This policy does not apply to companies that we do not own or control, or to the actions of people we do not employ or manage. This includes any companies from whom you may have submitted your data to independently or through our Services, and any companies from whom you may have visited through a link made available to you through our Services.
What We Do
ID123 provides identity products and services (our “Services”) to institutions worldwide (our “Customers”) to help them create, manage their digital ID cards and credentials, and issue them to both people and things (“End Users”). We also provide Services directly to End Users to help them create a digital identity profile and store their institutionally issued ID cards and credentials. We also provide mobile messaging services to our Customers enabling them to communicate within their Users through the mobile application and by text messaging. Each End User has the option to opt-in or opt-out of receiving messages from the institution. Our Website at “id123.io” and other affiliated sites such as mobile app stores are used to market and advertise our Services as well as serve as a channel for support and feedback for Customers and Users.
Data We Collect and How We Use It
Information that you provide to us when you use the Website
Certain parts of our Website allow you to submit personal information voluntarily to learn more about our Service or for support reasons. We may collect personal information about you (such as full name, email address, country, phone number) so we can fulfill your request. You may also provide information about your employer, such as company name, URL and country. We will use this information to respond to your inquiries and communicate with you about our products.
Information that we collect automatically when you use the Website or Mobile App
Information that our End Users provide to us to perform our Services
End Users may upload personal information, such as email addresses, telephone numbers, physical addresses, full names, and photos to our Service to create their profile. End Users will have their email address and phone number verified to ensure they are the legitimate contacts of that individual. We use this information to enable the End Users to sign into the Service and so we can send them communications about their account or their issued digital ID cards. We may use the physical mailing address submitted by End Users to enable the shipping of a physical ID card duplicate to their home or other location, if applicable. End Users may upload a profile face photo or photos of other supporting identity documentation. We use the profile face photo as the default ID card face photo when an End User is installing a new digital ID card and we enable them to submit their photos to an ID card issuing institution. We may also use the profile face photo along with their name as part of chat communications to identify their messages in a conversation. With the End Users permission, we may compare photos submitted by the End User that contain their face with photos provided by the ID Card issuing institution that contain their face as part of the ID card issuing process to prevent fraud. We may collect and process face data from the photos provided by End Users to identify violations of photo ID card guidelines before the photo is submitted to the ID card issuing institution. For example, we may use face data to ensure the End Users eyes are open, or they are not wearing a hat or dark sunglasses. We rely on data processors to process, encrypt and securely storing the photos. We do not share photos with third parties or permit sub-processors to use photos for any other purpose. We will only share photos with an ID card issuing institution upon the request of the End User as part of the digital ID card issuing process. We also provide End users with the tools to share their digital ID card photo and other identity information with third parties from their device.We do not store the face data processed from ID card photos on our servers or share face data with third parties.
Information that our Customers provide to us to perform our Services
Our Customers are businesses and institutions. These Customers may upload ID card information including personal information, such as email addresses, telephone numbers, physical addresses, full names, identification numbers, and photos. Customers may send us attributes of their End Users in order for us to personalize their digital ID cards as well as communication with them. We use this information to generate a digital ID Card and related identity Services to End Users for our Customers. Our Customers can import photos of End Users faces that will then be added and displayed to the End User’ ID cards in the app so that the End User can be utilized as an ID card. Customers who upload an End User face photo controls the photo and this photo can be updated, modified or deleted at any time by the Customer. With the End Users permission, we may compare the photos provided by the ID Card issuing institution that contain their face with a photo or video of the End Users face taken from the Digital ID card app as part of the ID card issuing process to prevent fraud. We may use face data from the photos submitted by the Customer to identify violations of photo ID guidelines before the photo is issued to the End User as a digital ID card or physical ID card.
Information that we collect for our Customers to perform our Services
Customers may use our Services to collect information from their End Users through the mobile app in order to verify their identity and issue them a digital ID card. This may include personal information, photos, identity information, and also device information. We may display form fields within the mobile in order to collect information or obtain consents from an End User on the Customers behalf. We may host an email address or phone number for a Customer in order for them to send and receive communication with End Users on their behalf. We may collect replies and track opens and clicks of those messages. Customers can give End Users the option to upload their own face photos or other supporting identity documentation. We process and store this information on our Customers behalf as their data processor.
Information that we collect about our Customers using the Services
We will collect information, including Personal Information, about each Customer when they register for the Service, such as name, email address, phone number company name, company address, support email. We will use that information for correspondence concerning Customer’s use of the Service, regarding such things as product functionality, security updates, billing, support or other service related or marketing reasons. Any recipients of marketing emails will always be able to opt-out of receiving marketing information at any time. If the Customer pays buy credit card, our payment processor will collect payment information in order to process payments for their usage of the Service.
Your Privacy Under CCPA
If you are a resident of California, you have the right to request access, modification, and deletion of any personal information we process about you under the California Consumer Privacy Act. Our CCPA obligations cover any California resident’s personal information we process through the use of our Website, Services, and Mobile Apps. Data submitted to another company independently or through our Services is not covered under this section and all inquiries regarding your data rights should be directed to them.
