Authenteq Privacy Statement

Last updated: 19.11.2020

Authenteq “Authenteq” or “we”) is the operator of the website https://authenteq.com (the “Website”) and the App. We collect and process personal data of individuals using the Website and the App (“you”). In addition, when you use Authenteq’s verification service (the “Service”) through one of our clients we collect and process certain personal data from you.

Any information directly or indirectly referring to you is considered personal data, e. g. name, e-mail address, IP address, etc. The protection and confidentiality of your personal data is of particular importance to us and we aim to treat your personal data confidentially and in accordance with the applicable legal data protection laws, in particular with the EU General Data Protection Regulation (the “GDPR”).

This Privacy Statement sets out important information relating to your personal data including the data we collect from you in connection with the use of our Website and our Service, the legal basis for the processing of your personal data, the processing purposes, the period for which we retain your personal data and your rights in connection with your personal data. For information about how your specific data is being collected and used when you use our Services through one of our clients, please review the Privacy Policy of our client who is asking you to use the Service.

We may update this Privacy Policy from time to time so please check back regularly. If we make any substantial changes, we may notify you via email or by posting a notice on our Website.

  1. Name and contact details of the Controller
  2. The types of information we collect and how we use it
  3. Data sources
  4. Automated Decision-Making
  5. Cookies
  6. Social Plug-Ins
  7. How do we share your personal data?
  8. Data Retention
  9. Yours Rights
1. Name and contact details of the Controller

For the purposes of the GDPR, where we are determining the means and purposes of processing your personal data, we are the “Controller” of your personal data. The Controller of your personal data is:

Authenteq Tarbena GmbH
Pappelallee 78/79
10437, Berlin
GermanyWebsite: https://authenteq.com

We also have a data protection officer who can be reached by contacting: gdpr@authenteq.com.

When we are providing Services on behalf of one of our clients, we are the processor and you should check the Privacy Policy of our client for further information on the specific data collected and how to exercise your rights etc.

2. The types of information we collect and how we use it
The Website

a) Information we collect automatically when you use our Website:

We automatically collect and store certain information in so-called server log files, which your computer automatically transmits to us. This includes: (i) browser type and browser version; (ii) operating system used; (iii) your IP address; (iv) time of the server inquiry.

The data is stored in the log files of our system. We collect this data because it is necessary for the performance of our contract with you to ensure the functionality and optimisation of the Website and enable it to be delivered to your computer as well as to ensure the security of our information technology systems. Without the collection and storage of such data, it would not be possible to operate the Website or ensure its security.

b) Information you give us when you use our Website:

Contact form: You provide us with certain information when you use the contact form available on our Website or send us an email using the email address provided on our Website. This includes your name, email address and any personal data included in the questions or remarks you send us. Before submitting your data, we will ask for your consent which you can withdraw at any time by contacting gdpr@authenteq.com.

Requesting one of our guides: You also provide us with personal data when you request one of our guides. This includes your name and email address. We will use this data for the purpose of sending you one of our guides because it is in our legitimate interests to do so.

Marketing: Where you provide us with your details, we may also send you products, services, events or other information that we think will be of interest to you. We will do this where we have your consent; you can withdraw your consent at any time by contacting gdpr@authenteq.com.

The App

a) When you download our App, certain information is transferred to the respective app store, in particular your user name, the e-mail address and your account number, the point of time of the download, and the individual device number.

The Services

a) Information you give us when you create an account with us

If you are a client, you may create an account on our website to enable you to provide your customers with our Service. In order to do this, we collect your name, business name, address, VAT number and email address. We also create a client ID and “secret” number for you API access and collect billing details that is required in order to send you invoices. We use this information where it is necessary for the performance or a contract or it is in our legitimate interests, for the purpose of administering your account and providing you with the Service.

b) Information you give us when we provide our Services

When we provide you with the Services, we process certain personal data on behalf of our clients but the exact information needed depends on the check being carried out. When we do this, the client is the data controller. For information about how your specific data is being collected and used when you use our Services through one of our clients, please review the Privacy Policy of our client who is asking you to use the Service.

