GDPR-Expanded Privacy Policy

Effective Date: 2025-11-27
Last Updated: 2025-11-27

1. Data Controller

EBIS Next Generation ID Ltd acts as the data controller for personal data processed via the EBUID and Genometric websites.

2. Legal Bases for Processing (Article 6 GDPR)

We process personal data under one or more of the following bases:

• Consent – for contact forms or subscriptions you opt into.
• Legitimate interests – to operate, secure, and improve the website and to prevent abuse.
• Legal obligations – to comply with regulatory or record-keeping requirements.

3. Categories of Data and Sources

We may process these categories of data:

• Technical data (IP, browser, device, log data) from your browser.
• Identification and contact details that you provide voluntarily (e.g., name, email).

No genomic or biometric raw data is processed via this website; such data, where used by Genometric systems, is handled through separate encrypted and user-controlled channels.

4. Data Subject Rights

If you are in the EEA or UK, you have rights under GDPR/UK GDPR including:

• Right of access
• Right to rectification
• Right to erasure (“right to be forgotten”)
• Right to restriction of processing
• Right to data portability
• Right to object

To exercise these rights, contact support@ebisbank.com. You may also lodge a complaint with your local supervisory authority.

5. International Transfers

Where personal data is transferred outside the EEA/UK, we implement safeguards such as Standard Contractual Clauses or rely on adequacy decisions, as applicable.

6. Security Measures

We use encryption in transit (HTTPS), hardened infrastructure, access controls, and monitoring to reduce the risk of unauthorized access or disclosure.

7. Automated Decision-Making

We do not perform automated decision-making or profiling that produces legal effects concerning you based solely on automated processing.

8. Retention

We keep personal data only for as long as necessary for the purposes stated or as required by law. Criteria include: duration of our relationship, contractual requirements, and legal limitation periods.

9. Contact and Supervisory Authority

For GDPR-related questions, contact:
support@ebisbank.com

You also have the right to contact a competent data protection authority in your country.