Book a Demo

NOTICE AT COLLECTION AND PRIVACY NOTICE

This privacy notice (the “Privacy Notice”) explains how Au10tix Technologies B.V. , Au10tix Ltd. AU10TIX Service Inc. (collectively, “we” “us” and “our”) process Personal Data (as defined below) related to you in connection with your use of our services, which include (the “Services”):

  • an identity verification solution that examines the authenticity of your ID and checks if the photo in that ID matches your selfie photo or video, using biometric technology; and
  • the generation and maintenance of a reusable digital ID for you to use with a Verified ID service or similar identity verification, credential issuance, or digital wallet partners (respectively, the “Reusable Digital ID” and “Partners”).

This Privacy Notice also addresses our handling of Personal Data that we acquired from third parties for the purpose of improving and enhancing our age assurance solutions.

This Privacy Notice does not address:

  • Our privacy practices relating to how Au10tix collects and processes Personal Data related to you through your use of the Au10tix Website. Please refer to the Au10tix Website Privacy Notice for more information.
  • Our privacy practices relating to how Au10tix collects and processes Personal Data related to you through your use of the Au10tix mobile application. Please refer to the Au10tix App Privacy Policy for more information.

Except as explicitly specified below, we act as a “data controller” (as defined under applicable law, including the European General Data Protection Regulation (the “GDPR”) or the United Kingdom General Data Protection Regulation (“UK GDPR”), as applicable) with respect to your Personal Data that we process in connection with your use of our Services and with respect to Personal Data that we acquire from third parties for the purposes described in this Privacy Notice. We conduct such processing activities in accordance with this Privacy Notice and for the purposes outlined herein.

 

Please note:

For the purpose of verifying your identity on behalf of our business customer that referred you to our Services in connection with providing you with its own respective products and/or services (the “Referring Business”), we shall process your Personal Data as a “data processor” (as defined under applicable law, including the GDPR or the UK GDPR, to the extent applicable). Our actions in verifying your identity for a Referring Business are subject to the terms of the Referring Business’s privacy notice. Accordingly, this Privacy Notice does not apply to such processing that we conduct on behalf of the Referring Business. For any inquiries or requests in relation to such processing activities, please contact the Referring Business directly.

Nevertheless, once we finalize the verification of your identity on behalf of the Referring Business, we will retain your Personal Data and process it as a “data controller” in accordance with this Privacy Notice and for the purposes outlined herein.

The term “Personal Data” refers to information that identifies an individual or relates to an identifiable individual.

To the extent that the California Consumer Privacy Act, as amended by the California Privacy Rights Act of 2020 (“CCPA”) applies, the terms “data controller” and “data processor” shall be read as “business” and “service provider,” respectively.

Please take the time to read the full Privacy Notice. If you do not agree to the terms of this Privacy Notice, please do not access, or otherwise use the Services.

Please note: Processing of your biometric information is also subject to our biometric information privacy policy available here. 

We encourage you to read this Privacy Notice carefully and to regularly check this page to review any changes we might make to the terms of this Privacy Notice. This Privacy Notice supplements other policies we may provide as part of our interactions with you or policies you may have received from other data controllers and is not intended to override such policies.

The summary of this Privacy Notice provided below will give you a quick overview of key elements of this Privacy Notice.

NOTICE AT COLLECTION AND A SUMMARY OF THE NOTICE

Categories of Personal Data – We receive and store any Personal Data and documents that you provide us when you use the Services. Such data includes identity data, business data, contact data, document data, a copy of your government-issued IDs, a photograph of your face, biometric data (such as facial geometry extracted from a photograph or video of your face), Digital ID data, technical data, usage data, additional personal data and documents that you provide to us to provide the Services and additional inquiry data. We also process Personal Data that we purchase from third parties which may include Face Image. Read more

Processing your biometric information is also subject to our biometric information privacy policy available here.

