Date Last Revised: December 1, 2023
Introduction
Welcome to Evident! Evident ID, Inc. (“Evident” “we,” “us,” or “our”) values your privacy. In this Privacy Policy (“Policy”), we describe how we collect, use, and disclose information that we obtain about visitors to our website at evidentid.com or at other publicly-available websites we operate (collectively, the “Sites”), as well as in connection with the products and services available through our mobile application (our “App”) and our secure, online services platform (collectively, our “Services”).
By using our Sites or Services or otherwise providing us your consent or agreement, you agree that your personal information will be handled as described in this Policy. Your use of our Sites or Services, and any dispute over privacy, is subject to this Policy and our Terms of Use, including its applicable limitations on damages and the resolution of disputes.
Evident offers you a secure platform to share your personal information with others (“Relying Parties”). Relying Parties will request that you share your personal information through the Services when you conduct a transaction with them (e.g., registering for access to their website or when you request to purchase their products or register for their services). To enable our Services, we collect information about you directly from you, from Relying Parties, from third parties, and automatically through your use of our Services.
To make it easy for you to navigate and understand our data practices, use these hyperlinks to find the section relevant to you.
Scope
Collection of Personal Data
Definition of “Personal Data”
How We Collect Personal Data
How We Use Personal Data and Other Information
How We Share Your Information
Links to Other Websites
Security
Use of Cookies and Other Data Technologies
Access and Your Choices
International Data Transfers and Our Privacy Shield Compliance
Retention
Children Under 13
Do Not Track Signals
California Privacy Rights
Illinois Privacy Rights
Your Privacy Rights under Other US State Laws
Changes to this Privacy Policy
Contact Us
Scope
Evident ID is the operator of our Sites and the controller of data collected from you by our Sites. With respect to the use of our Services by EU data subjects, we are either a controller or processor of your data, depending upon the circumstances that give rise to our processing of your data. We are a United States corporation registered in the State of Delaware and located in Atlanta, Georgia.
Collection of Personal Data
“Personal Data” are data that identify you as an individual or relate to an identifiable individual. Personal Data may include Stored Data as defined in our Terms of Use. We collect Personal Data in accordance with law and this Policy. Examples of such data are:
- Name
- Gender
- Postal address
- Telephone number
- Email address
- Driver License or Permit (e.g. vehicle, pilot, water sports, etc)
- Driving Record
- Background check
- Criminal history
- Insurance policy information
- Credit and Financial information in limited circumstances
- Passports
- National identification such as a social security number
- Language preference
- Date and place of birth
- Professional licenses and certifications
- Geolocation information
- Social media account ID, profile photo and other data publicly available, or data made available by linking your social media and loyalty accounts
- Pictures, audio files, or videos you submit, including pictures of yourself
- Biometric data, such as scanned or photographed facial images
- Other visually scanned or photographed images, such as of your identification card, driver’s license, utility bills or other identifying information from or about you
- Credit card and billing information (if submitted as payment for Services)
- Other data about you that is requested by a Relying Party or that you authorize us to process
How We Collect Personal Data
We collect Personal Data in a variety of ways as described below.
Information Obtained Directly From You
To use our Services, we require you to register by providing your name and contact information. You may, but are not required to, provide additional information, such as the data listed in the Collection of Personal Data section above. Note that this is not an exhaustive list.
We may ask you to provide Personal Data for various reasons. For example, when you request a demo of our platform, we may ask you for contact information such as your name, email address, phone number, geographic and job information.
We may ask you for similar information at other times, such as when you apply for a job through our Sites or contact our customer service team.
You may also provide us your Personal Data when you sign up for a webinar, download a whitepaper directly on our Sites or from one of our partners, or complete a contact us form on our Sites.
We also collect Personal Data that employees, contractors, or agents of our Relying Parties provide to us when they register for access to the Evident platform. The information we may collect includes name, address, company name, location, email address, phone number and account password.
Information Uploaded to the Services
We invite you to post content or upload information and materials to the Sites or Services, including pictures, documents, records and any other materials that you would like to be available to Relying Parties through the Services. In some cases, we may ask you to submit a visually scanned or photographed image of your face and/or your identification card, driver’s license, passport, utility bill, bank account statement, insurance card, or credit/debit card. This image may include your photograph and other information from the imaged document, such as your eye color, weight, height, and organ donor status. If you post content or upload information or materials to our Site or Services, we may use this content to provide the Services to you, and we may share this content, after receiving your consent, with a Relying Party or other third party for the purposes authorized in your consent, such as for verification purposes. If you consent to sharing your materials with a Relying Party or other third party, the Relying Party’s privacy policy and other agreements with you will govern how your materials are used.
Information Obtained From Third Party Sources
Through our Sites and Services, we may receive information, including, with your consent where required, from third party providers and sources that, alone or in combination with other information, could be used to identify an individual, including you. For example, a Relying Party using our Services may provide us with your name and contact information so you can join our Services or qualify to use the Relying Party’s products or services. We verify the information we receive about you so that the Relying Party can have confidence in the accuracy of the information. To do so, we may collect information about you from publicly-available information and third party sources. For example, if a Relying Party requires you to carry insurance, we may verify with your insurance provider that your coverage is in effect, or we may verify that you have a valid driver license or permit.
