CoVision respects and protects the privacy of all users (hereinafter referred to as “users” or “you”) who use our website. This Privacy Policy is designed to help you understand how we collect, use, share, and process your personal information, as well as how you can exercise your privacy rights. This Privacy Policy applies to the personal information generated when you use the CoVision website and its Software as a Service (SaaS) services.
Definitions
In this statement, we use the following definitions:
The term “CoVision” or “we” or “our” refers to CoVision Corporation and its subsidiaries and affiliates.
“you” refers to the natural person (individual) whose personal data is collected and processed by CoVision.
The term “Services” refers to CoVision’s cloud-based communication (CPaaS – Communications Platform as a Service) and other products and services.
The term “personal data” refers to any information about you that can directly or indirectly identify you.
The term “controller” refers to the organization that determines the purposes and means of processing data and is responsible for processing such data in compliance with applicable privacy laws.
The term “processor” refers to the organization that processes personal data on behalf of the controller.
The term “applicable privacy laws” refers to all laws and regulations applicable to the processing of certain personal data (such as the General Data Protection Regulation (EU) 2016/679, UK GDPR, or the UK Data Protection Act 2018). For more information, please refer to the appendices of specific countries/regions.
About CoVision Services
CoVision is a provider of Communication Platform as a Service (CPaaS) and Software as a Service (SaaS). When providing services to customers, we act as controllers or processors depending on the circumstances.
Our Activities as Processor
Our customers primarily integrate our services into their business operations through their own software applications (via APIs) or using our web interface. By using our cloud communication platform, our customers can utilize various communication channels (SMS, email, voice, etc.) to send or exchange their communications with end users. We do not have a direct relationship with our customers’ end users, so we distribute these communications through telecom operators and other communication service providers. When we do this, we act as processors on behalf of the customers and process the relevant data solely for the purpose of providing them with our services. We operate within the limits, instructions, and agreements with customers, such as terms and conditions of service, service agreements, data processing agreements, or similar agreements.
For example, when you, as an end user of our customer, are the recipient of communications (such as SMS) sent to you by our customer using our platform, we send those communications on behalf of our customer. This means that the customer is the controller, and CoVision is the processor. Any requests regarding rights related to activities carried out on behalf of the customer received from the customer’s end users will be forwarded to the customer or the end users will be directed to contact them directly.
Our Activities as Controller
This privacy statement describes the activities carried out by CoVision as a controller. When we process personal data for our own purposes, CoVision acts as a controller rather than on behalf of others. We commit to processing such data in accordance with the descriptions in this privacy statement and complying with all obligations arising from applicable privacy laws.
3.Who is responsible for your personal data?
The main entity (controller) responsible for processing the personal data described in this Privacy Statement is CoVision, located at Unit 618, Building T2-B, Gaohai Street, High-tech Industrial Village, High-tech South 7th Road, High-tech Industrial Park Community, Nanshan District, Shenzhen, China.
In accordance with the European Union data protection law, CoVision has appointed its Data Protection Officer (“DPO”) based in the European Union as our EU representative.
If you have any questions regarding this Privacy Statement or our privacy practices, you can contact our Privacy Team and Data Protection Officer via the email address charon@covision.com.
4.How do we obtain your personal data?
For example, when you use our services, visit our website, register for events, participate in our research programs, submit application forms, or communicate with us in other ways, most of the personal data we process is provided directly by you.
We also receive personal information from other sources, such as:
If you are employed by our customers or suppliers or represent our customers or suppliers, they may provide us with certain information for you to use our services.
If you are an end user of one of our customers, they may provide us with certain information to use our services.
If you participate in our market research, we may receive information related to that research from our third-party providers.
If you visit our website or use our services, we automatically collect certain information, such as your Internet Protocol (IP) address, user settings, cookie identifiers and other unique identifiers, browser or device information, and location information (including approximate location derived from IP address). For more information on how we collect data through cookies, please visit our Cookie Policy.
If you apply for a job, we may receive information from background check service providers or collect information from LinkedIn or other public sources or data enrichment providers (where permitted by local law).
If you are designated as a referee by our job applicants, we may receive certain information so that we can contact you during the recruitment process.
5.What personal data do we collect, why, and on what legal basis, how do we use this data, and how long do we retain it?
5.1 When we provide services to customers
In this section, you will find information about how we process personal data when providing services to customers.