How We Collect Your Personal Data – we collect your Personal Data through direct interactions with you, automated technologies or interactions and from third parties (such as, Partners or Referring Businesses, commercial databases, or commercial data providers). We may also process the Personal Data we receive or otherwise collect to generate or infer new data. Read more

Purposes of Processing – We use Personal Data related to you to provide the Services, including, as applicable, to  generate your Reusable Digital ID, to communicate with you, to resolve any technical issues you may have with the Services, to conduct quality assurance and sanity checks, to develop, maintain and improve the Services (including machine learning and training of AI algorithms), ensure the security of our Services, prevent the misuse of the Services, to provide fraud detection services, and to comply with applicable law and support legal and administrative proceedings. We may also use Face Image obtained from third parties to improve and enhance our solutions, including by training of machine learning models and artificial intelligence systems. We may also use your Personal Data to fulfill any other purpose for which you provide your Personal Data, or for which you have otherwise consented. Read more

Sharing Personal Data with Others – We disclose Personal Data related to you to external consultants, our affiliates, our service providers, and our professional advisors. If you use our Reusable Digital ID, we will also share your Personal Data with relevant Partners and with businesses relying on the Partner’s application or wallet for ID verification services. Please note that such Partners and businesses will process your Personal Data as “independent controllers” in accordance with their own privacy policies, and we encourage you to request and review such policies. We will also share Personal Data in connection with a merger, acquisition, or any other structural change, which will require us to disclose Personal Data related to you to another entity, and in any case where we are legally compelled to do so. We may also disclose Personal Data to other third parties with your consent or direction.  Read more

For How Long we Retain Your Personal Data – We will retain your Personal Data for as long as necessary to fulfill the purposes we collected it for, including without limitation for providing you the Services, for fraud detection, and for complying with legal or reporting requirements. We may retain Personal Data for longer periods of time as required under applicable law or as needed to resolve disputes or protect our legal rights.  Please note that the Reusable Digital ID remains valid for as long as the identity document on which it is based is valid, unless otherwise required by applicable law or necessary in the context of legal or administrative proceedings. Read more

Your Rights and Choices – You have choices and control over how we use Personal Data related to you. Read more

Exercising Your Rights – You can contact us to request to exercise any of the rights detailed under this notice via the email address detailed at the bottom of our Privacy Notice. Read more

Personal Data Transfer – We may transfer your Personal Data outside of the country in which you reside, including to countries that do not provide the same level of data protection as the country in which you reside. Read more

Changes to this Privacy Notice – We will update our Privacy Notice from time to time. when we do so, we will post an updated version of this Privacy Notice and notify you of the changes where appropriate. Read more

Processing under Specific Laws – Specific chapters under this Privacy Notice address additional disclosures related to our processing and use of Personal Data related to you under U.S. and EU Privacy Laws, and specific rights you may have under such laws. Read more

Contact Us – If you have any questions about this Privacy Notice, or if you believe that your privacy rights are compromised, please contact us at: [email protected].

 

THE PRIVACY NOTICE

Categories of Personal Data Processed

We receive and store any Personal Data that you provide to us when you access and use our Services.

Specifically, when you use our Services, you will provide us with:

  • Identity Data, such as your full name, date of birth, and nationality.
  • Business Data, such as the entity by which you are employed (or otherwise engaged with) and your role.
  • Contact Data, such as your email address, physical address and telephone number.
  • Document Data, which includes the documents that you provide to us as part of the Services (such as government-issued documents, utility bills, and bank statements) and the information contained therein, such as date of issuance, date of expiry, document type, document ID, photograph, and financial information.
  • Face Image, includes a photograph of your face (selfie).
  • Biometric Data, such as facial geometry extracted from a photograph or video of your face (selfie). Processing your biometric data is also subject to our Biometric Data Policy available here.
  • Digital ID Data, such as the crypto key used to facilitate the Reusable Digital ID verification and the transactions for which the Reusable Digital ID is used.
  • Technical Data includes information on your internet connection (such as your IP address and internet service provider name), on the device and software that you are using to access the Services (e.g., your web browser type and computer operating system).
  • Location Data includes the geo-location of your device when you used the Services (i.e., where you took a selfie or uploaded a copy of your ID for the Services).
  • Usage Data includes information about how you use or interact with our Services (such as, when you entered the Services, or how long you used a certain feature).
  • Authenticity and Fraud-Related Inferences, such as suspicion of fraudulent behavior associated with your identity.
  • Additional inquiry data, such as any information you may provide us when contacting us or in connection with your access or use of the Services.

We also process Personal Data that we obtain from third parties which may include your Face Image.

