Privacy Policy - AttendLab

This Privacy Notice outlines Haya Solutions Inc.’s approach to privacy to fulfill its obligations under applicable privacy laws.

This Privacy Notice is published in compliance with the following privacy laws: 1- The Personal Information Protection and Electronic Documents Act (PIPEDA) (the Act), Canada

This Privacy Notice applies to all your Personal Data processed by us, whether in physical or electronic mode.

AttendLab® is a registered trademark and product designed, developed, and operated by Haya Solutions Inc.

For Attendlab, we are processing your personal data only to provide services which your organization has subscribed to.

Haya Solutions Inc. is committed to keeping your Personal Data private. We process any Personal Data we collect from you in accordance with the applicable laws and regulations mentioned and the provisions of this Privacy Notice. Please read the following carefully to understand our views and practices regarding your Personal Data and how we treat it.

Throughout this document, the terms “we”, “us”, “our” & “ours” refer to Haya Solutions Inc.and all of its legal entities. The terms “you”, “your” & “yours” refer to YOU (as our Data Controller). Account owner is the

Account owner is the AttendLab® account’s Administrator, Who created His/Her account and the company account in AttendLab® first time. The accounts owner has a full right over the company account data, and He /She can create other company’s users and grant them data access permissions. Account owner is responsible for all the data entered, employee’s images, demographic data and any other data related to the company employees and users.

What Personal Data do we Collect & Process?

Categories of Personal Data that we collect and process are as follows:

  • Demographic & Identity Data such as First Name, Last Name, Business Email Address, Facial Images, Phone Number, Address, City, Zip Code, Country.
  • Payment Information such as Account or Payment Details, Invoice details.
  • Online Identifiers and other Technical Data such as IP Address, Geolocation, Transaction Logs, Device Information.
    • Device information that you allow us to receive through device settings such as Camera or photos.
  • Face Data including feature points of the faces in the photos (eg eyes, nose, mouth points) and a photo capture for face processing and attendance tracking purposes.

From what sources do we obtain your Personal Data? 

All of the Personal Data we process is provided by you directly to us when you use our products and/or services. This also includes the Personal Data collected when you use our application(s).

How do we use your Personal Data?

We use your Personal Data for the following purposes:

  • To verify your identity
  • To deliver our products and services
  • To communicate with you regarding existing products and services availed by you, including notifications of any alerts or updates
  • To evaluate, develop and improve our products and services
  • To handle inquiries and complaints
  • To comply with legal or regulatory requirements
  • To investigate, prevent, or take action regarding illegal activities, suspected fraud and situations involving potential threats to the safety of any person

Lawful Bases of processing your Personal Data

We process your Personal Data by relying on one or more of the following lawful bases:   

  •  You have explicitly agreed to/consented to us processing your Personal Data for a specific reason
  • The processing is necessary for the performance of the agreement we have with you or to take steps to enter into anagreement with you
  • The processing is necessary for compliance with a legal obligation we have
  • The processing is necessary for the purposes of a legitimate interest pursued by us

Your account owner has taken consent from the organization employees for all of your personal data shared with us. For the execution of any rights, including withdrawal of consent, you have to approach your account owner to facilitate the same.

The account owner acknowledge and confirm that they have the necessary consent to share your personal data with us for the stated purposes.

When do we share your Personal Data with third parties

We may use third parties in the provision of our products and services to you. We may share your Personal Data with such third parties. We have appropriate agreements in place with all such third parties. This means that they are not permitted to do anything with your Personal Data which is outside of the scope specified by us. They are committed to hold your Personal Data securely and retain it only for the period specified in our agreements with them.

1.      Reasons for sharing your Personal Data with third parties:

We may disclose your Personal Data to third parties only where it is lawful to do so. This includes instances where we or they:

  • need to provide you with products or services
  • have asked you for your consent to share it, and you have agreed
  • have a legitimate business reason for doing so
  • have a legal obligation to do so. e.g., to assist with detecting and preventing fraud
  • have a requirement in connection with regulatory reporting, litigation or asserting or defending legal rights and interests

We may also disclose your Personal Data to appropriate authorities if we believe that it is reasonably necessary to comply with a law, regulation, legal process; protect the safety of any person; address fraud, security, or technical issues; or protect our rights or the rights of those who use our products & services.

2.      With whom your Personal Data may be shared:

We may disclose your Personal Data to the following third parties:

  • any sub-contractors, agents or service providers who work for us or provide services or products to us
  • law enforcement authorities, government authorities, courts, dispute resolution bodies, regulators, auditors, and any party appointed or requested by applicable regulators to carry out investigations or audits of our activities
  • statutory and regulatory bodies, authorities (including the government) investigating agencies and entities or persons, to whom or before whom it is mandatory to disclose Personal Data as per the applicable law, courts, judicial and quasi-judicial authorities and tribunals, arbitrators and arbitration tribunals

Cross-border data transfer

Personal Data we hold about you may be transferred to other countries outside your residential country for any of the purposes described in this Privacy Notice.

Use of Cookies and Other Tracking Mechanisms

We may use cookies and other tracking mechanisms on our website and other digital properties to collect data about you.

Cookies are widely used in order to make websites work, or work more efficiently, as well as to provide information about your actions to the owners of the website.

Most web browsers allow you some control of cookies through browser settings.

Outlined below are the categories of cookies along with a description of what they are used for:

  • Strictly Necessary Cookies – These cookies are needed to run our website, to keep it secure and to comply with regulations that apply to us.
  • Functional Cookies – We may use functional cookies on our website. These cookies allow us to remember information you enter or choices you make (such as your account information, language, or your region) and provide you with enhanced, more personalized features.

We may also collect Personal Data about you via our mobile app(s) via permissions in the app. This is primarily used to enhance the functionality of the app and to analyze it to serve you better.

How do we secure your Personal Data?

We are committed to protecting your Personal Data in our custody. We take reasonable steps to ensure appropriate physical, technical, and managerial safeguards are in place to protect your Personal Data from unauthorized access, alteration, transmission, and deletion. We ensure that the third parties who provide services to us under appropriate agreements take appropriate security measures to protect your Personal Data in line with our policies.

How long do we keep your Personal Data?

We keep the Personal Data we collect about you for as long as it is required for the purposes set out in this Privacy Notice and for legal or regulatory reasons. We take reasonable steps to delete or permanently de-identify your Personal Data that is no longer needed.

Face Data are captured during processing and are not retained in any of our servers or in any third party server.

Contact Us

For any further queries and complaints related to privacy, or exercising your rights, you could reach us at:

Contact Email Address:

Notification of changes

We regularly review and update our Privacy Notice to ensure it is up-to-date and accurate. Any changes we may make to this Privacy Notice in the future will be posted on this page.

Your Privacy rights

Under the PIPEDA, we are required to assist you to provide the following rights to the users, as detailed below:

  • Right of Access: You have the right to get access to your Personal Data that is with us along with other supporting information.
  • Right to Rectification: You have the right to ask us to rectify your Personal Data that is with us that you think is inaccurate. You also have the right to ask us to complete your Personal Data that you think is incomplete.

If you wish to make a request to exercise any of your rights, you can contact us using the details in the ‘Contact us’ section of this notice.