IDEMIA Privacy Policy for Identity Proofing Platform 

IDEMIA understands the importance of, and is committed to, protecting and securing the personal data we process. This policy sets out how IDEMIA protects personal data in relation to the service we provide on behalf of our customers through the trial of Identity Proofing platform (the “Service”). With this Service, our customers can experiment the following:

  • Identity Proofing;
  • Document Capture and Authentication;
  • Biometric capture and comparison including Liveness.

Ultimately, the Service is designed and maintained to improve the timeliness, accuracy and transparency of controls that are performed on Customers’ end-users for identity check.

IDEMIA does not use personal data for any other purpose than the purpose described above, including for marketing or research purposes. However, IDEMIA and its subcontractors shall have the right to use personal data in order to improve its own identity solutions.

  1. IDEMIA’s Service provide advanced services to identify and validate a user identity.  

    1. Identity Proofing: The Identity proofing engine ensures that all the identity evidences submitted by the end user are analysed and compared to bring the level of assurance we have on someone’s identity. The various checks performed includes connexion to external system of record (SoR) to compare the claimed identity with reference identity from trusted source, Identity document verification, portrait check.
    2. Document capture and Authentication: The document capture and authentication service assesses the genuineness of a state (government) identity document such as Driving License, Identity card, Resident card and Passport. The service captures and analyses front and back images and videos of the end user document identity to detect security features, any tampering on portrait or identity information as well as detects Screen and photocopies.
    3. Biometric capture and comparison including Liveness: The biometric capture and comparison services ensure that the end user conducting the proofing journey is the same person as claimed on the Identity attributes. The service assesses the end user liveness during a capture video session and then compare the acquired (live) portrait with either the portrait on a validated ID document or with a system of record (SoR).
  2. In order to provide the Service, IDEMIA needs to collect personal data related to its Customers’ users. This personal data is not collected directly by IDEMIA, but by IDEMIA’s Customers. The latter shall ensure that they have a proper legal basis to collect the personal data, such as consent as appropriate. Customers shall also provide their user with all necessary information with regards to the processing of his / her personal data.

  3. Personal data that IDEMIA may process:

    Identity Proofing
    Document Capture and Authentication
    Biometric capture and comparison including liveness
    Identity attributes available on the ID document such as names; Date of birth/place of birth; address; nationality; Identity documents Images (Front/Back of submitted IDs) End user live portrait, fingerprints. Device information (model, type, OS, browser version), phone number.Identity documents Images (Front/Back of submitted IDs, all identity information extracted from the document images such as VIZ, MRZ or barcode) Device information (model, type, OS, browser version) Identity document details (Document Number, Issue date, Expiry date, Issuing country, Jurisdiction) Identity attributes available on the ID documentEnd user live portrait, fingerprints. Device information (model, type, OS, browser version)
  4. Data retention:

    IDEMIA will keep securely your submitted evidences (images, videos, attributes) for a limited period of thirty (30) days after the processing is completed, in order to be able to support the Service. All personal data are stored encrypted and can only be accessed by limited and authorized IDEMIA personnel.

  5. Users of the Service:

    The users of the Service are employees of IDEMIA’s customers. Users shall only process their own personal data.

  6. Data sharing

    IDEMIA may share personal data with affiliates of the IDEMIA Group. IDEMIA and IDEMIA’s Affiliates respectively may engage third party sub-processors in connection with the provision of the Service. IDEMIA’s Affiliates and third party sub-processors may be located in countries other than your country. Your personal data, therefore, may be subject to privacy laws that are different from those applicable in your country.

    Personal data collected within the European Economic Area (EEA), may thus be transferred to or accessed from a third party located outside the EEA. In such event, IDEMIA ensures that the transfer of your personal data is carried out in accordance with all applicable privacy law, and put into place appropriate legal instruments such as Standard Contractual Clauses.

  7. Security measures

    IDEMIA takes the security and confidentiality of personal data very seriously. IDEMIA takes all reasonable steps to protect your personal data using technical, organisational, and security measures to reduce the risks from misuse, interference and loss; and from unauthorised access, modification or disclosure.

  8. Your rights

    Should you want to get more information on how we handle your personal data, or should you like to have access to your data or have your data rectified or deleted, or withdraw your consent you can contact us at dpo@idemia.com or

    DEMIA Data Protection Officer (DPO)
    2, place Samuel de Champlain
    92400 Courbevoie
    France

    We will also notify our Customer of your request.