 

How We Collect Your Personal Data

We use different methods to collect data from and about you including through:

  • Direct interactions. When you are using the Services, contact us, or otherwise provide your Personal Data directly to us, you will be asked to provide us with your Identity Data, Business Data, Contact Data, Document Data, Face Image, and Biometric Data so that we can provide our Services to you or the applicable Referring Business, respond to your questions or requests or otherwise contact you. You may also provide Additional Inquiry Data in such instances.
  • Automated technologies or interactions. As you interact with our Services, we automatically collect your Technical Data, Location Data, , and Usage Data. We collect this data by using server logs and other similar technologies.
  • Third parties. We may receive Personal Data from third parties that we engage with, such as relevant Partners and Referring Businesses that may provide us with your Identity Data, Contact Data, Document Data and Biometric Data, Digital ID Data and other sources (such as open governmental or commercial databases) from which we can obtain Identity Data, Business Data, Contact Data, Document Data, Authenticity and Fraud-Related Inferences, and Biometric Data, depending on the databases available in the relevant country and the needs of our Services.
  • Purchased or licensed data. We may purchase, license, subscribe to, or otherwise acquire Personal Data from third parties, including commercial data providers, to improve and enhance our age assurance solutions, including by training of machine learning models and artificial intelligence systems. Such data may include your Face Image.
  • Inferences. We may process the Personal Data we receive or otherwise collect to generate or infer new data, such as Biometric Data or Authenticity and Fraud-Related Inferences.

You are not legally obligated to provide any Personal Data to us or to the third parties that we obtain data from. Any Personal Data that you choose to provide to us or to such third parties, is provided at your own free will. However, if you do not provide your Personal Data, we may not be able to provide you with some or all of the Services.

Purposes of Processing

We process Personal Data related to you for the following purposes:

  • We use all types of your Personal Data, as detailed above, to provide the Services.
  • We use your Contact Data to communicate with you, if necessary, in connection with the Services.
  • We use your Technical Data, Usage Data, Location Data, Digital ID Data, and Contact Data to resolve any technical issues, fix bugs, collect statistical information in connection with the Services and provide support in connection with the Service.
  • We use all types of your Personal Data, as detailed above, to conduct analytics, quality assurance and sanity checks.
  • We use all types of your Personal Data, as detailed above, to develop, maintain and improve the Services and related services, including the technology used therefor (including machine learning and training of AI algorithms, including LLMs), and yours and other users’ experience therewith. We may use Personal Data obtained from third parties (which may include Face Image) to improve and enhance our solutions, including by training machine learning models and artificial intelligence systems.
  • We use your Identity Data, Contact Data, Location Data, Technical Data, Digital ID Data, and Usage Data to ensure the security of our Services, including cyber security.
  • We use all types of your Personal Data to prevent the misuse of the Services and for providing fraud detection services, including using our Serial Fraud Monitor product (“SFM”) and the integration of your Personal Data
  • We use all types of your Personal Data, as detailed above, to comply with applicable law and support legal and administrative proceedings.
  • We use all types of your Personal Data, as detailed above, to fulfill any other purpose for which you provide your Personal Data, or for which you have otherwise consented.

Sharing Personal Data with Others

We disclose Personal Data related to you:

  • to external consultants, and our affiliates.
  • to our third-party service providers that process Personal Data related to you to support our provision of the Services, such as Google and Microsoft.
  • to our professional advisors (e.g. lawyers, accountants) to the extent necessary for the provision of their services to us.
  • in connection with a merger, acquisition, or any other structural change, which will require us to disclose Personal Data related to you to another entity, provided that the receiving entity will comply with this Privacy Notice and subject to our customer’s instructions.
  • As needed to comply with applicable law, and as necessary to support legal and administrative proceedings.
  • If you use our Reusable Digital ID, we will also disclose your Identity Data, Business Data, Digital ID Data, and Contact Data to Partners and businesses relying on the Partner’s application or wallet for ID verification services, which shall process your Personal Data as independent data controllers in accordance with their own privacy policies. We encourage you to review such privacy policies.
  • To other third parties with your consent or direction (such as where you give us permission to share your testimonial with other customers or publicly on our website).

