> For the complete documentation index, see [llms.txt](https://oten.gitbook.io/pass-privacy-policy/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://oten.gitbook.io/pass-privacy-policy/oten-pass-privacy-policy.md).

# Oten Pass - Privacy Policy

**Effective Date: \[28/05/2026]**

### 1. Introduction and System Architecture

#### 1.1 About Oten Pass

Oten Pass is a mobile companion application developed by Oten Switzerland GmbH ("Oten", "we", "our", or "us") designed to provide members of enterprise organizations with a secure, convenient interface for authentication, identity verification, and transaction approval. Oten Pass operates as part of the Oten security ecosystem and integrates directly with Oten Identity ("Oten IDP"), our centralized backend identity platform.

By installing and using Oten Pass, you acknowledge that you have read, understood, and agreed to this Privacy Policy.

#### 1.2 Role of Oten Pass in the Ecosystem

Oten Pass is a mobile client application — it does not operate as a standalone identity platform. Its primary functions are:

* Providing a convenient mobile interface for authentication and MFA;
* Generating TOTP (Time-based One-Time Password) tokens locally on your device;
* Receiving and responding to real-time push approval and security challenge requests;
* Performing biometric liveness verification when enabled by your organization;
* Managing passkeys and device-bound credentials.

All identity data, account management, SSO, and backend processing occur within Oten IDP, governed by the Oten Identity Privacy Policy. This Policy covers only data processed locally on your device or transmitted from Oten Pass to Oten IDP.

#### 1.3 Professional Use and Eligibility

Oten Pass is intended for professional use by authorized members of enterprise organizations. Oten Pass may not be used by individuals under the age of 13 (or a higher minimum age where required by applicable local law). See Section 9 for our full policy on children's data.

#### 1.4 Data Controller and Processor Roles

In the Oten ecosystem:

* Your Organization is the primary Data Controller of your identity, account data, and security configurations within Oten IDP. Your Organization determines which features of Oten Pass are enabled, including biometric verification.
* Oten acts as a Data Processor with respect to personal data processed on behalf of your Organization, and as a Data Controller with respect to technical and operational data Oten processes to provide, secure, and improve the Oten Pass application.

Your Organization may have its own independent privacy policies governing its use of your data. You should refer to your Organization's policies for information about how it manages your data within the Oten ecosystem.

#### 1.5 Relationship with Oten Identity Privacy Policy

This Privacy Policy must be read in conjunction with the Oten Identity Privacy Policy, which governs all backend processing of your identity data. Key cross-references are provided throughout this document where data flows between Oten Pass and Oten IDP. Where this Policy is silent on a matter covered in the Oten Identity Privacy Policy, the Oten Identity Privacy Policy applies.

### 2. Scope and Roles

#### 2.1 What This Policy Covers

This Privacy Policy applies to:

* Data collected and processed by the Oten Pass mobile application on your device;
* Data transmitted from Oten Pass to Oten IDP as part of authentication, verification, and approval workflows;
* Device permissions accessed by Oten Pass (camera, biometrics, notifications);
* Technical and diagnostic data generated by Oten Pass.

This Policy does not apply to:

* Data processed by Oten IDP after receipt from Oten Pass — see the Oten Identity Privacy Policy;
* Third-party applications you authenticate into using Oten Pass;
* Your Organization's own systems and privacy practices.

#### 2.2 Enterprise Context

Your Oten Pass account is provisioned and managed by your employer or contracting organization ("Your Organization"). Your Organization, as the primary Data Controller, determines:

* Which authentication methods are available to you (e.g., TOTP, biometric, passkey);
* Whether the Biometric Verification and Liveness feature is enabled for your account;
* What activity logs and security events are retained and reviewed;
* The scope of administrator access to your account data within Oten IDP.

Oten does not independently control these configurations. For questions about your Organization's data practices, contact your Organization's IT administrator.

