Effective Date: July 1, 2020
A. Privacy Statement
B. Personal Data Collected by Private Identity
CLOUD BIOMETRIC MFA
When you use our CLOUD BIOMETRIC MFA service to authenticate yourself, we anonymize and/or pseudonymize your biometric information and only collect anonymized and/or pseudonymized information. As explained in the terms of service accessible at https://private.id/terms.html, the Services provide you a limited, revocable, nonexclusive, non-assignable license to access the Cloud Biometric MFA application onto a device (phone, laptop, etc.) and use the Cloud Biometric MFA application for the sole purpose of accessing our authentication Services to enroll, identify, verify or authenticate yourself.
1) When you use our authentication Service or access the Website to have access to general information available on the Site, we do not currently require you to provide Personal Data. However, we may receive and/or collect Personal Data from you in the following ways:
b) Log Files. We use log files for our products for billing and quality assurance only. The information inside the Private Identity log files does not include internet protocol (IP) addresses, type of browser, Internet Service Provider (ISP), referring/exit pages, clicked pages or any other information your browser or device may send to us. We do not combine the information collected by any log files with customer or end-user personally identifiable information (PII).
1. Personal Data that you Knowingly and Willingly Provide
Private Identity collects the information that you knowingly and voluntarily provide when you use our Service (such as through web forms or profile screens), including registration/account setup information, profile details, payment information, and ratings information. We primarily use this information to fulfill your transaction requests. You can choose not to provide us with certain Personal Data, but then you may not be able to take advantage of our Service or other available features we offer. The information that we collect and use may include the following kinds of Personal Data:
Personal Data From and/or About Others. We may also collect and store Personal Data about other people that you provide to us, as well as information about you provided by others. We may also receive your Personal Data from trusted third parties (including, for example, business partners, sub-contractors in technical, payment and delivery of membership services, advertising networks, analytics providers, search information providers, credit reference agencies).
Anonymized and/or Pseudonymized Information. When you use our service to authenticate yourself, we anonymize and/or pseudonymize your biometric information and only collect anonymized and/or pseudonymized information. As explained in the terms of service accessible at https://private.id/terms.html, the Services provide you a limited, revocable, nonexclusive, non-assignable license to access/download the Cloud Biometric MFA application onto a device (phone, laptop, etc.) and use the Cloud Biometric MFA application for the sole purpose of accessing our authentication Services to enroll, identify, verify or authenticate yourself.
C. How Is Your Personal Data Used?
We will only process your Personal Data, including sharing it with third parties, where (1) you have provided your consent which can be withdrawn at any time, (2) the processing is necessary for the performance of a contract to which you are a party, (3) we are required by law, (4) processing is required to protect your vital interests or those of another person, or (5) processing is necessary for the purposes of our legitimate commercial interests, except where such interests are overridden by your rights and interests.
We may use Personal Data we collect about you on its own or combine it with other information we have about you to:
D. Who Can Access the Information We Collect?
We will only transfer your Personal Data to trusted third-parties who provide sufficient guarantees in respect of the technical and organizational security measures governing the processing to be carried out and who can demonstrate a commitment to compliance with those measures.
Where third parties are processing Personal Data on our behalf, they will be required to agree, by contractual means or otherwise, to process the Personal Data in accordance with the applicable law and to act only on our instructions, or as permitted by law.
Private Identity may disclose your Personal Data in the following to the following entities and purposes:
Agents. We employ other companies and individuals to perform functions on our behalf. Examples of such functions include cloud storage providers and other third party service providers involved in processing transactions and billing processing credit card payments, and providing customer service. We share our users’ Personal Data with these agents as we deem necessary for such third parties to perform their functions.
Employees. Only authorized employees have access to your Personal Data.
To Comply with Legal Process, Protect Private Identity, or Enforce our Rights. We may release your Personal Data when it is necessary to (i) conform to legal requirements or comply with legal process; (ii) enforce or apply our conditions of use and other agreements (iii) protect the rights, safety or property of Private Identity, our affiliates, service providers, our users or the public, or (iv) prevent a crime or protect national security (including exchanging information with other companies and organizations for fraud protection and credit risk reduction).
As Part of a Merger or Sale of Business. We may disclose your Personal Data in connection with a substantial corporate transaction, such as the sale of our business, a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.
E. Selling of Personal Data
We will not sell your Personal Data to third parties for their use without your consent.
F. Disclosure of Personal Data for a Business Purpose
We will never disclose your Personal Data to third parties for a business purpose with whom you do not have an existing relationship. We may disclose your information (including Personal Data) to our strategic business partners with whom you have an existing relationship in order for our partners to better target their products and services to you. Our partners will not have direct access to your Personal Data but rather will have the ability to communicate with you through your participation with our Service.
The kinds of Personal Data we have disclosed for a business purpose over the preceding twelve (12) months include: None.
G. Minors and Children Privacy
1. Children Online Protection
Our Service is not directed to children under the age of 16, if you are not 16 years or older, do not use our Service. We do not knowingly collect Personal Data from children under the age of 16. If we learn that Personal Data of persons less than 16 years-of-age has been collected through our Service, we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child or a minor under the age of 13 has posted, submitted or otherwise communicated Personal Data to our Service without your consent, then you may alert us at firstname.lastname@example.org so that we may take appropriate action to remove the minor's Personal Data from our systems.
H. Links to Third Party Services
Our Service may contain links to third party websites, applications and services not operated by us. These links are provided as a service and do not imply any endorsement by Private Identity of the activities or content of these sites, applications or services nor any association with their operators. Private Identity is not responsible for the privacy policies or practices of any third party including Websites or services directly linked to our Service. We encourage you to review the privacy policies of any third-party site that you link from our Service.
We take reasonable technical and organizational precautions to protect the confidentiality, security and integrity of all data including any Personal Data. Although we use security measures to help protect Personal Data against loss, misuse or unauthorized disclosure, we cannot guarantee the security of information transmitted to us over the Internet. While we strive to use commercially acceptable means to protect Personal Data, there is no guarantee that information may not be accessed, disclosed, altered or destroyed.
Any Personal Data that you provide to us is generally stored on AWS, GCP or Microsoft Azure servers located in the United States. If you are located in another jurisdiction, you should be aware that once your Personal Data is submitted through our Service, it will be transferred to our servers in the United States and that the United States currently does not have uniform data protection laws in place.
I. International Users
We are headquartered in the United States. Your Personal Data may be accessed by us or transferred to us in the United States or to our affiliates, partners, merchants, or service providers who are located worldwide. If you are visiting our Service from outside the United States, be aware that your information may be transferred to, stored, and processed in the United States where our servers are located, and our central database is operated. By using our Service, you consent to any transfer of this information.
We will protect the privacy and security of Personal Data according to this privacy statement, regardless of where it is processed or stored, however you explicitly acknowledge and consent to the fact that Personal Data stored or processed in the United States will be subject to the laws of the United States, including the ability of governments, courts or law enforcement or regulatory agencies of the United States to obtain disclosure of your Personal Data.
J. Your Rights and Deletion Requests
Private Identity will not collect any Private Data subject to the rights established by the GDPR or CCPA. On a voluntary basis, Private Identity will take reasonable steps to delete anonymized subject data upon request. Where we are able to authenticate a user deletion request, and subject to a waiting period during which we will confirm any contractual or legal commitments to retain the anonymized data, anonymized data will be permanently erased.