TERMS AND DEFINITIONS
Anonymous Data: means data that, alone or combined with other information available to us or a third party with whom the data is shared, does not permit the identification of an individual. We collect and use both Personal Data and Anonymous Data as described below.
Business: under CCPA, a for-profit company as determined by CCPA.
Controller or Data Controller: under GDPR, is an individual or legal entity who determines the purposes for which and the means by which the Personal Data are processed.
Cookies: small files that are placed on your computer, mobile device, or any other device by a website, containing the details of your browsing history on that website among its many uses.
Data Subject: under GDPR, a user of Services, or you.
Do Not Track: a concept that has been promoted by US regulatory authorities, in particular the U.S. Federal Trade Commission (FTC), for the Internet industry to develop and implement a mechanism for allowing Internet users to control the tracking of their online activities across websites.
Processor or Data Processor: under GDRP, an individual or legal entity who processes Personal Data on behalf of a Customer.
Selling of Personal Data: under CCPA, means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, of Personal Data to another business or a third party for monetary or other valuable consideration.
Service Provider: in certain jurisdictions, a Data Processor.
Usage Analytics: data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
WHAT INFORMATION DO WE COLLECT FROM THE PEOPLE THAT USE OUR WEBSITES OR APP?
When visiting the Websites
In general, you can visit the Websites without telling us who you are or revealing any information about yourself. If you wish to obtain information about our products or Services, you can contact us via Contact Sales or at email@example.com. You may provide your Personal Data to us in several ways, for example, by filling in online contact forms when requesting information or reporting an issue, by subscribing to materials, downloading or using Identite products and documents, corresponding with us by post, phone, email, or otherwise, or as part of the general inquiry process.
Such Personal Data may include:
When using the Application
When creating an account or linking a device to your account in the Application, you may be asked to enter your contact information such as:
It refers to the user name (login) that you use to log in to your website or service with the Application integrated into it.
If you decide not to use the QR code that is provided during the registration procedure, then you will have to provide us with your email, so we can send you the registration link.
When contacting us
Furthermore, when you contact us (online or offline) in connection with a request for information or support, to access our products or Services, we collect personal information necessary to fulfill your request, to grant you access to the product or Service, to provide you with support and to be able to contact you. Such personal information may include:
Contact and payment information
We may request contact details from you or your organization and use third-party payment processing services to collect payment and billing information, which may contain Personal Data such as billing name, billing address, and payment card details, in connection with our Services.
Automatically collected information
Device and browser data
Identite follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this as a part of hosting services' analytics. The information collected by log files includes internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information gathering is to analyze trends, administer the site, track user's movements on the website, and gather demographic information. Logs are kept logically separated from Personal Data. Certain Identite personnel can access log files to analyze the use of the Services and provide customer and technical support. Log files are also used to automatically send context-appropriate messages within the Services (e.g., account set-up notices), and to generate aggregated data.
Your user data
The Application cannot see your contacts, read your text messages, access your photos (but it can use your camera to scan a QR code if you explicitly allow that permission), access your files, erase your device, or see information about other applications on your device. We do not track any Personal Data about your accounts.
Precise real-time location information of the device
When you visit the mobile Application, we may use GPS technology (or other similar technology) to determine your current location. We use this data to provide features of our Services, to improve and customize our Services, to enforce our geo-fencing security measures for the security of our Application, and additional identity verification checks. We will not share your location with other users. If you do not want us to use your location for the purposes set forth above, you should turn off the location services for mobile applications in your account settings or in your mobile phone settings, and/or within the mobile application.
Device state data
When using the Application within your organization, your administrator(s) may set access policies requiring devices to meet certain security properties to log in to a service. Data about the security properties of your device are collected at the time of logging in to determine whether your device meets your organization’s policies. In general, these security properties are yes/no values, such as whether your phone has a biometric control enabled (fingerprint or face recognition), whether your device is jailbroken, rooted, or otherwise in a compromised state, whether your phone has a screen lock, and whether the device’s storage is encrypted. We also collect some specific values, like the version of your operating system (i.e. iOS 12.0.1 or Android 8.1), and the version of the Application you are using. As mentioned before, the Application cannot see personal data on your device.
You can stop all collection of information by the Application easily by uninstalling the Application. You may use the standard uninstall processes available as part of your mobile device or PC settings or via the mobile application marketplace or network.
WHEN DO WE COLLECT INFORMATION?
We may collect information from you when you:
Access our products and documentation
Create an account
Update/modify an existing account
Assign devices to your account
Respond to a survey
Communicate with us
Use the Application
Contact us requesting information and/or support
WHAT PERMISSIONS DO WE NEED?
