CCPA Categories Collected
Personal information categories listed in the California Customer Records statute
(Cal. Civ. Code § 1798.80(e)) Yes
Protected classification characteristics under California or federal law Yes (age)
Commercial information Yes
Biometric information Yes
Internet or other similar network activity Yes
Geolocation data Yes
Sensory data No
Professional or employment-related information Yes
Non-public education information (per the Family Educational Rights and Privacy
Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Yes
Inferences drawn from other personal information Yes
SECTION 1. INFORMATION COLLECTED
Information You Provide To Us
When you register for an account with Verif-y and/or use our Services, we collect a wide range of PII that you provide directly to us, which may include:
· Contact details (name, email and address and, telephone number);
· Business contact information (employer’s name and address, job title and business email address and telephone number);
· Academic institution attended (name, date of attendance, graduation date);
· Physical characteristics (gender and height);
· Government-issued identification information (Social Security number, passport number, Alien Registration number and driver’s license number, as well as copies of government-issued identification documents);
· Digital photographs (images from your mobile device camera);
· Biometric data (digital images of fingerprints, irises and face);
· Payment information (billing address and payment card details, including card number, expiration date and security code);
· Demographic details (birthdate, place of birth, citizenship, income level, education level, family status and employment status);
· Location information (GPS data from your mobile device to enable a location-based service);
· Information about your health (via the Verif-y Pass that enables users to use and share their health or other data or information derived from this data to indicate eligibility for access or facilitate access at locations that use the Verif-y Pass for these purposes); and
· Other information you may provide to us or authorize to be provided to us.
Information We Collect Automatically When You Use Our Services
In addition to the PII described above, Verif-y may automatically collect, store and analyze data from your computer or mobile device. Verif-y automatically collect IP addresses and web site usage information when you access our Services, such information includes, the type of browser you use, access times, pages viewed, location, the page you visited before navigating to our platform, information about the computer or mobile device you use to access our platform, including the hardware model, operating system and version, unique device identifiers and mobile network information. This information helps us evaluate how our visitors and subscribers
use and navigate our platform on an aggregate basis, including but not limited to the number and frequency of visitors and subscribers to each web page, and the length of their visits. Verif-y reserves the right to match your IP address (or any other data) with other data about you in any way permitted by applicable law.
Information We Get from Academic Institutions
We may receive PII from academic institutions, school districts, state agencies and similar institutions (“Academic Providers”) The type of PII collected from Academic Providers is similar to the personal information outlined above under “information you provide to us” and may also include student contact information, student demographic information such as age and gender, and student records such as grades, transcripts, class lists, students identification codes. When we obtain your PII directly from Academic Providers, we rely on their lawful authority to collect and use your PII and provide it to us so that we can provide you with Services. Academic Providers are solely responsible for obtaining all required consents and authorizations from the relevant individuals and for satisfying all obligations or rights owed to the Academic Provider’s data subject under application privacy laws. Verif-y is not responsible for the privacy policies or practices of the Academic Providers.
Information We Collect From Other Sources
Information Through Other Services
You may give us permission to collect your information in other services. For example, you may connect a social networking service (“SNS”) such as Facebook or Twitter. When you do this, it allows us to obtain information derived from those accounts.
SECTION 2. USE OF YOUR PERSONAL INFORMATION
We use PII collected for the following purposes:
· the purposes you specifically provided the information;
· to register you as a client and establish an account for you;
· to provide you with the Services you signed up for;
· to provide services to our customers;
· to send you email notifications about our new or existing products and services, special offers, to request participation in surveys and/or other forms of market research to improve our products and services, or to otherwise contact you;
· verify your identity;
· to send emails to the email address you provide to us to verify your account and for informational and operational purposes, such as account management, customer service, or system maintenance;
· to enhance existing features or develop new features, products, and services;
· to provide advertisers and other third parties with aggregate information about our user base and usage patterns;
· to detect and prevent fraudulent transactions;
· to ensure internal quality control;
· to enforce our Terms;
· to perform accounting, auditing and other internal functions; and/or
· to carry out any other purpose for which the information was collected.
We also may use the information in other ways with your express consent, such as when you choose to use a service or participate in a program we may offer jointly with another entity. We also may use the information we obtain about you in other ways for which we provide specific notice at the time of collection.
Retention Of PII
Verif-y retains the PII we receive as described in this Policy for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.
Our Legal Bases For Handling Of Your PII
The laws in some jurisdictions require companies to tell you about the legal ground they rely on to use or disclose your PII. To the extent those laws apply, our legal grounds are as set forth below.
· To honor our contractual commitments to you: much of our processing of PII is to meet our contractual obligations to our users. For example, we handle PII on this basis to create your account and provide our Services.