    If you are not satisfied with the way we are handling your personal data you can send us a complaint. Should you consider that your complaint has not been dealt with care, you may decide to contact directly the CNIL or your national Supervisory Authority.

  9. Privacy Policy updates:

    IDEMIA reserves its right to update from time to time the Privacy Policy. The latest version of the Privacy Policy is available under https://experience.idemia.com/legal-docs/general/privacy-policy/. Downloading software, accessing or using the Service after any updates made to the Privacy Policy, constitutes consent to the revised Privacy Policy.

IDEMIA works with the subcontractors listed below: 

For Customers located in Europe: 

Name and Contact Information of the subcontractor
Processing performed by the subcontractor
Place of data processing (Proofing Regions)
Subcontractor used for the following product
Customer Country
OnFidoDocument Authentication Visual AdjudicationUK + INDIADocument AuthenticationEMEA
AriadnextDocument AuthenticationFrance (EU)Document AuthenticationEMEA
GetronicsHosting servicesFrance (EU)Identity Proofing Document Capture and Authentication Biometric captureEMEA
Colt Technology ServicesHosting servicesFrance (EU)Identity Proofing Document Capture and Authentication Biometric captureEMEA
AWS Cloud ServicesHosting services for Web and mobile DemoUSAIdentity Proofing Document Capture and Authentication Biometric captureEMEA
IDEMIA Poland- L3 support
- Deployment of applications
- DBAs management
Poland (EU)Identity Proofing Document Capture and Authentication Biometric captureEMEA
CDDSAML Check listLuxemburg (EU)Identity ProofingEMEA
UK DCSPassport Verification ServiceUKIdentity ProofingEMEA
Atlassian Pty LtdHostingEU and USASupport System (Jira Service Management)EMEA
AWS Cloud ServicesHosting and data storing services for SMS-based proofing campaignsUSAIdentity Proofing Document Capture and Authentication Biometric captureEMEA

For Customers located in the USA: 

Name and Contact Information of the subcontractor
Processing performed by the subcontractor
Place of data processing (Proofing Regions)
Subcontractor used for the following product
Customer Country
OnFidoDocument Authentication Visual AdjudicationUSA + INDIADocument Authentication;NORAM LATAM
AriadnextDocument AuthenticationFrance (EU)Document Authentication;NORAM LATAM
AWS Cloud ServicesHosting servicesUSAIdentity Proofing Document Capture and Authentication. Biometric captureNORAM LATAM
AWS Cloud ServicesHosting services for Web and mobile DemoUSAIdentity Proofing Document Capture and Authentication; Biometric captureNORAM LATAM
IDEMIA USA- L3 support
- Deployment of applications
- DBAs management
USAIdentity Proofing Document Capture and Authentication; Biometric captureNORAM LATAM
idFabricIdemia US States Identity Verification ServicesUSAIdentity ProofingUSA
DLDVDriving License Verification Service from AAMVAUSAIdentity ProofingUSA
ExperianIdentity Attribute checksUSAIdentity ProofingUSA
Atlassian Pty LtdHostingEU and USASupport System (Jira Service Management)NORAM LATAM
AWS Cloud ServicesHosting and data storing services for SMS-based proofing campaignsUSAIdentity Proofing Document Capture and Authentication Biometric captureNORAM LATAM

For Customers located in APAC: 

Name and Contact Information of the subcontractor
Processing performed by the subcontractor
Place of data processing (Proofing Regions)
Subcontractor used for the following product
Customer Country
OnFidoDocument Authentication Visual AdjudicationUK + INDIADocument AuthenticationAPAC
AriadnextDocument AuthenticationFrance (EU)Document AuthenticationAPAC
AWS Cloud servicesHosting servicesAustraliaIdentity Proofing Document Capture and Authentication Biometric captureAPAC
AWS Cloud ServicesHosting services for Web and mobile DemoUSAIdentity Proofing Document Capture and Authentication. Biometric captureAPAC
IDEMIA INDIA- L3 support
- Deployment of applications
- DBAs management
INDIAIdentity Proofing Document Capture and Authentication Biometric captureAPAC
DVS AustraliaAustralia Identity validation ServiceAustraliaIdentity ProofingAustralia
Atlassian Pty LtdHostingEU and USASupport System (Jira Service Management)APAC
AWS Cloud ServicesHosting and data storing services for SMS-based proofing campaignsUSAIdentity Proofing Document Capture and Authentication Biometric captureNORAM LATAM


Latest update: 15.07.2021