It provides detailed information about how we process your data if you meet the following conditions:
As an individual, you are our customer
Work for or represent our customers, in which case you are:
“Account User” (individual authorized by the customer to log in to their account and use CoVision services)
“Business Contact” (any other individual representing the customer or acting as a point of contact between the customer and CoVision)
You are the “End User” of our customer (individual who receives communications from the customer or sends them to our customer).
5.1.1. To sign agreements, create customer accounts, and provide necessary support for customers to use our services
What personal data do we collect?
CoVision collects “Account Data,” which includes all data necessary to maintain a successful business relationship with the customer, such as information required to create customer accounts, allow customers to use CoVision services, or bill customers. Specific types of data include:
Registration details of customers and account users (such as name, (business) address, phone number, email address, company name and industry, business role, and login details)
Customer billing and financial details (such as billing address, pre-paid or post-paid customers, bank account details, VAT number, information regarding credit and payment behavior, and additional information required by applicable law)
Details of business contacts (such as name, (company) address, phone number and email address, company name and industry, and business role)
“Customer Support Data” (i.e., customer support communications, including the content of customer support tickets).
How do we collect it?
Directly from you or from our diligence providers (if you are an individual).
Directly from you or through your organization if your organization is our customer.
Why do we collect it, on what legal basis, and how do we use it?
We collect and use account data for the following purposes:
To sign and manage agreements with customers
Create customer accounts and allow their account users to use our services
Ensure the security of customer accounts and provide customer service and support
Share relevant information about our products and services, maintain and improve our business relationship with customers, and exercise our rights and fulfill our obligations arising from these business relationships
Evaluate whether we can enter into contractual agreements with potential customers through due diligence procedures. We may use your identity data as part of the process. Whenever due diligence is conducted, we will separately notify you of the exact details of the processing.
These activities are our legitimate interests, i.e., to provide services to your organization. However, if you are an individual corresponding party to our contract, we process your data because it is necessary to perform the service agreement or provide assistance at your request before entering into the agreement.
How long do we retain it?
Personal data of account users and business contacts will be retained for twelve (12) months after the end of our business relationship with customers.
Personal data of individuals who are customers of ours will be retained for seven (7) years after the end of our business relationship.
Customer support data will be retained for seven (7) years after the support request is resolved.
Account data is typically retained until the specified deadlines. However, in certain cases, if specific local laws require, authorities request, or it is necessary to defend our legitimate rights, we may need to retain this data for different periods. For detailed information, please refer to Section 11.
5.1.2. Enabling customers to exchange their communications through our services, ensuring the security of our network and services, and handling billing and payments
What personal data do we collect?
CoVision collects “Communication-Related Data,” including:
“Communication Content”: Messages, texts, voice, video or audio media, documents, or images exchanged between customers and their end users through CoVision services.
“Traffic Data”: Data processed for the transmission of communications using our services or for billing related to those communications. It includes information about the communication itself (such as routing, type, duration, and timing of the communication) as well as the source and destination of the communication (including phone numbers or email addresses of the customer’s end users, depending on the service provided).
We also collect “Usage Data,” which is information generated during your use of our services. This includes information communicated to CoVision by applications (such as IP addresses, your usage information, routing information) and activity logs on our platform.
How do we collect it?
Communication content comes from our customers or their end users.
Phone numbers or email addresses of our customers’ end users are received from our customers. Other traffic data is automatically generated or displayed during communication transmission.
Usage data is received directly from you or generated when you use our services.
Why do we collect it, on what legal basis, and how do we use it?
Communication content is collected and processed solely on behalf of the respective customer. We act as processors and act in accordance with the customer’s instructions.
Traffic data is usually retained in the form of communication detail records, which we collect and use to:
Manage traffic, with the aim of transmitting customer communications to telecom operators and other communication providers and processing customer inquiries.
If you are an individual customer of ours, processing your personal data is necessary for fulfilling our service agreement. If our customer is a legal entity, we rely on our legitimate interests to provide services to the customer.
To identify and detect network issues, prevent fraud and other illegal activities, and ensure the security of our services. In conducting these activities, we may also utilize account and usage data. The latter is particularly relevant to investigating fraudulent activities as it enables us to establish the time frame of account user activity when security-related events occur and take appropriate mitigating actions.
The security of our services is crucial to us, so for these activities, we rely on our legitimate interests to maintain and improve the security of our network and services.
To compute charges and settle interconnection payments with telecom operators and other communication providers, or resolve billing disputes with our customers or communication providers. In certain cases, we may also use account data as part of this activity.
Conducting these activities is our legitimate interest in handling payments and resolving financial disputes.
