Last Modified: April 7, 2021
IDVerifact customers may collect and manage Personal Data while using the IDVerifact subscription services. IDVerifact processes such data as a processor under the direction of our customers and provides the output data to our customers for their internal use. IDVerifact does not persist, store, or otherwise control Personal Data after it has been delivered to our customers. Our customers, as data recipients and data controllers, are responsible for complying with any regulations or laws that require providing notice, disclosure, and/or obtaining consent prior to collecting their customers’ Personal Data using the IDVerifact subscription service. Please see the below section “Information We Collect and Process When You Use the Subscription Service” and our Customer Data Processing Agreement for more information.
What Information We Collect About You
Information You Provide to IDVerifact
When you interact with us via our website idverifact.com, we may collect Personal Data and other information from you, as further described below.
We collect Personal Data from you when you submit web forms or interact with our websites, for example subscribing to the IDVerifact blog, signing up for a webinar, or requesting customer support. We may ask for your email address, first and last name, job title, and other similar business information. You are free to explore some of our websites without providing any Personal Data about yourself.
When you register for an IDVerifact event, we collect information such as name, address, phone number, and email address. We use this information to communicate with you and in some cases facilitate your registration. Additionally, we may share your registration data with service providers to provide event information and improve your experience at future IDVerifact events.
Account and User Information
Account detail for IDVerifact subscription services includes name of the organization subscribing, billing address, representative/admin name, position, email and contact phone number. We also work with our subscription clients to define cost centers, and projects to accurately attribute system usage.
When you have been invited to join as a user of the IDVerifact platform by an administrator of an IDVerifact subscription instance we collect Personal Data when you sign-up for that IDVerifact subscription account, create or modify user information, set preferences, or provide any other related information to access or utilize our Subscription Service.
Payment information, such as a credit card number or bank account numbers, may also be collected when purchasing products or services. We use secure third-party payment service providers to manage payment processing, which is collected through a secure payment process.
We post customer testimonials and comments on our websites, which may contain Personal Data. We obtain each customer’s consent via email or through other agreements between customers and IDVerifact prior to posting the customer’s name and testimonial.
Additional Information We Collect and Process When You Use the Subscription Service
When you visit our websites or when you use the IDVerifact subscription service, we automatically collect information about your computer hardware and software. This information can include your IP address, browser type, WiFi detail, domain names, internet service provider (ISP), the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, clickstream data, access times and referring website addresses.
We collect usage data when you or your users in your IDVerifact account to interact with the IDVerifact subscription service. We engage third-party providers to collect usage data, and we only share data with these providers in an unidentified manner. Usage data includes metrics and information regarding your use and interaction with the IDVerifact subscription service such as what product features you use the most, when an object (like a ticket) is opened and closed, and how often certain features (like workflows) are triggered in your account.
IDVerifact Partners and Third Parties
IDVerifact leverages a network of Digital Identity partners and third-party solutions providers (TTP) to collect specific Personal Data on behalf of our IDVerifact subscription service customers. We may receive Personal Data about specific individuals from our global network of partners and TTPs. We receive this Personal Data in support of business processes defined by our IDVerifact subscription service customers.
All Personal Data collected in support of business processes defined by our IDVerifact subscription service customers is collected, stagged, and provided to our customers based on attestations of their customers’ consent. IDVerifact processes such data as a processor under the direction of our customers and provides the output data to our customers for their internal use. IDVerifact does not persist, store, or otherwise control Personal Data after it has been delivered to our customers. Our customers, as data recipients and data controllers, are responsible for complying with any regulations or laws that require providing notice, disclosure, and/or obtaining consent prior to collecting their customers’ Personal Data using the IDVerifact subscription service.
When our IDVerifact subscription service customers use the subscription service, they may collect Personal Data such as, but not limited to, first and last name, email address, physical address, phone number, credit information, biometrics detail, criminal records, employment detail, financial transaction and balance detail, social media detail, media reports, mobile carrier detail, device detail, IP detail, WiFi detail, and other types of Personal Data that may be added to the IDVerifact platform from time to time. We do not control the content of our customers’ applications, websites, or mobile applications or the types of Personal Data that our customers may choose to collect or manage using the IDVerifact subscription service. We store our customers’ information and the detail related to the transactions they perform on the IDVerifact subscription service but do not persist any Personal Data about individual natural persons as part of the IDVerifact process. IDVerifact processes the Personal Data provided as a processor under our customers’ instructions and in accordance with our Customer Terms of Service, which prohibit us from storing the information, using the information for any other purpose or reselling the information collected. All Personal Data collected is transmitted in a secure encrypted format from the partner or third party providing it to IDVerifact and from IDVerifact to our customers.