As mentioned before, the Application cannot access things like your contacts, photos, text messages, and emails. However, we do have a few device data permissions that we request to help make the authentication process easier for you.
Permission to send Push notifications
We only send push notifications for two purposes:
To send you a login request to be approved or denied, or
To alert you about a security issue we detect on your device.
We will never spam or send irrelevant push notifications. You can deny this permission, but you will have to manually go into the Application to approve or deny a login request each time you log in.
You grant this to our Application to use your camera to scan QR codes that are used to quickly add multi-factor authentication accounts. You can deny this permission, but without access, you will have to enter your valid email so we can send the registration link to your email so that you can get your account working. The Application will never access your photos and will only use your camera when scanning the QR code during the registration procedure.
The Application uses a pseudonymized mobile data analytics provider, Firebase. It helps us understand how the users interact with our App. Our Usage Analytics only collect information about how you use the Application, it cannot “see what you do” in other applications on your phone or personal computer. We use analytics data to increase stability and to develop new features for our Application.
If you give us permission, we will be able to use your precise geolocation (latitude and longitude) to offer you features where such information is required. We use this data to provide features of our Services, to improve and customize our Services, to enforce our geo-fencing security measures for the security of our Application, and additional identity verification checks.
Apart from usage analytics, Firebase allows us to receive crash reports. Firebase collects information about App crashes, which we use to monitor the App stability and to fix bugs.
HOW DO WE USE YOUR INFORMATION?
We may use the information we collect from you when you create an account, update an existing account, assign devices to an account, respond to a survey or marketing communication, use our Websites or the Application, or use certain other features in the following ways:
To establish, maintain, and secure your account.
To identify you as a user and provide the Services you request.
To perform fraud detection and authentication.
To measure traffic and usage activity to improve the Services and your interactions with them.
To send you administrative notifications via email or within the Services, such as payment reminders or support and maintenance advisories. You will receive these notices even if you choose not to receive marketing communications.
To provide you with the correct interfaces and options when you are accessing the Services.
To provide personalized information across the Services by identifying whether you have used specific features within the Services, visited pages on our Websites, or seen one of our advertisements.
To respond to customer support inquiries and other requests.
To quickly process your transactions.
To verify for security purposes who you are.
To authenticate logins to third-party sites/apps.
HOW DO WE PROCESS YOUR INFORMATION?
We will process Personal Data for the following purposes as is reasonably necessary for our legitimate business interests, provided such interests are not overridden by your interests or fundamental rights:
To monitor quality control and ensure compliance with any and all applicable laws, regulations, codes, and ordinances, for example, in response to a request from a court or regulatory body, where such request is made in accordance with the law.
To monitor and protect the security of our information, systems, and network.
To create products or services that may meet your needs.
To administer or otherwise carry out our obligations in relation to any agreement to which we are a party.
To administer your account.
To provide the Identite products.
To assist you in completing a transaction or order.
To prepare and process invoices.
To respond to queries or requests and to provide Services and technical and customer support.
To provide aftersales customer relationship management.
To notify you about changes to the Application.
To develop and improve Identite products and Services.
To measure the performance of marketing initiatives.
To ensure that content from the Websites is presented most effectively for you and your device.
We may use aggregated and anonymized data (independent of any personal identifiers) for research and commercial purposes. This information includes what areas our users visit most frequently and what services they access most often. This information helps us develop better Websites and Application that is more useful and accessible to you.
HOW DO WE PROTECT YOUR INFORMATION?
Security is what we do, and we take the security of the Personal Data we have very seriously. We use appropriate administrative, organizational, technical, and physical safeguards that are designed to protect the Personal Data we collect and process. The measures we use are designated to provide a level of security appropriate to the risk of processing your Personal Data and to help ensure that your data is safe, secure, and only available to you and those with authorized access (as decided by your organization administrator or you, as appropriate.)
We implement a variety of security measures whenever a person uses our Websites, or Apps, to maintain the safety of your Personal Data.
Our Websites are scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our Websites as safe as possible. Our Apps are monitored regularly for vulnerabilities and opportunities to make them more secure.
We regularly use malware and virus scanning, as well as log and activity monitoring.
Your Personal Data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are to keep the information confidential.
All secured protected information you supply is encrypted via Secure Socket Layer (SSL) technology, as well as a second encrypted layer, meeting and exceeding most specs by other companies, governments, and other entities.
WHO DO WE SHARE YOUR DATA WITH?
The Application never sells your data. We only use your data to provide and improve our Services.
