Effective as of 25 May 2018
- Who are we?
We are ID-Pal Limited, a company incorporated under the laws of Ireland with company registration number 578727, whose registered office is at 102 Trimblestown, Goatstown Road, Dublin 14, Ireland (“we“, “us” and “our“).
We know your privacy is important to you. This Data Protection statement explains how we and our authorised business partners, affiliates and agents process information, particularly Personal Data that we receive from you and others. Please read the following carefully to understand our approach and practices regarding your personal data and other information and how we treat it. Please do not use our website, app, products or services if you do not agree with the ways in which we will process your Personal Data and other information.
- What is our role?
We provide client due diligence services to organisations (our Customers) who are required to verify the identity of their clients. Our Customers may request their clients (the End Clients) to use our app to provide their identification documents to the Customer.
When we process the information of the End Clients we do this in accordance with the instructions of our Customer. We are the Data Processor. If you are the End Client, our Customer is the Data Controller of your information. Our Customer will determine why, what and how your information is collected, used, shared and retained. For more information please contact them.
When we process the information of our Customer, we do so as Data Controller. The purpose for collecting Personal Data is to provide our product and services to you and it is necessary for the performance of our legal contract with you.
- What information do we collect about you?
- information that you provide to us, or to our Customer;
- photographic and video images of you, when you provide us with a “selfie” photo, video-clip;
- pictures of your passport and national identification card or driving licence;
- biometric data, when we compare your “selfie” photo against your photographic ID;
- details from your passport, such as your name, gender, date of birth, nationality, passport number and MRZ code;
- details from your national identification card or driving licence, such as your name, address, date of birth and driving licence number;
- details from your proof of address documentation, such as your name, address and account number;
- additional information that you provide to us or our Customers such as confirmation of your name, gender, address, date of birth, email address and mobile telephone number;
- all information collected using cookies or similar technologies; and
- the IP address of your device.
- information that you, or someone in your organisation, provide to us during registration, including your name and business name, VAT number, email address, telephone number, username and password;
- financial details including card details, your bank details such as the sort code and account number, to the extent that you supply these to us for the purpose of making payments;
- information about how you use our services, for example information generated when you use our website, web portal or app; or
- all information collected using cookies or similar technologies.
- How do we collect your information?
All information will be obtained fairly. The information we collect will be adequate, relevant and not excessive in relation to the purposes for which it is requested. For End Clients that purpose will be determined by our Customer, the Data Controller. For more information please contact them.For our Customers that purpose is to enable us deliver our product and services to you.
We may collect and process information about you in a number of ways, including:
- directly from you; when you submit your information through our app, or if you contact us directly for any reason, for example calling us or emailing us. Calls to us and from us may be recorded for training, monitoring and quality purposes;
- from our Customer, when they provide us with your email address or phone number to connect you to our services, or if they submit your information on your behalf, for example, if they complete your checks in person;
- from third party service providers or public sources, to conduct verification checks on the information you have provided to us; or
- directly from you; when you submit your information through our website, portal, or if you contact us directly for any reason. Calls to us and from us may be recorded for training, monitoring and quality purposes;
- from your employer or another person in your organisation, for example, when they provide us with your details to facilitate configuration of our system or to create a user account for you;
- when you visit our website. This information includes, but is not limited to, traffic data, location data, weblogs and other communication data and any resources you may access;
- from third parties, such as, resellers, service providers or your nominated representatives;
- from our records of how you use your our products or services, for example when you access and use our web portal; or
- when legally permitted to do so.
5. What do we use your information for?
- we will only use the information that you submit to us through our app to conduct identification and other verification checks on behalf of our Customers who have instructed us to do so;
- we will use the information generated when you use our website and app to promote the safety and security of our products and services and investigate suspicious activity or violations of our policies;
- if you contact us directly for any reason we will use the information to respond to you, to assist with any enquiries you have and to maintain our records; and
- as permitted or required by any law applicable to us or arising from your interaction with us.
- providing our products and services to you;
- determining your suitability for our products and services;
- administering and managing the products and services we provide to you, to charge you for them, to process payment and collect any amounts you may owe us and to deliver them;
- promoting the safety and security of our products and services and investigating suspicious activity or violations of our policies;
- assisting you with enquiries and to provide you with better customer service;
- providing you with information that you request from us about our products and services and products and services that we feel may interest you;
- conducting market research and analysis to further enhance and improve the quality of the products and services we offer;
- sending you communications such as news updates in our newsletter, where you have opted to receive these;
- notifying you about changes to our products and services; or
- as permitted or required by any law applicable to us or arising from your interaction with us.
- How do we share your information?
The information we collect from you may be transferred to third parties in connection with our business model. It may also be processed by these companies and/or by our and their respective employees and service providers. These third parties are our Sub- processors and we remain liable to you for their performance of obligations.We will take steps to ensure that these third parties will:
- only process personal data in accordance with our instructions;
- take appropriate security measures to protect your personal data;
- commit themselves and their employees to confidentiality;
- provide assistance to us in the discharge of our obligations to you; and
- report all data breaches to us without undue delay.
