse, touchpad, touchscreen, trackpad, others).

We use automated systems to analyse Your data, using techniques such as machine learning in order to meet the purposes of the Research Study. This analysis may occur as the content is sent or received using an online feature of the Website, or when the content is stored on our servers.

When we refer to “You” in this Privacy Policy, such reference is limited strictly to individuals who have accessed the Website and voluntarily agreed to register and participate in the Research Study performed through the Website.

Anonymous and Aggregate Information

When we use the phrase “Anonymous Information” in this Privacy Policy, we mean information rendered anonymous in such a way that it cannot or can no longer be used to personally identify an individual.

Like many companies, we monitor the use of the Website by collecting aggregate information. No personally identifiable data are collected in this process. Typically, we collect information about the number of visitors to the Website and the originating domain name of the visitor's Internet Service Provider. Also, we may collect non-personal information about your use of the Website such as, IP address, log files, user activity, time stamps, etc. Finally, we may also collect technical information transmitted by your device, including certain software and hardware information (e.g. the type of browser and operating system your device uses, language preferences, access time and the domain name of the website from which you linked to Website etc.). This information is typically used to improve the usability, performance and effectiveness of the Platform.

Important note: For the avoidance of doubt, any aggregate, non-personal or technical information collected, which is or may be connected or linked to the identities of the relevant users, shall be deemed as ‘personal data’ (as such term is defined in the applicable data privacy laws) as long as such connection or linkage exists or may be made using all the means reasonably likely to be used. In such situations, the provisions in this Privacy Policy regarding personal data shall apply mutatis mutandis to the aggregate, non-personal or technical data mentioned herein. For clarity purposes, as an example, if we have sufficient information to link an IP address to a particular individual user (e.g., through login details, cookies, or any other information or technology) then that IP address is personal data, and is subject to the full protections of data protection law and this Privacy Policy.

Source of Personal Information Collection

We require that You submit certain Personal Information about yourself, including your email address and other Personal Information as stated above, when you register an account on the Website in order to participate in the Research Study.

When you communicate with us through the Website, we may collect and store any information that is contained in your communications with Us.

Purposes and legal basis of processing of Personal Information

We may collect and use the Personal Information We collect from You when you register to participate in the Research Study through the Website. We process such Personal Information exclusively for the purposes of the Research Study.

In addition, We seek to anonymise Your Personal Information to the greatest extent possible (other than Your e-mail address, which We will retain for the purposes of evidencing Your consent to participation in the Research Study). Your typing patterns and similar behavioural traits linked to your typing biometrics/keystroke dynamics will be anonymised, so that there is no possibility (technically and objectively) to link such typing patterns to You. Once anonymised, such typing patterns (even if they could be initially considered personal data) no longer qualify as ‘personal data’ under the relevant data privacy legislation.

We may use Your e-mail address also to respond to any correspondence (live chat, email or phone inquiries) or to respond to Your requests to provide support or information You have requested.

We use Your Personal Information:

We will limit Personal Information that We collect and further process about You only to what is limited for the purposes of processing mentioned above (or other limited purposes which are consistent with the primary purposes mentioned above). We will not use Your Personal Information in a manner which is incompatible with the purposes for which it has been initially collected and/or authorized by You, unless We obtain Your prior consent.

We collect, process, use and, as applicable, disclose Personal Information related to you on the basis of the following legal grounds under the GDPR:

By using the Website and signing up for participation in the Research Study, You agree to the terms of this Privacy Policy. This Privacy Policy is a legally binding agreement between You and TypingDNA and its affiliates.

We may use Your Personal Information based on your explicit consent for the following purposes: (i) to provide you with the Website (including any related apps, services and functionalities thereof) and to allow for your participation in the Research Study; (ii) to improve the quality of the Website and user experience; (iii) to fulfil any request you make; (iv) to communicate with you; (v) or as otherwise directed by you.

Additionally, we may use Your Personal Information to create Anonymous Information for use in scientific research, product development and market research. Once anonymised, Your data (and, in particular, your typing patterns) will no longer constitute ‘personal data’ within the meaning of the applicable data privacy laws.

From time to time, You may be offered the opportunity (i) to respond to requests for additional information from TypingDNA, including but not limited to surveys, polls, questionnaires, and feedback and (ii) to participate in various beta versions of the products and/or services We might develop. 

When We communicate with You regarding products or services we offer or develop, You will be given the opportunity in each communication to unsubscribe and prevent future communications of that sort. Please note that emails We send You may include a technology (called a web beacon) that tells Us whether You have received or opened the email or clicked a link in the email.