Personal Data Retention

We will retain your Personal Data for as long as necessary to fulfill the purposes we collected it for, including without limitation for providing you the Services (where applicable), maintaining and improving our services and offerings, fraud detection, and for complying with legal or reporting requirements. However, if necessary, we may retain Personal Data for longer periods of time as required under applicable law or as needed to resolve disputes or protect our legal rights.

In order to determine the appropriate retention period for Personal Data, we consider the following criteria: the volume, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of Personal Data, the purposes for which we collect and process Personal Data, the timeframe during which we may require such Personal Data in connection with potential litigation, and applicable legal requirements.

Without derogating from the generality of the above, the Reusable Digital ID remains valid for as long as the identity document on which it is based is valid from the date of its creation, unless otherwise required by applicable law or necessary in the context of legal or administrative proceedings.

Children

Our services are not directed to, and we do not intend to, or knowingly, collect or process Personal Data related to, individuals under the age of 16. Individuals under 16 years of age are not permitted to use or interact with our Services. If an individual under 16 years of age has provided Personal Data to us, we encourage the individual’s parent or guardian to contact us to request that we remove the Personal Data from our systems. If we learn that any Personal Data we collect has been provided by an individual under 16 years of age, we will promptly delete that Personal Data.

Notwithstanding the foregoing, Personal Data that we purchase or license from third parties for maintaining and improving our age assurance services may include data about individuals under the age of 13, where permitted by applicable law and the terms of our data acquisition agreements.

If you are not 18 years old (or older, if otherwise required by the laws of the country you reside in) you must review this Privacy Notice with your parent or legal guardian.

If you are a parent or legal guardian and have concerns about your child’s privacy, or if you believe that your child may have provided us with their Personal Data, please contact us using the contact details provided below. When you approach us as a parent or legal guardian, we may request that you provide certain information needed to confirm your identity.

Your Rights and Choices

You have choices and control over how we use Personal Data related to you, including in connection with providing you with our Services. Below is a list of your choices and rights:

  • At any time, you can stop accessing and using our Services. However, unless you have specifically asked us to delete your Personal Data and we are obligated to do so under applicable law, it will be retained in accordance with the retention principles provided above.
  • Additionally, certain privacy laws, including the GDPR and UK GDPR, provide users with rights related to their Personal Data. To the extent that such laws apply to your Personal Data, you may have the following rights:
    • Access. The right to receive a copy of the Personal Data we hold about you.
    • Correction. The right to request correction of inaccurate or incomplete Personal Data maintained about you.
    • Deletion. The right to request that Personal Data related to you be deleted. If we are unable to comply with such request, we will notify you of the specific legal reasons for our decision. Please note that deletion of your Personal Data will revoke the Reusable Digital ID generated using the Services.
    • Portability. Where we have obtained and processed your Personal Data based on your consent or where we used the information to perform a contract with you, you may request that we transfer your Personal Data to you or to a third party in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the information to another entity.
    • Object to processing. You may object to the processing of your Personal Data where it is used for direct marketing purposes, or where we are relying on a legitimate interest and you feel that such interest is overridden by your rights and freedoms.
    • Request restriction of processing. You may ask us to suspend the processing of your Personal Data if you believe that such data is inaccurate, if our processing is unlawful or if we no longer need to process such data for a particular purpose, but you need us to continue to hold the data.
    • Withdraw consent. You may withdraw your consent where we are processing your Personal Data based on your consent.
    • Opt-out of Automated Decision Making. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affecting you.

Additionally, in accordance with the provisions of the Israeli Protection of Privacy Law, 5741-1981, you are entitled to review your Personal Data held by us and request to correct or delete it, subject to the conditions specified in the Israeli Protection of Privacy Law, 5741-1981.

Please note that the aforementioned rights may be limited or restricted under applicable laws.

Exercising Your Rights

If you wish to exercise any of the aforementioned rights, please contact us at: [email protected]. We will look into your inquiry and make good-faith efforts to respond promptly. You have the right to make a complaint to data protection authorities. We would, however, appreciate the chance to address your concerns before you approach a data protection authority.

We try to respond to all legitimate requests within one month or less, if required by law. Where it takes us more than one month to respond (for example, where your request is particularly complicated or where you have made a number of requests) we will notify you and keep you updated.

Note that when you send us a request to exercise your rights detailed under this Privacy Notice, we will need to reasonably authenticate your identity and location. We will ask you to provide us with credentials to make sure that you are who you claim to be and we will further ask you questions to understand the nature and scope of your request.