We also collect, with your consent where required and in accordance with applicable laws, consumer reports about you, such as credit reports or background checks, if the Relying Party requires such information.
We do not control the privacy practices of these third parties that we collect information from. In some cases, such as when a Relying Party asks us to obtain a credit report on you, it may be the Relying Party’s legal obligation to obtain your consent. In those cases, we are relying on the Relying Party’s authorization to collect this information from or about you.
We also may receive your Personal Data such as name, business email, company and job title, from trade shows or other similar events that we sponsor or from third parties that provide such information. We use this information to send marketing messages to you as described below.
Information Collected Automatically
We automatically collect information about your use of our Sites and Services, including through cookies, web beacons, and other data collection technologies designed for use with websites, internet services or mobile devices or apps that you use. We may combine this information with other information we collect about you. If you can be identified from this information, for example by combination with other pieces of information, then we will treat this information as Personal Data. Please see the information below to learn more about how we use cookies and other data collection technologies, and how you can control such uses.
This information can include your browser type and operating system, your IP address, the length and times of day you use our Sites or Services, the referring URL or webpage that led you to our Sites or Services.
Additionally, when you use our App, we may collect information on your mobile device, such as device name and model, mobile operating system type, name and version; language information; and activities within the Services.
With your permission, we will collect location information from your mobile device to help us verify information you may have provided to us. You may turn off this feature through the location settings on your mobile device. More information about how to do this and manage other mobile privacy settings is available from your device provider.
Information Obtained From Social Networking Sites
You may log into our Sites or Services through your social networking accounts, including Facebook and Google. If you do this, we obtain information from these sites as follows:
- Google. If you log into our Services using your Google account, you must enter your Google email address and password. We will collect your email address, profile information and photo if you login to our Services using Google.
- Facebook. If you log into our Services using Facebook, you must enter your Facebook email address or phone number, and password. We will ask that you grant us permission to access and collect your Facebook public profile information (this includes your name, profile picture, and any other information you have set to public on your Facebook account) and email address.
We securely store the information that we receive from Facebook and Google with other information that we collect from you or receive about you.
Any third-party social networking site controls the information it collects from you. For information about how they may use and disclose your information, including any information you make public, please consult their respective privacy policies. We have no control over how any third-party social networking site uses or discloses the personal information it collects about you.
How We Use Personal Data and Other Information
We use the Personal Data collected for a number of purposes as described below.
To Provide our Services
Evident uses your information, including Personal Data, for the following purposes:
- To allow you to share with Relying Parties, at your discretion, the information that we obtain about you.
- To verify that the information you provided is accurate.
- To assist Relying Parties in preventing fraud in relation to their products and services.
- To request, with your permission and in accordance with applicable laws, consumer reports.
- To perform our Services that you request or to fulfill other requests from you.
- To send you text messages, with your consent, as part of our multifactor authentication protocols.
- To verify information about you, with your permission where required, we may employ various methods, such contacting governmental authorities (such as state licensing boards), receiving information from third parties, reviewing public records, for purposes such as verifying that you hold a particular license or credential, or running a criminal background or credit check (in accordance with applicable laws). The data received from these third parties and sources is used solely to prevent fraud and verify information about you, unless you authorize additional uses.
To Communicate with You
We use the information that we collect when you visit our Sites to respond to questions, comments or requests for information from us and to send applicable and personalized marketing messages in accordance with applicable laws. These marketing messages may include emails, texts, online advertisements, or phone calls. Marketing-related communications to you will contain instructions on how to unsubscribe from receiving them. See more on how to opt out in the Your Choices section below.
When you send email or other communications to us, we may keep those communications and use the Personal Data they contain in order to process your questions, respond to your requests and improve our Sites or Services. In particular, we may use your email address to communicate with you about our Services, such as to provide you with support.
Other Uses of Data
We may anonymize, de-identify and/or aggregate the information that we collect and use such anonymized, de-identified and/or aggregated data for our own business purposes, including but not limited to sharing anonymized and de-identified data with our current and prospective business partners, service providers, affiliates, agents and other third parties for commercial, statistical and market research purposes, for example to allow those parties to analyze patterns among groups of people, and conducting research on consumer demographics, interests and behavior.
We use Personal Data and other data for data analysis, security and fraud monitoring and prevention, product development and testing, improving or modifying our Sites and Services, analyzing website traffic patterns and behaviors, statistical and survey purposes, determining the effectiveness of our promotional campaigns and operating and expanding our business activities.
How We Share Your Information
Evident may share your information, including Personal Data, in the circumstances described below.
- Relying Parties. We will share the information that you direct us to share with a Relying Party.
- Third Party Data Sources. We share your information with third party data sources to verify the accuracy of the information you provide to us and to request information about you.
- Aggregate and De-Identified Information. We may share aggregate or de-identified information about users and prospective users of our Sites and Services with third parties for marketing, advertising, research or similar purposes.