If You do not want Us to collect this information from our marketing emails, or if You wish to unsubscribe from direct marketing communications from Us, you may write to Us at dataprivacy@typingdna.com requesting the same. We will cease using Your Personal Information for direct marketing purposes once You have requested Us to do so.

Note: for the avoidance of doubt, TypingDNA does not use your Personal Data (including, in particular, your typing pattern) for the purposes of an automated decision-making process or for profiling.

Recipients of Personal Information

We may disclose Your Personal Information: (a) to third party vendors/suppliers who help us provide the Website; (b) as required by law, such as to comply with a subpoena or otherwise in response to a lawful request by public authorities (including to meet national security or law enforcement requirements), or similar legal process when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request; (c) to a parent company, investor, subsidiary, joint venture, or other companies under common control with us (collectively, “Affiliates”), in the event we have such Affiliates now or in the future, in which case We will require our Affiliates to honour this Privacy Policy, or (d) to a company that merges with us, acquires us, or purchases our assets, or a successor in interest in bankruptcy, in which case such company may continue to process Your Personal Information as set forth in this Privacy Policy. We may also disclose Your Personal Information to our partners (such as Google and/or Gradient Ventures) assisting us in the processing of such data for the purposes of the Research Study (to the extent feasible for the purposes of the Research Study, We may anonymise such data before disclosing it to Our business partners). We will implement appropriate data processing agreements to ensure that such recipients of Your Personal Information process such data in accordance with the relevant data protection laws.

We will share Your Personal Information with third parties only in the ways that are described in this Privacy Policy, only to the extent necessary as per the applicable purpose of the disclosure and in strict compliance with applicable data privacy laws (including by observing the requirement to conclude compliant data processing agreements with any third party processor carrying out their tasks on Our behalf and upon Our instructions). We do not otherwise share or sell Your Personal Information with or to third parties. We may use and disclose Anonymous Information without restriction.

We do not and will not share, disclose, sell, rent, or otherwise provide Your Personal Information to other companies for the marketing of their own products or services.

If you do not want us to disclose your Personal Information to a third party, please write to us at dataprivacy@typingdna.com in this sense. We will take all measures which may be feasible to give effect to such request, but may continue to disclose Your Personal Information to a third party acting as an agent/data processor performing tasks on our behalf and under our instructions, only to the extent strictly required for such operations.

Transfer of Personal Information

Third parties to which We may disclose Your Personal Information may be located within the European Union and elsewhere in the world (including the United States). As a result, Your Personal Information may be transferred to countries outside of the country where the Personal Information was collected to countries whose data protection laws may be less stringent than the laws in Your country.

We will ensure that suitable safeguards are in place to protect Your Personal Information and that the transfer of Your Personal Information complies with applicable data protection laws. 

Where required by applicable data protection laws, we will ensure that service providers (including other associated companies) sign standard contractual clauses as approved by the European Commission or other supervisory authority with jurisdiction over the relevant data exporter.  You can obtain a copy of any standard contractual clauses in place, which relate to transfers of Your Personal Information by contacting dataprivacy@typingdna.com, although some details may be redacted for confidentiality reasons.

Rights with regard to Personal Information

You have a number of rights under the GDPR in relation to Your Personal Information, as follows:

Please note that once We transform Your Personal Information into Anonymous Information, We will no longer be able to provide you with a copy of any such data which was initially provided by You as Personal Information. As stated above, we aim to anonymise the data You provide through Your interactions with the Website (and, in particular, Your typing patterns).

TypingDNA SRL has been appointed as TypingDNA Inc’s representative in the European Union. Complaints/disputes related to the processing of Personal Information hereunder shall be referred to the competent data protection supervisory authority in Romania (see above). We encourage You to resolve any concerns/complaints with respect to the processing of Your Personal Information for the purposes, or in the context, of the Research Study directly with Us first.

Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime), Our interests (e.g. the maintenance of legal privilege) or rights and freedoms of others, as provided by the GDPR.

While We will make good faith efforts to provide You with access to Your Personal Information, We may deny or limited access to such Personal Information where: this would interfere with the execution or enforcement of the law or with private causes of action (including the prevention, investigation or detection of offences or the right to a fair trial); the legitimate rights and interest of others would be violated through such disclosure; this would prejudice the confidentiality necessary in monitoring, inspection or regulatory functions connected with sound management, or in future or ongoing negotiations involving Us. We will of course endeavour to offer You an adequate explanation of the necessity, and reason for, restricting access in the circumstances mentioned above.

