Purpose of this policy
PlanetVerify Limited trading as PlanetVerify (“we”) are committed to protecting and respecting your data protection rights and freedoms. The purpose of this policy is as a statement of that commitment.
SCOPE OF THIS POLICY
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Personal Data Protection Principles and Data Subject Rights
Personal Data Protection Principles:
PlanetVerify undertakes its role to support the Requester of your personal data in performing its responsibilities under the General Data Protection Regulation (GDPR), as follows:
Article 5(1) of the GDPR requires that personal data shall be:
(a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’).
(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’).
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’).
(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)
(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’).
(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
Article 5(2) requires that the Requester be responsible for, and be able to demonstrate compliance with these principles (‘accountability’). PlanetVerify assists the Requester with ensuring appropriate security of the personal data.
Data Subject Rights:
PlanetVerify undertakes its role to support the Requester of your personal data in satisfying your data subject rights under the GDPR, as follows:
The right to be informed: You have the right to be informed by the Requester of your personal data to ensure that the processing is fair and transparent, including the identity and contact details of those processing your personal data. PlanetVerify is the processor of your requested personal data acting under instructions from the Requester and can be contacted at firstname.lastname@example.org. PlanetVerify’s Data Protection Officer can be contacted at email@example.com.
The right of access: You have the right to obtain confirmation from the Requester as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and certain additional information. You are given the right of access so that you are aware of and can verify the lawfulness of processing.
The right to rectification: You have the right to have the Requester rectify inaccurate personal data concerning you.
The right to erasure (to be forgotten): You have the right to have the Requester erase personal data concerning you in specific circumstances.
The right to restrict processing: You have the right to have the Requester restrict processing of personal data concerning you in specific circumstances.
The right to data portability: You have the right to receive from the Requester the personal data you have provided electronically in a machine readable format.
The right to object: You have the right to object to the Requester regarding the processing of your personal data in specific circumstances, including when your personal data is used for direct marketing purposes.
Rights related to automated decision making and profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you.
Right to lodge a complaint with a supervisory authority.
Information Security Practices
PlanetVerify uses state of the art security features and methods including:
- Secure hosted platform employing security controls exceeding industry standards with continuous 7X24 management and monitoring of all events
- Two-factor authentication is available for web services and end-user device apps
- TLS 256-bit encryption is used on all data transfers
- Optional IP restrictions on server account access
- Use of a progressive web app, which increases the security of communications, decreases the numbers of third parties involved, decreases complexity with a single version for all platforms, provides automatic updates, and is network independent
- Continuous vulnerability management and testing of code and infrastructure and regular penetration testing
- Privacy by Design principles have been implemented from the outset such as:
- I share my data if and only when, I decide
- I will only receive data requests from verified PlanetVerify users, which inhibits fraudsters or imposters
- I can see when my data has been viewed
- All server-based personal data is AES 256-bit encrypted and encryption keys are stored in protected key vaults
- Security practices aligned to ISO 27001 and other leading certification standards
- Static code analyses are performed using leading practice OWASP and commercial industry standard tools
- Rigorous and orchestrated incident management procedures based on best practices
- End-user personal data is protected in many ways including encryption, data classification, authorisation, authentication, and detective controls (auditing)
- All personal data in the Dublin data centre are asynchronously geo-replicated to a second data centre within the EEA
THE SERVICES PROVIDED BY THE WEBLINK
The Weblink (a progressive web app) offers the following main services:
1). The Weblink acts as an intermediary between You (the “End-User”) and a third party who has requested that you provide them with a copy of certain personal details and documentation (the “Requester”). The Weblink allows you to add personal details and capture and make copies of your documentation, which may include proof of address, personal references and forms of identification (the “Documentation”). The Weblink also allows you to store this Documentation on your device in a secure encrypted format and transmit securely the Documentation to the Requester.
2). Upon request, the Requester can also use the Weblink to request that the authenticity of the Documentation provider be verified. We carry out this verification for and on behalf of the Requester using the Documentation which You have provided (a “Verification”).
3). We offer the Requester a secure central storage where the Documentation of each Information Provider is held.
4). We offer and strongly recommend Requester, to use 2 Factor Authentication (2FA) for all Documentation held in our secure cloud. This adds hugely to security as it requires a code from your device as well as the secure password in order to access Documentation on a device or computer.
5). We offer Requester a “One-Click” option to Purge an entire Information Provider’s Documentation and this can be done with data you provide if you request them to do so.
(together, the “Services”).
For the purpose of the Data Protection Acts 1988, 2003 and 2018 and the General Data Protection Regulation in the provision of the Service, the data controller is the Requester and we act as Data Processor (to the extent that we process personal data on their behalf). We also act as a data controller for our own employees, when registering enterprise users, and when responding to requests for assistance.