### 3. Data We Process

#### 3.1 Account Information

Oten Pass retrieves the following data from your centralized Oten Identity profile, provisioned by your Organization:

* Full name and display name;
* Email address and/or mobile phone number;
* Organization name and role;
* Date of birth (if provided to your Organization);
* Account status and assigned authentication methods.

This data originates from and is governed by Oten IDP. Oten Pass displays this data locally to provide a personalized interface but does not independently store a copy beyond what is required for session continuity.

#### 3.2 Authentication and Security Data

* Login events: timestamps, authentication method used, and outcome (success/failure);
* MFA usage: TOTP generation events (token values are generated locally and never stored or transmitted by Oten Pass);
* Verification methods selected: password, authenticator (TOTP), biometric (liveness), passkey, Face ID / Passcode;
* Authentication results transmitted to Oten IDP for session establishment.

#### 3.3 Device and Technical Data

* Device type, model, and manufacturer;
* Operating system name and version;
* User agent string;
* IP address (transmitted to Oten IDP as part of authentication requests);
* Approximate location derived from IP address (no GPS-level location is collected);
* App version number and crash/error diagnostic data.

#### 3.4 Activity Logs

* Security events: sign-in, sign-out, password changes, factor enrollment and removal;
* Approval and rejection decisions on push requests;
* Source of requests (application and timestamp);
* Session identifiers used to maintain continuity during a session.

Activity logs are transmitted to Oten IDP and are accessible to Your Organization's administrators as described in Section 10. For retention periods, see Section 12.

#### 3.5 Verification and Approval Data

* Authentication or approval requests received from Oten IDP;
* User decisions (approve / reject) and associated timestamps;
* Request metadata (requesting application, scope, context);
* Challenge responses.

#### 3.6 Biometric Data (Highly Sensitive)

When enabled by Your Organization, Oten Pass supports a Biometric Verification and Liveness feature. The following applies:

* Collection is initiated only when you explicitly start the verification flow — biometric data is never collected passively or in the background;
* Oten Pass uses your device camera to record a short liveness video stream;
* A secure, permanent digital watermark is automatically applied to the video at the point of capture, before any transmission;
* A non-reversible Biometric Template (a mathematical vector) is computed on your device from the capture; it cannot be used to reconstruct your facial image or the original video;
* The watermarked video is transmitted securely (SSL/TLS) to Oten IDP for administrative review, and the on-device Biometric Template is transmitted to Oten IDP for storage and future matching;
* Raw, unwatermarked video is never stored on your device beyond the duration of active capture, and is never transmitted. Cross-reference: For the complete biometric data flow within Oten IDP — including admin review, Biometric Template storage and matching, and the 90-day deletion schedule — see [Oten Identity Privacy Policy, Section 2.13](https://oten.gitbook.io/identity-privacy-policy#id-2.13-biometric-data-flow-cross-product-oten-pass-oten-idp).

#### 3.7 Data We Do Not Collect

To be transparent about the boundaries of Oten Pass data processing, we explicitly do not collect:

* Raw, unwatermarked biometric templates or facial recognition models;
* On-device Face ID / Touch ID / biometric data — this remains within your device's secure enclave and is never accessible to Oten or Your Organization (see Section 7);
* TOTP token values — tokens are generated locally and never stored or transmitted by Oten Pass;
* Plaintext passwords or passphrases;
* Content of communications or documents unrelated to authentication and approval workflows;
* GPS or precise location data;
* Behavioral tracking data for advertising or profiling purposes;
* Data from third-party apps you authenticate into via Oten Pass.

### 4. How We Use Data

#### 4.1 Purposes of Processing

We process personal data in Oten Pass solely for the following purposes:

* Providing secure authentication and identity verification for your Oten account;
* Enabling secure access to corporate systems and applications authorized by Your Organization;
* Delivering real-time approval and security challenge requests from Oten IDP;
* Detecting, investigating, and preventing fraud, spoofing, or unauthorized access attempts;
* Providing comprehensive activity logs and security visibility to Your Organization's administrators;
* Supporting secure account recovery processes under your Organization's policies;
* Improving the reliability, security, and performance of Oten Pass using aggregated, de-identified diagnostic data.