If You exercise any of these rights, we will check your entitlement and respond without undue delay, but not later than within a month. In complex cases or at times of receiving numerous requests, this period may be extended by two further months of which we will inform you.

To review or update your Personal Information including user information to ensure it is accurate, please write to us at dataprivacy@typingdna.com informing us of any changes that may need to be made in respect of Your Personal Information and we will update such information on Your behalf and in Our systems.

If You want Us to delete Your account on the Website, You will no longer be able to participate in the Research Study or enjoy the full functionality of the Website. Certain information is necessary in order for Us to provide the Website; therefore, if You delete such necessary information you will not be able to use the Website.

Please remember, however, if We have already disclosed some of this information to third parties, We cannot access that information any longer and cannot force the deletion or modification of any such information by the parties to whom We have made those disclosures. We will of course comply with any legal obligation We may have to notify them of Your request.

Please note that even though you may request the deletion of Your Personal Information by Us, We may be required (by law or otherwise, such as to prevent fraud, resolve disputes, or troubleshoot problems) to keep this information and not delete it, or to keep this information for a certain time, in which case We will comply with Your account deletion request only after We have fulfilled such requirements. When You delete Your account, Personal Information will be deleted from the active database, but (limited) Personal Information may remain in Our archives where legally permitted.

You may choose to suspend or terminate your participation in the Research Study at any time. We will maintain Your email address alone on record, to maintain proof that you had originally consented to participation in the Research Study and the processing of Your Personal Information for the purposes set out herein.

Please note that any processing of Your Personal Information prior to the deletion of Your account with the Website will remain valid under the legal grounds then prevailing.

You can exercise any of your rights as stated above, by sending us a request to dataprivacy@typingdna.com. We will endeavour to respond to any such request as soon as possible, and in any event within the legal deadline.

Information Security

The security of Your Personal Information is important to Us. We use appropriate technical and organizational methods to protect the Personal Information submitted to, or otherwise processed by, Us, both during transmission and once we receive it from loss, misuse or unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Information.

We take great care in implementing and maintaining the security of the Website and of Your Personal Information. We have put in place appropriate technical and organizational measures to protect Your Personal Information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access and against all other unlawful forms of processing, in accordance with the law. In addition, We employ industry standard procedures and controls to ensure the safety of your personal data, such as: secure network typology which includes Firewall systems; encrypted communication, authentication and access control, external and internal audit tests, etc.

Your Personal Information (including typing biometrics) is stored on virtual servers hosted by different cloud services and third party SaaS (Software as a Service) providers, in a secured database behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. In addition, all sensitive information you supply, and which is being transferred between the browser and the server is encrypted via Secure Socket Layer (SSL) technology. We store sensible data encrypted via AES256 (Advanced Encryption Standard 256).

We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of Your Personal Information. We do not use vulnerability scanning and/or scanning to PCI standards.

To further protect the confidentiality and security of such data, to the extent feasible for the purposes of the Research Study, We intend to anonymize any typing patterns We retrieve during Your interaction with the Website for the purposes of the Research Study, so that they are not and cannot be linked (technically or otherwise) to You.

No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, although We take reasonable steps to safeguard information, We cannot be responsible for the acts of those who gain unauthorised access or abuse the Website and We make no warranty, express, implied or otherwise, that we will prevent such access.

Cookies & Other Anonymous Information

As you use the Website, certain Anonymous Information may be collected and stored via cookies and similar technologies, such as your Internet protocol address, domain names, browser type, click-stream data, and access times.

A cookie is a small text file that is stored on a user’s computer for record-keeping purposes. WE use cookies on this Website. WE do not link the information We store in cookies to any Personal Information You submit while on the Website without your express consent.

We use cookies to:

We may also use trusted third-party services that track this information on Our behalf.

We may use both session ID cookies and persistent cookies. We use session cookies to make it easier for you to navigate our site. A session ID cookie expires when You close Your browser. A persistent cookie remains on Your hard drive for an extended period of time. We may also set persistent cookies to store your passwords, so You do not have to enter it more than once. Persistent cookies will enable Us to track and target the interests of Our users to enhance the experience on Our Website.

You can choose to have Your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since each browser is a little different, look at your browser's Help Menu to learn the correct way to modify Your cookies preferences. If You disable cookies in your browser, some features will be disabled. Some of the features that make Your Website experience more efficient may not function properly.

