Visitor Aware Privacy Notice

Effective: January 2024

PLEASE READ THIS PRIVACY NOTICE CAREFULLY AND MAKE SURE YOU FULLY UNDERSTAND IT.

Singlewire Software, LLC (“Singlewire” or “we,” “us” or “our“) provides the Visitor Aware Visitor Management and Security Software, an online identity verification and visitor management service (together with related online platforms and mobile applications, “Visitor Aware“) to schools and similar entities that have a current subscription to access and use Visitor Aware (our “Subscribers“). In addition to collecting certain data about our Subscribers’ employees and other personnel that access and use Visitor Aware for or on behalf of our Subscribers’ (“Users“), certain data about individuals when they visit a Subscriber’s secured facilities (“Premises“) and the Subscriber verifies that individual’s identity and/or manages that individual’s access to the Subscriber’s Premises through Visitor Aware (a “Visitor“). A Visitor’s interaction with Visitor Aware at a Subscriber’s Premises happens through the Visitor’s interaction with Visitor Aware on or through devices provided by the Subscriber, such as a kiosk, tablet, smart phone or other mobile device.

This Visitor Aware Privacy Notice (“Privacy Notice“) describes how we collect, use, share, disclose and protect certain data that is collected from or created about a Visitor in connection with a Visitor’s interaction with Visitor Aware (“Visitor Aware Data“). If you are a User, please refer to the Singlewire Privacy Policy, available at https://www.singlewire.com/privacy, for information about how we collect, use, share, disclose and protect the data we collect from or about you in connection with your use of the applications, products and services we provide to our Subscribers, including, without limitation, Visitor Aware, is provided in the Singlewire Privacy Policy, available at https://www.singlewire.com/privacy.

Please note, this Privacy Notice does not cover our Subscribers’ own collection, use, disclosure or protection of Visitor Aware Data. This is because our Subscribers are generally the controller with respect to Visitor Aware Data, meaning our Subscribers decide how to use Visitor Aware Data for their own purposes. Our Subscribers are responsible for providing Visitors and other relevant individuals with information regarding how our collection, use, disclosure and protection of Visitor Aware Data and obtaining all necessary permissions from Visitors and other relevant individuals regarding our Subscribers’ collection and use of Visitor Aware Data. Accordingly, additional privacy policies, notices or other disclosures may apply to our Subscribers’ collection and use of Visitor Aware Data. To be clear, Singlewire is not responsible for our Subscribers’ or their Users’ processing and use of Visitor Aware Data.

1.     Overview of Visitor Aware Data and Personal Data

Visitor Aware is designed to enable a Subscriber to verify a Visitor’s identity and manage that Visitor’s access to the Subscriber’s Premises. To do this, certain Visitor Aware Data is collected or created in connection with a Visitor’s interaction with Visitor Aware at a Subscriber’s Premises. As described in more detail in Section 2 below, Visitor Aware collects Visitor Aware Data in various ways, including: collecting Visitor Aware Data: (1) directly from the Visitor during the Visitor’s interaction with Visitor Aware; (2) from publicly available government records based on the Visitor Aware Data provided by the Visitor; and (3) from data and other information, which may include Personal Data, collected, created or otherwise maintained by the applicable Subscriber. Visitor Aware also may also create Visitor Aware Data through the use of certain features and functionalities available through Visitor Aware.

Depending on how a Subscriber configures their use of Visitor Aware, Visitor Aware Data may be considered “Personal Data” – data or information that identifies, relates to, describes, is reasonably capable of being associated with, could reasonably be linked, directly or indirectly, with a particular Visitor. Visitor Aware Data that consists of data or other information that is lawfully made available from federal, state or local government records or lawfully obtained, truthful information that is a matter of public concern is NOT considered Personal Data under this Privacy Notice.

In other circumstances, Visitor Aware Data may include data or information that is deidentified or aggregated in a way that it cannot be used to identify a particular Visitor (“Deidentified Data”). Deidentified Data is NOT considered Personal Data under this Privacy Notice. We commit to maintaining Deidentified Data in its deidentified form and not to attempt to reidentify the Deidentified Data, except and solely for the purpose of determining whether our deidentification processes satisfy the requirements of applicable laws.