Personal Data Transfer

Our Services are web-based. We process Personal Data, either directly or using third parties, such as cloud hosting service providers. We use data centers within the European Economic Area (EEA), the United States, Japan, and Israel, and we will further store, host and keep business continuity sites in, and access the Personal Data from, additional countries. The laws of these countries do not necessarily provide the same level of data protection as the country in which you reside.

Our international transfers of Personal Data are done for the performance of a contract or implementation of pre-contractual relations with you, based on your consent, or subject to safeguards that ensure the protection of your Personal Data, such as standard contractual clauses approved by the European Commission and/or the applicable UK authority (when the transfer is outside of the EEA or the UK).

You can obtain a copy of the suitable safeguard that we use when transferring Personal Data as described above by contacting us at [email protected] .

Information Security

We have implemented reasonable physical, technical, and organizational safeguards that are designed to protect your personal data. In addition, we take steps designed to ensure any third party with whom we share personal data provides a similar level of protection. However, despite these controls, we cannot completely ensure or warrant the security of your personal data

Accessibility

If you have a disability and would like to access this policy in an alternative format, please contact us via our Contact Details listed below.

Changes to this Privacy Notice

We may update this Privacy Notice from time to time. When we make changes to this Privacy Notice, we will change the date at the beginning of this Privacy Notice. If we make material changes to this Privacy Notice, we will notify individuals by email to their registered email address, by prominent posting on this website or our other platforms, or through other appropriate communication channels. All changes shall be effective from the date of publication unless otherwise provided.

Contact Us

If you have any questions about this Privacy Notice, or if you believe that your privacy rights are compromised, please contact us at: [email protected].

Address: Walaardt Sacréstraat 425, 1117 BM Schiphol, the Netherlands.

Processing of Personal Data under the GDPR and UK GDPR

If the GDPR and/or the UK GDPR applies to the processing of Personal Data, then the following terms apply in addition to the general terms under this Privacy Notice:

Below is a description of the ways we use your Personal Data. To the extent that the GDPR and UK GDPR apply, we have mentioned the legal bases we rely on to use your Personal Data, and identified what our legitimate interests are where appropriate.

Purpose/Activity  Type of data Lawful basis for processing 
Providing the Services •       Identity Data

•       Business Data

•       Contact Data

•       Document Data

•       Face Image

•       Biometric Data

•       Digital ID Data

•       Technical Data

•       Usage Data

•       Authenticity      and

Fraud-Related

Inferences

•       Location Data

 •       Performance of, or entry

into, a contract with you;

•       Consent (to process your Biometric Data in order to identify you)

•       Necessary for our

legitimate interests to , operate, maintain, and

provide the Services

 

 
Communicating with you •       Contact Data

•       Additional      Inquiry Data

 

 •       Performance of, or entry into, a contract with you;

•       Necessary for our legitimate interests to operate, maintain, and provide the Services

 

Resolving any technical issues, fix bugs, collecting statistical information in connection with the Services and providing support in connection with the Services. •       Technical Data,

•       Usage Data

•       Location Data

•       Contact Data

•       Digital ID Data

•       Additional Inquiry Data

 •       Performance of, or entry into, a contract with you;

•       Necessary for our legitimate interests to operate, maintain, provide and improve the Services
Conducting quality assurance and sanity checks.

 

 •       Identity Data

•       Business Data

•       Contact Data

•       Document Data

•       Face Image

•       Biometric Data

•       Digital ID Data

•       Technical Data

•       Usage Data

•       Location Data

•       Authenticity            and Fraud-Related Inferences

 •       Performance of, or entry into, a contract with you;

•       Consent (to process your Biometric Data in order to identify you) Necessary for our legitimate interests to operate, maintain, and provide the Services
Maintaining and improving the Services and related services, including the technology used therefor (including machine learning and training of AI algorithms, including LLMs), and yours and other users’ experience therewith •       Identity Data

•       Business Data

•       Contact Data

•       Document Data

•       Face Image

•       Biometric Data

•       Technical Data

•       Usage Data

•       Location Data

•       Authenticity            and Fraud-Related Inferences

 •       Consent (to process your Biometric Data in order to identify you)

•       Necessary for our legitimate interests to operate, maintain, and provide the Services

 
Improving and enhancing our age assurance solutions, including by training of machine learning models and artificial intelligence systems. Face Image (photograph of your face) •       Consent (provided to the third party that the data was obtained from)

•       Necessary for our legitimate interests to maintain and improve our services and offerings
   Ensuring      the      security      of   our

Services, including cyber security.

