Privacy Policy

OVERVIEW

AuthenticID (“AuthenticID”, “we”, “us”, “our”) is a leading provider of identity authentication services to enterprises. In this privacy policy (the “Policy”), we describe AuthenticID’s privacy and information practices and the rights and choices individuals have regarding their personal information that we collect. Keep in mind that the actual personal information we collect and how we use it varies depending upon the nature of our relationship and interactions with you. Also, in some cases (such as where required by law), we ask for your consent or give you certain choices prior to collecting or using certain personal information.

When our customers or their authorized users (collectively referred to as “Enterprise Users”) purchase and use our authentication services, we process the personal information of individuals at the customer’s direction and on the customer’s behalf, as a service provider. In such cases, the privacy policies of the respective customer apply and not this Policy.

Table of Contents:

Additional information for European residents
Scope
Information we collect
How we use information
How we disclose information
Cookies and other tracking information
Your choices and rights
Security
Retention
Children
Changes to this Privacy Policy
Contact us
Additional information for California and U.S. residents
Additional information for Washington residents
Additional information for users outside the United States

SCOPE

This Policy explains how we process information that we collect from users, customers and prospective customers, resellers and partners, as well as individuals that access our website or communicate or engage with us about our products and services, that constitutes personal information we process as a “controller” or “business” under applicable privacy laws.

When we collect information on behalf of Enterprise Users of our products and services, the privacy policies of the respective customer will apply to and govern the processing of such personal information, and AuthenticID will only collect, use, retain and otherwise process such information on behalf of the customer and in accordance with our applicable contractual agreements. Enterprise Users are responsible for providing notice to and obtaining any required consent from individuals related to our processing of personal information as part of our authentication services. We are not responsible for the privacy or data security practice of Enterprise Users, which may differ from those set forth in this Privacy Policy.

Personal Information. In this Policy, the term “personal information” generally means any information that identifies, relates to, describes, or is reasonably capable of being associated, or reasonably linked or linkable with a particular individual. It does not include anonymous, aggregate or de-identified information that can no longer be linked to or used to identify a particular individual.

INFORMATION WE COLLECT

We may collect personal information directly from individuals, from third parties, or automatically related to the use of our website and services. The personal information we collect and the sources from which we collect it, vary depending upon the circumstances.

Information We Collect from You. We may collect personal information directly from you, including:

Name, usernames and contact details: We collect name, company name, title, email address and contact information, preferences and other information from customers and prospective customers. For example, if you wish to receive our fraud bulletins and other newsletters or read one of our security eBooks, you are asked to submit a registration form.
Services and payment information: When Enterprise Users purchase our services, we collect information related to the services they have purchased, which may include name, billing and shipping address, payment details, and records of products and services that our Enterprise Users and prospective customers have purchased, obtained or considered. We may work with external payment processors and fulfillment partners to process these payments.
Communications, requests and support: If you contact us by email, mail, phone, contact us forms or otherwise regarding the Services, we collect and maintain a record of your contact details, communications and our responses. If you call us, we may also record calls and maintain logs and records of those calls.
Recruiting candidates and employees: If you are employed by or seeking employment from AuthenticID, we may additionally collect information from you, such as your contact details, employment history, educational history, such as the schools attended, degrees you were awarded and associated dates, and relevant records check.
Information collected by the AuthenticID product: We may collect the following categories of personal information in order to operate our product offering and provide our services. In most cases, this information is collected on behalf of the Enterprise User in order to provide services to our customer, who is the controller. You should review the privacy policy of the respective customer for more information.
- Name, contact information and identifiers: direct identifiers such as a name, alias, user ID, username, email address and contact information (including your phone number), account number, unique personal identifier, IP address and other online identifiers or unique identifiers, address and other contact information, account name, government identifiers, signatures, or other similar identifiers.
- Your ID docs: we may collect photos and images of your driver’s license, passport or other government-issued ID or ID document (each, an “ID”), as well as information extracted from your ID (such as name, contact information, birthdate, ID number, gender, and data from the machine-readable zone of your ID).
- Photos: selfies captured through your mobile device and ID photos extracted from your ID(s).
- Usage data: browsing history, clickstream data, search history, access logs and other usage data and information regarding an individual’s interaction with our website and online services, and our marketing emails and online ads.
- Audio, video and other electronic data: audio, electronic, visual, thermal, olfactory, or similar information, selfies and other photographs and images, and call recordings (e.g., of customer support calls).
- Professional information: professional or employment- related information, such as current and former employer(s) and position(s), title and business contact information.
- Inferences: inferences drawn from personal information that we collect to create a profile reflecting an individual’s preferences or other characteristics.
- Biometrics: facial recognition templates and other biometric identifiers (“Biometric Identifiers”) that are derived from your selfies and ID photos, and compared for purposes matching your ID photo(s) to your selfies. This includes physiological characteristics that can be used to establish an individual’s identity.
- Geolocation data: precise location information about a particular individual or device.
- Protected classifications: characteristics of protected classifications under applicable laws, such as disability information (as part of and to the extent included on identity documents provided to us) and medical conditions.
- Information that you voluntarily provide to us