Please note, this Privacy Notice does not apply to our Subscribers’ own collection, use, disclosure or protection of Visitor Aware Data or any other Personal Data our Subscribers collect or maintain about Visitors or any other individual. This is because our Subscribers are generally the controller with respect to such Visitor Aware Data and other Personal Data, meaning our Subscribers decide how to use such Visitor Aware Data and other Personal Data for their own purposes. Our Subscribers are responsible for providing Visitors and other relevant individuals with information regarding their collection, use, disclosure and protection of Visitor Aware Data and other Personal Data for their own purposes and obtaining all necessary permissions from Visitors and other relevant individuals regarding their collection and use of such Visitor Aware Data and other Personal Data. Accordingly, depending on the nature of a Visitor’s or other relevant individual’s relationship with a Subscriber, additional privacy policies, notices or other disclosures provided or otherwise made available by that Subscriber apply with respect to that Subscriber’s collection and use of such Visitor Aware Data and other Personal Data. To be clear, Singlewire is not responsible for our Subscribers’ or their Users’ processing and use of Visitor Aware Data or other Personal Data.

2.     Categories of Visitor Aware Data Collected

Based on the Visitor Aware settings a Subscriber elects to use and subject to compliance with applicable laws, the following categories of Visitor Aware Data may be collected or created in connection with a Visitor’s interaction with Visitor Aware.

Identifiers

    • Description: Data and information that directly identify a Visitor, such as a Visitor’s name, email address, mailing address, phone number, government-issued IDs, school-issued IDs, user ID, and any other data or information a Visitor elects to provide during the Visitor’s interaction with Visitor Aware.
    • Source: Provided by Visitor through interaction with Visitor Aware.
    • Purpose for Collection or Use: Verify Visitor’s identity and enable Subscriber to manage Visitor’s access to the applicable Premises based on Subscriber’s applicable policies and procedures.

Visitor Measurements

    • Description: Image capture of a Visitor’s face and scan of the Visitor’s facial geometry. Please note, Visitor Measurements may constitute biometric identifiers under certain applicable laws.
    • Source: Subject to restrictions under applicable law, captured and created if Visitor provides consent to collection and creation during Visitor’s interaction with Visitor Aware.
    • Purpose for Collection or Use: Enable the use of facial recognition to verify Visitor’s identity, identify repeat Visitors, enable Subscriber to manage Visitor’s access to the applicable Premises based on Subscriber’s applicable policies and procedures and eliminate potential matches when a potentially banned or flagged Visitor attempts to enter the Subscriber’s Premises.

Access to Premises

    • Description: Log of when a Visitor enters and exits the applicable Premises.
    • Source: Created through a Visitor’s interaction with Visitor Aware when a Visitor enters and exits the applicable Premises.
    • Purpose for Collection or Use: Enable a Subscriber to maintain a log of access to the applicable Premises by Visitors.

Information Provided by Subscribers

    • Description: Data and information contained in a Subscriber’s records relating to relationships or authorizations, such as authorized relationships between a Visitor and a student or other individual.
    • Source: Subscriber records uploaded by Subscriber to Visitor Aware.
    • Purpose for Collection or Use: Enable a Subscriber to determine a Visitor’s authorizations with respect to that Subscriber’s Premises based on Subscriber’s applicable policies, procedures and security settings, such as determining whether a Visitor is permitted to enter the applicable Premises or authorized to check a student or other individual out of the applicable Premises.

3.     Retention of Visitor Aware Data

Each Subscriber establishes the amount of time Visitor Aware Data collected or created through that Subscriber’s access to and use of Visitor Aware is retained. However, with respect to Visitor Measurements, as more fully described in the Visitor Aware Biometric Information Retention Policy: (1) the maximum period of time Subscribers are permitted to retain Visitor Measurements for a particular Visitor is 36 months following the date such Visitor Measurements were originally collected or created; (2) Visitor Aware automatically deletes Visitor Measurements associated with Visitors who have not interacted with Visitor Aware for a period of 6 months; (3) Visitor Measurements are deleted anytime a Subscriber deletes a Visitor from Visitor Aware; and (4) scans of facial geometry or deleted any time the image capture associated with that Visitor is deleted. Without limiting the foregoing, we will not retain Visitor Measurements for more than three years following the date of collection or creation.

