SECTION 1. INFORMATION COLLECTED
Information You Provide To Us
When you register for an account with Verif-y and/or use our Services, we collect a wide range of PII that you provide directly to us, which may include:
Information We Collect Automatically When You Use Our Services
In addition to the PII described above, Verif-y may automatically collect, store and analyze data from your computer or mobile device. Verif-y automatically collect IP addresses and web site usage information when you access our Services, such information includes, the type of browser you use, access times, pages viewed, location, the page you visited before navigating to our platform, information about the computer or mobile device you use to access our platform, including the hardware model, operating system and version, unique device identifiers and mobile network information. This information helps us evaluate how our visitors and subscribers use and navigate our platform on an aggregate basis, including but not limited to the number and frequency of visitors and subscribers to each web page, and the length of their visits. Verif-y reserves the right to match your IP address (or any other data) with other data about you in any way permitted by applicable law.
Information We Get from Academic Institutions
We may receive PII from academic institutions, school districts, state agencies and similar institutions (“Academic Providers”) The type of PII collected from Academic Providers is similar to the personal information outlined above under “information you provide to us” and may also include student contact information, student demographic information such as age and gender, and student records such as grades, transcripts, class lists, students identification codes. When we obtain your PII directly from Academic Providers, we rely on their lawful authority to collect and use your PII and provide it to us so that we can provide you with Services. Academic Providers are solely responsible for obtaining all required consents and authorizations from the relevant individuals and for satisfying all obligations or rights owed to the Academic Provider’s data subject under application privacy laws. Verif-y is not responsible for the privacy policies or practices of the Academic Providers.
Information We Collect From Other Sources
Information Through Other Services
You may give us permission to collect your information in other services. For example, you may connect a social networking service (“SNS”) such as Facebook or Twitter. When you do this, it allows us to obtain information derived from those accounts.
SECTION 2. USE OF YOUR PERSONAL INFORMATION
We use PII collected for the following purposes:
We also may use the information in other ways with your express consent, such as when you choose to use a service or participate in a program we may offer jointly with another entity. We also may use the information we obtain about you in other ways for which we provide specific notice at the time of collection.
Retention Of PII
Verif-y retains the PII we receive as described in this Policy for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.
Our Legal Bases For Handling Of Your PII
The laws in some jurisdictions require companies to tell you about the legal ground they rely on to use or disclose your PII. To the extent those laws apply, our legal grounds are as set forth below.
SECTION 3 SHARING INFORMATION
Verif-y is not in the business of selling your information. We consider this information to be a vital part of our relationship with you. There are, however, certain circumstances in which we may share your information with certain third parties, as set forth below:
Consent: We may share information about you with your consent or at your direction.
Verif-y Pass, KYC and other Identity Verification Services: You understand and acknowledge that among the Services we perform are know your customer services (“KYC”), other identity verification services, and provision of the Verif-y Pass. When performing KYC or other identity verification Services, or with respect to the Verif-y Pass, we are hired by a third party to collect your PII for KYC or other identification purposes or in the case of the Verif-y Pass to assist in confirming certain information, including proof of Covid vaccination. When you submit PII for KYC or other identity verification purposes or in connection with the use of the Verif-y Pass, you hereby consent to Verif-y disclosing any portion of such PII submitted for such purposes, as permitted by applicable laws and regulations, to the third party who has hired us to perform such services.
Related Companies, Agents, Consultants and Related Third Parties: We may share information about you with Verif-y related companies as part of the delivery of our Services to you. We may share information about you with affiliates, consultants, and other service providers to enhance the Services and products we can provide to you or for legal and routine business reasons. The types of service providers to whom we entrust PII include service providers for: (i) provision of IT and related services; (ii) provision of information and Services you have requested; (iii) payment processing; (iv) customer service activities; (v) fraud prevention; and (vi) in connection with the provision of the Services.
Legal Requirements: We may disclose information we obtain about you (1) if we are required to do so by law or pursuant to legal process (such as a court order or subpoena); (2) in response to requests by government agencies, such as law enforcement authorities; (3) to establish, exercise or defend our legal rights; (4) when we believe disclosure is necessary or appropriate to prevent physical or other harm or financial loss; (5) in connection with an investigation of suspected or actual illegal activity; or (6) otherwise with your consent or at your direction.
Business Transfers: If all or part of our company is sold, merged or otherwise transferred to another entity, the PII you have stored with us may be transferred as part of that transaction.
Aggregated Non-Personal Information: We may share aggregated non-personal information about you with third parties. This is information that is combined with the non-personal information of other Users and does not include PII. We also may not limit the third parties’ use of the aggregated information.
SECTION 4 YOUR ABILITY TO SHARE YOUR PII
Some of our Services allow you to share your Verif-y profile and other PII you have disclosed on the Verif-y platform to third parties. You are the only one that can consent and request that your information be sent to a third party for viewing. Once you direct Verif-y to send your PII to a third party, Verif-y is not liable for any of such PII sent to the requested third party, including without limitation any liability for any actions such third party may take with respect to your PII. We encourage you to read or discuss privacy policies and confidentiality issues with the third party you are sending your Verif-y profile to.
