Privacy Policy & Cookie Policy

Privacy Policy

The Purpose of this Privacy Notice
Updated as of June 2024

This Privacy Notice is designed to provide you with the information relevant to the processing of your personal data, including what and why it is processed and what lawful basis we are relying upon, while accessing our valid8Me service. We are committed to protecting and respecting your privacy. Please read this Privacy Notice carefully to understand how we collect, store and share personal data and to ensure that you understand your rights under the General Data Protection Regulation (“GDPR”).

Valid8Me Limited is the owner of a software product known as valid8Me which is a “Know your client” (“KYC”) document sourcing and sharing service that allows corporate, individuals and professional bodies (“End Users”) to:

• upload, maintain and revoke access to key identification documents;
• securely connect with various business entities (“Onboarding Entities”) with whom the End User engages for a specific business purpose (e.g., opening a bank account; applying for home insurance; seeking legal advice);
• share their identification documents with the Onboarding Entities to enable those entities fulfil their legal; Anti Money Laundering (AML) and KYC obligations;
• securely connect with individuals and organisations authorised (“Authorised Representatives”) to access and share with Onboarding entities their personal data and documents; and
• securely connect with Counterparties (e.g., Notaries, Auditors, etc.) to simplify and accelerate the onboarding process.
  

‍Who this notice applies to

This Privacy Notice provides specific information relating to the following categories of data subjects whose personal data we process while providing the valid8Me service.

• individual/private End Users who contract us directly for use of and access to valid8Me and their authorised representatives;
• Commercial/corporate End Users who contact us directly for use of and access to valid8Me and their authorised representatives;
• Onboarding Entities and their employees, directors (or equivalent) and/or other authorised representatives; and
• professional bodies such as Notaries, Auditors engaged by Users or Onboarding Entities

Our processing activities

We use your personal data to enable both End Users and Onboarding Entities to connect for the purpose of sharing of identification and verification documents. This is a requirement for Onboarding Entities before they can provide their products and services to End Users.  

Personal data will be collected via a mobile application that the End User can download to their personal device. An Onboarding Entity can request any type of information or documentation as mandated by their AML / KYC policies. The End User will, having considered the Onboarding Entity’s requirements, decide whether to upload and consent to share their information.

Under data protection law, valid8Me must ensure that it has an appropriate lawful basis for the processing of your personal data and let you know what that lawful basis is.

The lawful basis we rely upon to process your data are:

• consent of the End User;
• processing is necessary for the performance of a contract to which the End User is a party or in order to take steps at the request of the End User prior to entering into a contract;
• compliance with a legal obligation; and
• for the purpose of the legitimate interest pursued by valid8Me.

Where the personal data includes special category personal data, valid8Me may seek to rely on:

• explicit consent of the End User

In addition, there will be some processing undertaken for administrative purposes, to provide information to you, to operate, evaluate, maintain, develop and improve our websites and services or to maintain their security.

We may need to use your information to comply with legal and regulatory obligations, including complying with your information rights, with reporting obligations and with Court orders. We may also process your personal data where necessary to protect your vital interests or those of another person.

The personal data we collect

Personal data means any information relating to you, which allows us to identify you, such as your name, contact details etc.

While using our service, we will collect the following types of personal data:  

• End User identification documents (e.g., Passports; Driver Licenses; National Identity cards);
• Proof of Address documents (e.g., Utility bills; Bank Statements);
• Commercial/Corporate Identity Information (e.g., Articles of Association; Company Register Certificates);
• Commercial/Corporate financials (e.g., audited financial statements);
• End User credentials (e.g., email address; phone number and other identifiers) required to securely enable End Users to login to valid8Me;
• Biometric Data (facial recognition for identity verification checks to prevent identity fraud); and

• Any other personal data requested by the Onboarding Entity.

We collect data from your interactions with us and our business relationship

If you interact with us, we will record details of those interactions. For example, we will collect details of phone calls, email correspondence and any hard copy correspondence received.

We collect certain non-personal technical data from your interactions with our website

When you interact with us online, we will automatically collect data about your use of our services, including data on the type of device you’re using, its  address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. This information is collected at an aggregate level and your identity data is not stored as part of this technical data.

For further information, see our cookies policies below.

Sources of personal Data

We will collect personal data from the End User when documentation is uploaded and shared with the Onboarding Entity.

In addition, our servers, logs and other technologies automatically collect certain information to help us administer, protect and improve our services, analyse usage and improve End User experiences.

‍How we use personal data

We will only use personal data for the purpose of our processing activities, including, to enable End Users create a digital identity through a process of identity verification to connect with an Onboarding Entity for a product or service.

The End User will be asked to provide certain information and valid8Me will explicitly seek the consent of End User before sharing each piece of information and documentation with an Onboarding Entity or other Authorised Representative. The information will be shared with any Onboarding Entity the End User, or their Authorised Representative connects with and permits access to their documents.

The End User or Authorised Representative will receive a request to connect, and it will be for it to decide what and with whom it wishes to provide access to documents.  Any request left unanswered by the End User or Authorised Representative will remain pending and no access will be permitted until approved by them.

‍Disclosure

In certain circumstances, we may disclose personal data to any of the following third parties: -

• business partners for the performance of any contract including, payment processors, data aggregators and hosting service providers;
• our insurers and/or professional advisers insofar as reasonably necessary for the purpose of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal disputes;
• analytics and search engine providers that assist us in the improvement and optimisation of our website. This consists of aggregated anonymous information only and relates to the web pages visited on the Website and not the information included on those web pages;
• if we or substantially all of our assets are acquired by a third party, in which case personal data held by us will be one of the transferred assets;

• if we are under a duty to disclose or share your personal data in order to comply with any legal obligation;
• to protect our rights, property, or safety, or that of yours or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection;
• as required by law, in order to respond to a court order or request from law enforcement or other public authority and in order to meet national security or law enforcement requirements. We will disclose your personal data if this is necessary to:
• comply with a legal obligation;
• protect or defend our rights, interests or property or that of a third party;
• prevent or investigate possible wrongdoing in connection with our services;
• act in urgent circumstances to protect the personal safety of one or more individuals; and
• protect against legal liability.