- Service Providers. We share information with our third party vendors and service providers to perform certain functions on our behalf, such as hosting specific portions of the Service, maintaining databases, helping us collect job applications, delivering content, sending emails on behalf of our customers and for our own marketing communications, using text messaging services for multifactor authentication protocols, administering content, mailing information, processing payments or otherwise operating the Services or the Sites.
- Business Transfers. If we are acquired by or merged with another company, if all or some portion of our assets are transferred to another company, or as part of a bankruptcy proceeding, financing due diligence, reorganization, or receivership, we may transfer the information we have collected from you to the other company or bankruptcy trustee or administrator.
- In Response to Legal Process. We may disclose the information we collect from you in order to comply with the law, a judicial or regulatory proceeding, court or governmental agency order, or other legal process, such as in response to a court order or a subpoena.
- To Protect Us and Others. We may disclose the information we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Use or this Policy, or as evidence in litigation in which Evident is involved.
Links to Other Websites
Our Sites and Services may contain links to other websites not operated or controlled by Evident (“Third Party Sites”). The privacy practices described in this Privacy Policy do not apply to Third Party Sites. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact the operators of Third Party Sites directly for information on their privacy practices and policies.
Security
Evident is built to protect your private information and to allow you to securely share your information with Relying Parties. We have implemented commercially reasonable and appropriate precautions to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. For example, we protect the Personal Data that you submit to us through encryption and access controls.
You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.
Use of Cookies and Other Data Technologies
We may use “cookies” (a small text file sent by your computer each time you visit our site) or similar digital technologies to record log data. Many browsers default to accepting cookies. You may be able to change this setting in your browser and you can also clear your cookies. If you do, you may lose some functionality of our Sites or Services. Check your browser’s help function to learn more about your cookie setting options.
Click here for our Cookie Policy
We may use the following types of cookies and digital technologies:
- Analytics & Advertising cookies
- Essential cookies
- Functionality cookies
- Social Media cookies
- To help us make e-mails more useful and interesting, we often receive a confirmation when you open e-mail from us if your computer supports such capabilities. You can opt out of receiving emails or other electronic marketing communications from us, other than emails related to your use of the Services or management of your account. Please see the Your Choices section below.
- We might also use a pixel tag which is a small graphic file that allows us and third parties to monitor the use of the Sites and Services and provide us with information based on your interaction with the Sites, Services and e-mails. These tags may collect the IP address from the device which you loaded the page, your browser type, and other data. Pixel tags are also used by our third parties to collect information when you visit our Site, the links and other actions you take on our Site, and we may use this information in combination with cookies to display targeted advertisements.
- Other data technologies may be used that collect comparable information for security and fraud detection purposes.
Access and Your Choices
Cookies
On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive a notification when you are receiving a new cookie and how to control cookies, including turn them off. Please see the links below for guidance on how to modify your web browser’s settings on the most popular browsers:
Note, however, that if you reject our request to use cookies or turn cookies off, you may be unable to access certain parts of the Sites or Services and you may not be able to benefit from the full functionality of the Sites or Services.
To find out more about cookies and similar technologies, including how to see what cookies and similar technologies have been set and how to manage and delete them, visit www.allaboutcookies.org, and/or the Digital Advertising Alliance’s (DAA) online resources at youradchoices.com/control, and/or the Network Advertising Initiative’s (NAI) online resources at www.networkadvertising.org, and follow the opt-out instructions there, or if located in the European Union, visit the European Interactive Digital Advertising Alliance’s (EDAA) Your Online Choices opt-out tool at www.youronlinechoices.com.
Opting out from one or more companies listed on the DAA Consumer Choice Page, the NAI Consumer Opt-Out Page, or the EDAA Your Online Choices opt-out page will opt you out from the delivery of interest-based content or ads to you by the third parties participating in those opt-out services, but it does not mean you will no longer receive any personalized advertising through our Services or on our Sites or other websites. You may continue to receive advertisements, for example, non-personalized advertisements or advertisements based on the particular website that you are viewing (i.e., contextually based ads). Also, if your browsers are configured to reject cookies when you opt out on the DAA, NAI or EDAA websites, your opt out may not be effective. Additional information is available at these websites.
Third Party Analytics
We use automated devices and applications, such as Google Analytics, to evaluate usage of our Sites and our Services including, to the extent permitted, our App. We also may use other analytic means to evaluate our Sites and Services. We use these tools to help us improve our Sites and Services, performance and user experiences. These entities may use cookies and other tracking technologies to perform their services. Read more about how Google uses your personal information here and opt-out of Google Analytics here.
Third Party Advertisers
We use third parties such as network advertisers to serve advertisements on third-party websites or other media (e.g., social networking platforms). This enables us and these third parties to personalize advertisements to you for products and services in which you might be interested. Third-party ad network providers, advertisers, sponsors and/or traffic measurement services may use cookies, JavaScript, web beacons (including Pixel Tags or clear GIFs), and other tracking technologies to measure the effectiveness of their ads and to personalize advertising content to you. These third-party cookies and other technologies are governed by each third party’s specific privacy policy, not this one.