Please note that to comply with our legal obligations, we may be required to retain records containing communication-related data in accordance with national data retention regulations related to law enforcement matters and share these records upon government requests.
How long do we retain it?
Communication content is retained on behalf of the customer and according to the customer’s instructions.
Traffic data containing personal data of end users (such as phone numbers or email addresses) will be deleted from communication detail records twelve (12) months after the end of the month in which the communication occurred.
Other traffic data that does not contain personal information of end users (such as timing, type, duration of communication, and routing details) will be retained in communication detail records for up to ten (10) years.
Usage data may be retained for up to three (3) years.
Communication-related data and usage data are typically retained until the specified deadlines. However, in certain cases, if specific local laws require, authorities request, or it is necessary to defend our legitimate rights, we may need to retain this data for different periods. For detailed information, please refer to Section 11.
5.1.3. Improving our products and services
What personal data do we collect?
CoVision collects “Behavioral Analysis Data,” which is data generated during your activity as an account user of ours on our website and platform (e.g., your behavior recorded on our web interface, such as time spent, pages visited, your browsing history and features used, as well as your IP address and browser-related information).
How do we collect it?
Behavioral analysis data is received directly from you or automatically generated through the placement of cookies and trusted tracking technologies on your browser when you use our services. For more information on how we collect your data through cookies on our website, please visit our Cookie Policy.
Why do we collect it, on what legal basis, and how do we use it?
We collect and use behavioral analysis data to:
Gain insights into how our current customers use our platform and services. Specifically, we employ partially automated measurements, including human intervention, to analyze how you use available features and tools on our platform, provide recommendations for enhancing performance (e.g., how to better access certain features), and better meet our customers’ business needs.
Create statistical data about tool usage to understand which tools have user-friendly designs and which tools should be enhanced.
The overall goal of such activities is to enhance message delivery execution for you and your organization when communicating with end users, and we rely on our legitimate interests when conducting these activities.
How long do we retain it?
Behavioral analysis data is retained for a maximum of twenty-five (25) months after its generation.
5.2. When you provide us with your products or services
What personal data do we collect?
If you are our supplier (also referred to as vendor or service provider) as an individual
, we may collect:
Your name, (company) address, phone number, email address, company name and industry, business role, and your billing information (such as billing address, your VAT number, bank account details, and more information required by applicable national laws).
When conducting business with our suppliers, we may also collect personal data related to “Business Contacts” (individuals representing suppliers and serving as points of contact between the supplier and CoVision), such as name, (business) address, phone number, email address, company name and industry, and business role.
How do we collect it?
If you are an individual supplier, directly from you.
Directly from you or through your organization if your organization is our supplier.
Why do we collect it, on what legal basis, and how do we use it?
We collect and will use this data to:
Sign and manage agreements with you or your organization.
Obtain relevant information about your products or services, or share information about our business and services with you.
Maintain and improve our business relationship with you or your organization, and exercise our rights and fulfill the obligations arising from our business relationship.
Conducting these activities is our legitimate interest, i.e., to purchase products or services from or cooperate with legal entity suppliers. However, if you are an individual corresponding party to our contract, we will process your personal data because it is necessary to fulfill the agreement or enter into an agreement.
How long do we retain it?
Personal data of business contacts will be deleted twelve (12) months after the end of our business relationship with suppliers.
Personal data of individuals who are suppliers of ours will be deleted seven (7) years after the end of our business relationship.
If specific local laws stipulate otherwise, authorities request, or it is necessary to defend our legitimate rights, we may need to retain this data for different periods. For detailed information, please refer to Section 11.
5.3. When you contact us with inquiries about our products and services, and when we are looking for new business opportunities
What personal data do we collect?
We may collect your name, contact details (such as email address, phone number, country/region), and business details (such as company name and industry, and your business role). We will also collect any other information you choose to provide to us, depending on the nature of our communication.
How do we collect it?
Directly from you when you register on our website to learn more about our business and services (e.g., via “Contact Sales” forms), start chatting with us through our chat channels, take steps to establish a business relationship with us, submit the Startup Tribe application form, or when you provide us with your contact details when requesting more information.
Indirectly, through business and professional networks and databases (such as LinkedIn) or third parties we may engage, who provide us with information collected from public sources and data enrichment providers. We only retain information that helps us contact potential customers or suppliers who may benefit from our services or products or if we are interested in their products and services.
Why do we collect it, on what legal basis, and how do we use it?
We collect and use this data to:
Communicate with you, answer your inquiries, and understand if you or your organization are interested in further collaboration through using our products and services or providing your products or services to us.