#### 4.2 No Use for Advertising or Behavioral Profiling

We do not use personal data collected via Oten Pass for targeted advertising, behavioral profiling, or the creation of marketing profiles. We do not sell, rent, or share personal data with any third-party advertiser, data broker, or marketing platform. This applies without exception to all data categories, including biometric data.

#### 4.3 Legal Bases for Processing

* Performance of Contract: to provide authentication, MFA, and approval services under your Organization's enterprise agreement with Oten;
* Legitimate Interests: to secure Oten Pass, detect fraud, prevent abuse, and improve service reliability, where such interests are not overridden by your rights;
* Explicit Consent: for collection and processing of biometric liveness data — consent is provided each time you explicitly initiate a verification flow;
* Legal Obligation: to comply with applicable laws in jurisdictions where Oten operates.

### 5. Biometric Data Processing

#### 5.1 Overview

Biometric data is among the most sensitive categories of personal data. This section describes in detail how Oten Pass handles biometric liveness data, from collection on your device through to transmission to Oten IDP.

<table data-header-hidden><thead><tr><th valign="top"></th></tr></thead><tbody><tr><td valign="top"><em>This feature is only active when your Organization has explicitly enabled it. If your Organization has not enabled Biometric Verification, no biometric data is collected, processed, or transmitted by Oten Pass.</em></td></tr></tbody></table>

#### 5.2 Explicit Consent

Biometric liveness data is collected only when you explicitly initiate the verification flow within Oten Pass. The application will present a clear description of what data will be collected and how it will be used before the camera is activated. You may decline at any time by exiting the flow. Declining may prevent completion of the verification step as configured by your Organization.

#### 5.3 Secure Watermarking at Capture

At the moment of capture — before any transmission or storage — Oten Pass automatically applies a secure, permanent, cryptographic digital watermark to the liveness video. The watermark:

* Is applied on-device and cannot be removed without invalidating the video;
* Serves as proof of authenticity and prevents repurposing or misuse of the recording;
* Contains metadata binding the video to the specific verification event.

#### 5.4 Transmission

The watermarked video is transmitted securely from Oten Pass to Oten IDP using SSL/TLS encryption. No raw, unwatermarked video leaves your device at any point.

#### 5.5 Processing and Review in Oten IDP

Upon receipt by Oten IDP:

* The watermarked video is stored and made available for review by authorized administrators of Your Organization via the Oten Identity Admin Application;
* The Biometric Template (a non-reversible mathematical vector computed on the user's device) is stored for future verification. It cannot be used to reconstruct the user's original facial image, the original video, or any raw biometric data;
* Matching is performed on the server by comparing Biometric Templates;
* Both the watermarked video and the Biometric Template are subject to the retention and deletion schedule described in the [Oten Identity Privacy Policy Section 2.13.](https://oten.gitbook.io/identity-privacy-policy#id-2.13-biometric-data-flow-cross-product-oten-pass-oten-idp)

#### 5.6 Retention

* Watermarked liveness videos: stored in Oten IDP for a maximum of 90 days from their creation date. Permanently and irreversibly deleted on the 91st day, with no possibility of recovery.
* Biometric Templates (Biometric Vectors): permanently deleted 90 days from their creation date, regardless of account status or organizational configuration.
* No biometric data is retained on your device beyond the duration of active capture.

#### 5.7 Access

Access to biometric data within Oten IDP is strictly limited to authorized administrators of Your Organization and to Oten personnel who operate the infrastructure under written confidentiality obligations. Oten does not use biometric data for any purpose beyond liveness verification and matching within the authentication workflow.

