Xperix HW Disclaimer
Open Source Software Notice
GDPR Compliance Statement

Xperix HW Disclaimer

Privacy Notice

This Privacy Notice applies to administrators and anyone using this product, “BioMini Slim S, BioMini Slim 2S, BioMini Slim 3, BioMini Token, BioMini Slim 2SE(SC), BioMini Slim 2S(SA)”.

Please be reminded that WE, Xperix DO NOT COLLET ANY DATA about you and your customer.

You will be collecting and/or using the data independently of us and thus, you should bear in mind that the following data may be stored in this product.

Product User ID PIN National
Identification
Number		 Company
Registration
Number		 Finerprint
Template		 Authorization
Certificate		 Credential
(private key)
BioMini
Slim S		 O O
BioMini
Slim 2S		 O O
BioMini
Slim 3		 O O
BioMini
Token		 O O O O O O O
BioMini
Slim 2SE(SC)		 O O O
BioMini
Slim 2S(SA)		 O O

Your use of this product may be subject to your company’s policies, if any. We are not responsible for the privacy or security practices that are managed by you and your company and that are not within our control.

This Privacy Notice may be updated from time to time. We suggest that you review this Notice periodically. In the event of a material change, we will notify you of such changes through contact information that we have prior to the change becoming effective.

Date
26
,
2024
RealPass

This product contains open source software. To request the source code covered under open source license which requires distribution of the source code, please visit xperix.com or tech.xperix.com. You may obtain the source code for a period of three years after our last shipment of this product by sending us an email or visit our website. If you want to obtain the source code in the physical medium, the cost of performing such distribution may be charged. This offer is valid to anyone in receipt of this information

No items found.
Date
26
,
2024
RealPass

This product contains open source software. To request the source code covered under open source license which requires distribution of the source code, please visit xperix.com or tech.xperix.com. You may obtain the source code for a period of three years after our last shipment of this product by sending us an email or visit our website. If you want to obtain the source code in the physical medium, the cost of performing such distribution may be charged. This offer is valid to anyone in receipt of this information

Date
26
,
2024
RealScan Series for Embedded

This product contains open source software. To request the source code covered under GPL, LGPL, MPL, and other open source license which requires distribution of the source code, please visit xperix.com or tech.xperix.com.

Date
26
,
2024
RealScan Series

* The copyright of this document is vested in Xperix. The rights of other product names, trademarks and registered trademarks are vested in each individual or organization that owns such rights. * Relevant devices : RealScan-FC, RealScan-G10, RealScan-D

Date
26
,
2024
BioMini Slim Series for Embedded

This product contains open source software. To request the source code covered under GPL, LGPL, MPL, and other open source license which requires distribution of the source code, please visit xperix.com or tech.xperix.com.

Date
26
,
2024
BioMini Slim Series

• The copyright of this document is vested in Xperix. The rights of other product names, trademarks and registered trademarks are vested in each individual or organization that owns such rights. • Relevant devices: BioMini Slim 3, BioMini Slim 2, BioMini Plus 2, BioMini Slim, BioMini Combo, BioMini Plus, BioMini

Xperix GDPR Compliance Statement

Xperix ("we") is committed to ensuring the security and protection of the personal information we process, complying with regulations on data protection, and providing a compliant and consistent approach to data protection.

We have written this GDPR Compliance Statement to explain our approach to implementing a GDPR compliance program. We explain the implementation of our roles, policies, procedures, controls, and measures for protecting data to ensure continued GDPR compliance.

The scanner products developed and sold by us do not fall under the personal information processing system mentioned in this Statement.

What is the GDPR?

The EU General Data Protection Regulation (Regulation 2016/679) (EU GDPR) went into effect on May 25, 2018 to harmonize data protection regulations throughout the European Union as well as providing greater protection and rights to individual. GDPR applies to any organization operating within the EU, as well as any organizations outside of the EU which offer goods or services to customers or businesses in the EU.

Data Protection Principles

We, at Xperix, consider the privacy and security of individuals and personal data to be very important.The principles stated below provide a summary of the basic rules that we follow when processing personal data:

  • We process personal data lawfully, fairly and in a transparent manner.
  • We collect personal data only for specified, explicit and legitimate purposes.
  • We collect and keep personal data only to the extent it is necessary in relation to the purposes for which they are processed.
  • We ensure that the personal data we store is up-to-date and accurate.
  • We merely produce the technology that enables customers to process personal data. We are not a controller nor a processor under the GDPR. When a customer processes personal data using Xperix’s access control products, the customer is a controller under GDPR and is subject to the obligations set out in the GDPR, if the customer fall within the territorial ambit of GDPR.
  • To the extent possible, we implement appropriate technical measures to our products to help our customers comply with GDPR.

Rights of Data Subjects under the GDPR

In regard to the personal data in our custody or control, an individual may request the following information from the Company;You should bear in mind that this does not apply to an individual who is registered and managed by the customer using our products. The customer shall handle it in accordance with its own policy independently of us.