· Legitimate interests: in many cases, we handle PII on the ground that it furthers our legitimate interests in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals: this includes:
o providing a safe and enjoyable user experience;
o customer service;
o marketing, e.g. sending emails or other communications to let you know about new features;
o protecting our users, personnel, and property;
o analyzing and improving our business, e.g. collecting information about how you use our Services to optimize the design and placement of certain features; and
o Managing legal issues.
· Legal compliance: We need to use and disclose PII in certain ways to comply with our legal obligations.
· Consent: Where required by law, and in some other cases, we handle PII on the basis of your express or implied consent.
· To protect the vital interests of the individual or others.
SECTION 3 SHARING INFORMATION
Verif-y is not in the business of selling your information. We consider this information to be a vital part of our relationship with you. There are, however, certain circumstances in which we may share your information with certain third parties, as set forth below:
Consent: We may share information about you with your consent or at your direction.
Verif-y Pass, KYC and other Identity Verification Services: You understand and acknowledge that among the Services we perform are know your customer services (“KYC”), other identity verification services, and provision of the Verif-y Pass. When performing KYC or other identity verification Services, or with respect to the Verif-y Pass, we are hired by a third party to collect your PII for KYC or other identification purposes or in the case of the Verif-y Pass to assist in confirming certain information, including proof of Covid vaccination. When you submit PII for KYC or other identity verification purposes or in connection with the use of the Verif-y Pass, you hereby consent to Verif-y disclosing any portion of such PII submitted for such purposes, as permitted by applicable laws and regulations, to the third party who has hired us to perform such services.
Related Companies, Agents, Consultants and Related Third Parties: We may share information about you with Verif-y related companies as part of the delivery of our Services to you. We may share information about you with affiliates, consultants, and other service providers to enhance the Services and products we can provide to you or for legal and routine business reasons. The types of service providers to whom we entrust PII include service providers for: (i) provision of IT and related services; (ii) provision of information and Services you have requested; (iii) payment processing; (iv) customer service activities; (v) fraud prevention; and (vi) in connection with the provision of the Services.
Legal Requirements: We may disclose information we obtain about you (1) if we are required to do so by law or pursuant to legal process (such as a court order or subpoena); (2) in response to requests by government agencies, such as law enforcement authorities; (3) to establish, exercise or defend our legal rights; (4) when we believe disclosure is necessary or appropriate to prevent physical or other harm or financial loss; (5) in connection with an investigation of suspected or actual illegal activity; or (6) otherwise with your consent or at your direction.
Business Transfers: If all or part of our company is sold, merged or otherwise transferred to another entity, the PII you have stored with us may be transferred as part of that transaction.
Aggregated Non-Personal Information: We may share aggregated non-personal information about you with third parties. This is information that is combined with the non-personal information of other Users and does not include PII. We also may not limit the third parties’ use of the aggregated information.
SECTION 4 YOUR ABILITY TO SHARE YOUR PII
Some of our Services allow you to share your Verif-y profile and other PII you have disclosed on the Verif-y platform to third parties. You are the only one that can consent and request that your information be sent to a third party for viewing. Once you direct Verif-y to send your PII to a third party, Verif-y is not liable for any of such PII sent to the requested third party, including without limitation any liability for any actions such third party may take with respect to your PII. We encourage you to read or discuss privacy policies and confidentiality issues with the third party you are sending your Verif-y profile to.
SECTION 5 WHERE INFORMATION IS PROCESSED – YOUR CONSENT TO PROCESSING AND TRANSFERRING YOUR PII IN AND TO THE U.S. AND OTHER COUNTRIES
SECTION 6 YOUR CONSENT TO VERIF-Y EMAILING YOU
By using the Services or providing your PII to us, you agree that we may communicate with you electronically regarding security, privacy, administrative issues and promotional matters relating to your use of the Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on www.verif-y.com or sending an e-mail to you. You may have a legal right to receive this notice in writing.
SECTION 7 UNSOLICITED INFORMATION
You may provide us with ideas for new products or modifications to existing products, and other unsolicited submissions (collectively, “Unsolicited Information”). All Unsolicited Information shall be deemed to be non-confidential and we shall be free to reproduce, use, disclose, and distribute such Unsolicited Information to others without limitation or attribution.
SECTION 8 YOUR CHOICES
We will provide reasonable opportunity for individuals to access, update, or delete PII about them that we have in our possession. We will not use PII provided to us for purposes incompatible with the purpose for which it was provided without obtaining authorization from the subject of the information. If you wish to request access, or deletion of your personal information please contact us at email@example.com. Note that we may retain certain information as required by law or for legitimate business purposes. We will respond to your request within a reasonable timeframe, usually within thirty (30) business days.
