Valid from 02.05.2019
Welcome to Veriff`s webpage. We are specialized in providing online identification services. We are the new standard in identity verification, and we allow any website or mobile application to verify your driver’s license, passport or ID.
In order to fully understand how Personal Data is Processed, Data Subjects should review privacy notices shared with the Users by Veriff and privacy policies of those Merchants’, for whose services, they are getting verified for.
Please review this policy carefully and contact us and our data protection officer at email@example.com if you have any comments, questions or concerns.
2. Our main privacy principles
3. The content of Personal Data we Process
4. The purposes and legal grounds for Processing your Personal Data
5. Data Subject’s rights in relation to Personal Data
6. Disclosure and transfer of Personal Data
7. Security of Personal Data
8. Retention of Personal Data
9. Cookies and other tracking technologies
3.1 Personal Data we Process about Users
We may collect and Process, among other, the following Personal Data:
We may obtain Personal Data directly from you, as well as from the Merchant. We also collect your Personal Data independently from Data Providers, e.g. to offer our services within the trust-based relationship and to prevent fraud. For example, if we need to verify validity of your identification document, we might inquire for additional information from the appropriate registrar.
We may share your Personal Data, foremost the biometrical data and facial recognition data with the Merchant through which you used our identity verification service.
3.2 Personal Data we Process about the representative of the Merchant
For entering into Agreement, for providing our Service, for communicating with the representative of our client and for other lawful reasons we need to Process the data of Merchant’s representative.
This means we may Process, among other, following Personal Data of the representative of the Merchant:
1. personal information of the representative of the Merchant, such as name, job title, position, contact information;
2. personal information in connection of provision of the Service, such as data from communication with us;
3. technical data (Device Signature), including but not limited to information about, the date and time that you use the Services, your IP address and domain name, your software and hardware attributes, also, your general geographic location (e.g. city, country);
4. publicly available relevant data.
We collect this data either from you directly, when you communicate with us directly e.g., sending us an email, providing us with your Personal Data on the phone or through our customer support tools. We may also collect some of your Personal Data in the course of provision of Service to your employer.
Please note that we also check information about Merchant (incl. about relevant representatives of Merchant) from publicly available sources. We only gather relevant and necessary data in order to validate right of representation.
Please note that when we ask you to provide your Personal Data, this provision of Personal Data is voluntary. However, if you do not provide your Personal Data the Merchant may not be able to make use of the full range of our Services.
3.3 Personal Data we Process about the Visitor of our Website
We may collect data regarding the Visitors of the Websites by using Cookies (see below Chapter 9) or other similar technologies (e.g. IP address, equipment information, location information, beacons) and Process the data gathered by them.
This data, among other, may be as follows:
1. personal information of the Visitor, such as IP address, time, location
2. information on usage of the Website and other web log data, such as the pages you visit on the Website, the date and time of your visit, the files that you download, the URLs from the websites you visit before and after navigating to the Website,
3. technical data (Device Signature), including but not limited to information about your IP address and domain name, your software and hardware attributes (including device IDs), your general geographic location (e.g. city, country); We use the collected data to enable the provision of the Service in accordance with the habits of a Visitor; to ensure the best Service quality; to inform the Visitor about the contents and give recommendations; to update advertisements and make marketing efforts more efficient. The collected data shall also be used for counting the Visitors and recording their habits.
3.4 Personal Data we Process during recruitment process and employment
As an employee, we fully inform you of the Processing activities taken by Veriff and instruct you and provide you sufficient training on how to Process information related to Data Subjects.
We are constantly hiring new talents and thus encourage as many talents as possible to enter into our recruitment process. During the recruitment process we Process the Personal Data of candidates we contact with possible job offer as well as the candidates who apply themselves.
We may collect and Process, among other, the following Personal Data:
We usually obtain Personal Data directly from you when you apply for a position with us or when we contact you with a possible job offer. In addition, we collect your Personal Data independently through different channels (e.g. via social media profiles, online job site). We also may collect your Personal Data from third parties, such as professional recruiting firms, your references, prior employers, employment background check providers, to the extent this is permitted by applicable law. Additionally, we may share your Personal Data with professional recruiting firms that we have entered into agreements with, in order to assist us in the recruitment process (the conditions for such sharing, see Chapter 6). During the recruiting process we may ask submission of different information that enable us to assess your suitability to certain positions. You are not required to provide any of the requested information to us, but kindly note that failing to do so may result in not being able to continue your candidacy for the position.
