Authenteq Privacy Statement
Last updated: 19.11.2020
Authenteq “Authenteq” or “we”) is the operator of the website https://authenteq.com (the “Website”) and the App. We collect and process personal data of individuals using the Website and the App (“you”). In addition, when you use Authenteq’s verification service (the “Service”) through one of our clients we collect and process certain personal data from you.
Any information directly or indirectly referring to you is considered personal data, e. g. name, e-mail address, IP address, etc. The protection and confidentiality of your personal data is of particular importance to us and we aim to treat your personal data confidentially and in accordance with the applicable legal data protection laws, in particular with the EU General Data Protection Regulation (the “GDPR”).
- Name and contact details of the Controller
- The types of information we collect and how we use it
- Data sources
- Automated Decision-Making
- Social Plug-Ins
- How do we share your personal data?
- Data Retention
- Yours Rights
1. Name and contact details of the Controller
For the purposes of the GDPR, where we are determining the means and purposes of processing your personal data, we are the “Controller” of your personal data. The Controller of your personal data is:
Authenteq Tarbena GmbH
We also have a data protection officer who can be reached by contacting: firstname.lastname@example.org.
2. The types of information we collect and how we use it
a) Information we collect automatically when you use our Website:
We automatically collect and store certain information in so-called server log files, which your computer automatically transmits to us. This includes: (i) browser type and browser version; (ii) operating system used; (iii) your IP address; (iv) time of the server inquiry.
The data is stored in the log files of our system. We collect this data because it is necessary for the performance of our contract with you to ensure the functionality and optimisation of the Website and enable it to be delivered to your computer as well as to ensure the security of our information technology systems. Without the collection and storage of such data, it would not be possible to operate the Website or ensure its security.
b) Information you give us when you use our Website:
Contact form: You provide us with certain information when you use the contact form available on our Website or send us an email using the email address provided on our Website. This includes your name, email address and any personal data included in the questions or remarks you send us. Before submitting your data, we will ask for your consent which you can withdraw at any time by contacting email@example.com.
Requesting one of our guides: You also provide us with personal data when you request one of our guides. This includes your name and email address. We will use this data for the purpose of sending you one of our guides because it is in our legitimate interests to do so.
Marketing: Where you provide us with your details, we may also send you products, services, events or other information that we think will be of interest to you. We will do this where we have your consent; you can withdraw your consent at any time by contacting firstname.lastname@example.org.
a) When you download our App, certain information is transferred to the respective app store, in particular your user name, the e-mail address and your account number, the point of time of the download, and the individual device number.
a) Information you give us when you create an account with us
If you are a client, you may create an account on our website to enable you to provide your customers with our Service. In order to do this, we collect your name, business name, address, VAT number and email address. We also create a client ID and “secret” number for you API access and collect billing details that is required in order to send you invoices. We use this information where it is necessary for the performance or a contract or it is in our legitimate interests, for the purpose of administering your account and providing you with the Service.
b) Information you give us when we provide our Services
3. Data Sources
In certain circumstances, we use third party data providers to provide additional information to enable us to carry out specific checks. For example, if we are carrying out anti-money laundering checks, we may check the information we have against a third party database.
4. Automated Decision Making
When you use our Services, we use machine learning to verify your identity on behalf of our clients. Our algorithm works by checking you are physically present, verifying your document authenticity, analysing facial features to perform a face-match as well as many additional behaviour analyses during the identity verification. Once our algorithm has taken a decision, we will let the client know the outcome of your identity check.
We use so-called “cookies” on our Website. These are small text files sent from our web server to your computer to store certain information (e.g. identification features). If you use our Website anonymously, statistical evaluations are made using cookies for use, including the recording of new and returning visitors. We do this because, as the operator of this Website, we have a legitimate interest in analysing user behaviour in order to optimise our Website and, where applicable, our advertising.
The presentation of our Website is also possible without the storage of cookies. You can deactivate the storage of cookies in the settings of your browser or set it so that it informs you about the intended storage by a website. In this case you decide about the acceptance of the cookie. For technical reasons, however, it is sometimes necessary to allow temporary cookies in full for the full functionality of our Website.
