Last updated: 27^th June 2024  

‍

1. APLY Limited (APLYiD) and Customers

APLYiD Limited and its related companies (APLYiD, we) provide Software as a Service using electronic biometric identification technology (System) to enable APLYiD’s business customers (Customers) to verify the identity of their own prospects, customers, business partners, employees and vendors (Applicants) for legal and regulatory compliance purposes (Service). The APLYiD entity providing this service will depend on the location of the Customer, as set out in the table below.

‍

‍

Data Controller

Where you are an Applicant via a service we are providing  to a Customer then for the purposes of EU and UK law, that Customer is the Controller of your data and their details will be notified to you at the time they collect your data.  The Customer is responsible for explaining to you how they will use your data and will provide access to their privacy policy.  This privacy policy explains how we process your data on behalf of the Customer and is supplemental to the Customer privacy policy.  In the event of a conflict between the terms of the Customer privacy policy and this privacy policy, the Customer privacy policy will prevail.  If you require any information as to how your data is processed then please contact the Customer in the first instance using the contact details provided by the Customer.

This Policy applies to the use, collection and disclosure of information submitted by Customers or Applicants relating to information by which a person may be identified (Personal Information) that is submitted to or collected by APLYiD’s web application (App) or website www.aplyid.com (Website) in connection with the Service.  

We may sometimes need to modify or even replace this Policy. Please check the Privacy Policy page at the Website regularly for changes, though we will also try to notify you via the Service of any changes if these might impact your use of the Service or the treatment of your Personal Information.  

Some parts of this Privacy Policy will only apply to you if you are subject to EU or UK data protection legislation such as the UK Data Protection Act 2018 or the EU General Data Protection Regulation 2016/679. 2. Collection of Personal Information  

Applicants

Because we verify Applicants’ identities as part of the Service, if you are an Applicant you will need to disclose Personal Information to us and our service providers. The Customer on whose behalf we are verifying your identity may also have provided us with your Personal Information when using the Service.

If you are an Applicant, we may collect and process your Personal Information as a data processor on behalf of and according to the instructions provided by our Customers, who are the controllers of that Personal Information and use the Service to verify your identity. The Personal Information we may collect or hold about you on behalf of our Customers includes:  

• full name;  

• gender;  

• address;  

• email address;  

• telephone number and other contact details;  

• date and place of birth;  

• national and governmental identification information, such as your drivers’ licence number and class, Medicare number, state or national ID card number, passport number, and birth or marriage certificate number;  

• other information identifiable from scanned ID documents you provide, such as your organ donor status or photographs of your face;  

• biometric information, such as video footage or photographs of your face;  

• information obtained from fraud-prevention services and document verification services;  

• your device ID, device type, geo-location information, connection information, IP address and standard web log information;  

• any additional information relating to you that you provide to us directly through our Website or App or indirectly through your use of our Website or App or online presence or through other websites or accounts from which you permit us to collect information;  

• information you provide to us through customer surveys; and  

• any other personal information that may be required to facilitate your dealings with us.  

The Personal Information we collect differs from person to person depending on the type of identity documentation verified.  

Other Data Subjects (Non-Applicants)

If you visit the Website or use the App not as an Applicant, or you are a Customer or an employee of a Customer, the Personal Information we may collect or hold about you (where we are acting as a data controller) includes:

• full name;

• email address;

• telephone number;

• the business or company you represent or work for.

We collect your Personal Information when you:  

• request us to act on your behalf via the Website or App;  

• provide information about a service issue or otherwise contact us;  

• visit our Website;

• register to use the Service as a Customer.

Our Website and Services are not directed at children. We do not knowingly collect, use or share Personal Information about children under the age of 18.

Reasons for collecting Personal Information

If you are an Applicant, and subject to your consent, we will be using your personal and biometric data, to verify your identity on behalf of the Customer using the Service. Our system uses biometric face matching technology for this purpose. This means we will be capturing your ID document, including a digital image of the face shown on the ID document, and a video of your face via your device camera. Our system uses these facial images to perform face matching to verify your identity. We will use the personal and biometric data to verify your identity against government agencies and other third party systems, including credit reporting bureaus, to undertake the data matching process. You will also need to grant the APLYiD App permission to access your device camera and location information for this purpose.

Your consent is required to enable us to use of your biometric data to verify your identity. If you do not wish to consent to our use of your biometric data, you may be able to verify your identity by other suitable means in accordance with the policies of the relevant Customer who requires your identity to be verified.