The Application only communicates with two entities: our own security service and Firebase (for Usage Analytics and crash reporting). When sending data to an external service like Firebase, we only send de-identified pseudonymized data to protect your privacy. Every service that Identite sends data to goes through an extensive security audit process to ensure that the service meets Identite’s strict privacy and security controls.
You can read more about Firebase privacy controls in their support article provided at this link: https://firebase.google.com/support/privacy/
We do not sell, trade, or otherwise transfer to outside parties your Personal Data unless we provide you with advance notice.
This does not include website hosting partners and other parties who assist us in operating our Websites, conducting our business, or providing you with Services, so long as those parties agree to keep this information confidential. We may release your information when we believe its release is appropriate to comply with the law, enforce our Websites' policies, or protect our or others' rights, property, or safety.
HOW DO WE DISCLOSE YOUR INFORMATION?
We may share personal information about you in the following ways:
If you request or authorize it.
If necessary complete a transaction for you.
If the information is provided to comply with the law, applicable regulations, governmental and quasi-governmental requests, court orders or subpoenas, or to enforce our Terms and Conditions or other agreements, or to protect our rights, property or safety, or the rights, property or safety of our users or others (e.g., to a consumer reporting agency for fraud protection, etc.).
If the disclosure is done as part of a purchase, transfer, or sale of Services or assets (e.g., in the event when substantially all of our assets are acquired by another party, user information may be one of the transferred assets).
HOW LONG DO WE KEEP YOUR DATA?
We only keep your information for as long as we have an ongoing legitimate business need to provide our Services.
We will retain your Personal Data for a period of time that is consistent with the original purpose of the data collection, or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We determine the appropriate retention period for Personal Data by considering the amount, nature, and sensitivity of your Personal Data processed, the potential risk of harm from unauthorized use or disclosure of your Personal Data, and whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal requirements (such as applicable statutes of limitation).
When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymize it. If this is not possible (for example, because your information has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.
Cookies and web beacons
The Cookies may also collect information about your Internet Protocol (IP) address. This is a number automatically assigned to your computer or device whenever you connect to the Internet. It is a unique address assigned by your Internet service provider or IT department on a TCP/IP network. Among other things, the IP address allows web servers to locate and identify your device.
Third-party Cookie collector
Identite is leveraging the services of SESSIONCAM LIMITED in the manner described below:
SessionCam Cookies are used to collect information about how visitors use the Websites. SessionCam uses the information to compile reports and to help us improve the Websites. The Cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from, and the pages they visited.
For more information please refer to https://www.glassbox.com/sessioncam-privacy-policy/
Google DoubleClick DART cookie
“Do Not Track” signals
Some web browsers may give you the ability to enable a "do not track" feature that sends signals to the websites you visit, indicating that you do not want your online activities tracked. This is different from blocking or deleting cookies, as browsers with a "do not track" feature enabled may still accept cookies.
Our Advertising Partners
Google's advertising requirements can be summed up by Google's Advertising Principles. They are put in place to provide a positive experience for users.
DOES OUR SITE ALLOW THIRD-PARTY BEHAVIORAL TRACKING?
YOUR PRIVACY RIGHTS
Your privacy rights in general
You may withdraw your consent to our processing of your Personal Data, in whole or in part (i.e., for marketing purposes). Certain Services may be ineffective upon opt-out.
Our legal basis for collecting, using, and processing your Personal Data is contained in the HOW DO WE USE YOUR INFORMATION? section above.
The scope of your privacy rights depends on the jurisdiction where you are going to exercise them. The main privacy laws adopted in various jurisdictions under which your privacy rights can be exercised are described below in the DATA PROTECTION LAW section.
Your Personal Data may be processed outside your jurisdiction, and in countries that may not provide for the same level of data protection as your jurisdiction. We ensure that the recipient of your Personal Data offers an adequate level of data protection, for example, by entering into the appropriate back-to-back agreements and, if required, standard contractual clauses for the transfer of data or we will ask you for your prior consent to such international data transfers.
How to exercise your rights
If you wish to exercise any of your privacy rights, please submit the request by emailing us at privacy@Identite.us. In your request, please make clear: (i) what Personal Data is concerned; and (ii) which of your rights you would like to enforce. For your protection, we may only fulfill requests with respect to the Personal Data associated with the email address you send your request form, and we will need to verify your identity before doing so. We will comply with your request promptly, but in any event within the legally mandated timeframes (thirty (30) days for the GDPR and forty-five (45) days for the CCPA/CalOPPA). We may need to retain certain information for recordkeeping purposes or to complete transactions that you began prior to requesting such change or deletion.
