Data Protection Information Notice
Effective as of 1 December 2020
- Who are we?
We are ID-Pal Limited, a company incorporated under the laws of Ireland with company registration number 578727, whose registered office is at 145 Pearse Street, Dublin, 2, D02 CP08, Ireland (“we”, “us” and “our”).
We know your privacy is important to you and we are fully committed to the principles of data protection, as set out in the General Data Protection Regulation (EU 2016/679) (GDPR).
This Data Protection Information Notice explains how we and our authorised business partners, affiliates and agents process information, particularly Personal Data that we receive from you and others. Please read the following carefully to understand our approach and practices regarding your personal data and other information and how we treat it. Please do not use our website, app, products or services if you do not agree with the ways in which we will process your Personal Data and other information.
Personal Data is defined in the GDPR as any information relating to an identified or identifiable natural person. In jurisdictions outside the EU/EEA, this is often referred to as Personally Identifiable Information (PII).
We have a separate Cookie Information Notice that provides you with information on the cookies which we or third parties may place on your computer, when you visit our website. Certain categories of cookies can only be placed if you consent to them. Further information is found here.
For the avoidance of doubt, we do not place cookies or other tracking technologies on your device when you use our app.
- What is our role?
We provide client due diligence services to organisations (our Customers) who are required, under certain legal obligations, or who choose to verify the identity of their clients. Our Customers may request their clients (the End Clients) to use our app to provide their identification documents to the Customer.
When we process the information of the End Clients we do this in accordance with the instructions of our Customer. We are the Data Processor. If you are the End Client, our Customer is the Data Controller of your information. Our Customer will determine why, what and how your information is collected, used, shared, retained and under what lawful basis it is processed. For more information please contact them.
When we process the business information of our Customer, we do so as Data Controller. The purpose for collecting Personal Data is to provide our product and services to you and it is necessary for the performance of our legal contract with you.
We also love to hear from prospective Customers, so we provide a facility on our website for you to request information about our product and services and you enter your contact details for the purpose of us contacting you.
- What information do we collect about you?
Information that you provide to us, or to our Customer such as;
- photographic and video images of you, when you provide us with a “selfie” photo, video-clip;
- pictures of your passport and national identification card or driving licence;
- biometric data, when we compare your “selfie” photo against your photographic ID;
- details from your passport, such as your name, gender, date of birth, nationality, passport number and MRZ code;
- details from your national identification card or driving licence, such as your name, address, date of birth and driving licence number;
- details from your proof of address documentation, such as your name, address and account number, if visible on documentation;
- additional information that you provide to us or our Customers such as confirmation of your name, gender, address, date of birth, email address and mobile telephone number; and
- the details of your device or the device used to make a submission such as manufacturer, model, and operating system version. This information can not be used to identifty you as a individual.
- information that you, or someone in your organisation, provide to us during registration, including your name and business name, email address, telephone number, username and password;
- financial details including card details, your bank details such as the sort code and account number, to the extent that you supply these to us for the purpose of making payments and you are a sole trader rather than a corporate entity; and
- information from our logs which indicates activity on the app and the portal.
- information that you submit on the contact pages of our website, such as your name and email address; and
- information collected from cookies, please see separate Cookie Information Notice.
- How and why do we collect your information?
All information will be obtained fairly. The information we collect will be adequate, relevant and not excessive in relation to the purposes for which it is requested.
For End Clients that purpose will be determined by our Customer, the Data Controller. For more information please contact them.
For our Customers that purpose is to enable us deliver our product and services to you.
We may collect and process information about you in a number of ways, including:
- directly from you; when you submit your information through our app, or if you contact us directly for any reason, for example calling us or emailing us. Calls to us and from us may be recorded for training, monitoring and quality purposes;
- from our Customer, when they provide us with your email address or phone number to connect you to our services, or if they submit your information on your behalf, for example, if they complete your checks in person;
- from third party service providers or public sources, to conduct verification checks on the information you have provided to us; or
- directly from you; when you submit your information through our website, portal, or if you contact us directly for any reason. Calls to us and from us may be recorded for training, monitoring and quality purposes;
- from your employer or another person in your organisation, for example, when they provide us with your details to facilitate configuration of our system or to create a user account for you;
- from third parties, such as, resellers, service providers or your nominated representatives; or
- from our records of how you use your our products or services, for example when you access and use our web portal;
- directly from you, when you visit our website and request us to contact you.
- What do we use your information for?
- we will only use the information that you submit to us through our app to conduct identification and other verification checks on behalf of our Customers who have instructed us to do so;
- we will use the information generated when you use our website and app to promote the safety and security of our products and services and investigate problems, suspicious activity or violations of our policies;
- if you contact us directly for any reason we will use the information to respond to you, to assist with any enquiries you have and to maintain our records; and
- as permitted or required by any law applicable to us or arising from your interaction with us.
- providing our products and services to you;
- determining your suitability for our products and services;
- administering and managing the products and services we provide to you, to charge you for them, to process payment and collect any amounts you may owe us and to deliver them;
- promoting the safety and security of our products and services and investigating suspicious activity or violations of our policies;
- assisting you with enquiries and to provide you with better customer service;
- providing you with information that you request from us about our products and services and products and services that we feel may interest you;
- conducting market research and analysis to further enhance and improve the quality of the products and services we offer;
- sending you communications such as news updates in our newsletter, where you have opted to receive these;
- notifying you about changes to our products and services; or
- as permitted or required by any law applicable to us or arising from your interaction with us.