You may withdraw your consent for us to use your biometric data for the purposes of verifying your identity at any time by notifying the Customer using the contact details in their privacy policy.

We only collect and process Personal Information if necessary for: (i) the purpose of providing the Service to our Customers, (ii) the performance of a contract to which you are a party, (iii) any other purpose(s) for which you have given consent, (iv) compliance with our legal obligations, or (v) fulfilling our other legitimate interests as described in this Policy, except where our legitimate interests are overridden by your privacy rights.  

If you are subject to UK or EU data protection legislation, we rely on the following legal bases when using your Personal Information for the above purposes:  

1. Consent

If you are an Applicant, we will only use your biometric data to verify your identity on behalf of the Customer using the Service if you have provided your explicit consent for us to do (which we may collect on behalf of the Customer as the Controller of that data).  

2. Contract

We use your Personal Information when it is necessary to perform a contract with you, or where you have asked us to take steps prior to your entering into a contract with us, in particular:

• (If you are a sole trader) to provide you with the Service and any other service(s) you expressly require or authorise, including to verify identification documents against their originating official database;

• to provide you with online services (access to our Website and App);

• to provide you with customer service assistance; and  

• to provide support for your account.  

3. Legal obligation

We use your Personal Information to comply with our legal obligations, which, depending on local laws, may include responding to legal processes or complying with or as required by any applicable law or the governmental or regulatory requirements of any relevant jurisdiction.  

4. Legitimate interest

We use your Personal Information when it is necessary for our legitimate interests or those of third parties. In these cases, we perform relevant legitimate interests balancing tests to ensure that we have considered and weighed any privacy impact in relation to the interest in question. In particular, we may use your Personal Information to:  

• better understand your needs, diagnose problems, analyse trends, and improve the features and usability of the Service;

• deal with requests, enquiries and complaints and facilitating other customer services;

• keep the Service safe and secure;

• manage our relationship with you or your organisation;

• monitor compliance with our policies and standards;

• ensure security of our communications and other systems;

• detect and prevent security threats, fraud or other criminal or malicious activities; and

• exercise or defend our legal rights or comply with court orders.

You have no obligation to provide APLYiD with any Personal Information requested by us. However, due to the nature of the Service, if you do not to provide us with the information requested, we will be unable to provide the Service to our Customer and if you are an Applicant you may need to verify your identity in a different way.  

3. Disclosure of Personal Information  

We may disclose your Personal Information to:  

• the Customer who is using the Service to verify your identity, for the purpose of providing the Service to that Customer (if you are an Applicant);  

• our service providers to facilitate the provision of our Services to our Customers. We have agreements with our service providers that require them to: (a) use your personal information solely for the purpose of enabling us to provide our Services to you (Purpose); (b) not hold your personal information for longer than is necessary for the Purpose; and (c) otherwise comply with applicable data protection and privacy laws;  

• our hosting providers AWS and Heroku as described in this Privacy Policy;

• providers of third-party services that we make available to you via the Website or the App. Some of these third-party service providers may be located in countries other than yours or ours. These third-party service providers will process your Personal Information according to their own privacy policies, which we recommend you review.  

In exceptional circumstances, we may share your Personal Information with another party if we believe it is reasonably necessary to: (a) comply with any applicable law, legal process or governmental request; (b) enforce our agreements, policies and terms of service; (c) protect the security or integrity of our Service or Website; or (d) protect us, our Customers, or the public from harm or illegal activities.

4. Overseas Transfers of Personal Information

Some of our service providers may be based outside the country in which you live. Whenever we transfer your Personal Information to another country, we comply with applicable law and ensure a similar degree of protection is given to it using contractual or other safeguards.  

Please contact our Privacy Officer (as referred to in section 7 below) if you want further information on the specific safeguards used when transferring your personal information to another country or if you are an individual in the UK and you want to obtain a copy of them.

If you are subject to UK or EU data protection legislation, the following applies to you:  

• We may share your Personal Information with entities located within the UK or European Economic Area and countries where such transfers are based on the adequacy regulations of the UK Data Protection Act 2018.

• In the absence of such adequacy regulations, we may share your Personal Information with entities located outside the United Kingdom or outside the countries covered by UK or EU the adequacy regulations.  

• In such cases, we implement appropriate safeguards, in particular standard data protection clauses or standard data protection clauses issued by the Information Commissioner, such as the EU Commission Standard Contractual Clauses or the UK International Data Transfer Addendum to the EU Commission Standard Contractual Clauses. You can obtain a copy of those clauses or other safeguards by contacting us in accordance with Section 7 below.  