As an example, when we provide our identity verification Services, we ask you to take a selfie and scan your government-issued documentation and upload it. We then use your selfie to compare it with your government-issued document photo to ensure it is genuine and that the selfie matches the picture in the identity document. We also use your selfie to verify that you are a living person in front of the camera and not an image or video of another user. We also identify the data fields of your government-issued document (such as verification ID, issuing country, jurisdiction within the country, document type, name of the user on the document, nationality, dates of birth, issue and expiry, gender, driving licence class) and use these for the purpose of verifying your identity, for example, where we carry out AML checks, we check these details against details held on publicly available databases or databases that we pay for. We then collect the results of this identity verification process (i.e. passed, files, expired) and record these results in our database. We do this on behalf of our clients on the basis that the client’s customers have consented to the processing, or that the client has a legitimate or lawful basis for requesting that we provide these Services. The legal basis relied upon by the client should be set out in the client’s own Privacy Policy.

3. Data Sources

In certain circumstances, we use third party data providers to provide additional information to enable us to carry out specific checks. For example, if we are carrying out anti-money laundering checks, we may check the information we have against a third party database.

4. Automated Decision Making

When you use our Services, we use machine learning to verify your identity on behalf of our clients. Our algorithm works by checking you are physically present, verifying your document authenticity, analysing facial features to perform a face-match as well as many additional behaviour analyses during the identity verification. Once our algorithm has taken a decision, we will let the client know the outcome of your identity check.

Cookies

We use so-called “cookies” on our Website. These are small text files sent from our web server to your computer to store certain information (e.g. identification features). If you use our Website anonymously, statistical evaluations are made using cookies for use, including the recording of new and returning visitors. We do this because, as the operator of this Website, we have a legitimate interest in analysing user behaviour in order to optimise our Website and, where applicable, our advertising.

The presentation of our Website is also possible without the storage of cookies. You can deactivate the storage of cookies in the settings of your browser or set it so that it informs you about the intended storage by a website. In this case you decide about the acceptance of the cookie. For technical reasons, however, it is sometimes necessary to allow temporary cookies in full for the full functionality of our Website.

A general objection to the use of cookies used for online marketing purposes can also be declared for many of the services, especially in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/.

We use the following cookies on our Website:

Dfduid cookie

The cfduid cookie is set by the CloudFlare service to identify trusted web traffic. The cookie does not store any personally identifiable information. For more information see https://support.cloudflare.com/hc/en-us/articles/200170156-What-does-the-CloudFlare-cfduid-cookie-do.

Duration: 365 days

Google Analytics

We use Google Analytics, which is a web analytics tool that helps us understand how users engage with the Website. Like many services, Google Analytics uses first-party cookies to track user interactions, as in our case, where they are used to collect information about how users use our site. This information is used to compile reports and to help us improve our Website. The reports disclose website trends without identifying individual visitors. You can opt out of Google Analytics without affecting how you visit our site – for more information on opting out of being tracked by Google Analytics across all websites you use, visit this Google page: https://tools.google.com/dlpage/gaoptout.

Google Analytics uses cookies. The information generated by cookies about your use of this Website is usually transferred to a Google server in the USA and stored there.

Google will use this information to evaluate your use of our Website, to compile reports on website activity and to provide other services associated with the use of the Website and the Internet. Google may also transfer this information to third parties if required by law or if third parties process this data on behalf of Google. Information generated by the cookies are automatically deleted by Google after 26 months.

For more information please see the Google Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=en

This Website uses the “demographic features” feature of Google Analytics. This allows reports to be created that contain information about the age, gender and interests of the visitors to the site. This data originates from Google’s interest-based advertising and visitor data from third-party providers. This data cannot be assigned to a specific person. You can disable this feature at any time through your Google account’s ad settings, or disallow the collection of your information by Google Analytics as shown in the “Disclaimer” section.