We do not seek to obtain special categories of Personal Data, such as data concerning your ethnicity, health, philosophical beliefs, sexual orientation etc.
4.1 The purpose and legal ground of processing for provision of Service
Regards to purpose of Users information we only have one aim – to verify your identity and for this purpose we capture photos and video of the verification session as well as the document provided for verification. We further may mix and match Personal Data collected and decide regards to identification either as “Pass”, “Resubmission” or “Decline”.
Verification process is either semi-automated, meaning that a human is meaningfully involved and may intervene the process at any time; or fully‑automated, meaning our verification algorithm automated verification tool helps us to verify your identity. Nancy is constantly learning to correctly give meaning to information; detect identification fraud or theft and she does her best to make sure you can be you even in the online world. Robot Nancy also makes the decision either “Pass”, “Resubmission” or “Decline”. So, in short Nancy does what our human verification specialists do and we hope that together we can make your identification and verification process as easy and safe as possible. In case we use Robot Nancy, you are invited to read further in published DPIA that considers and addresses the risks regards to automated decision-making by Robot Nancy. In case a fully automated decision-making, where the decision has a significant effect for you, we will be transparent about such processing and either ask for your explicit consent or inform you accordingly regards to legal basis for processing being necessity to entry into a contract directly with us or the Merchant. In case of automated decision-making we will provide you with all relevant information and explanations regards to logics behind Robot Nancy; at any time you will have the right to request human intervention or object to the decision made on grounds relating to your particular situation.
We Process User’s, Merchant’s representative’s and Visitor’s Personal Data for the following purposes:
1. performance of the Agreement (including for the provision of the Service);
2. for performance of the obligations arising from the Agreement (including the realization of rights arising from the provision of the Service).
3. we also Process your Personal Data if Processing is necessary for compliance with our legal obligation and provision of our Service for realization of rights arising from the Agreement;
4. for the purpose of realization of rights and fulfilment of obligations deriving from legal acts;
5. for processing your inquiries and requests;
1. for analysing the use of our Service, and using research and analysis results, among other, for carrying out satisfaction surveys and developing our products and services including development of autonomous and automated decision-making processes;
2. for the transmission of information about our Service.
3. for sending our newsletters, for marketing and developing and promoting our Services, for organisation of campaigns, including personalised and targeted campaigns, and measuring the effectiveness of the performed marketing activities. Please note that for sending out newsletters, we only Process your contact details;
4. for ensuring a trust-based relationship with a Merchants and Users, for example Personal Data Processing that is strictly necessary to determine the ultimate beneficiaries, being PEP and/or to prevent fraud, e.g. and checks in public sanction lists or our own Service history;
5. for the administration and analysing the client base to improve the availability, selection and quality of Services and products, and to make the best and more personalised Services;
6. for the analysis of identifiers and Personal Data collected upon the use of websites, mobile applications and other Services. We shall use the collected data for web analysis or for the analysis of mobile and information society services, for ensuring and improving the functioning, for statistical purposes and for analysing the behaviour and using experience of Visitors and for providing better and more personalised Services;
7. for monitoring of the service. We may record the messages and instructions given in our premises or by means of communication (e-mail, telephone, etc.), as well as information and other operations carried out by us, and shall use those recordings as needed to evidence instructions or other operations;
8. for network, information and cyber security considerations, for example for fighting against piracy and for ensuring the security of the Websites, as well as for the measures taken for making and storing backup copies;
9. for the establishment, exercise or defence of legal claims.
Pursuant to our “Fundamental-Six” principles for data Processing, we only Process Personal Data on this legal basis after careful assessment in order to ascertain that the legitimate interest is in compliance with the interests and rights of a Data Subject (after carrying out the so-called three-step test). In case you have granted us a consent to process Personal Data, the details of such processes and purposes thereof would be outlined in the consent itself.