  • Personal data that we retain regarding individuals
  • Categories of Personal data that we collect from individuals
  • Purpose of individual personal data collection and processing
  • How long personal data will be retained
  • The procedure to rectify or complete incomplete or inaccurate personal data
  • The procedure to request deletion of personal data, or to restrict processing of personal data and reject the Company's direct marketing under the Data Protection Regulations, where applicable
  • Information regarding all automated decision making that we use

GDPR Compliance Plan

To comply with the GDPR, we have taken, and will take, the following steps:

  • We have performed an analysis of the personal information collected by our solutions;
  • We have established procedures and policies to restrict the processing of personal information;
  • We have updated our data infringement and incident response procedures;
  • We have updated our data protection policy, data retention policy, information security policy, cookies policy, and privacy policy; and
  • We have reviewed all processing activities to identify the legal bases for the processing of personal data, and have ensures that each basis is appropriate for the activity involved.

Protective Measures under the GDPR

Xperix considers the privacy and security of individuals and personal information to be very important, and takes all reasonable and precautionary measures to protect the personal data we process.In order to protect personal information from unauthorized access, alteration, disclosure or destruction, we have the following information security policies and procedures as well as several layers of security measures:

  • Risk Management   We evaluate and manage the risks associated with services as part of our risk management process. The risk management process is included in our regulations.
  • Information Security Management  We maintain an Information Security Management System (ISMS) consistent with good industry practices. It includes security policies, organizations, processes and controls that meet the compliance and security requirements we have identified.
  • Personal Security  We have implemented a process for hiring, retaining and terminating contracts with individual employees. We have implemented background checks, ongoing security awareness, and physical and logical access management, and we identify and address risks, perform other security activities for each role, and comply with all legal requirements and restrictions.
  • Asset Management  We process customer data in accordance with contracts, terms and conditions, privacy policies, and related service documents. We manage the IT resources involved in the provision of our services according to our internal classifications and processes. When data or assets are set to be deleted and disposed of, we follow the established processes to ensure that equipment and storage media are properly removed prior to physical disposal.
  • Access Management   Our personal data processing system is protected using network and logical-level security solutions. We provide the processed personal information necessary for sales and technical support, inquiries, etc., through our website, and use an industry-standard cloud service or SaaS. The personal data processing system can be accesses only by the staff in charge to whom the authority has been separately granted.
  • Encryption  All the network traffic of our personal data processing system is encrypted and transmitted, and personal data is all stored encrypted. In addition, encryption in the cloud service or SaaS used by us is subject to the policy of the service provider. Supplier information can be found in our privacy policy, which is available on our website.
  • Development Security  Our products and services are developed according to our R&D development process. The development process includes step-by-step security requirements and procedures, including analysis, development, implementation, testing, and deployment.
  • Physical Security  Our personal data processing system uses an industry-standard cloud service or SaaS. The cloud service or SaaS provider defines and maintains physical and environmental controls over the production environment. The provider has warranty reports and security certifications that cover such controls. Supplier information can be found in our privacy policy, which is available on our website.
  • Operational Security  We follow good industry practices, such as applicable automation, as well as the provider’s recommendations to configure cloud environments that can be used securely by our personal data processing system. We also use automated and manual activities to keep our software up-to-date and address reported vulnerabilities.
  • Vulnerability Management  We use several methods to identify potential vulnerabilities, such as vulnerability scanning, security testing, diagnostics of source codes, and threat intelligence. The reported vulnerabilities are assessed and addressed using defined processes and activities. We provide a responsible public channel for security administrators to report issues they discover.
  • Security Testing and Auditing  We carry out security checks in accordance with our internal procedures for products and services, conduct a security audit regularly, and manage the results with internal confidentiality.
  • Security Event Management  We monitor the environment of the personal data processing system to identify events and incidents affecting our services and data. Security events that become issues are managed in accordance with the operating processes of the management division and the security division.
  • Business Continuity and Backup  We back up and regularly test customer data to ensure that our recovery point objective (RPO) and recovery time objective (RTO) are met in accordance with our internal regulations.
  • Endpoint Security  We scan and monitor for malware activities in our employees' work environment to detect malicious programs and files. We also have the ability to filter and block spam emails and fraudulent emails.

International Data Transfer

We may collect the personal data necessary to conduct business activities such as sales, technical support, and inquiries. The collected personal information is stored and used in an industry-standard cloud service or SaaS. We inform our service providers through our Privacy Policy, and when we collect the personal data of users, we notify and obtain consent from the data subject. We do not have access to any products and data stored thereof by a customer who use Xperix products.

If you have any questions about the GDPR, please contact us.

If you have any questions about this GDPR Compliance Statement or our privacy policy, please contact us at:
Email: marketing@xperix.com

Release Date: 2023.6.15

GDPR Compliance - Questions & Answers

Q. What is the GDPR?
Q. Is Xperix GDPR-compliant?
Q. What is the role of Xperix under the GDPR?
Q. What is the role of the users who use Xperix products?
Q. What is the relationship between Xperix and the product users?
Q. Does Xperix access the Xperix product user's system or manage the user’s data?
Q. What personal data is processed by Xperix products?
Q. What sensitive information is processed by Xperix products?
Q. What protection measures are applied to Xperix products to protect personal data?
Company Information​
About Xperix
Products​
Single Finger Scanners
Dual Finger Scanners​
Tenprint Scanners​
Palm Scanners
​Embedded Modules​
​Document Reader
Developer
​Discontinued Product​
Solutions
Citizen ID
Law Enforcement
​Finance & Healthcare​
Telecommunication
Workforce Management
Insights & Support
Insights​
Support​
Copyright© Xperix Inc. All rights reserved​
PRIVACY POLICY COOKIE POLICY LEGAL SITE MAP
English