We use the following cookies on our Website:
The cfduid cookie is set by the CloudFlare service to identify trusted web traffic. The cookie does not store any personally identifiable information. For more information see https://support.cloudflare.com/hc/en-us/articles/200170156-What-does-the-CloudFlare-cfduid-cookie-do.
Duration: 365 days
We use Google Analytics, which is a web analytics tool that helps us understand how users engage with the Website. Like many services, Google Analytics uses first-party cookies to track user interactions, as in our case, where they are used to collect information about how users use our site. This information is used to compile reports and to help us improve our Website. The reports disclose website trends without identifying individual visitors. You can opt out of Google Analytics without affecting how you visit our site – for more information on opting out of being tracked by Google Analytics across all websites you use, visit this Google page: https://tools.google.com/dlpage/gaoptout.
Google will use this information to evaluate your use of our Website, to compile reports on website activity and to provide other services associated with the use of the Website and the Internet. Google may also transfer this information to third parties if required by law or if third parties process this data on behalf of Google. Information generated by the cookies are automatically deleted by Google after 26 months.
This Website uses the “demographic features” feature of Google Analytics. This allows reports to be created that contain information about the age, gender and interests of the visitors to the site. This data originates from Google’s interest-based advertising and visitor data from third-party providers. This data cannot be assigned to a specific person. You can disable this feature at any time through your Google account’s ad settings, or disallow the collection of your information by Google Analytics as shown in the “Disclaimer” section.
5. Social plugins
5.1 Our Website uses several social network plugins of plugin provider (the “Plugin Provider”), namely:
the plugin of the social network facebook.com which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The list and the appearance of the Facebook plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
5.1.1 the plugin of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA (“LinkedIn“), recognizable by the logo of LinkedIn;
5.1.2 the plugin of Twitter Inc., One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (“Twitter”), recognizable by the logo of Twitter.
We do this because it is in our legitimate interests in processing of personal data pursuant to Article 6.1. of the GDPR. When you access a feature of our Website that includes such a plugin, your device establishes a direct connection to the respective Plugin Provider’s servers. The Plugin Provider transmits the content of the plugin directly to your device and integrates it into the Website. Such connection allows the Plugin Provider to collect your data on the use of the Website. We have no control over the amount of data that the Plugin Provider collects using a plugin and can therefore only provide you with information on our level of knowledge.
By integrating the plugin, the Plugin Provider receives the information that you have used a corresponding page on our Website. If you are logged in to your account of the respective social network site, the Plugin Provider can associate your visit with your account. If you interact with the plugins, for example by clicking on the like button or by making a comment, the corresponding information is sent directly from your device to the respective Plugin Provider and stored there.
The data is transferred regardless of whether you have an account with the Plugin Provider and are logged in there. If you are logged in with the respective social network site, your data collected with us will be directly assigned to your existing account with the social network site. If you click the activated button and, for example, link the page, the Plugin Provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, especially before activating the button, as this way you can avoid being assigned to your profile with the Plugin Provider.
5.1.3 Facebook: https://www.facebook.com/about/privacy. Further settings regarding the use of data for advertising purposes can be made within the Facebook profile settings: https://www.facebook.com/settings?tab-ads or via the U.S. website: http://www.aboutads.info/choices or the EU website: http://www.youronlinechoices.com. The settings are platform-independent, i. e. they are applied to all devices, such as desktop computers or mobile devices.
5.1.4 LinkedIn: https://www.linkedin.com/legal/privacy-policy.
5.1.5 Twitter: http://twitter.com/privacy.
6. How do we share your personal data?
We do not sell, rent or lease your personal information to others except as described in this Privacy Statement. We share your information with selected recipients, including affiliates, who are performing tasks on our behalf. These categories of recipients include third party cloud storage and IT service providers who help us store your personal data, information logging systems and third party databases which enable us to verify your information.
We will share your information with law enforcement agencies, public authorities or other organisations if legally required to do so, or based on our legitimate business interest if such use is reasonably necessary to:
- comply with a legal obligation, process or request of ours or of our client’s;
- enforce our terms and conditions and other agreements, including investigation of any potential violation thereof;
- detect, prevent or otherwise address security, fraud or technical issues; or
- protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).