Although Verif-y makes good faith efforts to provide individuals with access to their PII, there may be circumstances in which Verif-y is unable to provide access, including but not limited to: where the information contains legal privilege, would compromise others’ privacy or other legitimate rights, where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question or where it is commercially proprietary. If Verif-y determines that access should be restricted in any particular instance, we will provide you with an explanation of why that determination has been made and a contact point for any further inquiries.
The rights and options described above are subject to limitations and exceptions under applicable law. In addition to those rights, you have the right to lodge a complaint with the relevant supervisory authority. However, we encourage you to contact us first, and we will do our very best to resolve your concern.
SECTION 9 WHAT YOU CAN DO TO KEEP YOUR INFORMATION SECURE
Remember that the email verification and two-factor authentication methods we use are for your protection. Consistent with best practices, we recommend that you always create a password that is at least eight characters in length, and that integrates at least one upper and one lower case character, a special character (like an asterisk), and a number. The more random your password, the better. You do not want to use a word that can be found in a dictionary, nor should you use the names of your friends and family, your birthday, or any other PII associated to you (e.g. your social security number, your street address, the make and model of your vehicle, to name but a few). For more information about how to create a complex password we recommend reviewing the post from a former Director of NIST entitled Easy Ways to Build a Better P@$5w0rd dated October 04, 2017.
While industry best practice is for service providers to invalidate any and all cookies that may have been temporarily stored in the web browser cache, when in doubt, you are advised to remove cookies that may have been stored during your web browsing session.
Viruses are dangerous. They can slip into your system without your knowledge. Some viruses such as Trojan Horses can capture the contents of your system, including your passwords. Installing up-to-date antivirus software and running it will help thwart these and other unwanted programs.
SECTION 10 DATA SECURITY
We take appropriate technical and organizational measures against unauthorized or unlawful processing of PII and other data and against accidental loss or destruction of, or damage to, PII
and other data. Please accept however, no security measures are perfect or impenetrable, and Verif-y cannot guarantee that the information submitted to, maintained on, or transmitted from its systems will be completely secure. Verif-y is not responsible for the circumvention of any privacy settings or security measures contained on the Verif-y platform by any users or third parties.
SECTION 11 THIRD PARTY SERVICES
SECTION 12 CHILDREN’S POLICY
The Services are not directed to individuals under the age of 18 and Verif-y does not knowingly collect PII or other information from anyone it knows is under the age of 18.
SECTION 13 MODIFICATIONS
SECTION 14 GOVERNING LAW
SECTION 15 REDRESS AND ACCOUNTABILITY/ CONTACT US
Verif-y will address your concerns and attempt to resolve any privacy issues in a timely manner
SECTION 16 BIOMETRIC DATA RETENTION
Verif-y will retain biometric data only until the occurrence of the first of the following: (i) the initial purpose for collecting or obtaining such biometric data has been satisfied, or (ii) three years following your last interaction with Verif-y.
SECTION 17 NOTICE TO CALIFORNIA USERS
The information provided in this section applies only to California residents.
We are required by the California Consumer Privacy Act of 2018 (“CCPA”) to provide an explanation of the rights and choices we offer California residents regarding our handling of their personal information, along with information regarding the categories of personal information we collect, use and share.
1. CALIFORNIA RESIDENTS’ PRIVACY RIGHTS
The CCPA grants California residents the following rights:
(i) Information. You can request information about how we have collected, used and shared and used your personal information during the past 12 months.
(ii) Access. You can request a copy of the personal information that we maintain about you.
(iii) Deletion. You can ask us to delete the personal information that we collected or maintain about you.
Please note that the CCPA limits these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request. If we deny your request, we will communicate our decision to you. You are entitled to exercise the rights described above free from discrimination.
1. HOW TO SUBMIT A REQUEST
· Identity verification. CCPA requires us to verify the identity of the individual submitting a request for their personal information before providing a substantive response to the request. Because we take the privacy and security of your personal information seriously, we will verify your identity by asking you to both (a) provide certain information about yourself, and then (b) provide us with a notarized affidavit. Once your identity is verified, we will work to provide you with your requested information in a timely manner.
· Authorized agents. California residents can empower an “authorized agent” to submit requests on their behalf. To protect your privacy we will require the authorized agent to have a written authorization confirming that authority.
1. PERSONAL INFORMATION THAT WE COLLECT, USE AND SHARE
VERIF-Y will never sell or rent your personal information without your consent.
Information we collect:
· From you directly: Our Services may collect information directly from you, which identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly with a particular consumer or device (“Personal Information”). This personal information may be collected directly from you on our Platform or through the Services, or indirectly from you, for example by observing your actions in the Services or on our Platform.