This privacy statement (Version 1.0) was last revised on 11 May 2020.

Data privacy is important to Zerv and its technology partners and this Privacy Statement describes the Personal Information that we collect, hold and use, and with whom we share
it. It also describes your rights and responsibilities in respect to the Personal Information
that we store about you, the End User. To use our products, you will be required to accept
this Privacy Statement. By accepting it, you agree that we can collect, hold, use and share
your Personal Information as described in this Privacy Statement.

This statement relates to the Personal Information that is collected both when you visit our
website and the more detailed information that is shared with us for the operation of our
touchless access products. End User Personal Information is associated with one or more
profiles and is stored in a manner that complies with the security policies of the Security and
Privacy policy of established by the owner(s) of the profile associated with each of your
credentials. For easy reference, we refer to each such profile as “Your Profile.”

Typically, the owner of Your Profile is the organization that issued that credential to you,
such as your employer, landlord, or a government agency or other entity with whom you
have a relationship that requires them to issue you a credential to authenticate who you are,
in order to be permitted building and/or network access. For the sake of simplicity in this
Privacy Statement, we will occasionally refer to the owner of Your Profile as “your employer
or organization.”

Zerv’s products create and manage digital versions of access credentials (“Digital
Credentials”) to supplement or replace the physical badges, smart cards, and similar
tangible items that organizations currently use to enable building and/or network access.
Zerv protects the information associated with these Digital Credentials by encrypting it so
that it is protected in the database, in transit, or on your mobile device. In addition to this,
specific items of Personal Information are also protected in our database using a encryption
key. This design ensures that operational use of your data is tightly controlled.

We collect and store the minimum amount of Personal Information required to provide you
with the building and/or network access as authorized by the owner of Your Profile. The
owner of Your Profile typically requires that we hold sufficient information to validate your
identity and that we log and report system usage in line with their information and security
management policies.

The Zerv product you will likely use most often is the Zerv mobile application (“Zerv App”).
Zerv App is an iOS or Android application that stores Digital Credentials securely on your
mobile phone. The Zerv App communicates both with (a) devices that provide access
control in your employer’s or organization’s buildings or computer systems, and (b) Zerv’s
credential manager (“Credential Manager”) cloud software, which is accessed via a website
(“Portal”) that administrators at your employer or organization will make available to you. By
logging into the Zerv App, you are consenting to this Privacy Statement and to the license to
use the Zerv products that has been provided to you by your employer or organization.  

The information that we collect

The ‘Personal Information’ that is stored and managed by the Zerv App and Credential
Manager is:
 Name;
 Email address;
 Mobile phone number;
 IP address;
 

Location information associated with registration and ‘Events’ such as where your
credential was used.

In addition we categorize the certificates or credentials that has been provided for
authentication purposes as ‘Sensitive Information’.

Depending on how your company or organization has deployed Zerv products, most of this
information will be provided by your employer or organization. 

Access to Personal information is tightly controlled, logged and monitored within the Zerv
system. Access is restricted to the administrators of Your Profile and a small number of
Zerv staff, who have this access for the purposes of assisting or supporting Your Profile
administrators, or to periodically confirm compliance with our software license. Zerv
employees are bound by contract with Your Profile owner, and by law, to keep this
information confidential and use it only for legitimate purposes.

In addition to the above information, Zerv collects information based on your activities using
its products. Specifically, when the Mobile Application interacts with the access control
equipment in your employer’s or organization’s buildings (e.g., a door reader), the Mobile
Application records an “event” that details the nature of the interaction (“Event Data”) — 
e.g., at this date and time, you successfully obtained access to Door 713. The Mobile
Application sends the Event Data back to the hosted Credential Manager, which may be
reviewed by Your Profile owner. Profile owners may elect to have this data pushed to an
analytics engine for monitoring and analysis.

When you download the Zerv App to your mobile device, we automatically collect
information about your device including the type of device, the operating system, and
whether Bluetooth is active. We use this information for support purposes. 
When you access any of the Zerv websites (www.zervinc.com, http://www.zervaccess.com, etc)
we collect, process and retain information about you to improve your user experience. This
may include information such as your IP address, browser type, Internet Service Provider,
the files that were viewed on our site, date and time, etc. Like many commercial websites
we also use a standard technology called a “cookie” to improve your experience.

