Avathon Privacy Statement

Last Updated: January 18, 2024

Avathon (previously “SparkCognition”) is committed to protecting and respecting your privacy and ensuring that your personal information is processed fairly and lawfully in line with all relevant privacy legislation. The purpose of this Privacy Statement is to set out the principles governing our use of personal information that we may obtain about you through this website (the “Site”) and in connection with the provision of our services (the “Services”). By using this Site, you agree to our use of the personal information that we obtain about you.

Avathon complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. Avathon has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/. Avathon commits to subject to the DPF Principles all personal data received from the European Union in reliance upon the relevant part of the DPF program.

Please read this Privacy Statement carefully. We may change our Privacy Statement from time to time. We therefore ask you to check it occasionally to ensure that you are aware of the most recent version that will apply each time you access this Site. If a revision meaningfully reduces your rights, we will notify you. BY USING THIS SITE, YOU AGREE TO THIS PRIVACY STATEMENT. IF YOU DO NOT AGREE TO THIS PRIVACY STATEMENT, DO NOT USE THIS SITE.

For your convenience, this Site may contain links to a number of other websites. The privacy policies and procedures described here do not apply to those sites; we suggest contacting those sites directly for information on their data collection and distribution policies. Any reference to a linked site or any specific third party product or service by name does not constitute or imply its endorsement by us, and you assume all risk with respect to its use.

Your Data

We may collect, use, store and transfer the following information to provide, improve and protect our Site and our Services.

The data we collect and process. You may give us personal information by visiting or interacting with the Site, filling in forms on the Site, interacting with our Services, or by corresponding with us by phone, e-mail, or otherwise. This personal information includes the following data which are referred to in this Privacy Statement as ‘your data’, ‘your personal data’ or ‘your personal information’:

  • personal information you provide when you interact with the Site. The personal information you give us may include your name, company, mailing address, email address, phone number, country, resume information, feedback and any other information you choose to provide to us;
  • technical data such as your internet protocol (IP) address, the web page you visited before visiting our Site, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Site;
  • usage data which tells us how you use our Site;
  • marketing and communication data which tells us your preference in receiving marketing from us and our third parties and your communication preferences; and
  • sensitive personal data such as your race or ethnicity, your political opinions, religious beliefs, membership in a trade union, physical or mental health condition, sexual orientation, or criminal offenses. As mentioned elsewhere in this Privacy Statement, the Site may include links to third-party websites, plug-ins and applications. These third parties may ask you for your consent to the collection of your sensitive personal information, such as when you submit an online job application. We do not control these third parties and are not responsible for their privacy policies. However, if your sensitive personal information is transferred to us from a third party, we may rely on your consent to the collection of personal information given to the third party for our processing.
  • image/biometric data such as human face, body posture, etc. If our customer (as a data controller) elects to use and instructs us to configure the Platform to do so, the Platform accesses images captured using customer cameras which have been connected to an Edge device. In addition to general footage, the Customer cameras may incidentally collect the following Personal Information: Human face, body posture, etc.; License plate numbers for vehicles; ID badges, name tags. Except as noted below, please note that the Platform will NOT automatically extract or record a unique identity for humans from either their face, clothing, identification badges or name tags. Customers can choose to utilize the Platform’s “Attendance Module”, which will use profile images for employees and other on-site personnel. Such profile images are uploaded by Customer, who is responsible for their lawful collection, and Platform’s facial recognition software is then used to: track attendance; establish if the individual is inside or outside the facility; the location last seen in any given time interval; and the amount of time the employee spent inside facility; and other actions set by the Customer.

Avathon has specifically designed the Platform to have different options for customers in this way so that customers can choose the type of deployment they prefer depending on their data privacy obligations and use cases. Customer, as data controller, will need to ensure that relevant privacy rules in your relevant jurisdiction are complied with to ensure that data subjects are aware of any processing of their Personal Information according to the deployment selected.

Purposes for which we will use your data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation.