INFORMATION WE MAY COLLECT FROM YOU
On your request and in order to provide the Services, we may process the following data about you:
- Information You Submit (“Submitted information”): This includes any Documentation which you transmit to a Requester using the Weblink. Such documentation may include personal data. You may also give us information about you by filling in forms on the Weblink, or by corresponding with us (for example, by e-mail or chat). This also includes information you provide when you register to use the Weblink, subscribe to any of our Services, search for a Weblink and when you report a problem with Weblink or our Services or ask for assistance and you choose to provide data. This includes any Documentation which you choose to transmit to a Requester using the Weblink. Such documentation may include personal data. You may also give us information about you by filling in forms on the Weblink, or by corresponding with us (for example, by e-mail or chat). This also includes information you provide when you register to use the Weblink, subscribe to any of our Services, search for the Weblink or Service. When you report a problem with the Weblink or our Services or ask for assistance and in doing so, you choose to provide data to us, in this case some of that data may be sent outside the EEA through our support systems.
- Information we collect about you and your device. Each time you visit one of our websites or use the Weblink we may automatically collect the following information:
- Technical information, including the type of mobile device you use, a unique device identifier (for example, your Device’s, the MAC address of the Device’s wireless network interface, or the mobile phone number used by the Device), mobile network information, your mobile operating system, the type of mobile browser you use, and the time zone setting (the “Device Information”).
- Details of your use of any of the Weblink or your visits to any of our websites including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access (the “Log Information”).
- Location information. To provide additional security and defense to PlanetVerify’s platform and Weblink we may also use technology to determine your current location. Some of our location-enabled services require your personal data for this security feature to work. This particular security feature will be available strictly on an opt-in basis only so you will be asked to consent to your data being used for this purpose. You can withdraw your consent at any time by altering your device setting.
- Information we receive from other sources (“Third Party Information”). We are working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them. We also may receive information about you from third parties with whom we work in order to Verify the Documentation (if requested to do so by the Document Requester or by you). Further details about the Verification of Documentation can be found in our EULA.
If you contact us, we may keep a record of that correspondence.
- Unique application numbers: when you install or uninstall a Service containing a unique application number or when such a Service searches for automatic updates, that number and information about your installation, for example, the type of operating system, may be sent to us.
- tracking the duration of visits and content accessed; and
- storing frequently used user information to personalise your online experience and ease the log-in process.
Set out below is an indicative list of the types of cookies we use:
An anonymous identifier used to recognise a visitor during a session.
It expires after 30 minutes
Two-Factor Authentication Cookie
Used to store the last successful 2FA authentication.
It is used to recognise you as a returning 2FA user
These are used to collect information about how visitors use our website/App. We use the information to compile reports and to help us improve the website/App
The cookies collect information in an anonymous form, including the number of visitors to our website/App, where visitors have come to the website from and the pages they visited.
Uses made of the information
We use information held about you in the following ways:
- Submitted Information: We will use the Submitted Information in the manner set out in the EULA and this Data Protection Policy including but not limited to:
- Providing the Services by transmitting your Documentation as instructed by you, to the Document Requester
- Verifying the authenticity of the Documentation including by contacting third parties to do so; and
- Responding to your requests for assistance.
- Device information: For Weblink compatibility issues and potentially for multi-factor Verification purposes.
- Log information: For the assistance of identity verification or trouble shooting purposes.
- Location information: We may use this information for verification/authentication purposes.
- Third Party Information: For the assistance of identity verification/authentication.
- Unique application numbers: As described above and also for multi-factor verification purposes.
We may associate any category of information with any other category of information and if such data then constitutes personal data, we will treat it as such.
Disclosure of your information
We may disclose some or all of the data we collect from you when you download or use the App to the following third parties:
|Category of data||Recipient|
|The Documentation which you upload||The Requester (i.e. the third party with whom you share the Documentation using the Weblink).|
|The Documentation which you upload||Third parties (such as utility companies) who we may contact on behalf of the Requester in order to Verify the Documentation in question.|
We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries.
We may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If Planet Verify or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request.
- In order to:
- enforce or apply the EULA, and other agreements or to investigate potential breaches; or
- protect the rights, property or safety of Planet Verify our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Where We store your personal data
To the extent that we do store data which we collect from you, the data that we collect from you will be stored within the European Economic Area (“EEA”). We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this data protection policy.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to us; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We may collect and store personal data on your Device using browser web storage (including HTML 5) and other technology.
YOUR RIGHTS REGARDING MARKETING
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. We may also collect business contact information from third parties to market our products and services. You can exercise the right at any time by contacting us at firstname.lastname@example.org.
Access to information
The Data Protection Acts 1988, 2003 and 2018 and the General Data Protection Regulation give you the right to access information held about you. Your right of access can be exercised in accordance with those Acts. Any access request may be subject to an administrative fee of €6.35 to meet our costs in providing you with details of the information We hold about you and without a fee from 25 May 2018. Please contact us at email@example.com to discuss this further.
Changes to data protection policy
Any changes we may make to our data protection policy in the future will be posted on this page and, where appropriate, notified to you when you next log in to the Weblink. The new terms may be displayed on-screen and you may be required to read and accept them to continue your use of the Weblink or the Services.
Questions, comments and requests regarding this data protection policy are welcomed and should be addressed to firstname.lastname@example.org.
(353) 1-44 33 848
Copyright © 2020 PlanetVerify. All Rights Reserved