Our customers control and are responsible for correcting, deleting, or updating the information they process using the IDVerifact subscription service and for complying with any regulations or laws that require providing notice, disclosure, and/or obtaining consent prior to transferring the Personal Data for any purpose.
How We Use Your Information
Our Customers’ Data
We use the information related to the use of the IDVerifact subscription service from our customers to market and promote the products, services, and other offerings based on usage and aggregated usage data. For example, we use the information, like the usage of our partner solutions to provide best practice detail to new IDVerifact subscription services. We use usage detail to provide value added detailed usage statements for reconciliation. We use the aggregated solution detail to promote and suggest additional usage patterns and processes to the IDVerifact subscription service customer base.
We may also reach out to our IDVerifact subscription service customers via telephone to ask about other IDVerifact products or services they may be interested in. If you have a call scheduled with an IDVerifact representative, we may record and transcribe the call. You will be notified prior to the call that the call is being recorded, and you will be offered an opportunity to opt-out of having the call recorded.
Our Customers’ Customers’s Data
Usage or Personal Data related to a specific natural person or corporate/commercial entity on behalf of IDVerifact’s customers is used only in relation to the specific process defined by the IDVerifact customer. IDVerifact subscription service but do not persist any Personal Data about individual natural persons or corporate/commercial entities as part of the IDVerifact process. IDVerifact processes the Personal Data provided as a processor under our customers’ instructions and in accordance with our Customer Terms of Service, which prohibit us from storing the information, using the information for any other purpose, or reselling the information collected. All Personal Data collected is transmitted in a secure encrypted format from the partner or third party providing it to IDVerifact and from IDVerifact to our customers.
To Communicate with You About the Services
We use the non-Personal Data provided to IDVerifact when signing up for the Subscription Service to contact you via email or in-app notification about billing, account management, and other administrative matters. We send updates to you regarding our Customer Terms of Service or other legal agreements. We may also communicate with you about security incidents via email or in-app notification.
We use your information to provide customer support, such as resolving technical issues you encounter and analyzing product outages or bugs.
To Provide and Improve the Subscription Service
We use your account information to provide the product and services to you. For example, we use the email address you provide when signing up for the product to create your user account, and we use your payment information to process payments for paid use of the Subscription Service.
We collect data about how our products and services are used by monitoring and tracking our product users. We use this data to develop and improve our products and services. For example, we use usage data to assess trends and usage across the product to help us determine what new features or integrations our users may be interested in. We may share usage data externally but will only do so in an anonymized and/or aggregated manner to build and improve product features.
We use Customer Data in an anonymized manner for machine learning that supports certain product features and functionality with the IDVerifact Subscription Service. You may opt-out of having your Customer Data used for machine learning purposes by emailing firstname.lastname@example.org
To Secure and Protect our Product and IDVerifact Users
We use your account information to investigate and help prevent security incidents. We may also use this information to meet legal requirements. We use your information to verify user accounts and new product sign-ups, and to detect and prevent product abuse. This includes enforcing our Acceptable Use Policy.
For Research and Development
We may share externally or provide other companies with statistical information about our users, but this information will not be used to identify any individual user and will only be shared on an aggregate and de-identified basis. For example, we may publish blog posts on trends or insights into how users are interacting with the product.
Log files are used by IDVerifact to provide general statistics regarding use of our external website and for the IDVerifact subscription service. For these purposes, we do link this automatically collected data to other customer data such as organization name, contact email address, business address, and contact phone number. We also use log files to troubleshoot and investigate security incidents.
Social Media Features
We offer publicly accessible message boards, blogs, and community forums. Please keep in mind that if you directly disclose any information through our public message boards, blogs, or forums, this information may be collected and used by others. We will correct or delete any information you have posted on the websites if you so request, as described in the section “To Unsubscribe From Our Communications” below.