We will disclose your information to third parties in our legitimate business interests in the event that we:
- sell, buy, transfer, merge, consolidate or re-organise any part(s) of our business, or merge with, acquire, or are acquired by, or form a joint venture or partner with, any other business, in which case we may disclose your data to any prospective buyer, new owner, or other third party involved in such change to our business; or
- sell, buy or transfer any business or assets (whether as a result of liquidation, bankruptcy or otherwise), in which case we will disclose your data to the prospective seller or buyer of such business or assets.
The information that we collect from you will be transferred to, and stored at/processed in jurisdictions outside the EEA. Your personal data is also processed by staff operating outside the EEA who work for us or for one of our suppliers. Where we transfer your personal data outside of the EEA, we do so subject to the European Commission’s model clauses for the transfer of personal data to third countries or to countries that have been found to provide an adequate level of protection for personal data by the European Commission. Please contact email@example.com, if you would like to see a copy of the model clauses.
7. Data Retention
We will generally retain your personal data as follows:
- We keep the information we collect automatically (such as IP address and your browser type, as described above) for a period of seven 30 days and are then deleted from the web server.
- We keep the information collected via our contact form or when you email us for as long as is necessary to fulfil your request.
- We keep the information collected when you request a guide for 30 days.
Where we have a business or legal reason to do so (such as a binding legal request), we may also store information for longer periods.
8. Your rights in connection with processing of personal data
In certain circumstances, you have rights in relation to your personal data which are set out in more detail below. Please note that, where we are processing your personal data in order to provide the Services to a third party (i.e. a client) this may require us to notify the relevant client so that the client may fulfil your request. This is required where we are acting on behalf of the client.
8.1 Right of access
You have the right at any time to demand information on whether we process your personal data. In the event of such processing, you may request the following information from us: (i) the purposes for which personal data are processed; (ii) the categories of personal data which are processed; (iii) the recipients or categories of recipients to whom your personal data have been or will be disclosed; (iv) the planned duration of the storage of your personal data or, if specific information is not possible, criteria for determining the storage duration; (v) the existence of a right to correct or delete your personal data, a right to restrict the processing by us or a right of objection to such processing; (vi) the existence of a right of appeal to a supervisory authority; (vii) all available information on the origin of the data if the personal data are not collected directly from you; (viii) the existence of automated decision-making, including profiling and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on you.
You have the right to request information on whether your personal data is transferred to a third country or to an international organisation. In this context, you may request to see a copy of the model clauses which will be put in place, as further set out above.
8.2 Right to rectification
You have the right to demand that we correct and/or complete your personal data if your personal data processed is incorrect or incomplete.
8.3 Right to erasure
You may demand your personal data is deleted if (i) the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed; (ii) you revoke your consent to the processing and there is no other legal basis for the processing; (iii) you submit an objection to data processing and there are no predominant justifiable reasons for the processing; (iv) your personal data have been processed illegally; (v) the deletion of your personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which we are subject.
8.4 Right to restriction of processing
You may request that we restrict the processing of your personal data if (i) you deny the accuracy of the personal data for a period of time that enables us to verify the accuracy of the personal data; (ii) the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data; (iii) we no longer need your personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims; (iv) if you have lodged an objection against the processing and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your grounds.
8.5 Right to data portability
You have the right to obtain your personal data in a structured, commonly used and machine-readable format. You have the right to transmit your data to another Controller. Where technically feasible, you have the right to have your data transmitted directly from us to another Controller.
8.6 Right to object
On grounds relating to your particular situation, you have the right to object at any time to the processing of your personal data which is carried out on the basis of legitimate interests. Such grounds exist, in particular, if they underline your interests and outweigh our interest in the respective data processing. If your personal data are processed in order to carry out direct advertising, you have the right to object at any time to the processing of personal data for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct advertising.
8.7 Right to withdraw consent
If you consent to the processing of your personal data, you have the right to revoke your consent at any time. This revocation of the consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
8.8 Right to lodge a complaint with the supervisory authority
If you would like more information about how we process your personal data, please contact us at firstname.lastname@example.org. You also have the right to address the supervisory authority for any questions or complaints. you would like to raise a concern with a supervisory authority, a list of contact points is available here.