Privacy Policy

FacilityOps · a NEXORA product · last updated 1 July 2026

FacilityOps provides operational logging, records and alerts generated from a customer's existing CCTV. This policy explains how personal data is handled. It is written to align with Jordan's Personal Data Protection Law (PDPL) and equivalent regimes.

Controller and processor

The customer (the organization deploying FacilityOps on its premises and cameras) is the data controller. FacilityOps acts as a processor, processing data only on the customer's instructions and infrastructure. The customer is responsible for establishing a lawful basis, providing employee/visitor notice, and obtaining any required consent.

What is processed

Camera footage remains on the customer's own network. FacilityOps does not sell personal data or use it for advertising.

Decisions stay with people

FacilityOps produces records and alerts only. It does not make employment, pay, access or disciplinary decisions — those are made by the customer's team.

Retention, residency and access

Retention periods, data residency and access controls are configured and owned by the customer. Records are exportable and deletable at the customer's direction.

Data subject rights

Individuals may exercise rights (access, correction, deletion, objection) through the customer organization, which manages the records. Requests reaching FacilityOps are referred to the relevant customer controller.

Security

Processing runs on the customer's infrastructure; remote management interfaces are protected by access controls and encryption in transit (HTTPS). Customers are responsible for securing their own network and cameras.

Contact

Questions about this policy: contact us.

This document is provided for transparency and should be reviewed and adapted by the customer's legal counsel before relying on it for a specific deployment.