#### 5.8 Member Control Over Biometric Data

Biometric verification records — including liveness videos and Biometric Templates — are governed by Your Organization as Data Controller and cannot be independently deleted by individual members. Deletion follows the automatic schedule described in Section 5.6: videos are permanently deleted on day 91, and Biometric Templates are permanently deleted after 90 days from their creation date, regardless of account status. Members who wish to request early deletion of their biometric data must submit the request through their Organization's IT administrator.

### 6. Cookies and Tracking Technologies

#### 6.1 Mobile Application — No Browser Cookies

Oten Pass is a mobile application and does not use browser-based cookies.

#### 6.2 No Advertising or Behavioral Tracking

Oten Pass does not employ:

* Third-party advertising trackers or advertising SDKs;
* Behavioral analytics SDKs for user profiling;
* Cross-app tracking technologies;
* Any technologies that share your usage data with advertising networks or data brokers.

#### 6.3 Technical Identifiers

Oten Pass uses technical identifiers — such as device identifiers and session tokens — solely for the following operational purposes:

* Authentication and session management;
* Security threat detection and rate limiting;
* Push notification routing for approval requests;
* Service delivery and diagnostic data.

These identifiers are not used for advertising, profiling, or any purpose beyond the operational functions described above.

### 7. Permissions and Device Access

#### 7.1 Camera

Purpose: Solely for recording watermarked liveness videos (biometric verification feature) and scanning QR codes for authentication and account linking.

The camera is only activated when you explicitly initiate a liveness verification or QR code scanning flow. The camera is never activated passively or in the background.

#### 7.2 Face ID / Touch ID or Device Passcode

Purpose: To secure local access to the Oten Pass application on your device.

Your on-device biometric data (Face ID / Touch ID) is processed entirely within your device's secure enclave by the operating system. This biometric data never leaves your device, is never transmitted to Oten or Your Organization, and is not accessible to the Oten Pass application or to Oten. Oten Pass receives only a cryptographic success/failure signal from the operating system.

#### 7.3 Notifications

Purpose: To deliver real-time authentication requests, transaction approval prompts, and security challenge notifications from Oten IDP.

Push notifications are used exclusively for security and authentication operations. Oten Pass does not send marketing, promotional, or advertising notifications.

#### 7.4 Consequence of Denying Permissions

You may deny or revoke any of the above permissions through your device settings at any time. Denying permissions will prevent the associated security features from operating:

* Denying camera access prevents biometric liveness verification and QR code scanning;
* Denying Face ID / Touch ID / Passcode prevents local app authentication and may expose the app to unauthorized access on your device;
* Denying notifications prevents delivery of push approval requests, which may require you to use alternative authentication methods.

Core authentication features that do not require these permissions (e.g., TOTP code generation, passkey-based authentication) will continue to function normally.

### &#x20;8. Authentication Methods and Credentials

#### 8.1 Supported Authentication Methods

* Password verification — your password is hashed and stored in Oten IDP; it is never stored in plaintext on your device or by Oten Pass;
* Authenticator (TOTP) — one-time tokens are generated locally within Oten Pass using a time-based algorithm. Token values are never stored or transmitted by Oten Pass; only the authentication outcome is communicated to Oten IDP;
* Biometric (Watermarked Liveness) — a watermarked liveness video is submitted to Oten IDP for verification as described in Section 5;
* Passkey (FIDO2 / WebAuthn) — passkeys are managed via industry-standard FIDO2 protocols. Oten does not store the private key component; it is held securely in your device's credential store. See Section 8.2;
* Face ID / Passcode (Local Device Authentication) — used to secure local access to Oten Pass on your device. Biometric data does not leave your device. See Section 7.2.

#### 8.2 Passkey Handling

Passkeys registered through Oten Pass are managed via FIDO2 standards. The private key component of a passkey is stored exclusively in your device's platform credential store (e.g., Apple Keychain, Android Credential Manager) and is never transmitted to or stored by Oten. Oten IDP stores only the corresponding public key, which cannot be used to derive the private key.

