Valid from 25.05.2018
Welcome to Veriff`s (“Veriff” or “we” or “us”) webpage (“webpage”). We are specialized in providing online identification services (“Services”). We are the new standard in identity verification and we allow any website or mobile application to verify your driver’s license, passport or ID.
EEA - European Economic Area (in addition to the Member States of the European Union, Norway, Iceland and Liechtenstein)
Personal Data - Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
User / You - The natural person for whom we provide the Service at the request of the Merchant.
Merchant - The legal entity with whom we have entered into an Agreement.
Agreement - Service provision agreement concluded with the Merchant.
Controller/ our / us / we - Veriff OÜ, registry code 12932944, Niine 11, Tallinn, 10414, e-mail: firstname.lastname@example.org
Breach - Breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
You - The natural person (data subject), whose personal data we process.
Service - Identification service provided by us.
Processing - Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Processing may be done manually or using automated systems.
website - www.veriff.me.
Processor - A person which processes personal data on behalf of the controller and with whom the controller has entered into a written agreement regarding the processing of personal data.
GDPR - EU General Data Protection Regulation 2016/679.
3. The content of personal data we processWe provide verification services to Merchants. We start provision of service when we receive an inquiry from the Merchant. During the service provision we collect information and personal data that we need for provision of the Service. We may collect and process, among other, the following personal data:
- (1) personal information of User, such as name, sex, personal identification code, date of birth, legal capacity, nationality, citizenship;
- (2) personal information of the representative of the Merchant, such as name, job title, position;
- (3) document details, such as the name of the document, issuing country, number, expiry date, security features;
- (4) photos and videos, photographs taken from you and your document and video of verification process;
- (5) contact details, such as address, e-mail address, telephone numbers, IP address;
- (6) User’s technical data (Device Signature)
- (7) biometrical data.
4. CookiesWe use ”cookies” on our Website, that you can accept if you choose to use our Website. We use "cookies" in many ways. "Cookies" help us to improve the offered services and make use of our services more convenient. We collect data on how users interact with our website and / or application. In addition, we collect information from your computer or device, such as the IP address, browser you are using, and language settings. Information about how the user uses our web pages and applications is used for statistical purposes to improve our web pages and applications, and to display custom content for the customer. If you prefer that your personal data will not be processed on our website, you can activate the private browsing feature of Your web browser. This is your choice.
5. For what purpose do we process your personal data?We process your personal data for the following purposes:
- (1) for preparation and conclusion of the Agreement, for performance of the Agreement (including for the provision of the Service), for realization of rights arising from the Agreement and for performance of the obligations arising from the Agreement;
- (2) for the purpose of realization of rights and fulfillment of obligations deriving from legal acts;
- (3) for processing your inquiries and requests;
- (4) for analyzing the use of our Service, and using research and analysis results, among other, for marketing and developing our products and services;
- (5) for the transmission of information about our Service, for the transmission of our newsletters;
- (6) for promoting our products and services.
6. Lawfulness of our processingWe process the personal data in accordance with the requirements of the legislation in force in Estonia, i.e. the GDPR. We may process your personal data as a controller and as a processor. We mainly process your personal data as a processor for the benefit of the Merchant in order to fulfil the Agreement concluded with the Merchant (clause 5 (1)), we also process your personal data if processing is necessary for compliance with our legal obligation (clause 5 (2) and (3)) and if processing is necessary for the purposes of the legitimate interests (clause 5 (4), (5) and (6)).
7. Your rights in relation to personal dataYou have the following rights in relation to your personal data:
- (1) Right of access to personal data - you have the right to know which of your personal data we store and how we process it, including the right to know the purpose of the processing, the persons to whom we will disclose your personal data, information about automated decision-making and the right to receive copies of personal data.
- (2) Right to rectification of personal data - you have the right to request the rectification of inadequate, incomplete and misleading personal data.
- (3) Right to withdraw the consent given for the processing of personal data - you have the right at any time to withdraw the consent given to us for the processing of personal data. Please note that withdrawal of your consent shall not affect the legality of the processing that was made on the basis of consent before the withdrawal.
- (4) Right to erasure of personal data („right to be forgotten“) - you have the right to request that we erase your personal data (for example, if you take back the consent for the processing of personal data, or if personal data is no longer needed for the purpose for which it was collected). We have the right to refuse the erasure of personal data if the processing of personal data is necessary for the fulfillment of our legal obligation, to exercise the right to freedom of expression and information, for the preparation, presentation and protection of legal claims, or in the public interest.
- (5) Right to restriction of processing - In certain cases, you have the right to prohibit or restrict your processing of personal data for a certain period of time (e.g., if you have filed an objection to personal data processing).
- (6) Right to object - you have the right to file an objection to processing of your personal data if your personal data processing takes place on the basis of our legitimate interest or public interest. You shall have the right to object at any time to processing of personal data for direct marketing purposes, and we shall respond immediately.
- (7) Right to data portability - In case your personal data processing is based on your consent and personal data is processed automatically, you shall be entitled to receive personal data about you that you submitted to us as the controller, in a structured, commonly used and machine-readable format, and you shall have the right to transmit this personal data to another controller. You also have the right to request that we transfer personal data directly to another controller, where technically feasible.
- (8) Automated decision-making (including profiling) - provided that we have informed You that we perform automated decision-making (including profiling) that will bring about legal consequences for you or have a significant effect on you, then you may require that an automated decision cannot be made only on the basis of automated processing.
- (9) Submission of complaint. You shall have the right to file a complaint against us regarding the processing of personal data to the Data Protection Inspectorate (www.aki.ee)
8. Security of personal dataWe apply various measures (physical, technical, organizational) to protect your personal data from unauthorized or arbitrary rectification, disclosure, acquisition, destruction, loss or unauthorized access to them. If you have any information about the actual or suspected breach, please inform about it immediately at email@example.com. We will deal with the issue immediately, draw up a plan of solutions if necessary and inform the Data Protection Inspectorate (if applicable).
9. Disclosure of personal dataPlease note that due to legal requirements, we may be obliged to disclose your personal data or to grant access to your personal data to the authorities and the supervisory authority. We shall disclose your personal data to our authorized processors, as well as to persons who are legally entitled to receive your personal data. When we conclude an agreement with a processor for the processing of your personal data, we shall ensure the existence of appropriate contractual safeguards to protect your personal data.
10. Geographical area of the ProcessingWe process your personal data within the EEA. In the event that we need to transmit your personal data outside the EEA, the transmission shall be in accordance with the requirements of the GDPR.