Today, personal information has become an invaluable asset, and it is essential to protect data both to safeguard users’ rights and to promote integrity and trust in organizations’ handling of information. In this context, Facephi highlights our commitment to the privacy and security of our customers’ and end-users’ data, based on the principles established by the General Data Protection Regulation (GDPR). Below, we’ll see how Facephi complies with these fundamental principles. 


Key principles of data protection policy at Facephi 

  • Privacy from design and by default: at Facephi, we have integrated GDPR regulations into the very design of our solutions, ensuring that data protection is the highest priority in all operations. Complying with the principle of accountability or proactive responsibility, at Facephi, we ensure that data controllers and processors can fulfill their obligations regarding data protection. This implies that the data of end-users of our solutions are processed lawfully, fairly, and transparently. 
  • Data minimization: GDPR states that data should be “adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.” Therefore, only the necessary information is collected to fulfill specific purposes. This ensures that no more information than required is collected or stored, thus minimizing potential risks to users’ privacy. 
  • Focus on data subjects’ rights: our solutions recognize and respect individuals’ rights over their personal data, including the right to access, correct, or delete their personal information. Facephi strives to facilitate this process effectively. 
  • Data protection: data security is a priority for Facephi. By implementing cutting-edge security mechanisms, we ensure the protection and integrity of users’ information. This includes technical and organizational measures to prevent unauthorized access, unlawful processing, or accidental loss of data. Poor information protection can jeopardize systems and services. There is no one-size-fits-all solution, but the GDPR states that organizations must ensure adequate security levels to mitigate risks associated with data handling. 
  • Data retention period: We recognize the importance of responsible data management. Therefore, Facephi does not retain personal data beyond the time necessary to fulfill the purposes for which they were collected, in compliance with applicable legal and regulatory requirements. 
  • Immediate reaction to security incidents: At Facephi, we commit to acting swiftly, effectively, and in accordance with regulations in response to any security incident that may compromise the confidentiality or integrity of data. This management can be carried out correctly by dividing it into three areas: 
    • Monitoring information security incidents 
    • Collection of evidence 
    • Response to information security incidents 

Our methodology regarding data security is based on the principles of ISO 27701. This standard provides guidance for implementing, maintaining, and improving an Information Privacy Management System (IPMS) as an extension of ISO 27001 for privacy management within an organization’s context. 


Digital privacy: Facephi’s commitment to data protection

Facephi’s data protection policy is based on the fundamental principles of GDPR, thus ensuring privacy, security, and regulatory compliance in all its operations. Users can trust that their rights are our main priority when interacting with Facephi’s products and services.