Ensure sufficient support during pre-sales and procurement processes if there is a mutual interest in reaching an agreement.
Such activities represent our legitimate interests in conducting business. If you are an individual corresponding party to our contract, we will process your data because it is necessary to fulfill or enter into an agreement.
How long do we retain it?
Personal data collected for this purpose will be deleted six (6) months after our last communication, unless we enter into a business agreement with you or your organization.
5.4. When we send you emails or other marketing communications
What personal data do we collect?
We collect your name and contact details (such as email address or phone number). We also collect simple statistical data about email opens and clicks.
How do we collect it?
Directly from you if you subscribe through web forms provided on our website to receive our newsletters, blogs, or other marketing communications.
Directly from you or through your organization as part of business-to-business (B2B) marketing (if we have an existing business relationship with your organization).
When you interact with our emails, simple statistical data about email opens and clicks are automatically generated through industry-standard technologies (such as clear GIFs).
Why do we collect it, on what legal basis, and how do we use it?
We collect this data for the purpose of:
Notifying you about our services, company news, webinars, and upcoming events.
Collecting statistical data (email opens and clicks) to help us improve our direct marketing campaigns.
If you subscribe to our email marketing communications, we will rely on your consent provided when you submit such web forms. For business-to-business (B2B) marketing, we rely on our legitimate interests to maintain and improve our business relationships by notifying our existing business partners (such as customers and suppliers) about our services, company news, webinars, and upcoming events via email or other forms of communication.
In any case, you can actively manage your preferences or opt out of communications with CoVision (unsubscribe) at any time using the unsubscribe link provided in all marketing communications from CoVision. When you unsubscribe from our marketing communications (i.e., withdraw your consent or object to processing), we will stop sending you any marketing materials. However, we maintain a “blacklist” containing only your email address or phone number to ensure that we do not contact you in the future with unwanted content. We retain this information based on our legitimate interests in respecting the choices of our newsletter recipients.
How long do we retain it?
Your personal data (name, contact details) collected during your organization’s business relationship with us will be retained for our marketing activities unless you object (B2B).
If you subscribe directly, your personal data will be retained for our marketing activities until you unsubscribe.
If you unsubscribe or object, we will only retain a blacklist containing your contact details (such as email address or phone number) to ensure you do not receive any further marketing communications.
5.5. When you register, attend, or speak at our webinars, business breakfasts, developer meetups, or other events
What personal data do we collect?
When you register to attend or sign in at our events such as business breakfasts, webinars, developer meetups, or any other events (“Events”), we typically collect your name, contact details (such as email, phone number, country/region), and your business details (such as company name and industry, and your business role). If you are a speaker, you may also be asked to provide your brief bio and your official photo.
For live events, we may also ask for information about your arrival time and location, as well as accommodation details and dietary requirements. If you request us to provide you with an invitation letter, or if you need a certificate to obtain a visa, we will collect necessary information as required by applicable legal requirements (such as your name, address, date of birth, or passport details).
We may collect photos, audio, and video materials from our events. Separate rules may apply when registering and attending CoVision Shift conferences. For more information, please refer to the CoVision Shift Privacy Statement.
How do we collect it?
Directly from you when you register to attend or sign in at our events.
Sometimes, your organization will send us your contact details to represent them at our events, and we will send you invitations with registration links.
Why do we collect it, on what legal basis, and how do we use it?
We collect and use this data to:
If you register for webinars, provide you with details about the webinar in advance, remind you of the webinar, and subsequently send you recordings of the webinar via email.
If you register to attend our live events or speak at our live events, ensure you are informed about all relevant details before and during the event, and provide conveniences for the event (such as assisting you with information about our event venue, accommodation, travel, or other logistical details related to the event).
We rely on your consent, provided when you submit your details via our registration forms, for these purposes. When collecting any information about dietary requirements, we also rely on your consent.
Support you in obtaining visas for the events you wish to attend, including sending invitation letters, support letters, or certificates.
We collect this information solely to respond to your requests, and we rely on your consent provided when submitting personal data for this purpose. However, we may have an obligation to share such documents with government authorities and retain them for a period of time. We do so to comply with our legal obligations.
Invite you to future events and inform you about our products and services we believe you might be interested in. For this, we retain lists of past event attendees containing only your name, contact details, and business details.
We rely on our legitimate interests to conduct business for this purpose. You can oppose these communications at any time using the unsubscribe link provided in all communications from CoVision, and we will cease sending event invitations to you.
Conduct promotional activities for events, including publishing photos, videos, audios, and texts online and offline.