 

 •       Identity Data

•       Contact Data

•       Technical Data

•       Digital ID Data

•       Usage Data

•       Location Data

 Performance of, or entry into, a contract with you; Necessary for our legitimate interests to manage the security of our Services and systems and the information of our users and customers
Preventing        the      misuse     of   the

Services and for fraud detection.

 •       Identity Data

•       Business Data

•       Contact Data

•       Document Data

•       Biometric Data

•       Digital ID Data

•       Technical Data

•       Usage Data

•       Location Data

 •        Performance of, or entry into, a contract with you;

•       Necessary for our legitimate interests to manage the security of our Services and systems and the information of our users and customers

•       Consent (to process your Biometric Data in order to identify you)

 
Complying with applicable law and supporting legal and administrative proceedings.

 

 •       Identity Data

•       Business Data

•       Contact Data

•       Document Data

•       Face Image

•       Biometric Data

•       Technical Data

•       Usage Data

•       Location Data

•       Digital ID Data

•       Authenticity and Fraud-Related Inferences

•       Additional Inquiry Data

 •       Performance of, or entry into, a contract with you;

•       Necessary                for our legitimate interests;

•       Complying with a legal obligations

•       Consent (to process your Biometric Data in order to identify you)

 

Note that we may process your Personal Data for more than one lawful ground depending on the specific purpose for which we are using your data.

Additional Information for U.S. Residents

Scope of Notice

These disclosures provide additional information about the privacy rights available to individual residents of certain states in the United States and our Personal Data processing practices relating to those individuals.

Nevada Residents

If you are a resident of the state of Nevada in the United States, you have the right to opt out of the sale of your Personal Data. Although we do not currently sell Personal Data of Nevada residents (as defined under Nevada law), you may submit a request to opt-out of the sale of your Personal Data by contacting us as set forth in the Contact Us section below.

Other U.S. Residents

If you are a resident of the state of California, Colorado, Connecticut, Delaware, Indiana, Iowa,

Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia in the United States, the following supplementary disclosures apply to you.

Notice at Collection of Personal Data Categories of Personal Data We Collect

We may collect, receive, purchase, or otherwise obtain the categories of Personal Data listed in the table below. The table also lists, for each category, the source of the Personal Data, the business purposes for which it will be processed and the categories of third parties to whom it may be disclosed. This section describes our current practices and our practices during the 12 months preceding the “Last Updated” date of this Policy.

Personal Data Category Business Purposes Source Disclosure to 

Third Parties

Identifiers, this includes: real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, social security number, driver’s license number, passport number, or other similar identifiers.  

 

 •       Entering into a contract or to perform a contract with you (“Entering into or Performing a Contract”).

•       Responding to your requests or questions and to manage our relationship with you, including by notifying you about changes this Privacy Notice

(“Relationship

Management”).

•       In the event of a legal dispute between you

(and/or a party on your behalf) to us (and/or a party on our behalf), in connection with handling such

  • Direct interactions. When you contact us through our Services or otherwise provide such information directly to us

(“Direct

Interactions”).

Automated technologies or interactions. As you interact with our Services, we automatically collect your IP address and other Personal Data. If you use our Reusable Digital ID, we collect information related to that usage, such as the crypto key

Third party service providers that provide services to us in connection

with the aforementioned business purposes, such as cloud storage providers (“Service Providers”).

Legal and regulatory authorities, to the extent required by applicable law (“Governmental Authorities”).

Professional advisors (e.g.

lawyers,

accountants), to the extent necessary for the provision of their services to us (“Professional Advisors”).

Third parties to

whom we may

 

dispute (“Handling of Disputes”).