In particular we may disclose your information to the following third parties:
- our professional advisers in order for them to provide us with advice;
- third party service providers, such as our payment processors and verification service providers where necessary for them to provide us with services or to provide services that you have requested;
- our technology providers, including those which host your data on our behalf and provide certain IT support and IT professional services to us; or
- if you are a Customer, business partners and/or possible acquirers or investors (and our and/or their advisors) in the context of a facilitating or implementing a business re-organisation or a transfer/ sale of all or part of our assets or business;
We may also have to share information with third parties to meet any applicable law, regulation or lawful request from a law enforcement agency. When we believe we have been given false or misleading information, or we suspect criminal activity we have an obligation to record this and report to law enforcement agencies, which may be either in or outside Ireland.
Other than as outlined above, we will not disclose your Personal Data.
- International Data Transfers
Personal Data may be transferred to our Customers and/or our Sub processors as part of our business model as described in sections 5 and 6 above. This may include the transfer of data to other jurisdictions for processing at a destination outside the European Economic Area (“EEA“). Such transfers only occur either on the basis of an adequacy decision made by the European Commission as permitted by Article 45 of the GDPR or when our Sub-processors agree to approved standard contractual clauses as permitted by Article 46 of GDPR.
- For how long do we retain your personal data?
We retain your Personal Data for as long as we are instructed to do so by our Customer, the Data Controller. For more information please contact them.
We retain your Personal Data for no longer than is necessary with regard to the purposes for which it was collected or lawfully further processed. We will retain your Personal Data for the duration of our relationship and seven years thereafter as required by our legal obligation to the Revenue Commissioners.
9. Am I subject to a decision based solely on automated processing
Our product conducts identification and verification checks by automated means. The results of the automated checks will verify your identity and in turn this may contribute to an overall decision made by our Customer.
10. What about cookies?
One way we collect information is through the use of a technology called “cookies”, as well as other related technologies, such as pixels, tags, beacons and local storage.
When you go online, you use a software program called a “browser” (like Apple’s Safari or Google’s Chrome). Most websites store a small amount of text in the browser—and that text is called a “cookie.” Similarly, [pixels, tags, beacons and local storage] are small pieces of code which, like cookies, allow a website or app to read or place information on a device or computer.
We use both first party and third-party cookies. First party cookies are those which we use. Third party cookies originate from one of our partners or service providers.
|Log in||Cookies let you log in and out of your account.|
|Security||Cookies are just one way we protect you from security risks. For example, we use them to detect when someone might be trying to hack your account.|
We use the following third party cookies:
Depending on the type of browser you are using, you may be able to configure your browser so that: (a) you are prompted to accept or reject cookies on an individual basis or (b) to prevent your browser from accepting any cookies at all. You should refer to the supplier or manufacturer of the web browser for specific details about cookie security.
11. How do we keep your information safe and accurate?
We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this Data Protection Statement. We seek to ensure that we keep your Personal Data accurate and up to date.
While we take these steps to maintain the security of your information, you should be aware of the many information security risks that exist and take appropriate care to help safeguard your information. The nature of the internet is such that we cannot guarantee the security of the information you transmit to us electronically, and any transmission is at your own risk. We store information you provide to us on secure servers and deploy appropriate technical and organisational security measures in the storage and disclosure of your personal data to try to prevent unauthorised access or loss.
12. Third party sites and services
13. What are your rights?
You have rights under the Data Protection Acts 1988 and 2003, and, from 25 May 2018, the General Data Protection Regulation (2016/679) (“Data Protection Legislation”). You have the right to request access to the Personal Data held about you, and to request that it is rectified if inaccurate or erased. You may also request that we restrict or cease processing your Personal Data. You also have the right to data portability. Not all of these rights are absolute and there may be circumstances where they can be legally restricted.
You have the right bring any complaints to the Data Protection Commissioner. Further information on your Data Protection rights is available on the website of the Irish Data Protection Commissioner at http://www.dataprotection.ie
When we process End Clients’ Personal Data, we do this in accordance with the instructions of our Customer. If you are an End Client, our Customer will be the Data Controller. Our Customer will determine the purpose of and the legal basis for processing your Personal Data and how your information is collected, used, shared and retained by them.
For more information, or to exercise your rights under Data Protection Legislation, please contact our Customer.
You can exercise your Data Protection rights by contacting our Data Protection Officer by sending an email to email@example.com or by writing to102 Trimblestown, Goatstown Road, Dublin 14, Ireland.
You can update your contact preferences, regarding direct marketing through your ‘my account’ section on our website.
If you choose not to provide certain information to us, we may not be able to continue provide you with the products or services you require and/or it may impact our ability to better respond to your needs.
Any terms not defined in this Data Protection Statement have the meanings given to such terms in the Data Protection Legislation.
15. Changes to our Privacy Statement
From time to time, we may need to change this Data Protection Statement. If we do so, we will post an updated version of our Data Protection Statement on this page and it will apply to all of your information held by us at the time. We may choose to notify you of any material changes via email or posting on our website. Continued use of our website, products or services signifies your acceptance.
16. Contacting us
If you have any questions, comments and requests regarding this Data Protection Statement or our processing of your Personal Data and you should address all correspondence to our Data Protection Officer at firstname.lastname@example.org or 102 Trimblestown, Goatstown Road, Dublin 14, Ireland.