User Behavior Tracking:

danaXa does not store any information to track user behavior except the annotators that are explained in “Performance Metrics”.

Data Sharing:

danaXa does not share any data, especially images or labeled data, with any third party.

Data Retention and Deletion :

All images and labeled data can be deleted from our server at any time the user needs, and they will be removed from our servers once the project is delivered. Users also have the option to download all their images and labeled data before deletion. However, data download is restricted to authorised users as we have defined permission levels for various parts of our software features, including data access.

Performance Metrics:

danaXa collects performance metrics of data labellers (full-time employees or contractors of danaXa) to provide users with insight into the annotation history and the process behind their annotation projects. This data will also be removed once delivered to the user for their exclusive use.

Data Collected during Annotation:

During the annotation process, we collect the email address, a user-provided name, and a hashed password as the only information stored on our servers. This data can be deleted at any time during the annotation process if a user requests it, and it will be automatically deleted once the project is delivered to the data owner and the data owner deletes the project. Access to our website is provided for data uploads/downloads, providing feedback, and monitoring progress. We are committed to maintaining the security and privacy of your data throughout your interaction with our platform.

Access Control:

We use Google accounts for access control and are currently implementing two-factor authentication for our customers, which will be ready soon. For our employees, access rights and levels are determined by their job function and role. Requests for additional access follow a formal process, which includes a request and approval from the data owner, manager, or other executives in accordance with danaXa's security policies.

For dLabel.org, there are several categories of users:

Annotators: These individuals are responsible for annotating the data .

Managers: They have access for quality control.

Data Owners: These users own the data.

Only data owners and managers have the ability to add new users to the system. Additionally, managers can be assigned by the the data owner or danaXa if a the data owner requests assistance with data annotation.

Data Minimization:

We delete projects customers do not access within a year after sending them a reminder.

Regular Data Backups:

We create backups with different versions of the annotation to ensure data integrity and availability.

Incident Response Plan:

We have a robust incident response plan in place that outlines procedures for responding to data breaches. Roles and responsibilities in case of a breach are clearly defined, and reporting procedures for relevant authorities are established.

Employee Training and Awareness :

We provide comprehensive training to employees on data protection practices and security measures. We actively promote awareness of the significance of data security and privacy among our workforce.

Data Transfer and Data Retention: :

At dLabel.org, we prioritise the security of your data by employing encryption both during transmission and while at rest.

Data in transit to dLabel users is safeguarded through the use of HTTPS, which is enabled by default for all users. Furthermore, our dLabel.org and danaXa cloud services automatically encrypt user content, including images, when stored at rest. There is no need for users to take any specific actions, as we employ one or more encryption mechanisms to ensure the security of your data.

Users can upload data to the dLabel.org website in two ways:

By using the secure credentials the user creates during the sign-up registration process, where we provide secure protocols for your convenience.

By providing the data to us through your preferred means, allowing us to access and upload it to our secure servers located in Canberra, Australia, or Umeå, Sweden, for data annotation purposes.

For both methods, we ensure that all communication between users and our website is encrypted using TLSv1.2 or higher and encryption cipher suites with key lengths of 128 bits or more. The data will be stored on our servers, physically located in Canberra, Australia, or Umeå, Sweden.

We offer the flexibility to delete your data at any point upon request, which will be promptly processed by our dedicated employees.

Committed to upholding the data protection standards outlined in both the GDPR and the Australian Privacy Act, we consistently review and enhance our security measures to ensure compliance. Our dedication to safeguarding personal data is unwavering, and we remain vigilant in protecting the privacy and rights of our clients and their data subjects.

Regular Security Audits and Assessments:

We conduct periodic security assessments and audits to identify vulnerabilities and weaknesses in our data processing systems. We continuously monitor and update our security measures based on these findings.

Data Protection Impact Assessment (DPIA):

We perform a Data Protection Impact Assessment (DPIA) when processing personal data that poses a high risk to data subjects' rights and freedoms.

Vendor Management:

We guarantee that all third-party vendors we engage with adhere to GDPR and Australian Privacy Act requirements. Our contracts with data processors incorporate GDPR-compliant data protection clauses. In the majority of our projects, we do not enlist additional vendors to carry out data annotation, development, or other tasks.