Oten does not have access to, and cannot recover, your device-stored passkey private keys. If you lose your device, the passkey stored on that device will no longer be available. You can continue to access your account using other enrolled authentication methods, such as your password or the forgot password flow. Once signed in, you can enroll a new passkey on your new device through your account settings.

#### 8.3 Credential and Password Management (Future Feature)

A future version of Oten Pass may include a credential vault feature. When available:

* Oten will not have access to the plaintext of any stored credentials;
* All encryption keys will be derived from your authentication methods and controlled on your device;
* This Policy will be updated to reflect the data processing activities of any new features before they are made available.

### 9. Our Policy Towards Children

#### 9.1 Eligibility

Oten Pass is intended for professional use by authorized members of enterprise organizations. It may not be used by individuals under the age of 13 (or a higher minimum age where required by applicable local law). We do not knowingly collect personal data from children below the applicable minimum age.

#### 9.2 Unintentional Collection

If we discover or are notified that we have unintentionally collected personal data from a child below the applicable minimum age, we will:

* Immediately suspend access to the relevant account in coordination with Your Organization;
* Take prompt steps to securely delete all associated personal data, including any biometric data if collected;
* Notify Your Organization's administrator without undue delay;
* Notify the relevant supervisory authority where required by applicable law.

#### 9.3 Organizational Responsibility

Organizations using Oten Pass are responsible for ensuring that only users meeting the applicable minimum age requirement are provisioned accounts, and for ensuring compliance with applicable child data protection regulations in their jurisdictions.

#### 9.4 Biometric Data and Age

Organizations are responsible for ensuring compliance with applicable laws regarding biometric data collection for users of any age in their jurisdiction. This includes obtaining any additional consent or parental authorization required under local law for users who may be considered minors. Oten does not independently verify the age of individual users — this responsibility rests with the Organization as Data Controller.

### 10. Activity Monitoring and Organization Access

#### 10.1 Organization as Data Controller

Your Organization, as the primary Data Controller, has full administrative control over your account within Oten IDP. This includes the right to access, export, and monitor activity logs, authentication events, and security-related actions generated by your use of Oten Pass.

#### 10.2 What Organizations Can Access

Your Organization's authorized administrators may access:

* Authentication event logs (sign-in attempts, outcomes, methods used, timestamps);
* MFA usage records and factor enrollment/removal history;
* Approval and rejection decisions on push requests;
* Session records and device information associated with authentication events;
* Biometric liveness video submissions and Biometric Template status (if the feature is enabled).

#### 10.3 Governance of Organizational Monitoring

Organizational access to your data within Oten IDP is governed by:

* Your Organization's internal IT, security, and privacy policies;
* The Data Processing Agreement between Oten and Your Organization;
* Applicable employment law and data protection regulations in your jurisdiction.

Oten does not independently control the scope of monitoring configured by Your Organization. For questions about your Organization's monitoring practices, contact your Organization's IT or HR department.

#### 10.4 Oten's Access Restrictions

Oten personnel access your personal data only as required to operate, maintain, and secure Oten Pass and Oten IDP, and only under written confidentiality obligations. Oten does not access your data for commercial purposes beyond service delivery.

### 11. Data Sharing

#### 11.1 General Principle

We do not sell, rent, or share your personal data with any third party for advertising, profiling, or commercial exploitation purposes. Data is shared only as described in this Section and only to the extent necessary to operate Oten Pass securely.

#### 11.2 Your Organization

Data is shared with Your Organization for identity management, administrative audit, and corporate security monitoring, as described in Section 10. The scope of this sharing is governed by your Organization's enterprise agreement with Oten and applicable data protection law.

#### 11.3 Oten Identity (Oten IDP)

Oten Pass transmits authentication data, activity logs, and (where enabled) watermarked liveness videos to Oten IDP as part of the integrated authentication workflow. Oten IDP provides consistent data protection as governed by the Oten Identity Privacy Policy. For cross-border transfer safeguards applicable to this transmission, see the Oten Identity Privacy Policy, Section 4.5.