The ways we plan to use your personal data are as follows

  • Services. We collect feedback in order to improve our Services and our Site.
  • Usage. We also use your data, especially usage data and technical data, including the actions you take in your account (such as Site visits, page interaction information, and search history), to evaluate and improve our Site and our Services.
  • Cookies and other technologies. We use technologies like cookies to provide, improve, protect, and promote our Site and our Services. More information on our use of cookies is available on our Cookies Policy. Avathon currently does not respond to Do Not Track requests.
  • Marketing. We also use your data to provide you with information about goods or services we feel may interest you. If you do not want us to use your data in this way, select the ‘unsubscribe’ link in any e-mail communication from us.
  • Relationship. We will also use your data to manage our relationship with you which will include notifying you about changes in our Privacy Statement and asking you to leave a review or take a survey.
  • Sale. We will transfer your personal information in the event of a sale of the Company.

Sharing your data

We may share information as discussed below, but we won’t sell it to advertisers or third parties.

Others working for Avathon. Avathon uses trusted third parties (i.e. IT services, analytics services, etc.) to help us provide, improve, protect, and promote our Site and our Services. These third parties will access your information only to perform tasks on our behalf in compliance with this Privacy Statement, and we’ll remain responsible for their handling of your information per our instructions.

Other applications and third-party links. The Site may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. When you leave our Site, we encourage you to read the privacy policies of every website you visit. Please remember that their use of your personal information will be governed by their privacy policies and terms.

Protecting your data

We only process personal data where we have a legal basis for doing so. We review the personal data we hold on a regular basis to ensure it is being lawfully processed.

Before transferring personal data to any third party (e.g. suppliers, partners and back office support), we establish that there is a legal reason for making the transfer, which may include your consent.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

We have implemented measures and procedures that adequately protect the privacy of individuals and ensure that data protection is integral to all processing activities. This includes implementing measures which may include

  • Data minimization (e.g. not keeping data for longer than is necessary);
  • Pseudonymization;
  • Anonymization;
  • Cyber security; and
  • A data security policy.

Your rights – individuals in the European Union

If you are an individual in the European Union, you have certain rights with respect to the access, correction, restriction, and erasure of your personal information stored on our platform at any time. You can exercise any of these rights at any time by contacting us at privacy@Avathon.com. Your rights include the following:

  • Accessing your data. Upon request, we shall provide any information relating to your data and our processing of your data in a concise, transparent, intelligible, and easily accessible form using clear and plain language. The information shall be provided in writing or by other means, including, where appropriate, by electronic means within 30 days of a written request.
  • Correcting your data. You have the right to ask us to rectify any inaccurate or incomplete personal data on our platform. If we have given your personal data to any third parties, we will notify those third parties that Avathon has received a request to rectify your personal data, unless doing so proves impossible or involves disproportionate effort. Those third parties should also rectify the personal data they hold – however, we are not in a position to audit those third parties to ensure that the rectification has occurred.
  • Erasing your data. You can ask us to erase your personal data stored on our platform. If we receive a request to erase your data, we will ask you if you want your personal data to be removed entirely or if you want to be kept on a list of individuals who do not want to be contacted in the future (for a specified period or otherwise). We cannot keep a record of individuals whose data we have erased so you may be contacted again by us, should we come into possession of your personal data at a later date.

If we have given your personal data to any third parties, we will tell those third parties that Avathon has received a request to erase your personal data, unless this proves impossible or involves a disproportionate effort. Those third parties should also rectify the personal data they hold – however, Avathon will not be in a position to audit those third parties to ensure that the rectification has occurred.

Restricting the use of your data. We only process your personal data where we have the legal basis for doing so. You have the right to ask us to suspend or otherwise restrict the processing of your personal data where:

  • You challenge the accuracy of the personal data;
  • The processing is unlawful but you do not want us to erase it;
  • We no longer need the personal data for the purposes of the processing, but you want us to hold it as you need it to establish, exercise, or defend legal claims; or
  • You have objected to our use of your data, but we need to verify whether we have legitimate grounds to use it.

If we have given the personal data to any third parties, we will tell those third parties that we have received a request to restrict the use of your personal data, unless this proves impossible or involves a disproportionate effort. Those third parties should also rectify the personal data they hold – however, we will not be in a position to audit those third parties to ensure that the rectification has occurred.

Withdrawing your consent. Where we are relying on consent to process your personal data (for example consent to receive marketing) you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain Services or services to you.

We may also be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Recourse, Enforcement and Liability:

Avathon has mechanisms in place designed to help assure compliance with the DPF Principles.

If you have any inquiries or complaints, you may contact us at legal@Avathon.com.

