Privacy Policy – Ageware App

In connection with the use of the Ageware software (“Ageware”), we process your personal data in the manner and to the extent further specified in this Privacy Notice. 

The aim of this document is to provide you, in particular, with information regarding the scope and nature of such processing, the extent of your rights and the manner in which you can exercise them.

Collection and processing of your personal data is conducted in accordance with the applicable data protection legislation, in particular the General Data Protection Regulation (GDPR).

  • Who is the data controller?

The controller of your personal data is Biometric Ventures s.r.o., with its registered seat at Skalecká 357/17, Holešovice, Postal Code 170 00, Prague 7, Czech Republic, corporate identification No.: 118 94 741 (“Biometric Ventures” or “we”, “us” and “our”). 

In case of any requests relating to the processing of your personal data or in case of exercising your rights set out in clause 6 below, please contact us at 

  • What personal data do we collect about you? For what purpose, on what legal basis and for how long do we collect it?


We process your personal data for the purpose of demonstrating the age estimation within Ageware demo version. Your personal data is processed only to the extent determined by the aforementioned purpose of the processing, namely: 

  1. For automated age estimation by Ageware, we process your photograph taken by you (selfie), facial features, your sex, information whether you are a living human, estimated age, and information whether you are below or above the required age threshold (please see clause 3 below).
  2. If your age cannot be estimated or the age estimation within Ageware determines that you have not reached the required age, we also process (in addition to the personal data specified in clause 2.1 above) your ID card photograph (that will be compared with the selfie taken to confirm it was submitted by the same person) and date of birth through a scan of your ID card (or another supported document).

The legal basis for the processing is your consent, which you voluntarily granted to us prior to the respective processing (under clauses 2.1 and 2.2 above). We thus collect your consent before each stage of the age estimation process. 

Please note that the process of comparing your selfie and your ID card photograph through specific technical processing to confirm the ID card belongs to you may be qualified as your authentication and the processing of special categories of personal data (biometric data) within the meaning of Article 9 GDPR. We have, therefore, adopted additional safeguards to comply with Article 9 requirements. These include double opt-in before you share your ID card scan with us as a way of obtaining your explicit consent. 

Your aforementioned personal data will be processed for the period of 90 days unless you withdraw your consent sooner. After the lapse of the 90-day period, your personal data will be automatically deleted.

The processing of the data is necessary for the above purposes. If the data is not provided, the age estimation process cannot be fully demonstrated. 

  • What is a cookie? What types of cookies do we use?

A cookie is a small text file that is stored and/or read by your web browser on your end device (e.g., computer, laptop, tablet or smartphone) by websites you visit. Almost every website uses cookies to ensure the proper functioning of the website and optimization of the appearance of the website and its functionalities.

We use session, strictly necessary cookies as a unique user ID which enable you to move around the website and properly use the Ageware demo version. These cookies are only set in response to actions made by you which amount to a request to access and use the Ageware demo version. These cookies are indispensable for the use of our website and the Ageware demo version and they will expire after closing the web browser or within 3 hours.

  • With whom do we share your personal data? 

Your personal data may be disclosed to reliable third parties that provide us with administrative or technical support and providers of IT systems and data servers. In case of such disclosure, we will ensure that the recipients adhere to sufficient technical and organisational security measures and the disclosure will be governed by an agreement complying with the respective GDPR requirements.

There may be instances where we are required by law or an order of a public authority to share your personal data with government authorities or law enforcement bodies. In some exceptional cases, we may also need to share your personal data with our external advisors who are subject to a confidentiality obligation. 

Apart from the above, we will not share your personal data with any third parties or unauthorised personnel. We are committed to protect your privacy and restrict the access the to your data as much as possible. 

Within Biometric Ventures, only a limited number of our employees will have access to your personal data. The employees are obliged to keep your personal data and measures taken for their protection strictly confidential. They are entitled to handle personal data only upon our explicit instructions. 

  • Do we transfer your personal data outside the EU/EEA?

In connection with the age estimation/verification through Ageware, your personal data may be transferred to a sub-processor that has its registered office in the USA. However, for the purpose of maintaining the adequate level of protection of the transferred personal data, the personal data are processed even by the sub-processor only within the EEA. In order to ensure the protection of the transferred personal data, the standard contractual clauses are also concluded with the sub-processor.

  • What are your rights in relation to the processing?

If you grant us your consent to the processing of your personal data, you do so entirely voluntarily and, therefore, you have the right to withdraw or restrict the consent at any time. The withdrawal of the consent does not affect the lawfulness of processing based on consent before its withdrawal. 

In some circumstances, you have the right to object to the processing of your data by us, in particular where your personal data is processed on the basis of a legitimate interest; in such a case we will assess your objection and inform you about the result. 

Under certain conditions and circumstances, your other rights include: the right to access your personal data, right to have your personal data rectified or erased, right to restrict the processing, right to data portability and right to lodge a complaint with the relevant Data Protection Authority (see the list of Data Protection Authorities, including their contact details, available here). 

However, there are exceptions to these rights. For example, access to your data may be refused if making the information available would reveal personal information about another person or if we are legally prevented from disclosing such information.

  • What if there are any changes to the processing? 

We may change this Privacy Notice from time to time. We will notify you of any material changes via email or other appropriate means. 


Last updated: 30.6.2022