Modifying Personal Data
You may modify Personal Data that you have submitted by logging into your account and updating your profile information. Please note that copies of information that you have updated, modified or deleted may remain viewable in cached and archived pages of the Services for a period of time and in accordance with our data retention policies.
Do Not Track Signals
Your browser may offer you a “Do Not Track” (“DNT”) option, which allows you to signal to operators of websites and web applications that you do not wish such operators to track some of your online activities over time and across different websites and platforms. There is no universally agreed-upon standard for what an organization should do when it detects a DNT signal. Currently, we do not monitor or take any action with respect to these signals or other mechanisms. Learn more about Do Not Track here.
Opting out of email
We may send periodic promotional or informational emails to you. You may opt-out of such communications by following the opt-out instructions contained in the email. Please note that it may take up to 10 business days for us to process opt-out requests. If you opt-out of receiving emails about recommendations or other information we think may interest you, we may still send you emails about your account or any Services you have requested or received from us.
EU Data Subjects
This section applies if you are an EU data subject (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway and, where applicable, Switzerland). Evident is the data controller for processing Personal Data provided to Evident in relation to the Sites. Unless you have given us your consent for our independent uses of your Personal Data or we have another lawful basis for processing your Personal Data, we act strictly as a data processor for Personal Data that we process through the Services, as described under the “Information Collected Through our Services” section above. For example, we process data on behalf of Relying Parties in relation to transactions you may be conducting or considering with them. We rely on the following legal bases for processing your Personal Data:
- Processing of your Personal Data based on your consent for such processing, which may be given either to us or the Relying Party, such as facial images or other biometric data when we use them to verify or authenticate your identity.
- Processing of your Personal Data that you provide to us (such as your name, email address, postal address, telephone number, company name and role) when you request a demo of the Evident platform or when you otherwise send inquiries about our Services is necessary to respond to or implement your request prior to entering into a contract with us or a data controller that is using our Services.
- When you apply for employment, including through our Sites, processing of your contact details and data about your employment history and education (as needed to evaluate your job application, to conduct job interviews, and as is otherwise needed for recruitment) is necessary to respond to your request to process your application for employment. If you do not provide this data, we will not be able to process the application that you submit.
- We use account-related data to set up accounts for users in the Services and to administer and support those accounts (such as usernames, email address and billing information), provide you with access to the Services, contact you regarding your use of the Services or to notify you of important changes to the Services. Such use is necessary for the performance of the contract between you and the Relying Parties or us.
- We may send you information by email or through other electronic communications on our new products or services or other promotions if you consent to receiving them. If you have not opted-in to these marketing emails, we do this either because we are relying on an exception to opt-in requirements or because of our legitimate interest to promote the success of our business.
- Our use of data relating to your use of the Sites and/or the Services, described above, is necessary for our legitimate interests in understanding how the Sites and the Services are being used by you, to improve your experience on it and our Service offerings.
- We also have a legitimate interest in aggregating and/or anonymizing or de-identifying the information that we collect through our Sites and/or the Services and using this information for our business purposes, as described above.
- When we process your Personal Data for our legitimate interests, we make sure to consider and balance any potential impact on you, and your rights under data protection laws. Our legitimate business interests do not automatically override your interests – we will not use your Personal Data for activities where our interests are overridden by the impact on you, unless we have your consent for our processing activities or those activities are otherwise required or permitted by law. You have the right to object to processing that is based on our legitimate interests, as further described below.
- With respect to biometric data, such as facial images, that you may provide to verify your identity to a Relying Party, the purpose of processing is to allow you to grant your informed consent relating to the use of biometric data to the Relying Party in connection with Evident’s performance of the Services, and also as required under the laws applicable the Relying Party and Evident concerning data subjects. In any cases where we process biometric data without your explicit consent, we do so on the basis of Article 6(1)(f) of GDPR, specifically for: (i) the prevailing legitimate interest of Evident to comply with its legal obligations in jurisdictions outside of the European Union; and (ii) the prevailing legitimate interest of data subjects using our Services to be notified of biometric information processing by Evident as a processor acting on behalf of Relying Parties, and to express their consent for such processing under the laws applicable to Evident concerning the data subject (e.g. the Illinois Biometric Information Privacy Act or “BIPA”).
Subject to applicable law and reasonable steps that we may take to verify your identity with respect to your requests, you have the following rights in relation to your Personal Data:
- Right of access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data (along with certain other details). If you require additional copies, we may need to charge a reasonable fee.
- Right to rectification: If your Personal Data that we control is inaccurate or incomplete, you are entitled to have it rectified or completed. Note that we may not be able to rectify data obtained from a third party such as a governmental agency or other data that we do not control, and you will need to contact that third party directly. If we have shared your Personal Data with others, we will tell them about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.
- Right to erasure: You may ask us to delete or remove your Personal Data and we will do so in some circumstances, such as where we no longer need it (we may not delete your data when other interests outweigh your right to deletion, for example if we are required by law to keep it). If we have shared your data with others, we will tell them about the erasure where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.
- Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of that Personal Data or object to us processing it. We will tell you before we lift any restriction on processing. If we have shared your Personal Data with others, we will tell them about the restriction where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.
- Right to data portability: You have the right to obtain your Personal Data from us that you consented to give us or that is necessary to perform a contract with you, to the extent it is available. We will give you your Personal Data in a structured, commonly used and machine-readable format.
- Right to object: You may ask us at any time to stop processing your Personal Data, and we will do so if we are processing your Personal Data for the Services, for direct marketing, or otherwise. However, if we are relying on a legitimate interest to process your Personal Data and we demonstrate compelling legitimate grounds for the processing we may continue; or you may exercise your rights by contacting us as indicated under “Contact Us”. Note you will be asked to verify your identity when submitting a request.
- Rights in relation to automated decision-making and profiling: You have the right to be free from decisions that we make based solely on automated processing of your Personal Data, including profiling, which produce a significant legal effect on you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us, or with your explicit consent.
Right to withdraw consent: If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. Your withdrawal of consent will not apply to or affect prior processing of data that was processed prior to our receipt of your withdrawal of consent. - Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we have handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns.
EU Data Subjects may contact us about these rights at compliance@evidentid.com or at the address set out in the Contact Us section below.
International Data Transfers
The Personal Data we process may be transferred to, and processed in, any country in which we, our group companies, or our service providers or partners operate, which may include countries other than the country in which you are resident. These countries may have data protection laws that are different than the laws of your country.
However, we have taken appropriate safeguards to require that your Personal Data will remain protected in accordance with this Policy. Evident ID complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Evident has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Evident has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. As with other participants in the DPF, we are subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
When we transfer Personal Information to a third party acting as an agent, we ensure that that we (i) transfer such information only for limited and specified purposes; (ii) ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles; (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the Personal Information transferred in a manner consistent with our obligations under the Principles; (iv) require the agent to notify us if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles; (v) upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) provide a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the U.S. Department of Commerce upon request.In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Evident commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Evident at:
Attention: Privacy Office
P.O. Box 19119
Atlanta, GA 31126
United States
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Evident commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to TrustE, an alternative dispute resolution provider. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. These services are provided at no cost to you.
For more information about the EU-U.S. Data Privacy Framework, visit https://www.dataprivacyframework.gov.
Retention
Evident will retain Personal Data for the period necessary to provide our Services or for the purposes it was collected for, as otherwise required by our contracts or by law.
When determining how long we should keep data, we consider the length of time we will have a relationship with you or the Related Parties and provide our Services, whether there is a legal obligation that would require us to keep the information for a specified period of time, the reasons why we process your data, the risk of harm from unauthorized use or disclosure of your Personal Data.
We may also anonymize or de-identify Personal Data so it would no longer be associated with you for research or analytical purposes. If data is anonymized or de-identified, we may use this data for as long as we have a legitimate business purpose for such use, without additional notice to you.
Children Under 13
Our Services and Sites are not directed at children under 13 years of age (or older where required by law), and we do not knowingly collect or receive Personal Data from them. If we learn that we have received Personal Data from a child whose age requires parental consent for processing, we will delete the data. If you believe that we have received Personal Data from a child whose age requires parental consent, you may contact us at compliance@evidentid.com.
California Privacy Rights
Personal Information We Collect about California Consumers
Additional Notice for California Consumers – This part of our Privacy Policy applies to consumers who reside in California. To ensure we give California consumers the disclosures that are required by California laws, we have provided this additional notice. Our use of the term, “Personal Data” in this Privacy Policy also means “personal information” as defined under the California Consumer Privacy Act of 2018 (“CCPA”) and other California laws when used in this additional notice.