#### 11.4 Service Providers (Sub-Processors)

We may engage third-party infrastructure and security hosting providers to support the operation of Oten Pass. All such sub-processors are bound by written Data Processing Agreements (DPAs) that:

* Prohibit use of personal data beyond the defined service scope;
* Require appropriate technical and organizational security measures;
* Impose confidentiality obligations on their personnel;
* Require notification to Oten in the event of a security incident involving Oten data.

A current list of sub-processors is available upon written request submitted to <dpo@oten.com>.

#### 11.5 Third-Party Integrations

When you use Oten Pass to authenticate into authorized external applications, Oten IDP issues authentication tokens containing only the attributes approved by you and Your Organization. Oten Pass does not directly share your data with third-party applications beyond the authentication assertion managed by Oten IDP.

#### 11.6 Legal Compliance

We may disclose data to comply with valid legal obligations, court orders, or lawful governmental requests. We will review each request, limit disclosure to the minimum legally required, and notify Your Organization unless prohibited by law or court order.

#### 11.7 Business Transactions

In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the successor entity with equivalent data protection guarantees and advance notice to affected organizations.<br>

### 12. Data Retention

#### 12.1 General Principles

Because Oten Pass operates as a companion app to Oten IDP in a B2B context, your account and associated data are owned and controlled by Your Organization. Oten retains data generated via Oten Pass for the periods described below, in accordance with Your Organization's instructions and applicable legal obligations.

<table data-header-hidden><thead><tr><th valign="top"></th></tr></thead><tbody><tr><td valign="top"><em>Planned feature: Oten IDP will introduce Organization-level Data &#x26; Privacy controls, allowing Org Admins to configure activity log retention periods and manage member data deletion schedules directly. This section will be updated when those controls become available.</em></td></tr></tbody></table>

#### 12.2 Account Archival and the Grace Period

When Your Organization's Administrator archives your account, the following applies to data associated with your use of Oten Pass:

* Immediate effect: Your Oten Pass session is terminated and you can no longer authenticate via the app. Push notifications and approval requests stop immediately.
* Grace period — 30 days: For 30 days following archival, your account data is preserved and the account can be restored via the Recover Account flow. Your authentication history, enrolled factors, and associated data remain intact during this period.
* Purge on day 31: If no restoration is initiated, all PII associated with your account — including enrolled factors, passkeys, and profile data linked to Oten Pass — is permanently and irreversibly purged on the 31st day.
* Post-purge: Only pseudonymized audit records (with no linkable identity) are retained for security and compliance purposes after purge.

<table data-header-hidden><thead><tr><th valign="top"></th></tr></thead><tbody><tr><td valign="top"><em>Cross-reference: For the full archival and purge sequence at the Oten IDP level, see Oten Identity Privacy Policy, Section 6.2.</em></td></tr></tbody></table>

#### 12.3 Retention Periods by Data Category

* Account and Profile Information: Retained while your account is active. Purged on day 31 following account archival as described in Section 12.2.
* Authentication and Security Data (session tokens, enrolled factors, passkeys): Retained only for the duration required for session and authentication integrity. Purged as part of the account purge cycle. TOTP codes generated locally by Oten Pass are never stored.
* Activity Logs (authentication events, approval decisions, security events): Retained for the period configured by Your Organization. Where Your Organization has not configured a specific period, logs are retained for the period required under applicable legal obligations of the relevant jurisdiction.
* Facial Video Recordings (transmitted to Oten IDP): Stored in Oten IDP for a maximum of 90 days from creation date. Permanently and irreversibly deleted on the 91st day, regardless of account status. See Oten Identity Privacy Policy, Section 6.
* Biometric Templates / Biometric Vectors (processed in Oten IDP): Permanently deleted 90 days from creation date, regardless of account status. See Oten Identity Privacy Policy, Section 6.
* Technical and Diagnostic Data (device info, IP address, app version, error data): Retained for the period necessary for diagnostic and security purposes, in accordance with our technical operations and applicable law.

#### 12.4 Secure Deletion

When data reaches the end of its retention period, we follow a secure deletion process. For biometric data, deletion is permanent and irreversible — no recovery is possible after the scheduled deletion date. Residual copies of other data categories may remain in encrypted backup archives temporarily before being overwritten on a regular rotation cycle.

#### 12.5 Legal and Regulatory Retention

We may retain certain data beyond the standard periods above where required by applicable law, court order, or regulatory obligation. In such cases, retained data is segregated from active systems and access is strictly limited to personnel with a documented legitimate need.

### 13. Security Measures

#### 13.1 Technical Safeguards

* Secure transit encryption via SSL/TLS (1.2 or higher) for all data transmitted between Oten Pass and Oten IDP;
* Secure hosting infrastructure with strictly controlled, role-based administrative access;
* Zero-trust architecture ensuring continuous verification of all access requests — no implicit trust based on network location;
* Vulnerability management including regular security testing and review;
* On-device cryptographic protections for passkeys and authentication artifacts.

#### 13.2 Organizational Safeguards

* Oten personnel with access to infrastructure handling biometric or personal data operate under written confidentiality obligations;
* Access to personal data is granted on a least-privilege, need-to-know basis with regular access reviews;
* Mandatory security awareness training for relevant personnel;
* Documented procedures for security incident response.

#### 13.3 Security Incident Notification

In the event of a personal data breach affecting data processed via Oten Pass:

* Oten will notify the relevant supervisory authority within 72 hours of becoming aware, where required by applicable law;
* Oten will notify Your Organization without undue delay so that Your Organization, as Data Controller, can fulfill its obligations to affected individuals;
* Oten will provide Your Organization with information necessary to assess the impact and take appropriate protective action.

#### 13.4 Your Responsibilities

You play an important role in protecting your account. You should:

* Maintain the security of your device, screen lock, and local authentication (PIN, Face ID, Touch ID);
* Carefully review and verify the source and content of all incoming push approval and challenge requests before responding — do not approve requests you did not initiate;
* Prevent unauthorized physical or digital access to your Oten Pass application;
* Keep your device operating system and Oten Pass updated to the latest version;
* Notify your Organization's IT administrator immediately if you suspect your device or account has been compromised.<br>

### 14. International Data Transfers

#### 14.1 Cross-Border Processing

To support enterprise operations across Southeast Asia and the Middle East, data transmitted from Oten Pass to Oten IDP may be processed in data centers located in different jurisdictions, depending on your Organization's system architecture and configuration. Oten does not currently offer Organization-selectable data residency.

#### 14.2 Transfer Safeguards

Any cross-border transfer of personal data is conducted in compliance with applicable data protection regulations, including:

* Standard Contractual Clauses (SCCs) or equivalent contractual safeguards recognized under applicable law;
* UAE Federal Decree-Law No. 45 of 2021 transfer requirements for UAE personal data;
* Transfer requirements under Singapore PDPA, Thailand PDPA, Indonesia UU PDP, Malaysia PDPA, and Philippines Data Privacy Act, as applicable.

#### 14.3 Consistent Protection

Regardless of where your data is processed, Oten applies the technical, contractual, and organizational safeguards described in this Policy and in the Oten Identity Privacy Policy. For detailed transfer safeguards, see Oten Identity Privacy Policy, Section 4.5.

### 15. Your Rights

#### 15.1 Applicable Rights

Depending on your jurisdiction and subject to applicable laws, you may have the right to:

* Access: obtain confirmation of whether we process your data and receive a copy;
* Rectification: request correction of inaccurate or incomplete data;
* Erasure: request deletion of your data where it is no longer required;
* Restriction: request restriction of processing in certain circumstances;
* Data portability: receive your data in a structured, machine-readable format;
* Withdraw consent: for biometric data processing, at any time;
* Object: to processing based on legitimate interests.

