General Data Protection Regulation

The official document of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version of the OJ L 119, 04.05.2016


GDPR (The General Data Protection Regulation) s a regulation in EU law on data protection and privacy in the European Union, which is effective from May,  2018. 

Since the Regulation applies regardless of where the incorporated company is based, it impacts every such entity that does business or provides services and goods to European Union residents. Despite being European law, any entity that collects and analyzes the personal data of EU citizens or other businesses and their customers lies under GDPR. 

The purpose of GDPR is to protect individuals' rights and personal information in the process of using products or services. Any private information which is in any possible way directed to a certain individual is considered as personal data and its processing is regulated by GDPR. Such data may include information about location, online identifiers, biometric data such as facial recognition. 

Auther as a facial recognition provider fully complies with GDPR and fulfills all its requirements for maintaining order. 

Controllers and Processors are key components to creating GDPR compliance.

Controller - any entity which determines the purpose of all data processing;

Processor - executive which processes received personal data from controllers.

The responsibility of GDPR compliance is completely assigned to controllers. Data controllers are responsible and liable for GDPR compliance in the processing of personal information, even in cases when they have outsourced such processing activities to another company. Nevertheless, processors are also obligated to be GDPR compliant under the applicable law.

Main GDPR requirements to comply with:

1. Transparency and communication

Auther explains before the user starts using its services and goods, how the received data is processed. For any questions or clarifications, the user is able to form a request.

2. Personal data collection

At the moment Auther will collect personal and any other data from a Client or User the proper notification will be displayed for better understanding.

3. Right of access

Our Clients have the right to know certain information about the processing activities of a Auther as data controller. 

4. Accuracy

Our Clients are able to correct inaccurate or incomplete personal data that Auther is processing or going to.

5. Right to erasure

Our Clients have a full right to request the deletion of any information about them that Auther possesses. 

6. Right to restrict processing

Auther will apply any Clients` requests about their desire to temporarily change the way their personal information is processed.

7. Data portability

Auther stores Clients’ personal data in an easily portable format for quick sharing with others or for making changes. 

8. Right to object

Our Clients have the full right to object to the processing of their data. 

Auther as Data Controller complies with GDPR and performs a role of Company Products’ provider (“Controller”) which collects Personal Information of its Clients who are Users of the Company Products, statistical and other data from Website Visitors. Controller use gathered data to improve the services the Company provides, in this case the Website and Auther Services, and make necessary changes for better User experience while being with Auther. More information about User rights under GDPR are described in Privacy Policy Section 7.1

According to the Terms of Service, Section 7.3 , Auther as the Processor will assist the Client/User as the Controller in meeting the Client’s obligations under GDPR, providing subject access, and allowing data subjects to exercise their rights under GDPR. 

Auther notifies each Client or Visitor about the use of cookies or other similar technologies for data collecting. The Client or Visitor may decline cookies activities on the Website in order to prevent information tracking. More information about data tracking is described in Privacy Policy, Section 3.4.

For the purposes of providing the Auther Services other processors are engaged. By agreeing to the Auther Terms of Service, our Client grants a general authorization for that to proceed. Third-party processors are absolutely compliant with GDPR and all actions they perform lies under their own Privacy Policy and Terms of Service. The processors are Amazon, Mailchimp, Hubspot - CRM, Pipedrive - CRM, and Stripe. More detailed information is in Auther Terms of Service, Section 4.2 and 4.3.

Auther as Data Processor

If our Client uploads Client Data to the Platform, such Client Data and any processing of such Client Data must be in compliance with the Auther Terms of Service and applicable law. All rights, title and interest in and to the Client Data belong to the Client or third persons (including Users, persons and Organizations) whether posted and/or uploaded by you or made available on or through the Auther Services by Auther. By uploading Client Data to the Platform, Client authorizes Auther to process the Client Data. More information is available in Terms of Service, Section 7.1.

As a Processor Auther does not store any biometric data of processed images. At present Auther does not store processed images. The function of images` storage will be available in the future with full compliance with General Data Protection Regulation from the responsible side - our Clients/Users.

Who is responsible for data processing


Riddletag OÜ (reg.code 14653616)

Address: Kiriku 6, Tallinn 10130,  Estonia.

Data protection officer

Name/Surname: Yurii Holuz

Contacts to data protection officer

Email address: