The State of Third-Party Insurance Verification – Research Report
Date Last Revised: June 11, 2021
Evident offers you a secure platform to share your personal information with others (“Relying Parties”). Relying Parties will request that you share your personal information through the Services when you conduct a transaction with them (e.g., registering for access to their website or when you request to purchase their products or register for their services). To enable our Services, we collect information about you directly from you, from Relying Parties, from third parties, and automatically through your use of our Services.
To make it easy for you to navigate and understand our data practices, use these hyperlinks to find the section relevant to you.
Collection of Personal Data
Definition of “Personal Data”
How We Collect Personal Data
How We Use Personal Data and Other Information
How We Share Your Information
Links to Other Websites
Access and Your Choices
International Data Transfers and Our Privacy Shield Compliance
Children Under 13
Do Not Track Signals
California Privacy Rights
Illinois Privacy Rights
Evident ID is the operator of our Sites and the controller of data collected from you by our Sites. With respect to the use of our Services by EU data subjects, we are either a controller or processor of your data, depending upon the circumstances that give rise to our processing of your data. We are a United States corporation registered in the State of Delaware and located in Atlanta, Georgia.
We collect Personal Data in a variety of ways as described below.
To use our Services, we require you to register by providing your name and contact information. You, may, but are not required to, provide additional information, such as the data listed in the Collection of Personal Data section above. Note that this is not an exhaustive list.
We may ask you to provide Personal Data for various reasons. For example, when you request a demo of our platform, we may ask you for contact information such as your name, email address, phone number, geographic and job information.
We may ask you for similar information at other times, such as when you apply for a job through our Sites or contact our customer service team.
You may also provide us your personal information when you sign up for a webinar, download a whitepaper directly on our Sites or from one of our partners, or complete a contact us form on our Sites.
We also collect Personal Data that employees, contractors, or agents of our Relying Parties provide to us when they register for access to the Evident platform. The information we may collect includes name, address, company name, location, email address, phone number and account password.
Through our Sites and Services we may receive information, including, with your consent where required, from third party providers and sources that, alone or in combination with other information, could be used to identify an individual, including you. For example, a Relying Party using our Services may provide us with your name and contact information so you can join our Services or qualify to use the Relying Party’s products or services. We verify the information we receive about you so that the Relying Party can have confidence in the accuracy of the information. To do so, we may collect information about you from publicly-available information and third party sources. For example, if a Relying Party requires you to carry insurance, we may verify with your insurance provider that your coverage is in effect, or we may verify that you have a valid driver license or permit.
We also collect, with your consent where required and in accordance with applicable laws, consumer reports about you, such as credit reports or background checks, if the Relying Party requires such information.
We do not control the privacy practices of these third parties that we collect information from. In some cases, such as when a Relying Party asks us to obtain a credit report on you, it may be the Relying Party’s legal obligation to obtain your consent. In those cases, we are relying on the Relying Party’s authorization to collect this information from or about you.
We also may receive your personal information such as name, business email, company and job title, from trade shows or other similar events that we sponsor or from third parties that provide such information. We use this information to send marketing messages to you as described below.
This information can include your browser type and operating system, your IP address, the length and times of day you use our Sites or Services, the referring URL or webpage that led you to our Sites or Services.
Additionally, when you use our App, we may collect information on your mobile device, such as device name and model, mobile operating system type, name and version; language information; and activities within the Services.
With your permission, we will collect location information from your mobile device to help us verify information you may have provided to us. You may turn off this feature through the location settings on your mobile device. More information about how to do this and manage other mobile privacy settings is available from your device provider.
You may log into our Services through your social networking accounts, including Facebook and Google. If you do this, we obtain information from these sites as follows:
Google. If you log into our Services using your Google account, you must enter your Google email address and password. We will collect your email address, profile information and photo if you login to our Services using Google.
Facebook. If you log into our Services using Facebook, you must enter your Facebook email address or phone number, and password. We will ask that you grant us permission to access and collect your Facebook public profile information (this includes your name, profile picture, and any other information you have set to public on your Facebook account) and email address.
We securely store the information that we receive from Facebook and Google with other information that we collect from you or receive about you.
Any third-party social networking site controls the information it collects from you. For information about how they may use and disclose your information, including any information you make public, please consult their respective privacy policies. We have no control over how any third-party social networking site uses or discloses the personal information it collects about you.
We use the Personal Data collected for a number of purposes as described below.
Evident uses your information, including Personal Data, for the following purposes:
We use the information that we collect when you visit our Sites to respond to questions, comments or requests for information from us and to send applicable and personalized marketing messages in accordance with applicable laws. These marketing messages may include emails, texts, online advertisements, or phone calls. Marketing related communications to you will contain instructions on how to unsubscribe from receiving them. See more on how to opt out in the Your Choices section below.
When you send email or other communications to us, we may keep those communications and use the Personal Data they contain in order to process your questions, respond to your requests and improve our Sites or Services. In particular, we may use your email address to communicate with you about our Services, such as to provide you with support.
We may anonymize, de-identify and/or aggregate the information that we collect and use such anonymized, de-identified and/or aggregated data for our own business purposes, including but not limited to sharing anonymized and de-identified data with our current and prospective business partners, service providers, affiliates, agents and other third parties for commercial, statistical and market research purposes, for example to allow those parties to analyze patterns among groups of people, and conducting research on consumer demographics, interests and behavior.
We use Personal Data and other data for data analysis, security and fraud monitoring and prevention, product development and testing, improving or modifying our Sites and Services, analyzing website traffic patterns and behaviors, statistical and survey purposes, determining the effectiveness of our promotional campaigns and operating and expanding our business activities.
Evident may share your information, including Personal Data, in the circumstances described below.
Relying Parties. We will share the information that you direct us to share with a Relying Party.
Third Party Data Sources. We share your information with third party data sources to verify the accuracy of the information you provide to us and to request information about you.
Aggregate and De-Identified Information. We may share aggregate or de-identified information about users and prospective users of our Sites and Services with third parties for marketing, advertising, research or similar purposes.
Service Providers. We share information with our third party vendors and service providers to perform certain functions on our behalf, such as hosting specific portions of the Service, maintaining databases, helping us collect job applications, delivering content, sending emails on behalf of our customers and for our own marketing communications, using text messaging services for multifactor authentication protocols, administering content, mailing information, processing payments or otherwise operating the Services or the Sites.
Business Transfers. If we are acquired by or merged with another company, if all or some portion of our assets are transferred to another company, or as part of a bankruptcy proceeding, financing due diligence, reorganization, or receivership, we may transfer the information we have collected from you to the other company or bankruptcy trustee or administrator.
In Response to Legal Process. We may disclose the information we collect from you in order to comply with the law, a judicial or regulatory proceeding, court or governmental agency order, or other legal process, such as in response to a court order or a subpoena.
Evident is built to protect your private information and to allow you to securely share your information with Relying Parties. We have implemented commercially reasonable and appropriate precautions to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. For example, we protect the personal information that you submit to us through encryption and access controls.
You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.
We may use “cookies” (a small text file sent by your computer each time you visit our site) or similar digital technologies to record log data. Many browsers default to accepting cookies. You may be able to change this setting in your browser and you can also clear your cookies. If you do, you may lose some functionality of our Sites or Services. Check your browser’s help function to learn more about your cookie setting options.
We may use the following types of cookies and digital technologies:
On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive a notification when you are receiving a new cookie and how to control cookies, including turn them off. Please see the links below for guidance on how to modify your web browser’s settings on the most popular browsers:
To find out more about cookies and similar technologies, including how to see what cookies and similar technologies have been set and how to manage and delete them, visit www.allaboutcookies.org, and/or the Digital Advertising Alliance’s (DAA) online resources at youradchoices.com/control, and/or the Network Advertising Initiative’s (NAI) online resources at http://www.networkadvertising.org, and follow the opt-out instructions there, or if located in the European Union, visit the European Interactive Digital Advertising Alliance’s (EDAA) Your Online Choices opt-out tool at www.youronlinechoices.com.
Opting out from one or more companies listed on the DAA Consumer Choice Page, the NAI Consumer Opt-Out Page, or the EDAA Your Online Choices opt-out page will opt you out from the delivery of interest-based content or ads to you by the third parties participating in those opt-out services, but it does not mean you will no longer receive any personalized advertising through our Services or on our Sites or other websites. You may continue to receive advertisements, for example, non-personalized advertisements or advertisements based on the particular website that you are viewing (i.e., contextually based ads). Also, if your browsers are configured to reject cookies when you opt out on the DAA, NAI or EDAA websites, your opt out may not be effective. Additional information is available at these websites.
