IDEMIA Privacy Policy for Identity Proofing Platform
IDEMIA understands the importance of, and is committed to, protecting and securing the personal data we process. This policy sets out how IDEMIA protects personal data in relation to the service we provide on behalf of our customers through the trial of Identity Proofing platform (the “Service”). With this Service, our customers can experiment the following:
- Identity Proofing;
- Document Capture and Authentication;
- Biometric capture and comparison including Liveness.
Ultimately, the Service is designed and maintained to improve the timeliness, accuracy and transparency of controls that are performed on Customers’ end-users for identity check.
IDEMIA does not use personal data for any other purpose than the purpose described above, including for marketing or research purposes. However, IDEMIA and its subcontractors shall have the right to use personal data in order to improve its own identity solutions.
-
IDEMIA’s Service provide advanced services to identify and validate a user identity.
- Identity Proofing: The Identity proofing engine ensures that all the identity evidences submitted by the end user are analysed and compared to bring the level of assurance we have on someone’s identity. The various checks performed includes connexion to external system of record (SoR) to compare the claimed identity with reference identity from trusted source, Identity document verification, portrait check.
- Document capture and Authentication: The document capture and authentication service assesses the genuineness of a state (government) identity document such as Driving License, Identity card, Resident card and Passport. The service captures and analyses front and back images and videos of the end user document identity to detect security features, any tampering on portrait or identity information as well as detects Screen and photocopies.
- Biometric capture and comparison including Liveness: The biometric capture and comparison services ensure that the end user conducting the proofing journey is the same person as claimed on the Identity attributes. The service assesses the end user liveness during a capture video session and then compare the acquired (live) portrait with either the portrait on a validated ID document or with a system of record (SoR).
-
In order to provide the Service, IDEMIA needs to collect personal data related to its Customers’ users. This personal data is not collected directly by IDEMIA, but by IDEMIA’s Customers. The latter shall ensure that they have a proper legal basis to collect the personal data, such as consent as appropriate. Customers shall also provide their user with all necessary information with regards to the processing of his / her personal data.
-
Personal data that IDEMIA may process:
Identity ProofingDocument Capture and AuthenticationBiometric capture and comparison including livenessIdentity attributes available on the ID document such as names; Date of birth/place of birth; address; nationality; Identity documents Images (Front/Back of submitted IDs) End user live portrait, fingerprints. Device information (model, type, OS, browser version), phone number. Identity documents Images (Front/Back of submitted IDs, all identity information extracted from the document images such as VIZ, MRZ or barcode) Device information (model, type, OS, browser version) Identity document details (Document Number, Issue date, Expiry date, Issuing country, Jurisdiction) Identity attributes available on the ID document End user live portrait, fingerprints. Device information (model, type, OS, browser version) -
Data retention:
IDEMIA will keep securely your submitted evidences (images, videos, attributes) for a limited period of thirty (30) days after the processing is completed, in order to be able to support the Service. All personal data are stored encrypted and can only be accessed by limited and authorized IDEMIA personnel.
-
Users of the Service:
The users of the Service are employees of IDEMIA’s customers. Users shall only process their own personal data.
-
Data sharing
IDEMIA may share personal data with affiliates of the IDEMIA Group. IDEMIA and IDEMIA’s Affiliates respectively may engage third party sub-processors in connection with the provision of the Service. IDEMIA’s Affiliates and third party sub-processors may be located in countries other than your country. Your personal data, therefore, may be subject to privacy laws that are different from those applicable in your country.
Personal data collected within the European Economic Area (EEA), may thus be transferred to or accessed from a third party located outside the EEA. In such event, IDEMIA ensures that the transfer of your personal data is carried out in accordance with all applicable privacy law, and put into place appropriate legal instruments such as Standard Contractual Clauses.
-
Security measures
IDEMIA takes the security and confidentiality of personal data very seriously. IDEMIA takes all reasonable steps to protect your personal data using technical, organisational, and security measures to reduce the risks from misuse, interference and loss; and from unauthorised access, modification or disclosure.
-
Your rights
Should you want to get more information on how we handle your personal data, or should you like to have access to your data or have your data rectified or deleted, or withdraw your consent you can contact us at dpo@idemia.com or
DEMIA Data Protection Officer (DPO)
2, place Samuel de Champlain
92400 Courbevoie
FranceWe will also notify our Customer of your request.