5. Using Personal Information  

We understand the importance of using your Personal Information in a responsible and secure manner. We will only use your Personal Information to:  

• verify identification documents against their originating official database;  

• send your Personal Information to our Customer (e.g. solicitor, bank) who will be relying on your verified identification to meet its legal requirements;  

• deal with requests, enquiries, complaints and facilitate other customer services;  

• contact you about your account and provide support;  

• comply with any legal, government or regulatory obligations;  

• provide the Service and any other service(s) you expressly require or authorise;  

• better understand your needs, diagnose problems, analyse trends, improve the features and usability of the Service (when we do this, we only use aggregated information that does not identify you personally); and  

• keep the Service safe and secure.  

We will never sell your Personal Information to anyone.  

6. Storage and Security of Personal Information  

We have put in place measures to ensure the security of the Personal Information we collect and store. 

The Personal Information we hold will be held in our System which is hosted by Amazon Web Services (AWS) and Heroku.  Both platforms provide encryption in transit with HTTPS and SSL across all services.

We strive to protect your Personal Information against unauthorised disclosure or access, including using network and database security measures, but we cannot guarantee the security of any information we collect and store.  

  
If you have an account with us, you must prevent unauthorised access to your account and Personal Information by selecting and protecting your password or other sign-on mechanism appropriately and limiting access to your computer or device by signing off after you have finished accessing your account.

Applicants

If you are an Applicant, we will securely delete your Personal Information from our web portal no later than 7 days after completion of your identity verification process. Following the deletion of your Personal Information from our web portal, we retain some non-identifiable information such as phone number and this information will remain archived on our System until such time as the Customer who requested your identity verification instructs us to destroy or return such data to them.Customers  

Our Customers who use the Service to verify your identity are responsible for their own compliance with applicable data protection and privacy laws with respect to their collection, storage and use of your Personal Information.  

Other Data Subjects (Non-Applicants)

If you are not an Applicant, we will only retain your Personal Information for as long as necessary to fulfil the purposes we collected it for. Depending on the applicable purposes of the processing, we will store your Personal Information for as long as in at least one of the following cases:

• if we use your Personal Information to perform a contract, we will generally store it for the duration of the contract and until the lapse of the claims limitation period;

• if we use your Personal Information to perform our legal obligations, we will store it for any retention periods mandated by applicable laws;

• if we use your Personal Information on the basis of a legitimate interest, we will store it as long as necessary to fulfil our legitimate interest, or until you successfully exercise your right to object.  

7. Privacy Officer

APLYiD has appointed a Privacy Officer who can be contacted at privacy@aplyid.com. If you have any questions about the content and subject matter of this policy, wish to request access, correction or deletion of your Personal Information, wish to withdraw your consent, wish to object to us processing your Personal Information, or would like further information about how we use your Personal Information, please contact our Privacy Officer and we will do our best to respond as soon as possible.  

8. Your Rights  

If you receive a verification link from a Customer to verify your identity, you can (and should) review your information during the identification verification process and correct any errors that might have occurred as the information has been extracted from the identification documentation you submitted to the Service. After this, you will have no ability to access or review your results from the verification process.  If you have completed the identification verification process with the incorrect information, you must request that the Customer sends you another verification link. You may also supplement any incomplete Personal Information we have. Any supplementary Personal Information will need to be provided directly to the Customer.

If you are subject to UK or EU data protection laws, in certain circumstances, you have the following  

rights:

• right of access - you have the right to ask us for copies of your Personal Information; however there are some exemptions, which means you may not always receive all the information we process;

• right to rectification – you have the right to ask us to rectify information you think is inaccurate, as well as the right to ask us to complete information you think is incomplete;

• right to erasure - in certain situations, you can request that we erase your Personal Information, for example, if we no longer need it to achieve the purpose of the processing or we processed it unlawfully. We can refuse your request for specific reasons, for example, if we need the Personal Information for the establishment, exercise or defence of legal claims;

• right to request a restriction of processing – in certain situations, you can request that we limit the ways in which we process your Personal Information, for example, if you contest its accuracy or you have brought an objection and we are assessing whether your objection is valid;

• right to data portability – if you provided Personal Information to us and we process it by automated means because it is necessary to perform a contract, you can request that we provide the Personal Information in a structured, commonly used and machine-readable format, and that we have the Personal Information transmitted to another controller;

• right to object to processing objection – if the processing is based on our legitimate interests, you have the right to object to the processing of your Personal Information on grounds relating to your particular situation, and  at any time. In such a case, we will no longer process your Personal Information, unless we demonstrate that there are legitimate grounds for processing that override your privacy rights.