Sharp spring

We use Sharpspring, which is CRM platform and our marketing information software. We collect users’s activities and browsing behaviour on our website. We use cookies to collect form data submission for the purpose of identify visitors on the site, who willingly submit their data. We use cookies from Sharpring to identify users, remember users’ custom preferences. More information about Sharpspring cookies can be found here: https://sharpspring.com/legal/sharpspring-cookie-policy/ and for more information please see the Sharpspring Privacy Policy https://sharpspring.com/legal/privacy/

HubSpot

We use HubSpot, which is CRM platform and our marketing information software. We collect users’s activities and browsing behaviour on our website. We use cookies to collect form data submission for the purpose of identify visitors on the site, who willingly submit their data. We use cookies from HubSpot to identify users, remember users’ custom preferences. More information about HubSpot cookies and privacy policy can be found here: https://legal.hubspot.com/privacy-policy

Hotjar

We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.

5. Social plugins

5.1 Our Website uses several social network plugins of plugin provider (the “Plugin Provider”), namely:

the plugin of the social network facebook.com which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The list and the appearance of the Facebook plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

5.1.1 the plugin of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA (“LinkedIn“), recognizable by the logo of LinkedIn;

5.1.2 the plugin of Twitter Inc., One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (“Twitter”), recognizable by the logo of Twitter.

We do this because it is in our legitimate interests in processing of personal data pursuant to Article 6.1. of the GDPR. When you access a feature of our Website that includes such a plugin, your device establishes a direct connection to the respective Plugin Provider’s servers. The Plugin Provider transmits the content of the plugin directly to your device and integrates it into the Website. Such connection allows the Plugin Provider to collect your data on the use of the Website. We have no control over the amount of data that the Plugin Provider collects using a plugin and can therefore only provide you with information on our level of knowledge.

By integrating the plugin, the Plugin Provider receives the information that you have used a corresponding page on our Website. If you are logged in to your account of the respective social network site, the Plugin Provider can associate your visit with your account. If you interact with the plugins, for example by clicking on the like button or by making a comment, the corresponding information is sent directly from your device to the respective Plugin Provider and stored there.

The data is transferred regardless of whether you have an account with the Plugin Provider and are logged in there. If you are logged in with the respective social network site, your data collected with us will be directly assigned to your existing account with the social network site. If you click the activated button and, for example, link the page, the Plugin Provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, especially before activating the button, as this way you can avoid being assigned to your profile with the Plugin Provider.

The scope and purpose of the data collection and the further processing and use of the data by the Plugin Provider, as well as the rights and options for privacy protection in this respect, can be found in the respective Plugin Provider’s privacy policy:

5.1.3 Facebook: https://www.facebook.com/about/privacy. Further settings regarding the use of data for advertising purposes can be made within the Facebook profile settings: https://www.facebook.com/settings?tab-ads or via the U.S. website: http://www.aboutads.info/choices or the EU website: http://www.youronlinechoices.com. The settings are platform-independent, i. e. they are applied to all devices, such as desktop computers or mobile devices.

5.1.4 LinkedIn: https://www.linkedin.com/legal/privacy-policy.

5.1.5 Twitter: http://twitter.com/privacy.

6. How do we share your personal data?

We do not sell, rent or lease your personal information to others except as described in this Privacy Statement. We share your information with selected recipients, including affiliates, who are performing tasks on our behalf. These categories of recipients include third party cloud storage and IT service providers who help us store your personal data, information logging systems and third party databases which enable us to verify your information.

We will share your information with law enforcement agencies, public authorities or other organisations if legally required to do so, or based on our legitimate business interest if such use is reasonably necessary to:

  • comply with a legal obligation, process or request of ours or of our client’s;
  • enforce our terms and conditions and other agreements, including investigation of any potential violation thereof;
  • detect, prevent or otherwise address security, fraud or technical issues; or
  • protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).

We will disclose your information to third parties in our legitimate business interests in the event that we:

  • sell, buy, transfer, merge, consolidate or re-organise any part(s) of our business, or merge with, acquire, or are acquired by, or form a joint venture or partner with, any other business, in which case we may disclose your data to any prospective buyer, new owner, or other third party involved in such change to our business; or
  • sell, buy or transfer any business or assets (whether as a result of liquidation, bankruptcy or otherwise), in which case we will disclose your data to the prospective seller or buyer of such business or assets.