When you use our Website, Services, and Mobile Apps we collect certain categories of personal information from you including identifying, contact, payment, biometric, geographic and navigational information as well as system usage data. We may disclose these categories of personal information for business purposes in order to provide our services to you, business operational reasons, and to provide internal data analytics information. We do not sell your personal information to any third parties.
You have the right to request the disclosure of all personal information we process about you over the past 12 months, including the right to know what personal information we disclosed to third parties for a business purpose. We will review your request and provide a disclosure which contains the categories and specific pieces of personal information we have processed, the sources of personal information, the business purpose for processing, and any third parties with whom we have shared your personal information. To ensure your privacy and security, we will take reasonable steps to verify your identity before processing your request.
You have the right to request the deletion of your personal information we have processed. We will review your request and will delete your personal information as well as direct all service providers to delete your personal information from their systems. Deletion of personal information is subject to certain exceptions, such as complying with law enforcement requests or other legal matters.
If you choose to exercise any of your data rights, we will not discriminate against you or your use of our Services in any of the following ways, including denying goods or services to you, charging different prices or rates for goods or services, providing a different level or quality of goods or services to you, or suggesting any of the above.
You can send an email to firstname.lastname@example.org to request a disclosure or deletion of your personal information. Please note that you may only make a CCPA-related data access or data portability disclosure request twice within a 12-month period.
Your Privacy Rights Under GDPR
You may request access to your information to review, modify or request deletion of any personal information we process about you. We will review your request and will respond in accordance with applicable data protection laws. To protect your privacy and security, we take reasonable steps to verify your identity before processing rights requests. We will also stop sending marketing communications to you by clicking “Unsubscribe” in any marketing e -mail communications we send you.
If you are a resident of the EEA, you can object to processing of your personal information, ask us to restrict processing of your personal information or, if applicable, request the portability of your personal information. You can send an email to email@example.com to exercise these rights or fill out our Data Privacy Subject Access Request form. If you are a resident in the EEA, you have the legal right to complain to the data protection authorities in the EEA about our collection and use of your personal information.
You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.
Data Hosting & Security
Information collected from our Website, the Service and the Mobile App is transferred to and hosted in the United States. Additionally, we may use third-party vendors and affiliates in various countries around the world to process your information. We have taken appropriate safeguards to require that your personal information will remain protected in accordance our obligations.
We have legitimate business interests to collect process and retain personal information for the purposes described in this Policy. We retain personal information we collect from you for as long as we have an ongoing legitimate business reason or requirement to do so. While retaining the data, we will securely store your personal information. We use appropriate technical and organizational security measures to protect personal information against unauthorized access, disclosure, alteration, and destruction.
Data Disclosure to Third-Parties
We do not sell or rent any of your information to third parties for any advertising or marketing purposes. However, the following describes some of the ways that We may disclose your information in the normal course of providing Our services.
We may use third party vendors, consultants and other service providers to help us with any of the collection and processing activities described herein. Those providers work on our behalf, as instructed by our team. Prior to sharing data with a third party, we assess the provider’s controls to ensure the data is correctly processed and adequately protected. We require that any information disclosed to a provider is used only to provide services to us and only as allowed by applicable law. For a list of third party vendors we use to process personal information see Exhibit 2 of our Data Processing Addendum https://www.id123.io/terms/dpa/
We may provide your information with a subsidiary, parent company or company under common control with ID123 inc. Our affiliates will use your information only as described in this Policy.
We reserve the right to disclose information as required by law or regulation and when necessary to comply with a judicial proceeding, court order, or legal process.
Change of Control
If we are involved in a merger, acquisition or sale of all or a portion of its assets, your information may be shared or transferred as part of that transaction, as permitted by law and only for the purposes disclosed herein.
We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“FTC”).
Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also may correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to firstname.lastname@example.org. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice (for personal data) or opt-in choice (for sensitive data) before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to email@example.com.
ID123’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, ID123 remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless ID123 proves that it is not responsible for the event giving rise to the damage.
We may be required in certain circumstances to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In the event a customer end user transfers human resources data from the EU in the context of the employment relationship, ID123 will cooperate with the appropriate EU or Swiss data protection authorities.
In compliance with the Privacy Shield Principles, ID123 commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contact ID123 at: firstname.lastname@example.org
ID123 has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/privacy-shield-complaints/ for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction
Cross-Border Data Transfer
ID123 is committed to safeguarding the transfer of your data between the EU and the US. We comply with the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework to facilitate cross-border data transfer. We also rely on our Data Processing Agreement (DPA) which includes the European Commission’s Standard Contractual Clauses and is incorporated into our Terms of Service. In the event the Privacy Shield Framework does not apply to your EU Member State, the DPA will cover your data that is processed and transferred between the EU and US.