- responding to your request to contact you; and
- sending you communications such as news updates in our newsletter for as long as you wish to receive it.
- Who do we share your information with?
The information we collect from you may be transferred to third parties in connection with our business model. It may also be processed by these companies and/or by our and their respective employees and service providers. These third parties are processors, when we are acting as a data controller, and as sub- processors when we are acting as a processor, and we remain liable to you for their performance of obligations. We will take steps to ensure that these third parties will:
- only process personal data in accordance with our instructions;
- take appropriate security measures to protect your personal data;
- commit themselves and their employees to confidentiality;
- provide assistance to us in the discharge of our obligations to you; and
- report all data breaches to us without undue delay.
In particular we may disclose your information to the following third parties:
- our professional advisers in order for them to provide us with advice;
- third party service providers, such as our payment processors and verification service providers where necessary for them to provide us with services or to provide services that you have requested;
- our technology providers, including those which host your data on our behalf and provide certain IT support and IT professional services to us; or
- if you are a Customer, business partners and/or possible acquirers or investors (and our and/or their advisors) in the context of a facilitating or implementing a business re-organisation or a transfer/sale of all or part of our assets or business;
If you are an End Client, we will provide our Customer with the results of our identity and verification checks on you.
We may also have to share information with third parties to meet any applicable law, regulation or lawful request from a law enforcement agency. When we believe we have been given false or misleading information, or we suspect criminal activity we have an obligation to record this and report to law enforcement agencies, which may be either in or outside Ireland.
Other than as outlined above, we will not disclose your Personal Data.
- International Data Transfers
Personal Data may be transferred to third parties who are our processors/sub processors as part of our business model as described in sections 5 and 6 above. This may include the transfer of data to other jurisdictions for processing at a destination outside the European Economic Area (“EEA“). Such transfers only occur either on the basis of an adequacy decision made by the European Commission as permitted by Article 45 of the GDPR or approved safeguard measures pursuant to Article 46 of GDPR.
- For how long do we retain your personal data?
We retain your Personal Data for as long as we are instructed to do so by our Customer, the Data Controller. For more information please contact them.
We retain your Personal Data for no longer than is necessary with regard to the purposes for which it was collected or lawfully further processed. We will retain your Personal Data for the duration of our relationship and seven years thereafter as required by our legal obligation to the Revenue Commissioners.
Web site visitors
We will retain your Personal Data on our contact database for as long as you are our business contact and wish to receive information about us.
- Am I subject to a decision based solely on automated processing?
Our product conducts identification and verification checks by automated technical means. The results of these checks will verify your identity and in turn this may contribute to an overall decision made by our Customer.
- How do we keep your information safe?
All information including Personal Data is encrypted at rest and in transit. We use AWS in Europe, for storage. We have firewalls on our application and database servers. Personal Data is logically segmented to the extent that we in ID-Pal do not have access to the Personal Data stored. Only a Customer, who has been authenticated, has access to this information. Our Customer may provide your Personal Data to us for the purpose of troubleshooting or technical support.
While we take these steps to maintain the security of your information, you should be aware of the many information security risks that exist and take appropriate care to help safeguard your information. The nature of the internet is such that we cannot guarantee the security of the information you transmit to us electronically, and any transmission is at your own risk.
- Third party sites and services
- What are your rights?
You have rights under the Data Protection Acts 1988 to 2018, and, the General Data Protection Regulation (2016/679) (“Data Protection Legislation”) which can be summarised as follows:
- You have the right to request information about whether we hold your personal data, and, if so, what that personal data is and why we are holding/using it.
- You have the right to request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- You have the right to request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate personal data we hold about you corrected.
- You have the right to request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
- You have the right to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
- You have the right to object to automated decision-making including profiling, that is not to be the subject of any automated decision-making by us using your personal information or profiling of you. ID-Pal does not make decisions based solely on automated processing.
- You have the right to request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- You have the right to request transfer of your personal information in an electronic and structured form to you or to another party (commonly known as a right to “data portability”).
You have the right to make a complaint to the Data Protection Commission.
Further information on your Data Protection rights is available on the website of the Irish Data Protection Commissioner at http://www.dataprotection.ie
When we process End Clients’ Personal Data, we do this in accordance with the instructions of our Customer. If you are an End Client, our Customer will be the Data Controller. Our Customer will determine the purpose of and the legal basis for processing your Personal Data and how your information is collected, used, shared and retained by them.
For more information, or to exercise your rights under Data Protection Legislation, please contact our Customer, the Data Controller.
You can exercise your Data Protection rights by contacting our Data Protection Officer by sending an email to email@example.com or by writing to us at 145 Pearse Street, Dublin, 2, D02 CP08,You can update your contact preferences, regarding direct marketing through your ‘my account’ section on our website.
If you choose not to provide certain information to us, we may not be able to continue to provide you with the products or services you require and/or it may impact our ability to better respond to your needs.
Any terms not defined in this Data Protection Information Notice have the meanings given to such terms in the Data Protection Legislation.
- Changes to our Data Protection Statement
From time to time, we may need to change this Data Protection Information Notice. If we do so, we will post an updated version of our Data Protection Information Notice on this page and it will apply to all of your information held by us at the time. We may choose to notify you of any material changes via email or posting on our website
If you have any questions, comments and requests regarding this Data Protection Statement or our processing of your Personal Data and you should address all correspondence to our Data Protection Officer at firstname.lastname@example.org or ID-Pal Limited, 145 Pearse Street, Dublin, 2, D02 CP08 , Ireland.