Biometric Data collection campaign mobile application documents

Privacy Policy for Biometric Data collection campaign

The protection of your personal data is a priority for Thales, which ensures that your personal data is processed with complete transparency and security.

When using this Thales Biometric Data Collection Campaign” Mobile Application (the “Application”) you will share your personal data with THALES DIS CZECH REPUBLIC S.R.O. a Czech company registered with the Trade and Companies Register of Prague under number 264 32 293, whose registered office is at 4, Michle, Zeletavská 1448/7, PSC 140 00 PRAHA, Czech Republic (“THALES”).

In this case, Thales acts as data controller, meaning that Thales determines the purpose and manner of processing your personal data.  

 

1. What personal data do we collect and process?

Thales may process the following personal data when you use the Application: 

• Personal Information: face videos and images.
• Information about the device you are using to access the Application, depending on the device you are using and its settings, which may include:
  • Type of device
  • Device operating system
  • Device camera configuration (for example supported resolutions)
  • Application info and performance, crash logs, diagnostics, other application performance data

2. What are the purposes for processing your personal data?

Your data may be used for the following purposes: 

• Internal research & development including machine learning, improvement of Thales products and services, product validation and performance testing within the context of the Project

3. What is the legal basis for the processing of your personal data?

The legal basis for the processing of your personal data is the End-User License Agreement to which you are party since you downloaded the Application and the consent form you signed with one Thales entity related to the Biometric data collection campaign for this purpose.

4. How long do we keep your personal data?

For the abovementioned purposes, your personal data will be kept for a period of five (5) years from the date your personal data was collected. 

5. Who receives your personal data?

In the context of such processing, the recipients of all or part of your personal data may be the personnel of THALES, the Thales entities listed in the consent form You signed and other entities of its group in charge of the administration, supervision and management of THALES’ mobile application products and services management, as well as some personnel of third parties which provide services to THALES, in particular hosting and maintenance services of its information systems.

When your personal data is transferred by a Thales company established in the European Economic Area (hereinafter “the EEA”) or in the United Kingdom (hereinafter “the UK”) to a Thales company established outside the EEA or the UK, in a country that has not been recognized as offering an adequate level of protection by an adequacy decision of the European Commission or the UK, this transfer is based on the Binding Corporate Rules (hereinafter the “BCR”) adopted by Thales. 

Thanks to the Thales BCR, wherever your personal data is processed within the Thales Group, it benefits from the same standard of protection. You can access the Thales BCR by clicking here.

Thales external suppliers and service provider. When your personal data is transferred by a Thales company established in the EEA to a third-party established outside the EEA, in a third country that has not been recognized as offering an adequate level of protection by an adequacy decision of the European Commission, Thales relies on Standard Contractual Clauses as adopted by the European Commission (hereinafter the “SCC”).

You can obtain a copy of the SCC signed by Thales by making a “Personal data protection” request here.

When your personal data is transferred by a Thales company established in the UK to a third-party established outside the UK in a third country that has not been recognized as offering an adequate level of protection by the UK, Thales relies on the International Data Transfer Agreement (IDTA) or the International Data Transfer Addendum to the SCC issued by the Information Commissioner’s Office.

6. What security measures are in place to protect your data?

Thales undertakes to implement the technical, organizational and contractual security measures necessary to protect your personal data against accidental or unlawful destruction, loss, alteration, disclosure or unauthorized access.

7. What are your rights concerning your personal data?

Please note that you have the right to access your personal data and to request that your personal data be rectified or deleted. You are also entitled to request restriction of the processing of your personal data. In addition, you have the right to ask for receiving, in a structured and standard format, your personal data that you provided to Thales and which Thales processes by automated means.

In case of any request or complaint, please send an email to support.digital.id.wallet.demo@thalesgroup.com. You can also contact our Data Protection Officer by sending an email to the following address: dataprotection@thalesgroup.com. 

In any case, you also have the right to lodge a complaint with the competent data protection authority.

8. Update of the Thales EUDIW LSP Wallet Privacy Policy

The present notice of the Application is updated regularly to take into account technological innovations as well as legislative and regulatory changes.

Date of last revision: October 2025