Privacy policy

Valid from 10.01.2019

Welcome to Veriff`s webpage. We are specialized in providing online identification services. We are the new standard in identity verification and we allow any website or mobile application to verify your driver’s license, passport or ID.

Veriff processes end users’ information only as directed by these third parties and, accordingly, Veriff is a mere processor of user information with respect to those services and not a controller.  In order to fully understand how your information will be handled when you use the services, you should review not only this Policy, but also any privacy policy of the third party whose services you are verifying your identity for. Notwithstanding the above, Veriff may process certain individual users’ information in anonymized form for its own purposes.

In this privacy policy we explain how and on what basis we collect, store and process your personal data. Also, what are your rights concerning your personal data and our obligations and liability.

Please review this policy carefully and contact us if you have any comments, questions or concerns. Kindly note that we may modify the privacy policy from time to time. The modified policy will be uploaded to our webpage.

1. Our main privacy principles

We respect each person's right to the protection of their personal data and we shall do our best to ensure that personal data collected by us is well protected. We regularly evaluate the risks associated with the processing of personal data and shall apply appropriate mitigation strategies to hedge risks.

Compliance with privacy policy is integrated into our day to day activities, services and processes, and our development efforts.

We process personal data lawfully. We set clear goals for the processing of personal data and process personal data for these purposes only. We do not collect or process the data that we do not need.

We may transfer personal data to our authorized processor if this is necessary to achieve the purpose of processing personal data. Due to regulatory requirements, we may be obligated to disclose or provide personal data to the authorities.

We require and we expect our contractual partners to be careful on processing of personal data, to prevent the unauthorized disclosure or inappropriate use of personal data, and to process personal data in an honest and lawful manner.

We shall store personal data only for as long as the maintenance is required by law or contract or necessary for our business. When we stop storing, we shall permanently erase the personal data.

We have established internal rules for compliance with our privacy policy. We understand that compliance with the internal rules takes place through our employees. Therefore, we consider it important and we must ensure that our employees know and comply with the requirements of the internal rules. We expect each of our employees to respect our privacy requirements.

2. Definitions

  • Agreement - service agreement concluded with the Merchant.
  • Breach - breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
  • EEA - European Economic Area (the European Union Member States, Norway, Iceland and Liechtenstein).
  • GDPR - EU General Data Protection Regulation 2016/679.
  • Merchant - the legal entity to whom we provide the Service under the Agreement.
  • Personal Data - any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Privacy Policy - this privacy policy.
  • Processing - any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Processing may be done manually or using automated systems.
  • Processor / our / us / we  - Veriff OÜ, registry code 12932944, Niine 11, Tallinn, 10414, e-mail: info@veriff.com
  • Service - personal identity verification service provided by us.
  • User - the natural person regarding whom we provide the Service at the request of the Merchant and natural person who contacts us as the representative of Merchant prior to conclusion of the Agreement. 
  • Website - www.veriff.me.
  • You - the natural person regarding whom we provide the Service at the request of the Merchant or with whom we are in contact related to Veriff`s recruitment process.

3. The content of personal data we process

3.1 The content of personal data we process during Service provision

We provide personal identity verification services to Merchants. In order to verify your identity as a part of your agreement with the Merchant, or in order to enter into an Agreement with the Merchant you represent, we must collect your information and personal data. We may collect and process, among other, the following personal data:

  1. personal information of User, such as name, sex, personal identification code, date of birth, legal capacity, nationality, citizenship;
  2. personal information of the representative of the Merchant, such as name, job title, position;
  3. document details, such as the name of the document, issuing country, number, expiry date, security features;
  4. photos, videos and sound recording, photographs taken from you and your document and video and sound recording of the verification process;
  5. contact details, such as address, e-mail address, telephone numbers, IP address;
  6. User’s technical data (Device Signature)
  7. biometrical data.

We may obtain personal data directly from you, as well as from the Merchant. We also collect your personal data independently from data providers. For example, if we need to verify validity of your identification document, we might inquire for additional information from the appropriate registrar. 

Please note that we cannot provide the Service in respect of an anonymous customer, and therefore the use of our service is subject to the disclosure of personal data to us and providing to us the consent to the processing of personal data.