We may use the Anonymous Information we collect from you to customize the content and layout of the Website for You and improve Our internal operations and the content of Our website. With Your opt-in consent, We may combine this Anonymous Information with Your Personal Information such that the information is no longer anonymous.

Changes to the Privacy Policy

We may update this Privacy Policy to reflect changes to Our information practices. If We make any material changes, We will notify you by email (sent to the email address specified in Your account) or by means of a notice on the Website prior to the change becoming effective. We encourage You to periodically review this page for the latest information on Our privacy practices. Continued use of the Website following notice of such changes will indicate Your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.

Any changes to this Privacy Policy may affect Our use or disclosure of Personal Information collected prior to the changes. If You do not agree to any of the changes, You should notify Us prior to the effective date of the changes that you wish to terminate Your account with Us.

Retention Period

We endeavour to ensure that Personal Information is kept as current as possible and that irrelevant or excessive data is deleted or made anonymous as soon as reasonably practicable. We retain Personal Information about You only for as long as it serves a purpose of processing mentioned in this Privacy Policy or a purpose that is compatible with such initial purpose. This does not prevent us from processing your Personal Information for longer periods of time, to the extent such processing reasonably serves other purposes, including for statistical analysis.

Once We anonymise Your Personal Data, such data will no longer constitute ‘personal data’ within the meaning of personal data protection laws. We may retain such anonymised data and use it for further analysis and research and development purposes, without restrictions.

Some Personal Information may be retained for varying time periods in order to comply with legal and regulatory obligations and for other legitimate business reasons. We will generally retain Your Personal Information only so long as it is required for purposes for which it was collected or for other purposes that are compatible with such initial purpose. Where Your Personal Information is no longer required, We will ensure it is either securely deleted or stored in a way which means it will no longer be used by the business.

Subject to the principles set out in the above paragraph, We will delete Your account the later of (i) conclusion of the Research Study, unless Your account and/or the Personal Information associated with it are further required for the purposes of the Research Study or a purpose that is compatible with such initial purpose; or (b) 3 (three) years after your last accessing of the Website (unless You request an earlier deletion of Your Personal Information).

Note: We may continue to use Your typing pattern if We have used such typing pattern to build an algorithm or to further develop and improve an algorithm. If We do so, we undertake to anonymise/ de-personalise Your typing pattern in such a way that it can no longer be linked to You and therefore no longer constitute Personal Information about You.

Children

The Website and the Research Study are not directed to children and children are not eligible to use our Website and/or participate in the Research Study.

Protecting the privacy of children is very important to Us. We do not collect or maintain Personal Information from people We actually know are under 18 years of age, and no part of our Website is designed to attract people under 18 years of age or persons under the age of legal consent in any jurisdiction (“Legally of Age”).

Do not attempt to access the Website and/or create an account and/or participate in the Research Study if You are not Legally of Age. If we later learn that a user is not Legally of Age, we will take steps to remove that user’s information from our databases and to prevent the user from utilizing the Website.

If You are the parent of a legal guardian of a person that is not Legally of Age who has registered on Our Website, or who you believe has otherwise provided Personal Information to Us, please contact Us using the details set out at the end of this Privacy Policy to have the information deleted. We encourage parents and legal guardians to inform children about how to use the Internet in a safe and responsible manner.

Representation of TypingDNA Inc. for the purposes of data privacy regulations

For the purposes of Art. 27 GDPR, TypingDNA SRL is hereby appointed as the representative of TypingDNA Inc. in the territory of the European Union and may be addressed, in addition to or instead of, TypingDNA Inc. by, in particular, supervisory authorities and data subjects, on all issues related to personal data processing performed by TypingDNA Inc., for the purposes of ensuring compliance with the GDPR.

TypingDNA SRL is a Romanian limited liability company, headquartered in Romania, Oradea, Str. Vasile Conta no. 32, 1st floor, office no. 22, registered with the Trade Registry under no. J5/1153/2016, unique registration code 36172414

Questions about this Privacy Policy & Exercising your rights as a Data subject

If you have questions or comments about this Privacy Policy, or wish to exercise any of Your data subject rights under the GDPR, or otherwise make any request as specified further in this Privacy Policy, please contact Us at: dataprivacy@typingdna.com

If You are dissatisfied with Our use of your Personal Information or Our response to any exercise of Your rights under the GDPR, You have the right to complain to the data protection authority: http://www.dataprotection.ro/.

In order to ensure timely resolution, We encourage You to reach out to us first with respect to any queries, questions or complaints You may have in relation to Our processing of Your Personal Information. We will endeavour to respond as soon as practicable.


Date: November 2020