These activities represent our legitimate interests
in conducting business.
How long do we retain it?
Personal data collected when registering for webinars or live events (e.g., name, contact details, business details) will be deleted two (2) years after the event.
All other personal data collected for organizing events (accommodation and other logistical data) will be deleted within sixty (60) days after the event day.
Any invitation letters, support letters, or certificates will be retained for the duration required by applicable legal regulations.
5.6. When we conduct research activities
5.6.1. When we conduct anonymous market research activities
What personal data do we collect?
We collect your name and email address. However, since such research is anonymous, our purpose is to collect only the personal data necessary to send you the questionnaire, without in any way linking anonymous answers to you.
How do we collect it?
We collect your name and contact details (email address) from business and professional networks (such as LinkedIn) or from our database if you or your organization are our customers or suppliers.
Why do we collect it, on what legal basis, and how do we use it?
We collect and use this data to:
Invite you to participate in surveys by sending you a general untraceable URL for the survey. If you decide to participate and answer our questions, we will not ask you to disclose any personal data because our goal is to maintain the anonymity of the responses. This is part of our anonymous market research activities to further improve our products and services and our positioning potential.
When searching for your email address, we rely on our legitimate interests. Our goal is to collect only anonymous information through the survey. However, if you disclose any information about yourself in your answers, we will rely on your consent. We will not link or attempt to link the answers you provide with you in any way, nor will we inform other organizations (such as your employer).
How long do we retain it?
We will process the answers you provide to obtain general feedback about our products and services. However, we will never ask you to disclose any personal data in your responses, and if you do disclose any personal data in your responses, we will immediately delete it.
5.6.2. When we conduct in-depth market research interviews
What personal data do we collect?
We collect your personal data, such as name, email, business role, and the name of the organization you work for. We also collect any additional information you choose to provide during the interview, and the interviews will be recorded and transcribed.
How do we collect it?
We collect your name and contact details directly from you or from third-party providers we hire for these interviews and to find suitable participants.
Any further information (such as your overall market opinions on certain services) will be collected directly from you by us or third-party providers, depending on who conducts the interview.
Why do we collect it, on what legal basis, and how do we use it?
We collect and use this data to:
Conduct in-depth market research interviews to understand our products and services as well as the broader market situation of our company as a whole. Any opinions and feedback you provide will be used solely for internal purposes to improve our products, services, and business practices.
During these interviews, we rely on your consent.
How long do we retain it?
Interview recordings and related personal data (such as contact details and personal data in the interview records) will be deleted one (1) year after the interview date.
5.6.3. When we conduct user experience research
What personal data do we collect?
We collect your personal data, such as name, email, company name, and business role. We may record and transcribe interviews we conduct.
How do we collect it?
If you or your organization are our customers, we will collect your name and contact details (email address) from our database to invite you to join our research center. If you have registered to participate in research activities provided by third-party providers, we may collect the same type of data from them to invite you.
If you apply to become a member of our research center and participate in our research, we will collect personal data directly from you through third-party providers who will process this data on our behalf.
As part of the research, we collect any further information directly from you (such as feedback on our products).
Why do we collect it, on what legal basis, and how do we use it?
We collect and use data for the following purposes:
Invite you to join our research center.
When inviting you (our customer or business contact) to join our research center, we will send you an email containing an application link. For this activity, we rely on our legitimate interests to improve our products and services. We will only contact you for research related to products or services you have used or are currently using. When you apply to participate in research activities through third-party providers, we may contact you to become part of our research center and participate in our user experience research through the platform provided by third-party providers. We will collect and process personal data based on your consent or contract, as appropriate.
Conduct user experience research activities and obtain your feedback to improve our products and services.
Your participation is entirely voluntary. If you decide to become a member of our research center or participate in our research, we will rely on your consent or contract when collecting and processing personal data, as appropriate.
The research may be recorded, and we will document your comments and actions. Research results, recordings, and notes are used solely to improve our products and services and will be shared internally with our product design and development teams.
How long do we retain it?
Interview recordings and related personal data (such as contact details and personal data in the interview records) will be deleted one (1) year after the interview date.
5.7. When you visit our website
What personal data do we collect?
When you visit our website, we may collect your IP address, your browser type and related information, the pages you have visited and the order of visits, and whether you are a new visitor or a returning visitor by placing cookies.
How do we collect it?
When you browse our website by placing cookies on your browser, directly from you. Cookies are either placed automatically (necessary cookies) or placed only after your consent (functional, analytical, and advertising cookies). Please refer to our Cookie Policy for more information.