SECTION 5 WHERE INFORMATION IS PROCESSED – YOUR CONSENT TO PROCESSING AND TRANSFERRING YOUR PII IN AND TO THE U.S. AND OTHER COUNTRIES
SECTION 6 YOUR CONSENT TO VERIF-Y EMAILING YOU
By using the Services or providing your PII to us, you agree that we may communicate with you electronically regarding security, privacy, administrative issues and promotional matters relating to your use of the Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on www.verif-y.com or sending an e-mail to you. You may have a legal right to receive this notice in writing.
SECTION 7 UNSOLICITED INFORMATION
You may provide us with ideas for new products or modifications to existing products, and other unsolicited submissions (collectively, “Unsolicited Information”). All Unsolicited Information shall be deemed to be non-confidential and we shall be free to reproduce, use, disclose, and distribute such Unsolicited Information to others without limitation or attribution.
SECTION 8 YOUR CHOICES
We will provide reasonable opportunity for individuals to access, update, or delete PII about them that we have in our possession. We will not use PII provided to us for purposes incompatible with the purpose for which it was provided without obtaining authorization from the subject of the information. If you wish to request access, or deletion of your personal information please contact us at email@example.com. Note that we may retain certain information as required by law or for legitimate business purposes. We will respond to your request within a reasonable timeframe, usually within thirty (30) business days.
Although Verif-y makes good faith efforts to provide individuals with access to their PII, there may be circumstances in which Verif-y is unable to provide access, including but not limited to: where the information contains legal privilege, would compromise others’ privacy or other legitimate rights, where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question or where it is commercially proprietary. If Verif-y determines that access should be restricted in any particular instance, we will provide you with an explanation of why that determination has been made and a contact point for any further inquiries.
The rights and options described above are subject to limitations and exceptions under applicable law. In addition to those rights, you have the right to lodge a complaint with the relevant supervisory authority. However, we encourage you to contact us first, and we will do our very best to resolve your concern.
SECTION 9 WHAT YOU CAN DO TO KEEP YOUR INFORMATION SECURE
Remember that the email verification and two-factor authentication methods we use are for your protection. Consistent with best practices, we recommend that you always create a password that is at least eight characters in length, and that integrates at least one upper and one lower case character, a special character (like an asterisk), and a number. The more random your password, the better. You do not want to use a word that can be found in a dictionary, nor should you use the names of your friends and family, your birthday, or any other PII associated to you (e.g. your social security number, your street address, the make and model of your vehicle, to name but a few). For more information about how to create a complex password we recommend reviewing the post from a former Director of NIST entitled Easy Ways to Build a Better P@$5w0rd dated October 04, 2017. While industry best practice is for service providers to invalidate any and all cookies that may have been temporarily stored in the web browser cache, when in doubt, you are advised to remove cookies that may have been stored during your web browsing session.
Viruses are dangerous. They can slip into your system without your knowledge. Some viruses such as Trojan Horses can capture the contents of your system, including your passwords. Installing up-to-date antivirus software and running it will help thwart these and other unwanted programs.
SECTION 10 DATA SECURITY
We take appropriate technical and organizational measures against unauthorized or unlawful processing of PII and other data and against accidental loss or destruction of, or damage to, PII and other data. Please accept however, no security measures are perfect or impenetrable, and Verif-y cannot guarantee that the information submitted to, maintained on, or transmitted from its systems will be completely secure. Verif-y is not responsible for the circumvention of any privacy settings or security measures contained on the Verif-y platform by any users or third parties.
SECTION 11 THIRD PARTY SERVICES
SECTION 12 CHILDREN’S POLICY
The Services are not directed to individuals under the age of 18 and Verif-y does not knowingly collect PII or other information from anyone it knows is under the age of 18.
SECTION 13 MODIFICATIONS
SECTION 14 GOVERNING LAW
SECTION 15 REDRESS AND ACCOUNTABILITY/ CONTACT US
Verif-y will address your concerns and attempt to resolve any privacy issues in a timely manner
SECTION 16 BIOMETRIC DATA RETENTION
Verif-y will retain biometric data only until the occurrence of the first of the following: (i) the initial purpose for collecting or obtaining such biometric data has been satisfied, or (ii) three years following your last interaction with Verif-y.
SECTION 17 NOTICE TO CALIFORNIA USERS
The information provided in this section applies only to California residents.
We are required by the California Consumer Privacy Act of 2018 (“CCPA”) to provide an explanation of the rights and choices we offer California residents regarding our handling of their personal information, along with information regarding the categories of personal information we collect, use and share.
The CCPA grants California residents the following rights:
(i) Information. You can request information about how we have collected, used and shared and used your personal information during the past 12 months.
(ii) Access. You can request a copy of the personal information that we maintain about you.
(iii) Deletion. You can ask us to delete the personal information that we collected or maintain about you.
Please note that the CCPA limits these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request. If we deny your request, we will communicate our decision to you. You are entitled to exercise the rights described above free from discrimination.
Information we collect:
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
Protected classification characteristics under California or federal law
Internet or other similar network activity
Professional or employment-related information
Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
Inferences drawn from other personal information