We describe the personal information we have collected from consumers in the twelve (12) months preceding the effective date of this Privacy Notice in the part of our Privacy Notice titled, “Collection of Personal Data” above. The information we collect includes the following:
| Category of Personal Information | Examples of this Category | Sources of Personal Information | Business Purpose for Collection | |
|---|---|---|---|---|
| Identifiers | Real name, alias, postal address, unique personal identifier, online identifier, Internal Protocol address, email address, account name, social security number, driver’s license number, passport number or other similar identifiers. | You
Automatically Third Parties |
|
|
| Personal information described in California Civ. Code § 1798.80(e) | Name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. | You
Automatically Third Parties |
To provide our products and Services
To provide information you requested To improve our products and Services To identify potential customers To market our products and Services To verify identity To prevent fraud To process payments To comply with law To manage payroll and provide and administer employee benefits |
|
| Characteristics of protected classifications under California or federal law | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or credit, marital status, medical condition (AIDS/HIV status, cancer), physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information), political activities or affiliations, familial status, source of income status, status as a victim of domestic violence, assault, or stalking. | You
Third Parties |
To provide our products and Services to customers
To improve our products and Services To offer employment, to provide insurance and benefits, for background checks To comply with law |
|
| Commercial information | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | You
Automatically |
To provide our products and Services
To market our products and Services To improve our products and Services To provide information you requested To comply with law |
|
| Biometric information | An individual’s genetic, physiological, biological or behavioral characteristics, including information pertaining to an individual’s deoxyribonucleic acid (DNA) or activity patterns that can be used to establish individual identity, including images of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health or exercise data that contain identifying information. | You
Automatically Third Parties |
To provide our products and Services
To provide information you requested To improve our products and Services To identify potential customers To market our products and Services To verify identity To prevent fraud To process payments To comply with law To offer employment, to provide insurance and benefits, for background checks |
|
| Internet or other electronic network activity information | Browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement. | Automatically | To provide our products and services
To market our products and services To improve our products and services (e.g., usage pattern data) To track employee actions for internal reports and information security purposes |
|
| Geolocation data | Physical location and/or movements. | You
Automatically Third Parties |
To market our products and services
To detect security incidents and protect our Sites or App |
|
| Sensory data | Audio, electronic, visual, thermal, olfactory, or similar information. | You
Automatically Third Parties |
To provide our products and Services
To provide information you requested To improve our products and Services To identify potential customers To market our products and Services To verify identity To prevent fraud To process payments To comply with law To offer employment, to provide insurance and benefits, for background checks |
|
| Professional or employment related information | Current or past job history or performance evaluations | You
Third Parties |
To provide our products and Services
To provide information you requested To improve our products and Services To identify potential customers To market our products and Services To verify identity To prevent fraud To process payments To comply with law To offer employment, to provide insurance and benefits, for background checks |
|
| Non-public education information (per the Family Educational Rights and Privacy Act – 20 U.S.C. § 1232g, 34 CFR Part 99) | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | You
Third Parties |
To provide our products and Services
To provide information you requested To improve our products and Services To identify potential customers To market our products and Services To verify identity To prevent fraud To process payments To comply with law To offer employment, to provide insurance and benefits, for background checks |
|
| Inferences drawn from other Personal Information | Information used to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | You
Automatically Third Parties |
To provide our products and services
To market our products and services To improve our products and services To detect security incidents and protect our Sites or App |
|
| Sensitive Personal Information | Social security number, driver’s license number, account log-in, debit, or credit card number in combination with password or PIN, precise geolocation (less than 1850 sf radius), racial/ethnic origins, religious or philosophical beliefs, union membership, contents of e-mails or texts to others, genetic/biometric data, health information, sex life/sexual orientation data | You
Automatically Third Parties |
To provide our products and Services
To provide information you requested To improve our products and Services To identify potential customers To market our products and Services To verify identity To prevent fraud To process payments To comply with law To offer employment, to provide insurance and benefits, for background checks |
Information related to how long we retain each category of personal information is included in the Retention section above.
For more information, please see “Collection of Personal Data” and “Information Collected Automatically” above.
Disclosures of Personal Information for Monetary or Other Valuable Consideration or for Business Purposes
We don’t sell consumers’ personal information in the sense that most people think of selling, but we do provide it to other companies that you should expect to interact with, such as a Relying Party, and those companies we have contracted with to help provide some part of our services, like marketing services providers and sponsors of events. The term, “sale,” is broadly defined in CCPA and includes any sharing of your personal information to a third party for consideration if the third party might use the information for their own purpose (such as in advertising or analytics).
As is common practice among businesses that operate websites, we may have disclosed certain online identifiers, information about the use of our Sites and inferences drawn about you to our social media, advertising and analytics partners for our marketing and related purposes. While we do not view these data sharing activities as “sales,” if you wish to opt-out of our uses of personal information for these purposes, click here . We don’t intend for our Services to be used by anyone under 16 and therefore do not knowingly collect, sell or share personal information of individuals under age 16.