We will verify all requests by contacting you using contact information retained in our systems. If our information does not allow us to contact you, then we will verify your identity by asking you to confirm the data we have in our system. We cannot respond to requests that cannot be verified.
DATA PROTECTION LAW
Your privacy rights are regulated by a number of Data Protection Laws which are exercised depending on the jurisdiction you belong to.
California Online Privacy Protection Act (CalOPPA)
Under CalOPPA, we may collect, use, protect, share, process, disclose, and otherwise handle the following Personal Data:
Social security number.
Any other data that could allow us to contact you.
Information collected by our Websites or Application in a personally identifiable form, such as cookies and IP addresses.
According to CalOPPA, we agree to the following:
Users can visit our Websites anonymously.
Users are able to change their personal information by logging in to their accounts.
Users can opt out of email marketing or some service-related communications.
Users have the right to access their Personal Data, to update, correct or delete their Personal Data, and to withdraw their consent to our collecting, using, protecting, sharing, processing, and disclosing the Personal Data.
California Consumer Privacy Act (CCPA)
If you reside in the State of California, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your Personal Data. This section describes those rights and how to exercise them.
You have the right to request that we disclose certain information to you regarding our collection, use, and disclosure of your Personal Data over the past 12 months, including the categories and specific pieces of Personal Data we possess, the categories of sources of the Personal Data, the business or commercial purpose for collecting the Personal Data, and the categories of third parties with whom we share or sell the information, and the specific pieces of Personal Data we have collected about you. Upon verified request, we will respond to your request for such information. You also have a right to request that we delete your Personal Data. Please note that, in certain cases, we deny a request to delete your Personal Data if we have a legal basis to do so. For example, we may retain certain information for the reasons stated under the HOW DO WE USE YOUR INFORMATION? heading above.
You may make a request on your behalf or you may authorize an agent who is registered with the Secretary of State for the State of California to act on your behalf. You may also make a request on behalf of your minor child.
We will not discriminate against individuals for exercising their rights under the CCPA.
General Data Protection Regulation (GDRP) for European Residents
The GDPR applies to member states of the European Union (EU) and countries in the European Economic Area (EEA).
Where the collection or processing of your information is subject to the GDPR, you have the following rights. Please note that these rights are not absolute and in certain cases are subject to conditions as specified in applicable law:
You have the right to request access to any Personal Data we hold about you as well as related information, including the purposes for processing the Personal Data, the recipients or categories of recipients with whom the Personal Data has been shared, where possible, the period for which the Personal Data will be stored, the source of the Personal Data, and the existence of any automated decision making.
You have the right to request the rectification of inaccurate information about you and for any incomplete information about you to be completed.
You have the right to object to the processing of your Personal Data, which is based on our legitimate interests.
You have the right to request the erasure of your Personal Data (subject to certain conditions).
You have the right not to have a decision made about you that is based solely on automated processing if that decision produces legal or similarly significant effects concerning you.
You have the right to ask us to restrict our processing of your Personal Data so that we no longer process that Personal Data until the restriction is lifted.
You have the right to receive your Personal Data, which you have provided to us, in a structured, commonly used, and machine-readable format and to have that Personal Data transmitted to another organization in certain circumstances.
You have the right to withdraw consent. Where the processing is based on consent, you have the right to withdraw such consent.
In addition to the above, you have the right to lodge a complaint with a supervisory authority if you consider that our processing of your Personal Data infringes applicable Data Protection Law. You can decide to what data protection authority to apply depending on your jurisdiction, e.g. if you are a UK resident, you can apply to the Information Commissioner’s Office.
You can exercise any of these rights by emailing us at firstname.lastname@example.org.
Data Protection Act 2018 (DPA) for UK residents
DTA is the UK implementation of the GDPR which is to be applied as a Data Protection Law in the territory of the UK after Brexit. The rights you can exercise under DPA are similar to the rights exercised under GDPR.
Children Online Privacy Protection Act (COPPA)
We do not specifically market to children under 13.
When it comes to the collection of personal information concerning children under 13, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation's consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States of America, and the concepts they include have played a significant role in the development of Data Protection Laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
Within one (1) business day, we will notify the users via in-site notification.
We also agree with the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against Data Collectors and Processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by Data Processors.
The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
To be in accordance with CAN-SPAM, we agree to the following:
If at any time you would like to unsubscribe from receiving future emails, we provide you with a clear means of opting out of receiving future messages and we will promptly remove you from ALL correspondence.
April 14, 2023