Compliance with a legal requirement, including: (a) as required by subpoena, law, or other legal process; (b) necessary to assist law enforcement

officials or

government enforcement agencies; (c) necessary to investigate violations of or otherwise enforce our applicable agreements, to maintain security of the Services and prevent fraudulent or illegal activity; (d) necessary to protect us from legal action or claims from third parties, including you and/or other users; or (e) necessary to protect the legal rights, personal/real property, or personal safety of our company, users, employees, and

affiliates

 

 used to facilitate

the Reusable Digital ID verification and the transactions for which the Reusable Digital ID is used. We collect this data by using server logs, and other similar technologies

(“Automated Technologies”).

Third parties, such as relevant

Partners and

Referring Businesses, open governmental databases and data providers

(“Third Parties”).

choose to sell, transfer, or merge our business (or parts thereof) or our assets, or parties whose business we wish to acquire

(“M&A

Counterparts”).

If you use our Reusable Digital ID, we will also share your Personal Data with relevant Partners and with businesses relying on the Partner’s application or wallet for ID

verification services

(“Partners and

Related

Businesses”)

Other third parties to whom you have consented or directed us to disclose your Personal Data

(“Consented

Parties”)

 

(“Compliance with Legal Requirements”).

•     Ensuring the

security of our Services, including cyber security and for fraud detection (“Security and

Fraud

Detection”).
Personal Data categories listed in the California

Customer Records statute (Cal. Civ. Code § 1798.80) (any information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, or financial information).  

 •       Entering into or Performing a Contract.

•       Relationship Management.

•       Handling of Disputes.

•       Compliance with

Legal

Requirements.

•       Developing, improving, conducting quality assurance and sanity checks, and  maintaining (including resolving any technical issues, fix bugs, collect statistical and providing support) our Services, including the technology used therefor (including machine learning and training of AI algorithms, including LLMs),

 •       Direct Interactions.

•       Automated

Technologies.

•       Third Parties.

•       We may process the Personal Data we receive or otherwise collect to generate or infer new data (“Inferences”).

 

 •       Service Providers.

•       Governmental

Authorities.

•       Professional Advisors.

•       M&A Counterparts.

•       Partners and Related Businesses.

•       Consented Parties.

 

(“Services 

Maintenance and

Improvement”).

•     Security and

Fraud Detection.
Commercial

information, this includes: records of products or services obtained or considered, or other purchasing or consuming histories or tendencies.

 •       Entering into or Performing a Contract.

•       Relationship Management.

•       Handling of Disputes.

•       Compliance with

Legal

Requirements.

•       Services Maintenance and

Improvement .

•       Security and

Fraud Detection.

 •       Direct Interactions.

•       Automated

Technologies.

•       Third Parties.

•       Inferences.

 •       Service Providers.

•       Governmental

Authorities.

•       Professional Advisors.

•       M&A Counterparts.

•       Partners and

Related Businesses.

•       Consented Parties.
Biometric information, this includes: facial geometry extracted from photos and videos. •       Entering into or Performing a Contract.

•       Handling of Disputes.

•       Compliance with

Legal

Requirements.

•       Services Maintenance and

Improvement .

•       Security and

Fraud Detection.

 •       Direct Interactions.

•       Third Parties.

•       Inferences.

 

 •       Service Providers.

•       Governmental

Authorities.

•       Professional Advisors.

•       M&A Counterparts.

•       Partners and

Related Businesses.

•       Consented Parties.
Visual information

this includes a photograph of your face

 •       Entering into or Performing a Contract.

•       Handling of Disputes.

•       Compliance with

•       Legal Requirements.

•       Services Maintenance and

•       Improvement, Security and Fraud Detection.

 

 •       Direct Interactions.

•       Third Parties.

 

 

 •       Service Providers.

•       Governmental

Authorities.

•       Professional Advisors.

•       M&A Counterparts.

•       Consented Parties.
Internet or other electronic network activity information, •     Entering into or Performing a •     Automated

Technologies.

 •       Service Providers.

•       Governmental

 

including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website application, or advertisement.  

Contract.

Handling of Disputes.

Compliance with

Legal

Requirements.

Services

Maintenance and

Improvement.

Security and

Fraud Detection.

 Inferences.

 

  

•       Authorities.

•       Professional Advisors.

•       M&A Counterparts.

•       Consented Parties.
Geolocation data

Entering into or Performing a Contract.

Handling of Disputes.

Compliance with

Legal

Requirements.

Services

Maintenance and Improvement.