Why do we collect it, on what legal basis, and how do we use it?
We collect and use this data to:
Maintain and improve our website and overall business.
In doing so, we rely on our legitimate interests to ensure the functioning of the website (for necessary cookies) or your consent (for functional, analytical, and advertising cookies). Please refer to our Cookie Policy for more information on how to manage (including withdrawing) your consent for cookies.
How long do we retain it?
This depends on the specific type of cookies placed automatically (necessary cookies) or with your consent (other categories). Please refer to our Cookie Policy for more detailed information about the retention periods for specific types of cookies.
5.8. When you apply for a job or internship with us, or when you register to receive job posting updates
What personal data do we collect?
When you apply for a job or internship with us, we collect:
- Your name, contact details (email address and phone number), and residence, as well as information about your education and previous work experience, and any other information you choose to share with us in your resume (CV) or application when expressing interest in joining our team.
- Where applicable law permits, we may also collect professional information about you from business social networking sites (such as LinkedIn), and we may search their content to find more professional information about you, or from other sources (such as web pages) if your resume or application contains links to such sources.
- If we arrange an interview and you complete our selection process, we may collect further information gathered from you during the interview, assessment test results, as well as interview records and comments from colleagues interviewing you. If indicated by you, we may also collect information about your professional experience from your referees.
- If you are a successful candidate, we may conduct background checks if permitted by law. Before conducting these, we will provide you with a separate privacy statement.
When you register to receive job posting updates, we collect your name and email address.
How do we collect it?
- When you submit your resume or application to our recruitment software, or when you create an account there to receive job posting updates, directly from you.
- Recruitment agencies we hire help us find potential candidates for vacant positions or search for potential candidates from business social networking sites (such as LinkedIn) you use.
- Additional information about you may be collected during the selection process. This information will be generated by you and us. For example, you may complete assessment tests, or we may take interview notes or contact your referees.
- If you are a successful candidate, we may collect your personal data from background check agencies if permitted by law.
Why do we collect it, on what legal basis, and how do we use it?
We collect and use your personal data to:
- Evaluate whether you are suitable for a position at CoVision by allowing you to apply for our job or internship opportunities and to find talents to become a member of our global team.
- Enable you to register to receive job posting updates.
For most activities related to these two purposes, we rely on your consent to collect and process your personal data. You can create a profile in our recruitment software, accessible on our recruitment webpage, to submit your resume and apply for available positions or receive job posting updates. Upon submission, you will be asked to provide your consent within the deadlines specified in the consent form to process your personal data for recruitment purposes.
If you do not submit your resume directly to our recruitment software (for example, when we receive resumes from recruitment agencies, or when we find your professional details on business websites you use), we will send you an email containing a link to our recruitment software, where you will be asked to consent to us retaining your personal data for recruitment purposes. In this case, we collect your personal data and contact you by email based on our legitimate interests to find potential applicants. However, we need your consent to further process your personal data. If you do not provide us with your consent within thirty days of receiving the email, we will delete your personal data from our database.
During the selection process, we collect additional information to review your professional qualifications and interests and to be able to select the best candidates. We also conduct relevant background checks within the limits permitted by applicable law, including identity verification, right to work checks, education, professional license, and previous employment verifications, reference checks, company registry checks, and criminal checks. Additionally, for executive positions, we conduct reputation checks from publicly available sources. For the processing of this information, we rely on our legitimate interests, your consent, or legal obligations (as applicable).
If you are selected as the most suitable candidate for a job position or internship, you will receive an offer letter. If you accept, we will collect more information to be able to enter into and perform the agreement with you. Additional personal data will be collected and processed before signing the employment or internship agreement with you, or upon your request to take certain steps. You will see the CoVision Privacy Statement applicable to our employees, where you can find relevant privacy information.
How long do we retain it?
Your personal data related to recruitment will be deleted after the expiry of the period for which you provide consent to us (or earlier if you withdraw it). These periods may vary from country to country due to local laws.
If required or needed to defend our legitimate rights by local authorities, we may need to retain this data for a different period than the above. For detailed information, please refer to Section 11.
Please note that you have the right to withdraw your consent at any time. If you wish to withdraw your consent or edit your personal information, you can do so directly by accessing your profile in our recruitment software. Otherwise, you can withdraw your consent and exercise your other rights at any time by contacting our Data Protection Officer. For more information about your rights, please refer to Section 9 below.
5.9. When you contact us about our social impact programs, or when we collaborate on such programs
What personal data do we collect?