You may modify personal information that you have submitted by logging into your account and updating your profile information. Please note that copies of information that you have updated, modified or deleted may remain viewable in cached and archived pages of the Services for a period of time and in accordance with our data retention policies.
We may send periodic promotional or informational emails to you. You may opt-out of such communications by following the opt-out instructions contained in the email. Please note that it may take up to 10 business days for us to process opt-out requests. If you opt-out of receiving emails about recommendations or other information we think may interest you, we may still send you emails about your account or any Services you have requested or received from us.
This section applies if you are an EU data subject (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway and, where applicable, Switzerland). Evident is the data controller for processing Personal Data provided to Evident in relation to the Sites. Unless you have given us your consent for our independent uses of your Personal Data or we have another lawful basis for processing your Personal Data, we act strictly as a data processor for Personal Data that we process through the Services, as described under the “Information Collected Through our Services” section above. For example, we process data on behalf of Relying Parties in relation to transactions you may be conducting or considering with them. We rely on the following legal bases for processing your Personal Data:
Subject to applicable law and reasonable steps that we may take to verify your identity with respect to your requests, you have the following rights in relation to your Personal Data:
EU Data Subjects may contact us about these rights at email@example.com or at the address set out in the Contact Us section below.
The Personal Data we process may be transferred to, and processed in, any country in which we, our group companies, or our service providers or partners operate, which may include countries other than the country in which you are resident. These countries may have data protection laws that are different than the laws of your country.
However, we have taken appropriate safeguards to require that your Personal Data will remain protected in accordance with this Policy. In particular, Evident complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Economic Area member countries and Switzerland to the United States, respectively. Evident has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the terms of this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.
Evident is aware that the EU-US Privacy Shield Framework was invalidated by the European Court of Justice in July 2020; nevertheless, Evident will continue to comply with it and the Swiss-U.S. Privacy Shield Framework and, in addition, Evident will, as needed, implement appropriate alternative transfer mechanisms with data exporters for the protection of Personal Data in cross-border data transfers.
Evident US has further committed to refer unresolved privacy complaints from EEA or Swiss citizens or residents regarding transfers of their personal data under the Privacy Shield Principles to an alternative dispute resolution. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel for EU or Swiss individuals.
When Evident US transfers personal information about EU or Swiss individuals to other third parties, it will do so in accordance with the Onward Transfer principle of the EU-US and Swiss-US Privacy Shield Principles. In these cases, Evident is potentially liable if such third parties do not provide the same level of protection as the Privacy Shield Principles. More information on the Privacy Shield Frameworks is available here.
Evident will retain Personal Data for the period necessary to provide our Services or for the purposes it was collected for, as otherwise required by our contracts or by law.
When determining how long we should keep data, we consider the length of time we will have a relationship with you or the Related Parties and provide our Services, whether there is a legal obligation that would require us to keep the information for a specified period of time, the reasons why we process your data, the risk of harm from unauthorized use or disclosure of your Personal Data.
We may also anonymize or de-identify Personal Data so it would no longer be associated with you for research or analytical purposes. If data is anonymized or de-identified, we may use this data for as long as we have a legitimate business purpose for such use, without additional notice to you.
Our Services and Sites are not directed at children under 13 years of age (or older where required by law), and we do not knowingly collect or receive Personal Data from them. If we learn that we have received Personal Data from a child whose age requires parental consent for processing, we will delete the data. If you believe that we have received Personal Data from a child whose age requires parental consent, you may contact us at firstname.lastname@example.org.
Our Sites and Services do not collect personal information about your online activities over time and across third-party websites or online services. Therefore, “do not track” signals transmitted from web browsers do not apply to our Sites or Services, and we do not alter any of our data collection and use practices upon receipt of such a signal.
We describe the personal information we have collected from consumers in the twelve (12) months preceding the effective date of this Privacy Notice in the part of our Privacy Notice titled, “Collection of Personal Data” above. The information we collect includes the following:
For more information, please see “Collection of Personal Data” and “Information Collected Automatically” above.