Security and Fraud Detection.

 

 

Direct

Interactions.

Automated

Technologies.

General location, we use IP addresses we collect and additional information (e.g., phone number area codes), to estimate your general location

(e.g., city level);

we may also use your residential address, if it’s been provided by you.

GPS based

location, we will collect the GPS location for the specific purposes set forth herein solely if you gave us permission.

Service Providers.

Governmental Authorities.

Professional Advisors.

M&A Counterparts.

Partners and Related Business.

Consented Parties.
Sensitive Personal Data (such as social security, driver’s Entering into or Performing a Direct

Interactions.

 • • Service Providers.

Governmental
license, state identification card, or passport number;  account log-in; precise geolocation; biometric data; citizenship or immigration status.

Contract.

Handling of Disputes.

Compliance with

Legal

Requirements.

Services Maintenance and

Improvement.

Security and

Fraud Detection.

 • • Third Parties.  Inferences (for biometric data).

 

Authorities.

Professional Advisors.

M&A Counterparts.

Partners and

Related Businesses.

Consented Parties.

 

If you provide us any Personal Data relating to others, you must make sure that you have permission to do so.

Sale, Sharing and Disclosure of Personal Data

We do not sell Personal Data or share it with third parties for cross-context behavioral or targeted advertising.

We do not knowingly sell Personal Data of consumers under 16 years of age or share it with third parties for cross-context behavioral or targeted advertising.

Deidentified Information

We may at times receive, or process Personal Data to create, deidentified information that can no longer reasonably be used to infer information about, or otherwise be linked to, a particular individual or household. Where we maintain deidentified information, we will maintain and use the information in deidentified form and not attempt to reidentify the information except as required or permitted by law.

Your Rights Under the CCPA

Depending on your state of residency and subject to certain legal limitations and exceptions, you may be able to exercise some or all of the following rights:

  • Right to Know and to Access: the right to confirm whether we are processing Personal Data about you, to obtain access to the specific pieces of Personal Data we have collected about you, and to request certain information regarding our collection and use of Personal Data, and disclosure of Personal Data to third parties.

 

  • Right to Deletion or Correction: the right to request that we delete the Personal Data that we collected from you or that we correct inaccurate Personal Data we maintain.

 

  • Automated decision-making: the right to not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

 

  • Opt-out of Selling or Sharing: the right to opt-out of the sale of Personal Data or the sharing of Personal Data for targeted advertising purposes.

 

  • Right to Control Over Sensitive Personal Data: the right to exercise control over our collection and processing of sensitive Personal Data.

You have a right not to receive discriminatory treatment by us for the exercise of such privacy rights as conferred by applicable law. Unless permitted by applicable law, we will not: deny you goods or services, provide you a different level or quality of goods or services or suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services based on the exercise of one of your rights. However, deleting or limiting the use of your Personal Data may affect features and uses that rely on that data.

Submitting Requests regarding Your Rights

To make a request regarding your rights as detailed above, please submit a request using one of the methods in the Contact Details section below.

Before processing your request to exercise certain rights (including the Right to Know and to Access, and the Right to Deletion or Correction), we will need to verify your identity and confirm your state of residency. In order to verify your identity, we will generally ask you to provide us with your credentials. In certain circumstances, we may decline or limit your request, particularly where we are unable to verify your identity or locate your information in our systems, or where you are not a resident of a state where these rights are available. You may use a legally authorized person to submit a request on your behalf, if you provide a signed written permission to such person. Depending on the evidence we receive from your authorized person, we may still need to separately reach out to you to confirm the authorized person has permission to act on your behalf and to verify your identity in connection with the request.

Appealing Privacy Rights Decisions

Depending on your state of residency, you may be able to appeal a decision we have made in connection with your privacy rights request. All appeal requests should be submitted by replying to the communication resolving your original request.

Contact Us

If you have any questions about these additional disclosures, or if you would like to exercise one of your privacy rights, please contact us at:

Email: [email protected]

Address: Walaardt Sacréstraat 425, 1117 BM Schiphol, the Netherlands.

Telephone: +1 845 262 3078, +44 845 5089505 UK Data Representative in the United Kingdom:

Aquilla Digital Ltd- Edward Pavillion  Address: Royal Albert Dock, Liverpool  L3 4AF [email protected]