We collect personal data such as your name, contact details, position, the name of the organization you work for or represent, or the name of the activities you participate in.
How do we collect it?
When you fill out contact forms on our website or contact us directly, or when organizations you work for or represent contact us about activities you are involved in, directly from you.
Why do we collect it, on what legal basis, and how do we use it?
We collect and use your personal data to:
- Respond to your inquiries, analyze and respond to your donation or volunteer requests.
- Collaborate on various projects and initiatives, obtain information on how our grants and donations are used, maintain and improve our relationship with your organization, and assess our social impact programs.
When you submit inquiries and requests to us, we process your personal data based on your consent. When we receive your personal data from organizations you work for or participate in their projects, we rely on our legitimate interests to conduct social impact programs.
How long do we retain it?
We retain your personal data as needed to fulfill your specific requests.
All personal data of individuals contacting us in a personal capacity will be deleted within one (1) year from the initial communication date.
Personal data related to queries and donation or volunteer requests submitted on behalf of organizations will be deleted three (3) years after our last communication with you.
For supported projects and initiatives, any personal data contained in documents required by law will be retained for the period determined by local law to comply with audit, tax, and financial requirements.
If required or needed to defend our legitimate rights by local authorities, we may need to retain this data for a different period than the above. For detailed information, please refer to Section 11.
5.10. When you visit our office or premises
What personal data do we collect?
We collect your personal data such as name, email, signature, business role, the name of the organization you work for or represent. We may also collect your phone number. If you visit one of our offices, we may also collect CCTV footage as some entrances and public areas may be under CCTV surveillance.
How do we collect it?
When you visit our office or our other
company premises, directly from you.
Why do we collect it, on what legal basis, and how do we use it?
We collect and use your personal data to:
- Manage access control to our offices and premises (e.g., signing confidentiality agreements on your first visit) and to provide additional services to you when you visit us (e.g., bike rental).
- Ensure the safety of our employees, visitors, and property (CCTV surveillance at entrances and public areas in some of our offices).
As for these activities, they are mostly conducted with your consent. The processing of CCTV surveillance data and processing related to access control are based on our legitimate interests to protect our premises and employees.
How long do we retain it?
Personal data collected for managing access to our premises is deleted once it is no longer needed.
When we provide additional services to you during your visit, we retain your personal data until we fulfill your specific requests or until you withdraw your consent.
CCTV footage is generally deleted ninety (90) days after the recording date, unless local law specifies otherwise.
However, in certain circumstances, if required or needed to defend our legitimate rights, we may need to retain this data for a different period than the above. For detailed information, please refer to Section 11.
6.How and with whom do we share your personal data?
We may engage vendors (also referred to as suppliers or service providers) to assist us in processing your personal data for the purposes of carrying out activities that we conduct as controllers and those described in this Privacy Statement. As a global company, as part of our day-to-day operations, we may also share your personal data with our subsidiaries and affiliates. Any such sharing within the CoVision group is subject to inter-company agreements concerning the processing and transfer of personal data.
Before engaging with any new vendors, we conduct security and privacy assessments. If such vendors act as processors on our behalf, we ensure that the processing of personal data is governed by written data processing agreements.
Despite the above provisions, as a rule, we do not share personal data with third parties unless absolutely necessary and on a need-to-know basis, for example:
Telecommunications operators and other communication service providers in order to establish correct routing and connections when necessary. We are able to deliver messages sent by customers to their end users through contact with telecommunications and other communication providers (such as Whatsapp, Viber, Facebook, Kakaotalk, Line, or Telegram), regardless of their location.
Service and technology providers, within the absolute necessary scope in which they act on our behalf to perform specific actions. These may relate to our services (such as as part of our service functionality) and our other processes (such as utilizing software providers to manage our job application processes).
Third parties required to comply with our legal obligations. Due to relevant laws, such as judicial procedures, court orders, or legal proceedings served on us (such as criminal proceedings), or due to threats to public safety, regulatory requirements, or in the context of investigations or bankruptcy, we may share your personal data with authorized legal authorities. As a communication provider, we are required to retain certain communication-related data for law enforcement purposes and may need to share that data with authorized law enforcement agencies upon request. Additionally, if we have an obligation to demonstrate compliance with relevant accounting, financial, and tax regulations, we may share your data for these purposes with auditors and tax authorities.
We may have advertising partners that are used as part of marketing activities. More information is provided in our Cookie Policy, explaining how to adjust your cookie settings when visiting our website.
