SDK Developer Privacy Guidelines
This SDK contains software which collects biometric data from the wearer for the emteqPRO or other Emteq Labs products. Biometric data includes data on expressivity, pulse and movement, but not actual images or representations of the face. Biometric data but not facial images or representations are available to the SDK developer. Information about how this SDK collects and processes biometric data that the SDK developer can collect and use can be found in the relevant section of the Emteq Labs Documentation Portal pages. We recognize the importance and privacy of user data, and to create a platform that supports these values we require developers who use this SDK to conduct the following self-review privacy checklist:
- You must post a conspicuous privacy statement to users in your application disclosing the use of biometric technology and collection of biometric data. Such privacy statement shall describe your collection and use of biometric data, including what data is collected, how data is being collected and used, purpose of data usage, whether any data is shared with third parties, data retention etc.
- You must keep your privacy statement up-to-date as you make changes to your data processing practices such as what type of biometric data you collect, and how you use it or if you add new features and functionality to your application that may affect user privacy.
- You must get explicit opt-in consent before you collect biometric data where required by applicable laws.
- You must only collect or provide access to biometric data which is required to accomplish the task or functionality in your application and as disclosed in your privacy statement.
- While this SDK might allow you to access certain biometric data, you must not, and must not attempt to, collect, store, distribute or transfer eye image data.
- You must not use any biometric data, on its own, as an identifier to identify or recognize an individual.
- You must not share biometric data with third parties without user consent or otherwise complying with data protection law.
- If you share or make available biometric data to any third party, you must ensure that third parties comply with the same requirements in these guidelines.
- If you collect or use biometric data for profiling or behavioural analysis, you must provide a mechanism for users to reject profiling and behavioural analysis.
- If you process biometric data about individuals in the European Union, you must comply with all terms of European Union's General Data Protection Regulation ("GDPR") and any corresponding or equivalent national laws or regulations.
- If you collect biometric data of a minor (subject to the definition of children age under applicable laws), you must comply with applicable data protection laws meant to protect children (such as the U.S. Children's Online Privacy Protection Act ("COPPA")).
- If you use, collect or process biometric date for healthcare or health research use, you must comply with applicable data protection laws and relevant healthcare or medical regulations and determine for yourself if our product meets your compliance needs.
- You must implement appropriate security measures to protect the confidentiality and integrity of biometric data and prevent unauthorized access, use or disclosure, such as using industry standard encryption methods when appropriate.
- Don't sell or license any biometric data received through this SDK.
- Don't use a service provider to process biometric data you received through SDK unless you make them sign a contract to: (a) protect any biometric data you received through us (that is at least as protective as our terms and policies), and (b) limit their use of that biometric data solely to using it on your behalf to provide services to your application (and not for their own purposes or any other purposes). You must ensure they comply with our terms and policies (and you are responsible for their non-compliance).
- Don't use biometric data obtained through this SDK to discriminate (including based on race or gender) or make decisions about eligibility to participate in plans or activities, including to approve or reject an application or charge different interest rates for a loan.