4.2 The purpose and legal ground of processing during recruitment process
We Process your Personal Data as a controller on the grounds of legitimate interest for recruitment and management purposes (purposes nr (1) up to (3) and (7)), for preparing and performance of the contract (purpose nr (4)), for compliance with our legal obligation (purpose nr(6)), and on the basis of consent (purpose nr (5)).
In case a candidate is not selected, we shall store the Personal Data collected for the entry into an employment contract for two years in order to make a job offer to the candidate in case a suitable position becomes vacant.
4.3 Processing for a new purpose
In case Personal Data Processing is carried out for a new purpose, different from those for which the Personal Data were originally collected, or is not based on the consent given by the Data Subject, we shall carefully assess the permissibility of such new Processing. In order to determine whether the Processing for the new purpose follows the purpose for which the Personal Data were originally collected, Veriff shall take into consideration, inter alia, the following:
· any link between the purposes for which the Personal Data were collected and the intended further purposes Processing;
· the context of collecting the Personal Data, in particular regarding the relationship between the Data Subject and us;
· the nature of the Personal Data, in particular whether any special categories of Personal Data are Processed;
· possible consequences of the intended further Processing for the Data Subjects;
· existence of appropriate protection measures which may consist in, for example, encryption and pseudonymisation.
You as a Data Subject have the following rights in relation to Personal Data:
Please read more about your rights from chapter 3 of the GDPR (General Data Protection Regulation).
6.1 Disclosure of personal data to authorities
Please note that due to legal requirements, we may be obliged to disclose your Personal Data or to grant access to your Personal Data to the authorities and the supervisory authority.
6.2 Disclosure to controllers and processors
We may disclose your Personal Data to controllers for whom we are processors (e.g. Merchants) and to our authorized processors (sub-processors), as well as to persons who are legally entitled to receive your Personal Data.
For example, such authorized processors may be our affiliates, our IT partners, our advertising and marketing partners, companies carrying out satisfaction surveys, debt collection agencies, professional recruiting partners, credit registers, authorities and organisations intermediating or providing (electronic) mail, compliance or payment services and alike, provided that:
1. the respective purpose and the Processing are lawful;
2. we have diligently assessed that the authorized processor is to comply with the data protection requirements;
3. the Personal Data Processing is carried out in accordance with the guidelines of us and on the basis of a valid agreement.
If you have questions about our authorized processors, please contact us at firstname.lastname@example.org.
6.3 Transfer of Personal Data
We Process your Personal Data within the EEA.
In the event that we need to transmit your Personal Data outside the EEA, the transmission shall be in accordance with the requirements of the GDPR.
We apply various measures (physical, technical, organizational) to protect your Personal Data from unauthorized or arbitrary rectification, disclosure, acquisition, destruction, loss or unauthorized access.
If you have any information about an actual or suspected data breach, please inform us immediately at email@example.com. We will deal with the issue immediately and inform the Data Protection Inspectorate (if applicable).
We store the data of Users during the period set forth in the Agreement (currently the term of the Agreement is up to 5 years) or as long as it is necessary for possible establishment, exercise or defence of legal claims of Users, Merchants or Us.
We may store your Personal Data including biometrical data and facial recognition information longer if we have lawful basis do to so, e.g. you have given us consent to use your Personal Data for the development of our Service or we have assessed to have legitimate aim to do so e.g. in pseudomized form or for the purpose of Service history log.
We store the data of job applicants (candidates) during the recruitment process and for two additional year after the recruitment process to record your recruiting activity with us and be able to inform you of new vacancies within that timeframe.
After the expiration of the Personal Data storage period, we shall anonymize or permanently erase your Personal Data.
Most of the web browsers allow Cookies. Without fully allowing Cookies, not all of the functions of the Website are available to a Visitor. The allowing or prohibiting Cookies and other similar technologies shall be under the control of a Visitor via the settings of the Visitor’s own web browser.
If you prefer that your Personal Data will not be Processed on our website, you can activate the private browsing feature of Your web browser.
You can change and control your Cookie and add preferences for example on the following platforms:
The current version:
Original version from 10.01.2019