Privacy Policy

Last updated: January 2025

1. Introduction

This Privacy Policy describes how BPW Consulting OÜ ("we," "our," or "us") collects, uses, and shares information about you when you use our Seesam NFC service ("Service"). We are committed to protecting your privacy and handling your data in an open and transparent manner.

2. Data Controller

The data controller for the Service is:

BPW Consulting OÜ
Maakri 23A
Tallinn, Estonia
Email: privacy@seesamnfc.com

3. Information We Collect

3.1 Information You Provide

• Account Information: Name, email address, company name, phone number
• Payment Information: Billing address, payment method details (processed by our payment provider)
• Access Control Data: Door configurations, user access permissions, access logs

3.2 Information Automatically Collected

• Usage Data: Access times, door interactions, app usage statistics
• Device Information: Device type, operating system, app version
• Analytics Data: We use Google Analytics to collect anonymized usage data about our website

3.3 NFC and Security Data

• Encrypted Keys: DESFire v1 chip keys (encrypted by end-user administrators)
• Access Tokens: Enrollment tokens for secure device provisioning
• Authentication Data: Encrypted credentials for door access

4. How We Use Your Information

We use the collected information to:

• Provide and maintain the Service
• Process access control requests
• Authenticate users and prevent unauthorized access
• Send service-related communications
• Improve our Service and develop new features
• Comply with legal obligations

5. Data Storage and Security

Your data is stored on secure servers hosted by Amazon Web Services (AWS) in the Paris region (eu-west-3). We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage.

Security measures include:

• End-to-end encryption for NFC keys
• TLS encryption for all data in transit
• Regular security audits and penetration testing
• Access controls and authentication mechanisms
• Regular data backups

6. Data Sharing

We do not sell or rent your personal data. We may share your information with:

• Service Providers: Third parties who help us operate our Service (e.g., AWS for hosting, payment processors)
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: When you explicitly agree to sharing

7. Data Retention

We retain your personal data for as long as necessary to provide the Service and fulfill the purposes described in this policy. Access logs are retained for 90 days for security purposes. Account data is retained until you request deletion or close your account.

8. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Access: Request a copy of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data
• Portability: Receive your data in a structured format
• Objection: Object to certain processing activities
• Restriction: Request limited processing of your data

To exercise these rights, contact us at privacy@seesamnfc.com

9. Cookies

Our website uses only essential cookies and Google Analytics cookies to understand website usage patterns. You can control cookie preferences through your browser settings.

10. Children's Privacy

Our Service is not intended for children under 16. We do not knowingly collect personal data from children.

11. International Data Transfers

While our servers are located in the EU (Paris region), we may transfer data internationally when necessary for Service operation. We ensure appropriate safeguards are in place for such transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the Service.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@seesamnfc.com
Address: BPW Consulting OÜ, Maakri 23A, Tallinn, Estonia

14. Data Protection Officer

For data protection inquiries, you can contact our Data Protection Officer at dpo@seesamnfc.com

15. Supervisory Authority

You have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) if you believe we have not handled your data appropriately.