3.2 The content of personal data we process during recruitment process

We are constantly hiring new talents and thus encourage as many talents as possible to enter into our recruitment process. During the recruitment process we process the personal data of candidates we contact with possible job offer as well as the candidates who apply themselves. We may collect and process, among other, the following personal data:

  1. name and contact details;
  2. all information contained in your CV and your motivation letter, e.g. information about your education and trainings, employment history, hobbies, language skills;
  3. information disclosed by you during interviews with our recruitment specialists;
  4. your job preferences;
  5. results of your tests, analyses, that are performed by our request;
  6. names and contact details of your recommenders. We consider that you have obtained consent from your recommenders prior to providing us their names and contact details;

We usually obtain personal data directly from you when you apply for a position with us or when we contact you with a possible job offer. In addition, we collect your personal data independently through different channels (e.g. via social media profiles, online job site). We also may collect your personal data from third parties, such as professional recruiting firms, your references, prior employers, employment background check providers, to the extent this is permitted by applicable law. Additionally, we may share your personal data with professional recruiting firms that we have entered into agreements with, in order to assist us in the recruitment process. Should we be required to share your information with any third parties, such as recruiting firms, we ensure that they are subject to the same level of data protection requirements, as we are, when processing your personal data.

During the recruiting process we may ask submission of different information that enable us to assess your suitability to certain positions. You are not required to provide any of the requested information to us but kindly note that failing to do so may result in not being able to continue your candidacy for the position

We do not seek to obtain special categories of personal data, such as data concerning your ethnicity, health, philosophical beliefs, sexual orientation etc.  

4. Cookies

We use ”cookies” on our Website, that you can accept if you choose to use our Website.

We use "cookies" in many ways. "Cookies" help us to improve the offered services and make use of our services more convenient.

We collect data on how users interact with our website and / or application. In addition, we collect information from your computer or device, such as the IP address, browser you are using, and language settings. Information about how the user uses our web pages and applications is used for statistical purposes to improve our web pages and applications, and to display custom content for the customer.

If you prefer that your personal data will not be processed on our website, you can activate the private browsing feature of Your web browser. This is your choice.

5. For what purpose and on what legal ground do we process your personal data?

5.1 The purpose and legal ground of processing your personal data during Service provision
We process your personal data during Service provision for the following purposes:

  1. for preparation and conclusion of the Agreement, for performance of the Agreement (including for the provision of the Service), for realization of rights arising from the Agreement and for performance of the obligations arising from the Agreement;
  2. for the purpose of realization of rights and fulfilment of obligations deriving from legal acts;
  3. for processing your inquiries and requests;
  4. for analysing the use of our Service, and using research and analysis results, among other, for developing our products and services;
  5. for the transmission of information about our Service.
  6. for sending our newsletters, for marketing and developing and promoting our products and services. Please note that for this purpose we only process your contact details.

We mainly process your personal data as a Processor for the benefit of the Merchant in order to fulfil the Agreement concluded with the Merchant (clause (1)), we also process your personal data if processing is necessary for compliance with our legal obligation (clauses (2) and (3)) and if processing is necessary for the purposes of the legitimate interests (clauses (4), (5) and (6)).

5.2 The purpose and legal ground of processing your personal data during recruitment process
We process your personal data during recruitment process for the following purposes:

  1. determining your suitability for the available position;
  2. verifying the data submitted by you (including carrying out reference checks and/or conducting background checks (where applicable));
  3. managing the recruitment process and keeping you updated about the progress of the process;
  4. in case of successful application, preparing job offer and in employment contract, and for fulfilling onboarding activities;
  5. informing you about other our vacant positions;
  6. protecting our rights and fulfilling our legal obligations;
  7. business management and administrative purposes, such as maintaining our IT systems, record-keeping, improving our recruitment and business practices.

We process your personal data as a controller on the grounds of legitimate interest for recruitment and management purposes (clauses (1) up to (3) and (7)), for preparing and performance of the contract (clause (4)), for compliance with our legal obligation (clause (6)), and on the basis of your consent (clause (5)).

