Privacy Statement, Terms & Conditions

Terms & Conditions
All Users registering with IDcheck are registering voluntarily and agree for IDcheck to store their data. Every User has real-time access to view, update and delete any of their own data. All sensitive data is encrypted (upload, download, data in use, in storage and in transit) and numerous additional security measures have been taken to protect your data. Your data will never be shared or mined without your permission.

However, you hereby agree that while the IDcheck platform makes every effort to protect your data, as hackers increase in sophistication, no solution is guaranteed and IDcheck cannot be held liable for any losses or breaches of data, loss of profits, income or delays in onboarding, as a result of any data loss, breach, virus, malware or security intrusion. Each User further agrees that it is each User's responsibility to install and maintain anti-virus protection. Should a User upload a file with a malicious virus hidden, the firm downloading the file takes sole responsibility for ensuring the file is safe to open and store on your servers and systems.

Privacy Statement

This privacy statement is effective as of May 7, 2018 and will be updated regularly to reflect any changes in applicable laws or in how we handle your personal data.

This page explains how IDcheck ('we') protect the personal data we process and control relating to you ('your data'; 'your personal data') and your rights with respect to the processing of your personal data

1. Protecting Your Personal Data & Business Data
2. Purpose and Legal Basis For Using Your Personal Data
3. Sharing Your Data With Third-Parties
4. Sensitive Data
5. Security
6. Data Retention
7. Your Rights Regarding Data Processing
8. Use of Personal Data For Marketing Purposes
9. Data Storage
1. Protecting Your Personal Data & Business Data
IDcheck attaches great importance to your right to privacy and the protection of your personal data. We protect your personal data in accordance with applicable laws and our data privacy policies. In addition, we maintain the appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing and/or against accidental loss, alteration, disclosure or access, or accidental or unlawful destruction of or damage thereto.

We collect personal data of our employees, potential employees, clients, suppliers, business contacts and website Users.

Except for certain information that is required by law, your decision to provide any personal data to us is voluntary. You will therefore not be subject to adverse consequences if you do not wish to provide us with your personal data, although not doing so may prevent you from using certain tools and systems.

If you provide us with personal data of another person (for instance, a colleague/referral), you are responsible for ensuring that such a person is made aware of the information contained in this privacy statement and that the person has given you his/her consent for sharing the information with IDcheck.

The personal data described have been obtained either directly from you or indirectly from certain third parties (for example, through our website's technology or when a firm with which you wish to do business requests that you use our platform for Identity checks and/or background screening, or when a User you know requests a reference check). Such third parties include our affiliates, public websites and social media, suppliers and vendors.
2. Purpose and Legal Basis For Using Your Personal Data
We only use your personal data where required for specific purposes. Below we list key Purposes (P) and provide an overview of the Legal (L) basis for each.

P1. Managing contractual, IDcheck, or User screening relationships
L1. Necessary to perform the contract to which you are party

P2. Storing User details, files (such as Proof of ID, Address, Savings/Income/Accounts), work records and verified reference checks
L2. Users sign-up voluntarily and request this data be stored safely and privately, with secure access limited and only granted after a User has provided permission

P3. Storing contact details of Companies
L3. Companies sign-up voluntarily and request this data be stored securely, to facilitate access to client data, once a User consents to providing Identification, background screening data and/or other relevant personal details

P4. Storing Company and User contact details and related background screening data
L4. Companies and Users sign-up voluntarily to automate workflows. This process only begins once a User generates this request

P5. Monitoring your use of our systems (including monitoring the use of our website and any apps and tools you use)
L5. Justified on the basis of our legitimate interests of avoiding non-compliance and protecting our reputation

P6. Operating and managing our business operations
L6. Justified on the basis of our legitimate interests for ensuring the proper functioning of our business operations

P7. Complying with legal requirements
L7. Necessary for the compliance with a legal obligation to which we are subject

P8. Facilitating communication with you, such as providing requested feedback or dealing with emergencies
L8. Justified on the basis of our legitimate interests for ensuring proper communication and emergency handling within the organization

P9. Applying data analytics to business operations and data to describe, predict and improve business performance within IDcheck and/or to provide a better User experience
L9. Justified on the basis of our legitimate interests for ensuring the proper functioning of our business operations

P10. Marketing our products and services to you (unless you object against such processing)
L10. Justified on the basis of our legitimate interests for ensuring that we can conduct and increase our business

We are of the opinion that relying on our legitimate interests for a given purpose, are not overridden by your interests, rights or freedoms, given (i) the transparency we provide on the processing activity, (ii) our privacy by design approach, (iii) our regular privacy reviews and (iv) the rights you have in relation to the processing activity.