If you are not satisfied with the way we are handling your personal data you can send us a complaint. Should you consider that your complaint has not been dealt with care, you may decide to contact directly the CNIL or your national Supervisory Authority.
-
Privacy Policy updates:
IDEMIA reserves its right to update from time to time the Privacy Policy. The latest version of the Privacy Policy is available under https://experience.idemia.com/legal-docs/general/privacy-policy/. Downloading software, accessing or using the Service after any updates made to the Privacy Policy, constitutes consent to the revised Privacy Policy.
IDEMIA works with the subcontractors listed below:
For Customers located in Europe:
Name and Contact Information of the subcontractor | Processing performed by the subcontractor | Place of data processing (Proofing Regions) | Subcontractor used for the following product | Customer Country |
|---|---|---|---|---|
| OnFido | Document Authentication Visual Adjudication | UK + INDIA | Document Authentication | EMEA LATAM |
| AWS Cloud Services | Hosting services | Sweden (EU) | Identity Proofing Document Capture and Authentication Biometric capture | EMEA LATAM |
| AWS Cloud Services | Hosting services for IPA and mobile Demo | USA | Identity Proofing Document Capture and Authentication Biometric capture | EMEA LATAM |
| IDEMIA Poland | - L3 support -Deployment of applications - DBAs management | Poland (EU) | Identity Proofing Document Capture and Authentication Biometric capture | EMEA LATAM |
| CDDS | AML Check list | Luxemburg (EU) | Identity Proofing | EMEA LATAM |
| Atlassian Pty Ltd | Hosting | EU and USA | Support System (Jira Service Management) | EMEA LATAM |
| AWS Cloud Services | Hosting and data storing services for SMS-based proofing campaigns | USA | Identity Proofing Document Capture and Authentication Biometric capture | EMEA LATAM |
For Customers located in the USA:
Name and Contact Information of the subcontractor | Processing performed by the subcontractor | Place of data processing (Proofing Regions) | Subcontractor used for the following product | Customer Country |
|---|---|---|---|---|
| OnFido | Document Authentication Visual Adjudication | USA + INDIA | Document Authentication; | NORAM |
| AWS Cloud Services | Hosting services | USA | Identity Proofing Document Capture and Authentication. Biometric capture | NORAM |
| AWS Cloud Services | Hosting services for IPA and mobile Demo | USA | Identity Proofing Document Capture and Authentication; Biometric capture | NORAM |
| IDEMIA USA | - L3 support -Deployment of applications - DBAs management | USA | Identity Proofing Document Capture and Authentication; Biometric capture | NORAM |
| idFabric | Idemia US States Identity Verification Services | USA | Identity Proofing | USA |
| DLDV | Driving License Verification Service from AAMVA | USA | Identity Proofing | USA |
| Experian | Identity Attribute checks | USA | Identity Proofing | USA |
| Prove | Identity Attribute checks | USA | Identity Proofing | USA |
| Atlassian Pty Ltd | Hosting | EU and USA | Support System (Jira Service Management) | NORAM |
| AWS Cloud Services | Hosting and data storing services for SMS-based proofing campaigns | USA | Identity Proofing Document Capture and Authentication Biometric capture | NORAM |
For Customers located in APAC:
Name and Contact Information of the subcontractor | Processing performed by the subcontractor | Place of data processing (Proofing Regions) | Subcontractor used for the following product | Customer Country |
|---|---|---|---|---|
| OnFido | Document Authentication Visual Adjudication | UK + INDIA | Document Authentication | APAC |
| AWS Cloud services | Hosting services | EU | Identity Proofing Document Capture and Authentication Biometric capture | APAC |
| AWS Cloud Services | Hosting services for IPA and mobile Demo | USA | Identity Proofing Document Capture and Authentication. Biometric capture | APAC |
| IDEMIA INDIA | - L3 support - Deployment of applications - DBAs management | INDIA | Identity Proofing Document Capture and Authentication Biometric capture | APAC |
| DVS Australia | Australia Identity validation Service | Australia | Identity Proofing | Australia |
| Atlassian Pty Ltd | Hosting | EU and USA | Support System (Jira Service Management) | APAC |
| AWS Cloud Services | Hosting and data storing services for SMS-based proofing campaigns | USA | Identity Proofing Document Capture and Authentication Biometric capture | APAC |
Latest update: 12.06.2022