We have disclosed the following categories of personal information for business purposes in the last twelve (12) months:
| Category of Personal Information | Recipient Categories | Business Purpose for Disclosure |
|---|---|---|
| Identifiers | Service Providers
Relying Parties |
Helping to ensure the security and integrity of personal information
Performing services on behalf of the business Internal research for technological development and demonstration Activities to verify or maintain the quality of, improve, upgrade, and/or enhance our services |
| Personal information described in California Civ. Code § 1798.80(e) | Service Providers
Relying Parties |
Helping to ensure the security and integrity of personal information
Performing services on behalf of the business Internal research for technological development and demonstration Activities to verify or maintain the quality of, improve, upgrade, and/or enhance our services |
| Characteristics of protected classifications under California or federal law | Service Providers
Relying Parties |
Helping to ensure the security and integrity of personal information
Performing services on behalf of the business Internal research for technological development and demonstration Activities to verify or maintain the quality of, improve, upgrade, and/or enhance our services |
| Commercial information | Service Providers
Relying Parties |
Helping to ensure the security and integrity of personal information
Performing services on behalf of the business Internal research for technological development and demonstration Activities to verify or maintain the quality of, improve, upgrade, and/or enhance our services |
| Biometric information | Service Providers
Relying Parties |
Helping to ensure the security and integrity of personal information
Performing services on behalf of the business Internal research for technological development and demonstration Activities to verify or maintain the quality of, improve, upgrade, and/or enhance our services |
| Internet or other electronic network activity information | Service Providers
Relying Parties |
Helping to ensure the security and integrity of personal information
Performing services on behalf of the business Internal research for technological development and demonstration Activities to verify or maintain the quality of, improve, upgrade, and/or enhance our services |
| Geolocation data | Service Providers
Relying Parties |
Helping to ensure the security and integrity of personal information
Performing services on behalf of the business Internal research for technological development and demonstration Activities to verify or maintain the quality of, improve, upgrade, and/or enhance our services |
| Sensory data | Service Providers
Relying Parties |
Helping to ensure the security and integrity of personal information
Performing services on behalf of the business Internal research for technological development and demonstration Activities to verify or maintain the quality of, improve, upgrade, and/or enhance our services |
| Professional or employment-related information | Service Providers
Relying Parties |
Helping to ensure the security and integrity of personal information
Performing services on behalf of the business Internal research for technological development and demonstration Activities to verify or maintain the quality of, improve, upgrade, and/or enhance our services |
| Non-public education information (per the Family Educational Rights and Privacy Act – 20 U.S.C. § 1232g, 34 CFR Part 99) | Service Providers
Relying Parties |
Helping to ensure the security and integrity of personal information
Performing services on behalf of the business Internal research for technological development and demonstration Activities to verify or maintain the quality of, improve, upgrade, and/or enhance our services |
| Inferences drawn from other Personal Information | Service Providers
Relying Parties |
Helping to ensure the security and integrity of personal information
Performing services on behalf of the business Internal research for technological development and demonstration Activities to verify or maintain the quality of, improve, upgrade, and/or enhance our services |
| Sensitive Personal Information | Service Providers
Relying Parties |
Helping to ensure the security and integrity of personal information
Performing services on behalf of the business Internal research for technological development and demonstration Activities to verify or maintain the quality of, improve, upgrade, and/or enhance our services |
For additional information regarding the purposes for which we use the personal information we collect, please see “Use of Personal Data and Other Information” and “How we Share your Information” sections above
Your California Privacy Rights
If you are a California resident, you have the following rights. We will honor requests received to the extent required by applicable law and within the time provided by law.
Right to Access and Information Regarding Personal Information
You have the right to request that we disclose to you the categories and specific pieces of personal information we have collected about you. Specifically, you have the right to request that we disclose the following to you, in each case in the twelve-month period preceding your request:
- The categories of personal information we have collected about you;
- The categories of sources from which the personal information is collected;
- Our business or commercial purpose for collecting or selling personal information;
- The categories of third parties with whom we share personal information;
- The specific pieces of information we have collected about you;
- The categories of personal information about you, if any, that we have disclosed for monetary or other valuable consideration and the categories of third parties to which we have disclosed the information, by category or categories of personal information for each third party to which we disclosed the personal information; and
- The categories of personal information about you that we disclosed for a business purpose.
We will deliver personal information that we are required by law to disclose to you in the manner required by law within 45 days after receipt of a verifiable request, unless we notify you that we require additional time to respond, in which case we will respond within such additional period of time required by law. We may deliver the personal information to you through your account, if you maintain an account with us, or electronically or by mail at your option. If electronically, then we will deliver the information in a portable and, to the extent technically feasible, in a readily usable format that allows you to transmit the information from one entity to another without hindrance.
Right to Deletion of Personal Information
You have the right to request that we delete personal information about you that we have collected from you.
Right to Correct Personal Information
You have the right to request that we correct any inaccurate information that we maintain about you.
Right to Opt Out
You have the right to opt out of the sale or sharing of personal information. We do not sell personal information, but we recognize that some privacy laws define “personal information” in such a way that making available identifiers linked to you for a benefit may be considered a “sale.” To opt-out of this, please click on.
Right to Limit the Use or Disclosure of Sensitive Personal Information
You have the right to limit that use or disclosure of Sensitive Personal Information to that use which is necessary to perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services. Evident only collects Sensitive Personal Information such as social security and drivers license numbers with your informed consent and as necessary to perform our Services. We do not use or disclose Sensitive Personal Information for any other reasons such as inferring consumer characteristics about you.
Right to No Discrimination
We may not discriminate against you because of your exercise of any of the foregoing rights under the California Consumer Privacy Act, including by:
- Denying you goods or services;
- Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
- Providing you a different level or quality of goods or services; or
- Suggesting that you will receive different price or rate for goods or service or at a different level or quality of goods or services.
We may however, charge different prices or rates, or provide a different level or quality of goods or services, if that difference is reasonably related to the value provided to us by your personal information.
Requests to Exercise Your Rights
If you are a California resident, you may request to exercise the foregoing rights by:
- Submitting a request to Compliance@evidentid.com
- Calling us at 877-832-5298
Please note that we may take steps to verify your identity before granting you access to information or acting on your request to exercise your rights, as required or permitted by law. We may limit our response to your exercise of the above rights as permitted by law.
Data Sharing for Direct Marketing Purposes
If you are a California resident, you may ask us for a notice describing what categories of personal information we share with third parties or affiliates for those third parties or affiliates’ direct marketing purposes and identify the name and address of the third parties that received such personal information. We don’t share this information with others for their direct marketing purposes.