We will process your personal data for the purposes mentioned above based on your prior consent, to the extent such consent is mandatory under applicable laws.

We will not use your personal data for purposes that are incompatible with the purposes of which you have been informed, unless it is required or authorized by law, or it is in your own vital interest (e.g. in case of a medical emergency) to do so.
3. Sharing Your Data With Third-Parties
After a User grants permission we do share the User's personal details with the requesting firm. We may also share information if required by law or any regulatory body. Data is handled and transferred with security in mind. Please review our Security solution for data access. Stored data is encrypted and the portal uses SSL.

We will never sell your data to third parties.
4. Handling Sensitive Data
The term "sensitive data" refers to the various categories of personal data identified by data privacy laws as requiring special treatment, including in some circumstances the need to obtain explicit consent from you. These categories include racial or ethnic origin, political opinions, religious, philosophical or other similar beliefs, membership of a trade union, physical or mental health, biometric or genetic data, sexual life or orientation, or criminal convictions and offences (including information about suspected criminal activities).

After a User provides Consent, we collect Biometric data temporarily as part of our Biometric ID Verification solution. A sample may be kept short-term for additional testing to improve our algorithms further, while the vast majority will be deleted automatically from our systems, shortly after the background checking process has completed, and end client reports issued.

We also collect Credit, Sanctions and Criminal data. This will be deleted automatically, shortly after the background checking process is complete and final reports issued.
5. Security Measures
We maintain organizational, physical and technical security arrangements for all the personal data we hold. We have protocols, controls and relevant policies, procedures and guidance to maintain these arrangements taking into account the risks associated with the categories of personal data and the processing we undertake. Stored data is encrypted and the portal uses SSL.
6. Data Retention Policies
Portal registration is entirely voluntary. Each party must register to participate and we only maintain data from registered clients. After reports are issued Biometric ID and Credit Data are automatically deleted from our systems. Small samples of Biometric ID data may be kept temporarily to help test and improve our algorithms and will then be deleted. All all remaining data is maintained until a Client or User requests removal or account closure. Unlike many businesses, which may contain stale data unnecessarily, the entire rationale for IDcheck is a secure portal, accessible any time, by Users to automate the ID checking and background screening processes and reduce the admin burden for all parties.

All Users are able to delete any or all their data real-time from within their own portal and close their account at any point, in which case all related personal data, files and records would be deleted, although some anonymised data will be held, such as property pricing and date of background screening.

Similarly reference providers may request that their data be deleted after the related report has been issued. Any Clients no longer wishing to use these services may also delete their data and account real-time at any point using automated processes inside their portal. When a client's employee leaves their firm, their identifying data is removed but certain data will remain in an anonymised form, in order to maintain accurate Audit Trails.
7. Your Rights Regarding Data Processing
▪ You have the right to request access, although your Login details already provide access to your own portal where you may view, update and delete all data (except reference reviews). You may view what referees say about you but you cannot edit their reviews. To remove this data you would need to provide a different referee or close your account.
▪ In case of system errors, any User may request that inaccurate or incomplete data be rectified
▪ You may object to data processing in which case we shall stop processing your personal data
▪ You may request that your personal data be deleted
▪ GDPR lets Users choose if data can only be processed with consent. We only process data with consent so this is not relevant for our portal
▪ You may request portability of your personal data
8. Use of Personal Data For Marketing Purposes
Most personal data we collect and use for marketing purposes relates to individual employees of our clients and other companies with which we have an existing business relationship. We may also obtain contact information from public sources, including content made public at social media websites, to make an initial contact with a relevant individual at a client or other company.

We send commercial e-mail to individuals at our clients or other companies with whom we want to develop or maintain a business relationship in accordance with applicable marketing laws. Our targeted e-mail messages typically include web beacons, cookies, and similar technologies that allow us to know whether you open, read, or delete the message, and links you may click.

We also use a Customer Relationship Management (CRM) system to manage and track our marketing efforts. Our CRM databases include personal data belonging to individuals at our clients and other companies with whom we already have a business relationship or want to develop one. The personal data used for these purposes includes relevant business information, such as: contact data, publicly available information (e.g. board membership, published articles, press releases, your public posts on social media sites if relevant for business purpose), your responses to targeted e-mail (including web activity following links from our e-mails), website activity of registered Users of our website, and other business information included by IDcheck professionals based on their personal interactions with you. You may request removal at any point.
9. Secure Data Storage
Data centres and servers are located in the EU for European and British Citizens and in the US for all other Citizens.