#### 15.2 How to Exercise Your Rights

Because accounts within Oten Pass are provisioned and owned by Your Organization, data rights requests follow this structure:

* Requests related to account data, activity logs, identity information, account archival, or account restoration must be directed to Your Organization's IT administrator. Oten does not override organizational decisions on member accounts.
* Requests related to data processed directly by Oten as Data Controller (e.g., technical/diagnostic data, biometric data stored in Oten IDP) may be submitted to <dpo@oten.com>.
* For general support issues — including technical problems with the app, authentication errors, or questions about how data is processed — all users may contact Oten through the standard support channel at <contact@oten.com>.
* You may manage and remove individual authentication factors (e.g., enrolled passkeys, TOTP) directly within the Oten Pass settings menu.
* Biometric verification records (liveness videos and Biometric Templates) cannot be independently deleted by individual members. Deletion is automatic after 90 days. Requests for early deletion must be submitted to Your Organization's IT administrator.

#### 15.3 Response Timeframes

We will acknowledge receipt of your request within 5 business days and respond within the timeframe required by applicable law in your jurisdiction (generally 30 days). We may request reasonable verification of your identity before processing your request.

#### 15.4 Escalation for Data Rights

If you have submitted a data rights request to Your Organization's administrator and have not received a response or resolution within 30 days, you may notify Oten at <dpo@oten.com>. Oten will acknowledge your notification and follow up with Your Organization on your behalf. Note that Oten cannot override Your Organization's authority as Data Controller over member accounts — but we will work with Your Organization to ensure your request is addressed appropriately.

#### 15.5 Right to Lodge a Complaint

You have the right to lodge a complaint with the competent data protection supervisory authority in your jurisdiction. The relevant authority depends on your country of residence:

* UAE: UAE Data Office;
* Singapore: Personal Data Protection Commission (PDPC) — <https://www.pdpc.gov.sg>;
* Thailand: Personal Data Protection Committee (PDPC Thailand);
* Indonesia: Ministry of Communication and Digital Affairs (Komdigi);
* Malaysia: Department of Personal Data Protection (JPDP);
* Philippines: National Privacy Commission (NPC) — <https://www.privacy.gov.ph>.

We encourage you to contact us at <dpo@oten.com> first to attempt to resolve any concern directly.

### 16. Changes to This Policy

#### 16.1 Updates

We may update this Privacy Policy to reflect operational changes, new features, or regulatory requirements. We are committed to the following principles when making changes:

* We will not reduce your rights under this Policy without your prior explicit consent;
* The effective date of the current version is always indicated at the top of this Policy;
* Previous versions are available upon request at <dpo@oten.com>.

#### 16.2 Notification of Material Changes

For material changes — meaning changes that significantly affect your rights or the way we process your data, including changes to biometric data handling — we will provide advance notice by at least one of the following methods:

* In-app notification within Oten Pass displayed prior to the change taking effect, requiring acknowledgement before continued use;
* Email notification to Your Organization's registered administrators at least 30 days before the change takes effect;
* Prominent notice on the Oten website at oten.com/legal.

Continued use of Oten Pass after the effective date of an update constitutes acknowledgement of the revised Policy, provided that material changes have been notified as described above.

### 17. Contact

#### 17.1 Contact Information

Oten Switzerland GmbH

Blegistrasse 15, 6340 Baar, Zug, Switzerland

General enquiries: <contact@oten.com>

Data protection / privacy requests (DPO): <dpo@oten.com>

Phone: +41 77 291 61 22

#### 17.2 Account and Data Requests

For account-related issues or data rights requests under your Organization's control, contact Your Organization's IT administrator. For data rights requests under Oten's control as Data Controller, submit to <dpo@oten.com>.

#### 17.3 Supervisory Authorities

You have the right to lodge a complaint with the competent supervisory authority in your jurisdiction. See Section 15.5 for a list of supervisory authority contacts by country.