When we engage another organisation to perform services for us, we may provide them with information including personal data, in connection with their performance of those functions. Where we do share your personal data with a third party, we have taken steps to ensure that those parties comply with data protection laws to the same extent we do.

Security Measures

We will take all steps reasonably necessary to ensure that personal data is treated securely in accordance with this Privacy Notice and the relevant law.

We have put in place appropriate physical, technical, and organisational measures to safeguard and secure the information we manage and collect. All End Users of valid8Me will conduct base IDV (Identity Document Verification) checks when setting up their account to ensure that the person holding the device is the same person in the identification documents as well as other measures to minimise identity fraud.

End Users will use valid8Me to create a digital identity through a process of identity verification (selfie photo, identity document, liveness test, two factor authentication) to confirm they are using the correct device.

All information uploaded will be stored in a specific, secure and encrypted online vault hosted by valid8Me.

We also use secure connections to protect personal data during its transmission. Where you have been given (or where you have chosen) a password which enables you to access the services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

‍Transfers outside the EEA

We do not transfer personal data outside the European Economic Area (“EEA”). If at any time it becomes necessary for us to transfer personal data outside the EEA, it will only be transferred outside the area using legally approved transfer mechanisms, such as the European Commission’s standard contractual clauses or an adequacy decision.

Your rights under GDPR

If you are in the EEA, you have several rights under the GDPR.  These rights are as follows:

• Rights of Access: You have the right to know what personal data we hold on you, why we hold the data for how we are processing your personal data;
• Right to Rectification: You have a right to request that the personal data held in relation to you is up to date and accurate and where it is inaccurate have it corrected;
• Right to Erasure: You have the right to request the deletion of your personal data provided that there are no overriding reasons to retain that data;
• Right to Restriction: You have the right to restrict the extent for which your personal data is processed;
• Right to Data Portability: You have the right to have your personal data transferred to another service provider;
• Right to Object: You have the right to object to the processing of your personal data where the processing is based on our legitimate interest;
• Right to Withdraw Consent: You have the right to withdraw your consent to the processing of your personal data at any time, where the processing is based on your consent; and
• Right to Object to Automated Process: You have the right not to be subject to a decision based solely on automated processing where a decision would have a significant impact on you.

If you wish to exercise any of your data protection rights, please contact us at dataprivacy@valid8Me.com. These rights are not absolute, and restrictions may apply in certain situations. If you are unhappy with our response to your rights request, you have the right to lodge a complaint with the local supervisory authority for data protection in the EU member state where you usually, where you work or where you think an infringement of data protection law took place.

‍

Retention

In some circumstances it is not possible for us to specify in advance the period for which we will retain your personal data. In such cases we will determine the appropriate retention period based on balancing your rights against our legitimate business interests. We may also retain certain personal data beyond the periods specified herein in some circumstances such as where required for the purposes of a legal claims.

The information and documentation will be retained and processed by valid8Me for as long as an End User maintains it in their personal vault, or the Onboarding Entity requires access to it. Once that data is knowingly made available to an Onboarding entity, which the End User has consented to, it will remain available for a number of years in line with the Onboarding Entities legal obligations relating to AML/KYC.  In advance of the legal obligation period elapsing, the Onboarding Entity will be contacted to confirm that they no longer require access. If the Onboarding Entity does not extend the legal term, then their access to that documentation will be revoked and the End User notified.

‍Amendments to this Privacy Notice

We will post any changes on the Website and when doing so will change the updated date at the top of this Privacy Notice. Please make sure to check the date when you use our services to see if there have been any changes since you last used those services. If you are not happy with any changes that we have made you should cease using our services.

In some cases, we may provide you with additional notice of changes to this Privacy Notice, such as via email. We will always provide you with such additional notice well in advance of the changes taking effect where we consider the changes to be material.

How to contact us

Please contact us if you have any questions about this Privacy Notice, or about any information we hold about you:

• by email at:  dataprivacy@valid8Me.com
  ‍If you an employee of one of our clients, please contact your employer directly.

‍

Supervisory Authority

The Data Protection Commission in Ireland may be contacted through their website if you have any concerns or questions about the processing of your personal data.

‍

Cookie Policy

A cookie is a small text file that a website saves on your device when you visit a website. Websites uses cookies to distinguish you from other users of the Website. This helps us to provide you with a good experience when you browse the Website by remembering your actions and preferences.

Cookies allow us to understand how users interact with our website by providing details on the total number of visitors, which parts of our website is most popular to visitors etc. and allows us to improve the Website.

Please be aware that if you do disable cookies however, certain services on the Website will not be available to you and your use and enjoyment of them will be impaired.

If you register with us or if continue to use the Website, you agree to our use of cookies. Please go to the cookie management tool available on our website to understand the cookies that we collect and manage your preferences around them.

You can use the Cookies Settings button on this website to manage cookies.

What we use cookies for

Cookie List

Some cookies are set by us and are called first-party cookies. These cookies are responsible for remembering information about you such as language preference or login information. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting for our advertising and marketing efforts.  

More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms.   You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.  All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance.

You can find a list of the cookies we use here.

Third party websites

Our Website and the Platform may contain links to and from third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy notices.  We do not accept any responsibility or liability for these third-party websites, nor do we provide support for their services. Please undertake the appropriate due diligence before submitting any personal data to these websites.