Disclosure of your information

We may disclose the information you provide us, through registration and use of our
Products, to the owner of Your Profile. If you have Digital Credentials from more than one
Profile owner (say, your employer and your home), the owner of any given Profile will have
access only to data related to the Digital Credential issued by that owner.

We will respond to subpoenas, warrants, or other court orders regarding information
concerning users of our products. Zerv will, at its discretion, disclose Personal Information if
it is required to do so by law, where such disclosure is necessary to protect Zerv from legal
liability or to protect the integrity of our products and website. If Your Profile’s owner agreed
with Zerv upon procedures that affect such disclosures, Zerv will abide by that agreement.

Security of your information

We take all reasonable steps (including all measures required by law) to ensure your
information is protected and secure at all times. Your data is stored in an encrypted
database within the secure Amazon Web Services (“AWS”) hosting environment and our
encryption architecture ensures that Amazon employees do not have access to your
Personal Information. Amazon has several data centers geographically spread around the
world. All Amazon sites provide consistent data and communications security services. 

When your data is in use by the system, it is protected at all times. All of the Credential
Manager data is encrypted at the database level. Within the database, most of your
personal and all of your sensitive information is also protected by an additional layer of
encryption to ensure isolation of data by Profile.  The system uses your mobile number and
your name as references internally and these data items are not subject to the second level
of encryption. Data stored on your mobile device is protected by encryption which leverages
standard iOS and Android encryption technologies. However, no data protection and
security measures are completely secure. Despite all the measures we have put in place,
we cannot guarantee the security of your information, particularly in relation to
transmissions over the internet. Accordingly, any information which you transmit to us is
transmitted at your own risk.

You must take care to ensure you protect your information (for example, by protecting the
username, password, and other account details related to your Zerv account, as well as
implementing security features in mobile device such as screen lock and, if available,
biometric security features such as Apple’s TouchID and FaceID and similar features in
Android). You should notify the administrators at your employer or organization as soon as
possible if you become aware of any security breaches regarding your Zerv account or your
Digital Credentials. Please advise them as soon as possible if there are any changes to
your Personal Information, or if you believe the information we hold about you is not
accurate, complete, or current.

Retention and removal of your information

Your Profile owner is responsible for notifying Zerv when accounts are inactive or have
expired. Upon such notification, Zerv will deactivate these accounts as directed by Your
Profile Owner, but retain all information.

How we use your information

We only use your information for the purpose for which it was provided to us.  Such
purposes include:
 Managing the Digital Credentials that you use to access buildings or networks;
 Monitoring for fraud or inappropriate activities;

 Responding to enquiries (via the Profile owners help desk) if you encounter a problem that
relates to Zerv functionality;
 Providing the owner of the Profile with reader event information that can be used for
business analysis purposes;
 Complying with our obligations to you and/or your employer/organization under our
contract or applicable law;
 To better understand how individuals, interact with our products or website;
 Quality assurance and training purposes.

Zerv does not sell your Personal Information to third parties. We will not use your email
address or phone number for marketing or unsolicited advertising materials without your
consent. We will, however, email or text you to provide you with some operational
information, or to advise you if we suspect unauthorized use of your account, or to advise
you of any changes or updates made to your information where we feel that such a
notification will ensure the security and integrity of the service.

How to contact us for questions, concerns or complaints

Zerv products are designed for use by organizations, and you should direct your privacy
enquiries to the administrator of Zerv products in that organization. Zerv will respond to
such enquiries via the owner of your Profile.
In all other situations please email your request or concern to mailbox@zervinc.com. We
will refer your inquiry or complaint to our Privacy Officer, who will, within a reasonable time,
investigate the issue and determine the steps required for resolution. We will contact you if
we require any additional information from you and will notify you in writing of the response
or determination of our Privacy Officer. 

Revision of this Privacy Statement

Zerv may revise this Privacy Statement or any part of it from time to time to ensure we
remain compliant with data privacy regulations specific to your geographical location,
including those specified in the EU General Data Protection Regulation (GDPR). 

Please review this policy periodically for changes. If we make significant changes to this policy, wemay notify you using the contact details provided by you or by putting a notice on our website at http://www.zervaccess.com