Legal and Personal Data
Clear privacy for face recognition.
This English page is a convenience translation of the Colombian legal baseline for Facerec. If there is any conflict, the Spanish version and the client contract should control.
Personal Data Processing Policy
Facerec, associated with facerecognition.tech, processes personal data to provide face recognition, attendance, access control, reporting, technical support, and commercial follow-up. Data subject requests may be sent to legal@facerecognition.tech or through the public contact form. Each client contract may add the legal name, tax ID, address, support channel, and deployment details that apply to that client.
For employee, contractor, visitor, or end-user data processed for a client, the client usually acts as Data Controller and Facerec acts as Data Processor. For website prospects, portal users, and commercial contacts, Facerec acts as Controller.
Data categories
- Website leads: company, name, phone, email, country, employee count, IP, country preselected through geolocation, browser, request date, and consent version.
- Portal users: username, role, organization, session activity, and language preference.
- Client people records: name or external ID, site, active status, and attendance records.
- Sensitive biometric data when authorized: enrollment images, facial crops, biometric vectors, match scores, and recognition events.
- Technical data: camera, device, site, detection time, security logs, protected ingest credentials, and operational metadata.
Purposes
- Respond to commercial requests and schedule demos.
- Create, operate, and protect private client portal accounts.
- Run authorized face recognition for attendance, entry, exit, presence, access, and reports.
- Sync minimum attendance events to the private client dashboard.
- Prevent fraud, abuse, unauthorized access, operational errors, and security risks.
- Comply with legal, contractual, accounting, audit, and authority requirements.
Sensitive biometric data
Biometric data is sensitive under Colombian privacy rules. It should only be processed with prior, explicit, informed authorization unless a legal exception applies. The authorization should identify the Controller, Processor, purposes, data subject rights, and contact channels, and should explain that sensitive data is not mandatory unless a valid legal or contractual basis exists.
Storage, processors, and transfers
Operational data is currently processed on private servers controlled by Facerec and on hardware installed for the client. The private portal is hosted on a VPS with HTTPS and restricted access. Facerec may later use other servers, cloud providers, messaging tools, or specialized processors for recognition, support, security, backups, or reports, subject to the Controller's instructions, security measures, and data transfer or transmission agreements where required.
Retention
| Data | Baseline retention | Reason |
|---|---|---|
| Website leads | Up to 24 months or until deletion is requested, unless a legal duty applies. | Commercial follow-up and proof of consent. |
| Training images and biometric vectors | While the person remains active in the system or as instructed by the client. | Operate authorized recognition. |
| Low-confidence review crops | 7 days by default, unless an approved configuration changes it. | Quality control and match correction. |
| Attendance and access events | During the contractual relationship and as needed for reports, audit, or legal defense. | Client operational history. |
Short privacy notice
Facerec processes personal data to respond to commercial requests, operate private client portals, provide face recognition, generate attendance, entry, exit, reports, support, and security. Biometric data is sensitive and requires explicit authorization when used. Data subjects may exercise their rights at legal@facerecognition.tech and may contact Colombia's Superintendence of Industry and Commerce if a request is not properly addressed.
Biometric authorization model
- I give prior, explicit, informed authorization for my personal and facial biometric data to be processed for identification, attendance, entry, exit, security, and internal reports.
- I understand biometric data is sensitive and that I am not required to authorize it unless there is a valid legal or contractual basis.
- I was informed about the Controller, the Facerec technology Processor, purposes, contact channels, rights, and the possibility of filing complaints before the SIC.
- I authorize transmission to Facerec and technical providers needed to operate, host, process, back up, or support the system under security measures.
Portal terms
- The portal is private and may only be used by users authorized by the client or Facerec.
- Users must protect credentials, close shared sessions, and report suspicious access.
- Portal information is confidential and may only be used for authorized attendance, operation, security, or reporting purposes.
- The client is responsible for authorizations, visible notices, internal roles, and user lifecycle management.
Cookies and similar technologies
The public site uses local storage to remember language preference. The portal uses Django session and security cookies. We do not use behavioral advertising cookies. The demo form records privacy consent with the request. The form country may be preselected server-side by IP through a geolocation provider; the user can change it before submitting.
Colombia client checklist
- Define the exact use case: attendance, access, security, visitors, or another purpose.
- Deliver a privacy notice and obtain explicit authorization for biometric data before enrollment.
- Place visible notices in camera or recognition hardware areas.
- Execute a data processing agreement with Facerec and any external processor.
- Define retention, authorized users, offboarding, and biometric template deletion.
- Assess whether the National Database Registry applies based on entity type and assets.