Last Updated: 08/28/2018
This policy does not apply to companies that we do not own or control, or to the actions of people we do not employ or manage. This includes any companies from whom you may submitted your data to independently or through our Services, and any companies from whom you may have visited through a link made available to you through our Services.
What We Do
ID123 provides identity products and services (our “Services”) to institutions worldwide (our “Customers”) to help them create, manage their digital ID cards and credentials, and issue them to both people and things (“End Users”). We also provide Services directly End Users to help them create a digital identity profile and store their institutionally issued ID cards and credentials. We also provide mobile messaging services to our Customers enabling them to communicate in their Users through the mobile application and by text messaging. Each End User has the option to opt-in or opt-out of receiving messages from the institution. Our Website at “id123.io” and other affiliated sites such as mobile app stores are used to market and advertise our Services as well as serve as a channel for support and feedback for Customers and Users.
Data We Collect and How We Use It
Information that you provide to us when you use the Website
Certain parts of our Website allow you to submit personal information voluntarily to learn more about our Service or for support reasons. We may collect personal information about you (such as full name, email address, country, phone number) so we can fulfill your request. You may also provide information about your employer, such as company name, URL and country. We will use this information to respond to your inquiries and communicate with you about our products.
Information that we collect automatically when you use the Website or Mobile App
Information that our End Users provide to us to perform our Services
End Users may upload personal information, such as email addresses, telephone numbers, physical addresses, full names, and photos to our Service to create their “My Identity” profile. Customers will have their email addresses and phone numbers authenticated by emailing or texting them a PIN code to ensure they are the legitimate owners of those email addresses and phone numbers. We use this information to so that End Users can log into the Application and be communicated with should the need arise.
Information that our Customers provide to us to perform our Services
Customers may upload ID card information including personal information, such as email addresses, telephone numbers, physical addresses, full names, identification numbers, and photos. Customers may send us attributes of their End Users in order for us to personalize communication with them. We use this information to provide our Service to our Customers.
Information that we collect for our Customers to perform our Services
Customers may use our Services to collect information from their End Users through the mobile app in order to verify their identity and issue them a digital ID card. This may include personal information, biometric information, location information and also device information. We may display form fields within the mobile in order to obtain consents from an End User on the Customers behalf. We may host an email address or phone number for a Customer in order for them to send and receive communication with End Users on their behalf. We may collect replies and track opens and clicks of those messages.
Information that we collect about our Customers using the Services
We will collect information, including Personal Information, about each Customer when they register for the Service, such as name, email address, phone number company name, company address, support email. We will use that information for correspondence concerning Customer’s use of the Service, regarding such things as product functionality, security updates, billing, support or other service related or marketing reasons. Any recipients of marketing emails will always be able to opt-out of receiving marketing information at any time. If the Customer pays buy credit card, our payment processor will collect payment information in order to process payments for their usage of the Service.
Your Privacy Rights Under GDPR
You may request access to your information to review, modify or request deletion of any personal information we process about you. We will review your request and will respond in accordance with applicable data protection laws. To protect your privacy and security, we take reasonable steps to verify your identity before processing rights requests. We will also stop sending marketing communications to you by clicking “Unsubscribe” in any marketing e -mail communications we send you.
If you are a resident of the EEA, you can object to processing of your personal information, ask us to restrict processing of your personal information or, if applicable, request the portability of your personal information.You can send an email to firstname.lastname@example.org to exercise these rights or fill out our Data Privacy Subject Access Request form here: https://www.id123.io/privacy/data-privacy-subject-access-request/. If you are a resident in the EEA, you have the legal right to complain to the data protection authorities in the EEA about our collection and use of your personal information.
You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.
Data Hosting & Security
Information collected from our Website, the Service and the Mobile App is transferred to and hosted in the United States. Additionally, we may use third-party vendors and affiliates in various countries around the world to process your information. We have taken appropriate safeguards to require that your personal information will remain protected in accordance our obligations.
We have legitimate business interests to collect process and retain personal information for the purposes described in this Policy. We retain personal information we collect from you for as long as we have an ongoing legitimate business reason or requirement to do so. While retaining the data, we will securely store your personal information. We use appropriate technical and organizational security measures to protect personal information against unauthorized access, disclosure, alteration, and destruction.
Data Disclosure to Third-Parties
We do not sell or rent any of your information to third parties for any advertising or marketing purposes. However, the following describes some of the ways that We may disclose your information in the normal course of providing Our services.
We may use third party vendors, consultants and other service providers to help us with any of the collection and processing activities described herein. Those providers work on our behalf, as instructed by our team. Prior to sharing data with a third party, we assess the provider’s controls to ensure the data is correctly processed and adequately protected. We require that any information disclosed to a provider is used only to provide services to us and only as allowed by applicable law. For a list of third party vendors we use to process personal information see Exhibit 2 of our Data Processing Addendum https://www.id123.io/terms/dpa/.
We may provide your information with a subsidiary, parent company or company under common control with ID123 inc. Our affiliates will use your information only as described in this Policy.
We reserve the right to disclose information as required by law or regulation and when necessary to comply with a judicial proceeding, court order, or legal process.
Change of Control
If we are involved in a merger, acquisition or sale of all or a portion of its assets, your information may be shared or transferred as part of that transaction, as permitted by law and only for the purposes disclosed herein.
We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“FTC”).
Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also may correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to email@example.com. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice (for personal data) or opt-in choice (for sensitive data) before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to firstname.lastname@example.org.
ID123’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, ID123 remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless ID123 proves that it is not responsible for the event giving rise to the damage.
We may be required in certain circumstances to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the Privacy Shield Principles, ID123 commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contact ID123 at: email@example.com.
ID123 has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
View ID123 Inc. on PrivacySheild.gov here.