The information that we collect from you will be transferred to, and stored at/processed in jurisdictions outside the EEA. Your personal data is also processed by staff operating outside the EEA who work for us or for one of our suppliers. Where we transfer your personal data outside of the EEA, we do so subject to the European Commission’s model clauses for the transfer of personal data to third countries or to countries that have been found to provide an adequate level of protection for personal data by the European Commission. Please contact gdpr@authenteq.com, if you would like to see a copy of the model clauses.

7. Data Retention

We will generally retain your personal data as follows:

  • We keep the information we collect automatically (such as IP address and your browser type, as described above) for a period of seven 30 days and are then deleted from the web server.
  • We keep the information collected via our contact form or when you email us for as long as is necessary to fulfil your request.
  • We keep the information collected when you request a guide for 30 days.
  • When we provide the services to clients, we keep the information collected when you use our Services (such as a selfie and the image of your government ID) for seven (7) days. However, we keep the date we have verified you and the status of verification (i.e. passed, filed, expired) for no more than 30 days although the client may store it for longer in accordance with their own Privacy Policy.

Where we have a business or legal reason to do so (such as a binding legal request), we may also store information for longer periods.

8. Your rights in connection with processing of personal data

In certain circumstances, you have rights in relation to your personal data which are set out in more detail below. Please note that, where we are processing your personal data in order to provide the Services to a third party (i.e. a client) this may require us to notify the relevant client so that the client may fulfil your request. This is required where we are acting on behalf of the client.

8.1 Right of access

You have the right at any time to demand information on whether we process your personal data. In the event of such processing, you may request the following information from us: (i) the purposes for which personal data are processed; (ii) the categories of personal data which are processed; (iii) the recipients or categories of recipients to whom your personal data have been or will be disclosed; (iv) the planned duration of the storage of your personal data or, if specific information is not possible, criteria for determining the storage duration; (v) the existence of a right to correct or delete your personal data, a right to restrict the processing by us or a right of objection to such processing; (vi) the existence of a right of appeal to a supervisory authority; (vii) all available information on the origin of the data if the personal data are not collected directly from you; (viii) the existence of automated decision-making, including profiling and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on you.

You have the right to request information on whether your personal data is transferred to a third country or to an international organisation. In this context, you may request to see a copy of the model clauses which will be put in place, as further set out above.

8.2 Right to rectification

You have the right to demand that we correct and/or complete your personal data if your personal data processed is incorrect or incomplete.

8.3 Right to erasure

You may demand your personal data is deleted if (i) the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed; (ii) you revoke your consent to the processing and there is no other legal basis for the processing; (iii) you submit an objection to data processing and there are no predominant justifiable reasons for the processing; (iv) your personal data have been processed illegally; (v) the deletion of your personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which we are subject.

8.4 Right to restriction of processing

You may request that we restrict the processing of your personal data if (i) you deny the accuracy of the personal data for a period of time that enables us to verify the accuracy of the personal data; (ii) the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data; (iii) we no longer need your personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims; (iv) if you have lodged an objection against the processing and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your grounds.

8.5 Right to data portability

You have the right to obtain your personal data in a structured, commonly used and machine-readable format. You have the right to transmit your data to another Controller. Where technically feasible, you have the right to have your data transmitted directly from us to another Controller.

8.6 Right to object

On grounds relating to your particular situation, you have the right to object at any time to the processing of your personal data which is carried out on the basis of legitimate interests. Such grounds exist, in particular, if they underline your interests and outweigh our interest in the respective data processing. If your personal data are processed in order to carry out direct advertising, you have the right to object at any time to the processing of personal data for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct advertising.

8.7 Right to withdraw consent

If you consent to the processing of your personal data, you have the right to revoke your consent at any time. This revocation of the consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

8.8 Right to lodge a complaint with the supervisory authority

If you would like more information about how we process your personal data, please contact us at gdpr@authenteq.com. You also have the right to address the supervisory authority for any questions or complaints. you would like to raise a concern with a supervisory authority, a list of contact points is available here.