You also have the right to withdraw your consent to us processing your Personal Information where processing is based on your consent, and the right to opt out of any marketing materials.

If you are an Applicant and you wish to exercise any of these rights, please contact the Customer.  In all other cases, please email our Privacy Officer (as detailed in section 7). We may not be able to provide your Personal Information if it has already been deleted from our systems.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Information or to exercise any of your other rights. This is a security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it. To speed up our response, we may also contact you to ask you for further information in relation to your request.  

We will not generally charge you a fee for exercising your legal rights. However, we may charge a reasonable fee for making information available to you in accordance with your request where the law allows (for example if there is significant work involved).

We try to respond to all legitimate requests within two weeks. Occasionally it may take us longer to respond if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.

In some circumstances, the law may allow us to deny you access to the Personal Information we hold about you. In such a case we will explain to you the reason for refusing access.

. If you disagree with the way we process your Personal Information, and you are subject to UK or EU data protection law you also a have right to lodge a complaint with the relevant body.  In the UK this is the Information Commissioner (ICO). You can contact the ICO using information available at: https://ico.org.uk/global/contact-us/ We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

9. Log Data  

Whenever you visit the Website, we collect information that your browser sends to us (Log Data). Log Data may include information such as your computer’s Internet Protocol (IP) address, browser version, pages of our Service that you visit, the time and date of your visit, the time spent on those pages, and other statistics. The Log Data is a type of Personal Information.

10. Cookie Notice  

We may use cookies, tracking pixels and other related technologies containing information that can identify the computer, smartphone or other web–enabled device that you are using. You may access and change your cookie preferences at any time by clicking the

icon at the bottom left corner on the Website. 

What are cookies?

A cookie is a very small text document, which often includes an anonymous unique identifier. Cookies are created when your browser loads a particular website. The website sends information to the browser which then creates a text file. Every time the user goes back to the same website, the browser retrieves and sends this file to the website's server. Find out more about the use of cookies on www.allaboutcookies.org.  

We also use other forms of technology (as mentioned above), which serve a similar purpose to cookies and which allow us to monitor and improve our Website and email communications. When we talk about cookies in this Cookie Notice, this term includes these similar technologies.  

What cookies do we use and what information do they collect?

We may use the information generated by cookies, tracking pixels and other related technologies for the following purposes:  

• Analytical (statistical) – we use these cookies to track traffic patterns to and from the Website, including information like the pages you visit, and features you use, the time you spend on the different parts or features of the Website, the date, time, and length of your use of the Website, as well as track your responses to ads and emails

• Advertising (marketing)– we use these cookies to ensure advertising is being shown to the most appropriate person and limit the frequency of display for certain ad formats; and

• Necessary – these cookies are required to enable the core functionality of services provided via the Website, i.e. they enable you to enter the Website, and use certain services without having to log in each time, and to visit and to visit Customer-only areas of the Website. The website cannot function properly without these cookies.

Third parties

Your use of the Website may result in some cookies being stored that are not controlled by us. This may occur when a part of the Website you are visiting makes use of a third-party analytics or marketing automation/management tool or includes content displayed from a third-party website, for example, Google or Facebook. You should review the privacy and cookie policies of these services to find out how these third parties use cookies and whether your cookie data will be transferred to a third country.  

Information on the third parties that place cookies on the Website can be found by clicking the

icon at the bottom left corner on the Website.

Your consent

When you visit the Website for the first time, you may be asked to accept or decline cookies.  You can manage or reset cookies on the Website by clicking the

icon at the bottom left corner on the Website, or through your browser settings.  Each browser is different, so check the “Help” menu of your browser to learn about how to change your cookie preferences. You do not need to have cookies turned on to use the Website in general, but cookies are often used to enable and improve functions on the Website. If you choose to switch certain cookies off, it may affect how the Website works and you may not be able to access all or parts of the Website. We can use Necessary cookies without your consent. We may use other types of cookies only with your consent.  

How do you manage these technologies?

We keep information collected from cookies for a maximum of 24 months.

11. Links to Other Sites  

Our Service may contain links to other websites. If you click on a third-party link, you will be directed to that site. We strongly advise you to review the Privacy Policy of these websites. We have no control over, and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.  

12. Contact Us  

If you have any questions or suggestions about our Privacy Policy, do not hesitate to contact our Privacy Officer at privacy@aplyid.com.  

‍