Acquisition stakeholders as part of disclosures during mergers, sales, or other asset transfers. Your information may be transferred as part of such transactions where permitted by law or contract.
7.How do we transfer your personal data internationally?
We operate globally, and sometimes we need to transfer your personal data internationally by providing it to the parties specified in the previous section. All international transfers are carried out while ensuring the confidentiality and security of your personal data and in compliance with applicable privacy laws. This may include specific technical, organizational, and contractual measures. For example, for the transfer of personal data outside the European Economic Area, we will complete and execute standard contractual clauses for data transfers when necessary.
8.How do we protect your personal data?
At CoVision, we believe security and privacy go hand in hand. Therefore, to protect the personal data we collect and process, we invest in developing, implementing, and continually improving various technical and organizational security measures. These measures are implemented in accordance with the requirements of ISO 27001:2013 standards, and you can read more about them here. A list of our current and latest certificates can be found here.
We are responsible for providing privacy and security training to all employees, from their first day at CoVision through the onboarding process and throughout their stay at CoVision.
Before partnering with suppliers, we check whether their security practices comply with applicable privacy laws. Once engaged, we continue to assess them regularly.
9.What rights do you have regarding your personal data?
Under applicable privacy laws, you may have certain rights regarding your personal data.
Where permitted by applicable privacy laws, you have the right to:
Withdraw your consent to our processing of your personal data (if such processing is based on your consent and consent is the sole basis for processing), without affecting the lawfulness of processing based on consent before its withdrawal.
Request access to your personal data, meaning requesting a copy of the personal data we hold about you.
Request us to correct (rectify) personal data that you believe is inaccurate and to complete personal data that you believe is incomplete.
In certain circumstances, request us to delete your personal data.
In certain circumstances, request us to restrict the processing of your personal data.
If we process your personal data automatically based on your consent or in relation to your contractual relationship with us, you may exercise the right to data portability.
If we process your personal data based on our legitimate interests, you have the right to object to the processing.
If you wish to object to the processing of your data for marketing purposes, you can do so at any time using the unsubscribe link provided in our marketing communications.
In certain situations, you may also have specific rights when we carry out automated decision-making operations (including profiling).
If you have any questions about how we use your personal data or if you wish to exercise specific rights or address complaints regarding the processing of your personal data, you can contact our Data Protection Officer by emailing charon@covision.com.
If applicable to you, you may lodge a complaint with the supervisory authority of an EU member state where you habitually reside, work, or where the alleged infringement took place. If you wish to lodge a complaint or contact the relevant data protection authority for any other reason, you can find contact details of EEA data protection authorities at https://edpb.europa.eu/about-edpb/board/members_en.
10.Do we carry out automated decision-making that significantly affects you?
We employ partially automated measurements, including human intervention, to analyze how users use available features and tools on our platform (e.g., by tracking usage behavior within our web interface), to provide you with recommendations for enhancing performance (e.g., how to better access certain features).
11.How long do we retain your personal data?
Your personal data collected based on your consent will be retained for the period specified in the consent form. If you wish to withdraw your consent and have your data deleted for any purpose, you can do so at any time by emailing charon@covision.com. For your personal data collected without your consent, we only retain it when necessary to achieve the purposes for which it was collected, and then anonymize (de-identify) it or delete it according to legal requirements.
The specific retention periods for the corresponding activities in Section 5 of this Privacy Statement are listed. The listed retention periods are standard default periods. In some cases, exceptions apply due to local laws related to enforcement, taxation, or other purposes. Additionally, if legal affairs such as litigation, law enforcement requests, or government investigations require us to retain records (including records containing personal information) for longer than the time listed in Section 5, we will delete the records when we no longer have a legal obligation to retain them.
12.Information from Children
Children under the age of 16 cannot use our products and services as our customers. If we become aware or are informed of such a situation, we will take immediate steps to remove the information from our records as soon as possible. If you believe that children under 16 are using our products or services as customers, please contact us at charon@covision.com.
13.How often do we update this Privacy Statement?
The latest version of this Privacy Statement governs our practices regarding the collection, processing, and
disclosure of personal data. We will provide notice of any modifications on this page. You can check the last updated date at the beginning of this Privacy Statement at any time.
Contact Us
If you have any questions or comments about this Privacy Policy, please contact us through the following channels:
Email: charon@CoVision.com
Mailing Address: Room 618, Block T2-B, Gaonan 7th Road, Gaohai Community, High-tech Industrial Village, Nanshan District, Shenzhen City
We will respond to your inquiries or requests within a reasonable time.