Illinois Privacy Rights
Additional Notice for Illinois Residents – This part of our Privacy Policy applies to residents of Illinois. We have provided this additional notice to ensure we give Illinois residents the disclosures that are required by Illinois laws, (e.g. the Illinois Biometric Information Privacy Act or “BIPA”).
Evident’s collection of personal information may include biometric identifiers and/or biometric information (collectively “biometric data”), and with your consent, we may share such biometric data with Relying Parties for their use as provided by their privacy policies and any agreements they may have with you. We may collect, process and store your biometric data for the purpose of verification services and long-term proof of inspection of your provided form of identification, on behalf of and as instructed by the Relying Parties. We will store your biometric data for as long as the Relying Party requests (e.g., the duration of your use of its services), but in any case no longer than the earlier of the date when (i) the Relying Party ceases to have a relationship with Evident; (ii) within three (3) years after your last interaction with our Services has occurred; or (iii) you request your Personal Data to be deleted (unless we are required by law to retain any elements of your Personal Data).
Facial images. Specifically with respect to facial images, if you agree to use our facial recognition service that we offer to Relying Parties, we will collect an image of your face that you provide through a web or mobile app (i.e. a selfie) and a photo or scan of your face as it appears on an identification document, such as a driver license. We will use facial recognition technology only for the purpose of verifying your identity as the person who appears on the identification document. We may share the facial scans and related biometric data with the Relying Party through which you used our identity verification service. In general (but subject to the retention periods for biometric data described above), we will retain your facial recognition information, including the photo of your face and photo or scan of your identification document, for the amount of time needed to fulfil the Relying Party’s requirements and applicable audit and verification purposes. In no event will Evident store your facial recognition information after Evident ceases to have a customer relationship with such Relying Party.
Your Privacy Rights under Other US State Laws
Based on the applicable law in the state where you live, you may have the following rights with respect to your Personal Information:
- To confirm whether or not a controller is processing your personal data and to access such personal data;
- To correct inaccuracies in your personal data;
- To delete your personal data;
- To obtain a copy of your personal data that you previously provided to us in a portable, and if technically feasible, readily usable format, if processing is carried out by automated means;
- To opt out of the processing of your personal data for purposes of (i) targeted advertising, (ii) the sale of personal data, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.
- Not to discriminate against you because you have exercised any of these rights, including by:
- denying you Services;
- charging different prices or rates for our Services, including through the use of discounts or other benefits or imposing penalties;
- providing you a different level or quality of Services; and/or
- suggesting that you will receive a different price or rate for Services, or at a different level or quality of Services.
To exercise any of these rights, you may make a request to confirm, access, correct, delete, obtain a copy, or opt-out of the processing of your personal data for targeting advertising, sale, or profiling by using this webform or contacting us using the information in the Contact Us section below.
We may require you to confirm your identity and your residency in order to obtain the information, and you are only entitled to make this request up to twice annually. For emails, please include “Privacy Rights” as the subject line. You must include your full name, email address, and attest to the fact that you are a resident. We will process your request within 45 days or let you know if we need additional time or cannot process your request. If you make this request by telephone, we may also ask you to provide the request in writing so that we may verify your identity. If we are unable to honor your request for any reason, we will notify you of the reason within the request time period.
Right to Opt Out
You may have the right to opt out of the sale of their Personal Information and targeted advertising. To exercise your right, please click on this link
on the bottom of the webpage where your information is being collected.
Opt-Out Preference Signals
Some browsers and browser extensions support opt-out preference signals such as the Global Privacy Control (“GPC”) that can send a signal to the websites you visit indicating your choice to opt-out from certain types of data processing, including data sales. GPC is a web browser-level setting, maintained by either a browser or a browser extension, that a user or privacy-focused technology can set. In certain regions, when we detect such a signal, we will make reasonable efforts to respect your choices as required by applicable law.
Appeals of Our Decisions
In some jurisdictions, you may appeal to us if we refuse to take action on your exercise of certain choices described above. In order to appeal such a refusal, please contact us using the information in the Contact Us section below with the subject line “Appeal of Refusal to Take Action on Privacy Request” and provide the relevant information in the email.
If we decline to take action on any request you make, we will provide you with the information required by the applicable law where you live. This may include an explanation of why we declined your request, information on how to appeal our decision, and/or how to make a complaint to your state Attorney General.
Changes to this Privacy Policy
We may change this Privacy Policy at any time. We will post all changes to this Privacy Policy on this page and will indicate at the top of the page the modified policy’s effective date. We therefore encourage you to refer to this page on an ongoing basis so that you are aware of our current privacy policy. If required by the applicable law, we will notify you of the changes. By continuing to use the Sites and/or the Services or providing us with information following such a replacement Policy being provided, you agree that you will be deemed to have agreed to be bound by the Privacy Policy as changed.
Contact Us
If you have any questions or suggestions regarding this Privacy Policy, please contact us at compliance@evidentid.com or send postal mail to: P.O. Box 19119 Atlanta, GA 31126, United States Attention: Privacy Office