GetID PRIVACY POLICY
Valid from 14.01.2020
This Privacy Policy explains to you how GetID OÜ (‘GetID’) is committed to the responsible management, use, and protection of personal information.
GetID use and secure your personal data whilst you are using the GetID website www.getid.com or when you enter into a contract with GetID to provide services to your organisation.
GetID processes service users personal data as directed by our clients for the provision of our service. Our clients are controllers who determine the purpose of Processing of Personal Data and, accordingly, GetID is a processor of user personal data with respect to those services. In other cases, GetID is a controller of user personal data (e.g. users of GetID´s web page)
GetID takes the protection and security of your personal data very seriously and this policy sets out our responsibilities under the General Data Protection Regulation 2016 (‘GDPR’) and other applicable laws/regulations in European Economic Area (EEA) relating to the processing and security of personal data.
Our registered head office is located in the Republic of Estonia:
Maakri 19/1, 30th floor, 10145, Tallinn, Estonia
Company registration number: 14700267
If you have any questions or concerns regarding the processing of your personal data, you can contact our Data Protection Officer at dpo@getid.ee.
GetID is entitled to unilaterally amend the given policy at any time by notifying the Clients not later than 14 days prior of any significant amendments via the GetID website, email or other communication means. In issues not regulated by this policy, Terms of Use shall apply.
Personal Data we process
Personal data we process about clients and their representatives:
For entering into an Agreement, for providing our Service, for communicating with the representative of our client and for other lawful reasons we need to Process the data of client’s representative.
This means we may Process, among other, following Personal Data of the representative of the client:
- personal information of the representative of the client, such as name, position, contact information;
- personal information in connection of provision of the Service, such as data from communication with us;
- technical data, including but not limited to information about, the date and time that you use the Services, your IP address and domain name, your software and hardware attributes, also, your general geographic location (e.g. city, country);
- publicly available relevant data.
We collect this data either from you directly, when you communicate with us directly e.g., sending us an email, providing us with your Personal Data on the phone or through visiting our offices.
Please note that we also check information about client (incl. about relevant representatives of client) from publicly available sources.
Personal data we process about our services user
GetID provides personal identity verification services to clients. This means we verify service users and for that service users, have consented to data Processing according to client’s privacy policy and to data Processing by us in accordance with this Privacy Policy.
We may collect and Process, among other, the following Personal Data:
– personal information of service user, such as name, sex, personal identification code, date of birth, legal capacity, nationality, citizenship, but also historic data of that service user that may have been stored with us during previous counteractions within the retention periods;
– document details, such as the name of the document, issuing country, number, expiry date, security features;
– facial recognition data, such as photos, videos and sound recording, photographs taken from you and your document and video and sound recording of the verification process;
– contact details, such as address, e-mail address, telephone numbers, IP address;
– technical data, including but not limited to information about, the date and time that you use the Services, your IP address and domain name, your software and hardware attributes, also, your general geographic location (e.g. city, country);
– biometrical data, such as facial identifiers;
– publicly available relevant data, e.g. information about being politically exposed person (PEP) and checks in sanction lists.
In order to Prevent misuse or abuse, when you use our service via one of our clients, Google may collect your device information through Google’s reCAPTCHA service. This information is processed for the purpose of preventing abuse or misuse of services, based on our legitimate interest. Google will process this information in accordance with its terms of service and privacy policy.
Legal basis for processing personal data
GetID processes Client and service user related data, including personal data, on the following basis:
the Client/service user has given consent to the processing of his or her personal data for one or more specific purposes;
processing is necessary for the performance of the Client agreement to which the Client is a party or in order to take steps at the request of the data subject prior to entering into a Client agreement;
processing is necessary for compliance with a legal obligation to which GetID is subject to;
processing is necessary for the performance of a task carried out in the exercise of official authority request;
processing is necessary for the purposes of the legitimate interests pursued by GetID or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Client/service provider which require protection of personal data.
GetID’s legitimate interests are expressed in furtherance of its own operating activity in offering Clients better services and products, developing its own products, ensuring data and information security and performance of general legal obligations set forth in legal acts.
The GDPR and your rights
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
As an individual, you have rights under the GDPR regarding the use of your personal data, these are:
Your right of access – You have a right to know what personal data GetID hold on you and for what purpose we are processing your personal data.There may be some exemptions, which means you may not always receive all the information we process.
Your right to rectification – You have the right to ask us to rectify any information you believe is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing – You have the right to object to processing if we are able to process your information because the processing is in our legitimate interests.
Your right to data portability – You can request that the personal data you have provided to GetID be ported to another organisation.This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
Please read more about your rights from chapter III of the General Data Protection Regulation.
If you wish to exercise any of your rights regarding Personal Data or ask questions about the Privacy Policy, please submit a corresponding request to us at dpo@getid.ee. We will respond to your request by e-mail as a rule no later than one calendar month. If your request is complex or you make more than one, the response time may be a maximum of three calendar months, starting from the day of receipt. Please note that before we can provide you with the requested information regarding your Personal Data, we may need to verify your identity.
If your request concerns data we have Processed as a Processor you must submit your request to the service provider who is the controller of Processing of your Personal Data, we will inform you if this is the case.
Retention of Personal Data
GetID shall not process Client Data for longer than necessary for performing the objectives of the Processing, including for complying with the duty, set forth in legal acts, to retain data and for resolving disputes arising from agreement(s) entered into with the Client or for resolving potential disputes. GetID shall preserve Client data, who has entered into a Client agreement for receiving the investment services, for at least five years following the termination of the Client relationship, unless other terms for the preservation of data or documents are prescribed by law.
Submission of complaint
Where you believe that GetID has not taken our responsibilities with your personal data seriously, you have the right to complain to Data Protection Inspectorate (https://www.aki.ee/en/contacts).