Please note, the foregoing only applies to retention of Visitor Aware Data within Visitor Aware. Subscribers may retain certain Visitor Aware Data outside of Visitor Aware, including, without limitation, Visitor Measurements, for different time periods and different purposes.

4.     Our Disclosures of Visitor Aware Data

We do not sell Visitor Aware Data to third parties or use Visitor Aware Data for behavioral advertising or similar marketing purposes. However, in addition to the applicable Subscriber and any third party to whom a Visitor consents or instructs us to provide Visitor Aware Data, we may disclose Visitor Aware Data to certain categories of third parties, including:

Service Providers – we may engage third parties to perform services complementary to our own (e.g., hosting services, data analytics services, user engagement services, email distribution and monitoring services and business, legal and financial advisory services) (collectively, “Service Providers“). These Service Providers may have access to Visitor Aware Data depending on each of their specific roles and purposes in facilitating and enhancing Visitor Aware. We require these Service Providers to exercise reasonable care to protect Visitor Aware Data and restrict their use of Visitor Aware Data for the purposes for which we disclosed it to them.

Parties to Business Transactions – In the event of an anticipated or actual merger or acquisition, bankruptcy, or other sale of all or a portion of our assets, we may transfer or allow third parties to use information owned or controlled by us, including Visitor Aware Data. We reserve the right, in connection with these types of transactions, to transfer or assign Visitor Aware Data and other information we have collected or created to applicable third parties or authorize such third parties to use any such information. Except as ordered by a bankruptcy court or other court, the use and disclosure of all transferred Visitor Aware Data will be subject to this Privacy Notice. However, any Visitor Aware Data submitted or that is collected or created after this type of transfer may be subject to a new privacy policy adopted by the successor entity.

Law Enforcement and to Protect Our Rights – to the extent permitted under, or required by, applicable law, we may disclose any Visitor Aware Data and other information to government or law enforcement officials or private parties as we believe is necessary or appropriate to investigate, respond to, and defend against legal claims, for legal process (including subpoenas), to protect our property and rights or the property and rights of a third party, to protect us against liability, for the safety of the public or any person, to prevent or stop any illegal, unethical, fraudulent, abusive, or legally actionable activity, to protect the security and integrity of Visitor Aware and any equipment used to make Visitor Aware available or to comply with applicable laws.

Affiliates – we may disclose Visitor Aware Data to our affiliates with the understanding that they will treat such Visitor Aware Data consistent with this Privacy Notice.

Please note, the foregoing only applies to our disclosure of Visitor Aware Data to third parties. Subscribers may disclose Visitor Aware Data, including, without limitation, Visitor Measurements, to other categories of third parties.

5.     Data Protection

We are committed to protecting the security of Visitor Aware Data in our possession or under our control. We use commercially reasonable technical, organizational and physical safeguards to maintain the security and privacy of Visitor Aware Data in our possession or under our control. Nevertheless, there is an inherent risk in the transmission of information via the internet. Although we take precautions to protect against the risk of unauthorized access to Visitor Aware Data in our possession or under our control, we cannot guarantee the security of any information, including Visitor Aware Data, disclosed online.

6.     Third Party Practices

This Privacy Notice does not apply to the practices of third parties, including our Subscribers, that we do not own or control. We are not responsible for the privacy policies or practices of third parties. This Privacy Notice does not apply to any data provided to, or collected by, third parties.

7.     Updates and Amendments

We may update and amend this Privacy Notice from time to time by posting an amended version and indicating the last date it was updated above. The amended version will be effective as of the date it is posted. We will provide a 10-day prior notice if we believe any substantial changes are involved via any of the communication means available to us or through Visitor Aware.

8.     Contact Us

If you have any comments or questions about this Privacy Notice, or if you have any concerns regarding Visitor Aware Data, please contact us by email at [email protected].