6. Your rights in relation to personal data

You have the following rights in relation to your personal data:

  1. Right of access to personal data - you have the right to know which of your personal data we store and how we process it, including the right to know the purpose of the processing, the persons to whom we will disclose your personal data, information about automated decision-making and the right to receive copies of personal data.
  2. Right to rectification of personal data - you have the right to request the rectification of inadequate, incomplete and misleading personal data.
  3. Right to withdraw the consent given for the processing of personal data - you have the right at any time to withdraw the consent given to us for the processing of personal data. Please note that withdrawal of your consent shall not affect the legality of the processing that was made on the basis of consent before the withdrawal.
  4. Right to erasure of personal data („right to be forgotten“) - you have the right to request that we erase your personal data (for example, if you take back the consent for the processing of personal data, or if personal data is no longer needed for the purpose for which it was collected). We have the right to refuse the erasure of personal data if the processing of personal data is necessary for the fulfillment of our legal obligation, to exercise the right to freedom of expression and information, for the preparation, presentation and protection of legal claims, or in the public interest.
  5. Right to restriction of processing - In certain cases, you have the right to prohibit or restrict your processing of personal data for a certain period of time (e.g., if you have filed an objection to personal data processing).
  6. Right to object - you have the right to file an objection to processing of your personal data if your personal data processing takes place on the basis of our legitimate interest or public interest. You shall have the right to object at any time to processing of personal data for direct marketing purposes, and we shall respond immediately.
  7. Right to data portability - In case your personal data processing is based on your consent and personal data is processed automatically, you shall be entitled to receive personal data about you that you submitted to us as the controller, in a structured, commonly used and machine-readable format, and you shall have the right to transmit this personal data to another controller. You also have the right to request that we transfer personal data directly to another controller, where technically feasible.
  8. Automated decision-making (including profiling) - provided that we have informed You that we perform automated decision-making (including profiling) that will bring about legal consequences for you or have a significant effect on you, then you may require that an automated decision cannot be made only on the basis of automated processing.
  9. Submission of complaint. You shall have the right to file a complaint against us regarding the processing of personal data to the Data Protection Inspectorate (www.aki.ee)

Please read more about your rights from chapter 3 of the GDPR.

If you wish to use any right regarding personal data or ask questions about the Privacy Policy, please submit a corresponding request to us at legal@veriff.com. We will respond to your request by e-mail as a rule no later than within one month. Please note that before we can provide you with the requested information regarding your personal data, we need to verify your identity. Please also note that if your request concerns data we have processed as a Processor (i.e. in the course of Service provision) you must submit your request to the Merchant who is the controller of Processing of your personal data.

7. Security of personal data

We apply various measures (physical, technical, organizational) to protect your personal data from unauthorized or arbitrary rectification, disclosure, acquisition, destruction, loss or unauthorized access.

If you have any information about an actual or suspected data breach, please inform us immediately at legal@veriff.com. We will deal with the issue immediately and inform the Data Protection Inspectorate (if applicable).

8. Disclosure of personal data

Please note that due to legal requirements, we may be obliged to disclose your personal data or to grant access to your personal data to the authorities and the supervisory authority.

We may disclose your personal data to our authorized processors, as well as to persons who are legally entitled to receive your personal data.

When we conclude an agreement with a processor for the processing of your personal data, we shall ensure the existence of appropriate contractual safeguards to protect your personal data.

9. Geographical area of the Processing

We process your personal data within the EEA.

In the event that we need to transmit your personal data outside the EEA, the transmission shall be in accordance with the requirements of the GDPR.

10. Storing of personal data

We shall store your personal data for as long as required by law or in accordance with the law, or for the purposes stated in this Privacy Policy. 

We store the data of Users during the period set forth in the Agreement (currently the term of the Agreement or up to 5 years).

We store the data of job applicants during the recruitment process. After completion of the recruitment process we only retain a minimum amount of your personal data to record your recruiting activity with us.

After the expiration of the personal data storage period, we shall anonymize or permanently erase your personal data.

11. Availability of the Privacy Policy

This Privacy Policy is available on our Website.

We shall have the right to unilaterally change the Privacy Policy at any time, in accordance with applicable law.