We share your data with third parties when you give us consent to do so
If we ask you to provide Personal Data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Data is mandatory or not (as well as of the possible consequences if you do not provide your Personal Data). Similarly, if we collect and use your Personal Data in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
How we Share Information we Collect
Third Parties and Service Providers
We employ other third-parties and service providers to provide services on our behalf to our website visitors, our customers, and users of the product and services. We may need to share your information with service providers to provide information about products or services to you. Examples may include removing repetitive information from prospect lists, analyzing data or performing statistical analysis on your use of the IDVerifact subscription service or interactions on our websites, providing marketing assistance, processing credit card payments, supplementing the information you provide us in order to provide you with better service, developing and improving the product and services, and providing customer service or support. These service providers are prohibited from using your Personal Data except for these purposes, and they are required to maintain the confidentiality of your information. In all cases where we share your information with such agents, we explicitly require the agent to acknowledge and adhere to our privacy and data protection policies and standards.
We may share data with trusted IDVerifact partners to facilitate reseller agreements with our partners on your behalf and to contact you based on your request to receive such communications, help us perform statistical analysis, or provide sales support, or provide customer support. Partners are prohibited from using your Personal Data except for these purposes, and they are required to maintain the confidentiality of your data.
If IDVerifact is acquired by another company, whether by merger, acquisition, bankruptcy or otherwise, that company would receive all information gathered by IDVerifact on the websites and the IDVerifact subscription service. In this event, you will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your Personal Data, and choices you may have regarding your Personal Data.
We reserve the right to use or disclose your Personal Data if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law, court order, or legal process. If you use the IDVerifact subscription service, Customer Data is considered Confidential Information and you should review the Confidentiality terms in the Customer Terms of Service for more information.
How We Transfer Data We Collect Internationally
International transfers to third parties
How We Store and Secure Your Information
Data Storage and Security
We use a variety of security technologies and procedures to help protect your Personal Data from unauthorized access, use or disclosure. We secure the Personal Data you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. All Personal Data is protected using appropriate physical, technical and organizational measures.
Retention of Personal Data
How long we keep information we collect about our customers depends on the type of information and how we collect and store it. After a reasonable period after a user has been removed from one of our customers accounts or when our customer has canceled their IDVerifact subscription service, we will delete or anonymize our customer’s or their users information.
We retain Personal Data that our customers and their users provide to us where we have an ongoing legitimate business need to do so (for example, as needed to comply with our legal obligations, resolve disputes and enforce our agreements).
When we have no ongoing legitimate business need to process retain your Personal Data, we securely delete the information or anonymize it. We will delete this information at an earlier date if you so request, as described in the section “How to Access & Control Your Personal Data” below.
If our customers or their users have elected to receive marketing communications from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our content, products, or services, such as when you last opened an email from us or ceased using your IDVerifact account. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.
The data our customers process in connection with the IDVerifact subscription service is retained according to the IDVerifact Customer Terms of Service and Data Processing Agreement.
Cookies and Similar Technologies
When you visit our website, sign up for an IDVerifact account, attend an IDVerifact virtual event, or request more information about IDVerifact, we collect information automatically using tracking technologies, like cookies and tracking pixels.
Third Party Tracking Technologies
How to Access & Control Your Personal Data
Reviewing, Correcting and Removing Your Personal Data
You have the following data protection rights:
· You can request access, correction, updates, or deletion of your Personal Data.
· You can object to our processing of your Personal Data, ask us to restrict processing of your Personal Data or request portability of your Personal Data.
· If we have collected and processed your Personal Data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.
· You have the right to complain to a data protection authority about our collection and use of your Personal Data.
If you are a customer, prospect, or otherwise interact with an IDVerifact customer that uses our subscription service and would like to access, correct, amend, or delete your data controlled by the customer or provided by a partner or third-party, please contact the relevant customer, partner or third-party directly. IDVerifact acts as a processor for our customers and will work with our customers to fulfill these requests when applicable.
Our Acceptable Use Policy applies to us and to our customers and, among other things, prohibits use of the IDVerifact subscription service to send unsolicited commercial email in violation of applicable laws, and requires the inclusion in every email sent using the Subscription Service of an “opt-out” mechanism and other required information. We require all our customers to agree to always adhere to the Acceptable Use Policy, and any violations of the Acceptable Use Policy by a customer can result in immediate suspension or termination of the Subscription Service.
To Unsubscribe From Our Communications
You may unsubscribe from our marketing communications by clicking on the “unsubscribe” link located on the bottom of our e-mails, updating your communication preferences, or by contacting email@example.com. Customers cannot opt out of receiving transactional emails related to their account with us or the Subscription Service.
Information About Children
The IDVerifact website are not intended for or targeted at children under 16, and we do not knowingly or intentionally collect Personal Data about children under 16. If you believe that we have collected Personal Data about a child under 16, please contact us here, so that we may delete the information.