Last Updated On 21-Feb-2023
Effective Date 21-Feb-2023

These Privacy Notice and Privacy Policy describes the policies of:
IDWise Ltd,
71-75 Shelton St,
Covent Garden,
London,
WC2H 9JQ,
United Kingdom,
Email: dpo@idwise.com

A. Privacy Notice – IDWise Public Website (idwise.com)

On the collection, use and disclosure of your information that we collect when you use our website ( idwise.com ). (the “Service”). By accessing or using the Service, you are consenting to the collection, use and disclosure of your information in accordance with this Privacy Policy. If you do not consent to the same, please do not access or use the Service.

We may modify this Privacy Policy at any time without any prior notice to you and will post the revised Privacy Policy on the Service. The revised Policy will be effective 180 days from when the revised Policy is posted in the Service and your continued access or use of the Service after such time will constitute your acceptance of the revised Privacy Policy. We therefore recommend that you periodically review this page.

1. Information We Collect:

   We will collect and process the following personal information about you:

   1. Name
   2. Email
   3. Mobile

2. How We Use Your Information:

   We will use the information that we collect about you for the following purposes:

   1. Marketing/ Promotional
   2. Creating user account
   3. Support
   4. Targeted advertising
   5. Manage customer order

   If we want to use your information for any other purpose, we will ask you for consent and will use your information only on receiving your consent and then, only for the purpose(s) for which grant consent unless we are required to do otherwise by law.

3. How We Share Your Information:

   We will not transfer your personal information to any third party without seeking your consent, except in limited circumstances as described below:

   1. Ad service
   2. Marketing agencies
   3. Analytics

   We require such third party’s to use the personal information we transfer to them only for the purpose for which it was transferred and not to retain it for longer than is required for fulfilling the said purpose.

   We may also disclose your personal information for the following: (1) to comply with applicable law, regulation, court order or other legal process; (2) to enforce your agreements with us, including this Privacy Policy; or (3) to respond to claims that your use of the Service violates any third-party rights. If the Service or our company is merged or acquired with another company, your information will be one of the assets that is transferred to the new owner.

4. Retention Of Your Information:

   We will retain your personal information with us for 90 days to 2 years after users terminate their accounts or for as long as we need it to fulfill the purposes for which it was collected as detailed in this Privacy Policy. We may need to retain certain information for longer periods such as record-keeping / reporting in accordance with applicable law or for other legitimate reasons like enforcement of legal rights, fraud prevention, etc. Residual anonymous information and aggregate information, neither of which identifies you (directly or indirectly), may be stored indefinitely.

5. Your Rights:

   Depending on the law that applies, you may have a right to access and rectify or erase your personal data or receive a copy of your personal data, restrict or object to the active processing of your data, ask us to share (port) your personal information to another entity, withdraw any consent you provided to us to process your data, a right to lodge a complaint with a statutory authority and such other rights as may be relevant under applicable laws. To exercise these rights, you can write to us at . We will respond to your request in accordance with applicable law.

   Do note that if you do not allow us to collect or process the required personal information or withdraw the consent to process the same for the required purposes, you may not be able to access or use the services for which your information was sought.

6. Cookies Etc.

   To learn more about how we use these and your choices in relation to these tracking technologies, please refer to our Cookie Policy.

7. Security:

   The security of your information is important to us and we will use reasonable security measures to prevent the loss, misuse or unauthorized alteration of your information under our control. However, given the inherent risks, we cannot guarantee absolute security and consequently, we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk.

8. Third Party Links & Use Of Your Information:

   Our Service may contain links to other websites that are not operated by us. This Privacy Policy does not address the privacy policy and other practices of any third parties, including any third party operating any website or service that may be accessible via a link on the Service. We strongly advise you to review the privacy policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

9. Data Protection Officer:

   If you have any queries or concerns about the processing of your information that is available with us, you may email our Data Protection Officer at IDWise Ltd, Unit 6 Queens Yard, White Post Lane, London, England, E9 5EN email: . We will address your concerns in accordance with applicable law.

B. Privacy Policy – IDWise Products

High-Level Summary

Your privacy is important to us. It is IDWise’s policy to respect your privacy regarding any information we may collect from you across our mobile app, and other web sites we own and operate.

We only ask for personal information when we truly need it to provide a service to you. We collect it by fair and lawful means, with your knowledge and consent. We also let you know why we’re collecting it and how it will be used.

We only retain collected information for as long as necessary to provide you with your requested service. What data we store, we’ll protect within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification.

Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and practices of these sites, and cannot accept responsibility or liability for their respective privacy policies.

You are free to refuse our request for your personal information, with the understanding that we may be unable to provide you with some of your desired services.

Your continued use of our website will be regarded as acceptance of our practices around privacy and personal information. If you have any questions about how we handle user data and personal information, feel free to contact us our Data Protection Officer with the contact details mentioned in this policy.

Detailed Policy

IDWise services are used to help businesses to improve customer onboarding experience and to allow genuine users to do business smoothly, while detecting and preventing bad actors.

IDWise uses AI (Artificial Intelligence) algorithms to achieve this by looking at various aspects of the image and comparing it to genuine documents, as well as using face recognition and matching to compare the portrait photo on the document image (or from the NFC chip on an ePassport) to the selfie captured during the onboarding journey, we also leverage industry leading partners to enhance the experience and give better accuracy.

As part of the onboarding journey, we store the following information:

• Identity document images.
• Information extracted from the ID document image and from the NFC chip if applicable (including basic personal information and a portrait photo).
• Selfie image captured to match with the ID document.
• Device information (when capturing document through our Mobile or WebSDK).
• Data related to user experience, including timings on each screen, and user choices throughout the onboarding journey.
• IP address and geographic location.
• The results of processing the information above (e.g. the score of face matching, and the results of different checks we carry on the document).

The information is also passed to our trusted partners in the US for the purpose of enhancing the results of document recognition. We store the information for the following purposes:

•  Allowing our customers to be compliant with the regulations in their respective domain and to do AML (Anti-money laundering) and KYC (Know your customer) checks.
•  To allow us and our partners to improve document recognition and the addition of new document types when they are issued by governments, as well as the accuracy and inclusion of the face matching AI algorithm (data can be passed to our partners for this purpose).

We understand the sensitivity of the personal information we handle, and very much appreciate how crucial it is to keep this data safe, we store the data on IDWise servers with security at the heart of what we do, leveraging cloud technologies on AWS (Amazon Web Services), where we rely on encryption while transferring data and at rest. We also restrict access to this sensitive information for certain well vatted and trained individuals.

We retain the information captured only as long as it is required for the legal purposes described above, in accordance with customers retention policies and while the document is used for training, testing, and improving the technology, after the document is not needed for the mentioned purposes, we will take steps to destroy the documents in question.

Enterprise customers should include links to this policy when interacting with the end user and collect consent from the end user to the mentioned purposes in this policy and to understand these terms and how their data is used and allow them to enquire about it and exercise applicable privacy/data protection rights.

Main IDWise servers are based on AWS cloud in Ireland region, however, to comply with data protection regulations / on-soil processing / data sovereignty in some countries, we have deployments in these countries (for example Saudi).