We don’t sell consumers’ personal information in the sense that most people think of selling, but we do provide it to other companies that you should expect to interact with, such as a Relying Party, and those companies we have contracted with to help provide some part of our services, like marketing services providers and sponsors of events. The term, “sale,” is broadly defined in CCPA and includes any sharing of your personal information to a third party for consideration if the third party might use the information for their own purpose (such as in advertising or analytics). As is common practice among businesses that operate websites, we may have disclosed certain online identifiers, information about the use of our Sites and inferences drawn about you to our social media, advertising and analytics partners for our marketing and related purposes. While we do not view these data sharing activities as “sales,” if you wish to opt-out of our uses of personal information for these purposes, see your options under the “Access and Your Choices” section of this policy above. We don’t intend for our Services to be used by anyone under 16 and therefore do not knowingly collect or disclose personal information of individuals under age 16.
We have disclosed personal information in all or substantially all of the categories identified in this Additional Notice for California Resident Consumers for various business purposes. For more information about the categories of personal information we have disclosed, the categories of entities with which we have disclosed this information and the purposes for which we have disclosed the information, please see “How We Share Your Information” above.
For additional information regarding the purposes for which we use the personal information we collect, please see “Use of Personal Data and Other Information” and “How we Share your Information” sections above.
If you are a California resident, you have the following rights. We will honor requests received to the extent required by applicable law and within the time provided by law.
You have the right to request that we disclose to you the categories and specific pieces of personal information we have collected about you. Specifically, you have the right to request that we disclose the following to you, in each case in the twelve-month period preceding your request:
We will deliver personal information that we are required by law to disclose to you in the manner required by law within 45 days after receipt of a verifiable request, unless we notify you that we require additional time to respond, in which case we will respond within such additional period of time required by law. We may deliver the personal information to you through your account, if you maintain an account with us, or electronically or by mail at your option. If electronically, then we will deliver the information in a portable and, to the extent technically feasible, in a readily usable format that allows you to transmit the information from one entity to another without hindrance.
You have the right to request that we delete personal information about you that we have collected from you.
If in the future we sell your personal information, you have the right to opt out of the disclosure of personal information about you for monetary or other valuable consideration. To Opt-Out, see the “Requests to Exercise Your Rights” section below.
We may not discriminate against you because of your exercise of any of the foregoing rights under the California Consumer Privacy Act, including by:
We may however, charge different prices or rates, or provide a different level or quality of goods or services, if that difference is reasonably related to the value provided to us by your personal information.
If you are a California resident, you may request to exercise the foregoing rights by:
Please note that we may take steps to verify your identity before granting you access to information or acting on your request to exercise your rights, as required or permitted by law. We may limit our response to your exercise of the above rights as permitted by law.
If you are a California resident, you may ask us for a notice describing what categories of personal information we share with third parties or affiliates for those third parties or affiliates’ direct marketing purposes and identify the name and address of the third parties that received such personal information. We don’t share this information with others for their direct marketing purposes.
Evident’s collection of personal information may include biometric identifiers and/or biometric information (collectively “biometric data”), and with your consent, we may share such biometric data with Relying Parties for their use as provided by their privacy policies and any agreements they may have with you. We may collect, process and store your biometric data for the purpose of verification services and long-term proof of inspection of your provided form of identification, on behalf of and as instructed by the Relying Parties. We will store your biometric data for as long as the Relying Party requests (e.g., the duration of your use of its services), but in any case no longer than the earlier of the date when (i) the Relying Party ceases to have a relationship with Evident; (ii) within three (3) years after your last interaction with our Services has occurred; or (iii) you request your Personal Data to be deleted (unless we are required by law to retain any elements of your Personal Data).
Facial images. Specifically with respect to facial images, if you agree to use our facial recognition service that we offer to Relying Parties, we will collect an image of your face that you provide through a web or mobile app (i.e. a selfie) and a photo or scan of your face as it appears on an identification document, such as a driver license. We will use facial recognition technology only for the purpose of verifying your identity as the person who appears on the identification document. We may share the facial scans and related biometric data with the Relying Party through which you used our identity verification service. In general (but subject to the retention periods for biometric data described above), we will retain your facial recognition information, including the photo of your face and photo or scan of your identification document, for the amount of time needed to fulfil the Relying Party’s requirements and applicable audit and verification purposes. In no event will Evident store your facial recognition information after Evident ceases to have a customer relationship with such Relying Party.