You, as an individual, may be entitled under certain conditions, to invoke binding arbitration by delivering notice to us, at our headquarters address set forth below. Any arbitration will follow the terms set forth in Annex I of the DPF Principles, following the procedures and subject to conditions set forth in such Annex.

In accordance with the Data Privacy Framework, we will respond within 45 days of receiving a complaint. If you have specifically invoked binding arbitration or if your complaint cannot be resolved through our internal processes, Avathon will cooperate with JAMS pursuant to the JAMS DPF Program which is described on the JAMS website at: https://www.jamsadr.com/eu-us-data-privacy-framework. We have authorized JAMS as the independent dispute resolution body designated to address complaints and provide appropriate recourse free of charge to the individual. You may contact them at the following link: JAMS (https://www.jamsadr.com/DPF-Dispute-Resolution).

The appropriate statutory body with jurisdiction to investigate any claims against Avathon regarding possible unfair or deceptive practices and violations of laws or regulations covering privacy is the U.S. Federal Trade Commission (https://www.ftc.gov).

Your rights – individuals outside the European Union

Accessing Account Information. We will provide you with the means to ensure that personally identifiable information in your web account file is correct and current. You may review this information by contacting us by sending an email to privacy@Avathon.com.

A Record of Data Transfer. Avathon will provide the right to request and receive, once a year and free of charge, information about third parties to whom we have disclosed certain types of personal information (if any) about you for our direct marketing purposes in the prior calendar year, and a description of the categories of personal information shared. To make such a request, please send an email to privacy@Avathon.com and please include the phrase “Personal Information Privacy Request” in the subject line, the domain name of the website you are inquiring about, along with your name, address and email address. At our option, we may respond to such requests by providing instructions about how our users can exercise their options to prevent our disclosure of personal information to third parties for their direct marketing purposes.

California Online Privacy Protection Act. As required by the California Online Privacy Protection Act (“California Act”) and the California Business and Professions Code, this Privacy Statement identifies the categories of personally identifiable information (as that term is defined above and in the California Act) that we collect through our Site about individual consumers who use or visit our Site and the categories of third-party persons or entities with whom such personally identifiable information may be shared. See more about the California Act at http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf

California Consumer Privacy Act of 2018 (CCPA). You have the right to request, twice a year and free of charge, certain information about parties to whom we have disclosed or sold your personal information in the prior calendar year and a description of the categories of personal information shared. Additionally, upon request, twice a year and free of charge, we shall provide to you any information relating to your personal information and our processing of your personal information in a concise, transparent, intelligible, and easily accessible form using clear and plain language. To make such a request, please send an email to privacy@Avathon.com and please include the phrase “Personal Information Privacy Request” in the subject line, the domain name of the website you are inquiring about, along with your name, address and email address. You can also ask us to delete your personal data stored on our platform. If we receive a request to delete your data, we will ask you if you want your personal information to be removed entirely or if you want to be kept on a list of individuals who do not want to be contacted in the future (for a specified period or otherwise). We cannot keep a record of individuals whose personal information we have deleted so you may be contacted again by us, should we come into possession of your personal information at a later date. If you exercise your rights under the CCPA, Avathon will not discriminate against you. You may use an authorized agent to make a request on your behalf. Requests to know and requests to delete will be honored within 45 days; if more time is needed to respond, Avathon will notify you.

Avathon has collected, will collect and has disclosed the personal information described in the categories below during the last year for business purposes; however, Avathon does not sell your personal information.

  • Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, job title, phone number, country, social media information, browser language, or other similar identifiers.
  • Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, address, telephone number, education, employment, employment history, and bank account number. Some personal information included in this category may overlap with other categories.
  • Commercial information. Records of personal property, Services or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
  • Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
  • Inferences drawn from other personal information. Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Where we store and transfer your data

The Site is controlled by Avathon from its offices in the United States. Avathon may store and use information in the United States and other jurisdictions; any personal data provided to Avathon will be transmitted to or within those jurisdictions. Avathon also may transfer information and personal data to other jurisdictions to facilitate Avathon’s third party processors’ access to and/or processing of information and/or personal data.

Avathon makes no representation that materials on this Site are appropriate or available for use in other locations, and access to them from territories where their contents are illegal is prohibited. Those who choose to access this Site from other locations do so on their own initiative and are responsible for compliance with applicable local laws.

Contact

Have questions or concerns about our Site, Services, or Privacy Statement? Contact us at privacy@avathon.com.