Information collected for the purpose of fulfilling a privacy right: When you exercise a privacy rights described in this Privacy Policy, we may request that you submit additional personal information in order to verify your identity to the extent necessary prior to fulfilling your request.
Information collected or generated for the purpose of testing and evaluation purposes: In some cases, you may submit personal information, such as a facial photograph and government issued identification, and other biometric information, and/or ask us to generate associated sample identity documents, when testing our fraud detection Services implementation. To the extent such personal information is provided by or generated on behalf an Enterprise User, please refer to the applicable customer’s privacy policies.
Information collected in connection with Events: We may additionally collect information from you, such as information on medical conditions, dietary restrictions, etc., in order to make available appropriate accommodations at events that are hosted or provided by AuthenticID (each, an “Event”).
Information you provide offline: You may provide information to us in person and offline, such as information provided by you at trade shows, conferences, Events or on-premise visits.
Other information: You may provide information voluntarily to us.

Information We Collect from Third Parties.

If you access or manage our services on behalf of an Enterprise User, then we may receive username, email addresses and other information from such Enterprise User in order to grant you access to the services.
If you engage with any of our authorized resellers or business partners, we may receive personal information that you provide to the reseller or partner.
We may also collect personal information from public sources or databases and other third-party sources, in order to provide and enhance our authentication services.

We may also collect information about customers and prospective customers and the relevant business contacts for them from third party sources in order to validate or enhance our customer records.
We may also collect historical fraud detection and/or identity verification data that have been provided or contributed by our customers, partners, Enterprise Users, or other third parties (“Contributed Data”). We may use such Contributed Data to improve and develop our products and services, including our algorithms and models.

Information We Collect Automatically. We also may collect personal information about how individuals access, use and interact with our websites, applications and online service, such as information we collect automatically including cookies and pixel tags, IP address, app identifier, advertising ID, location information, browser type, device type, domain name, the website that led you to our website, the website to which you go after leaving our website, the dates and times you access our websites and online services, and the links you click and your other activities. We also may use pixels in HTML emails to understand if individuals read the emails we send to them. For more information, see the Cookies and Other Tracking Information section below. In addition, if you access or manage our services on behalf of an Enterprise User, we collect and maintain access, audit and other logs about administrator activities within the services.

In particular, when you use our Services, we collect information about you, your device, and your usage activity, including:

Device, connectivity, and configuration data: data about your device and your device configuration. For example, data about the operating systems and other software installed on your device, IP address, device identifiers, regional and language settings. In addition, when you share a “selfie” through your device, we receive certain information derived from your device camera, such as location data.
Error reports and performance data: data about the performance of the Services, and any problems you experience, including error reports. Error reports (sometimes called “crash dumps”) can include details of the software or hardware related to an error, files opened when an error occurred, and data about other software on your device.
Usage data: such as how long and often you use the Services and which Enterprise Customer you authenticate with.
Location data: such as precise location information from your device with your permission or location information derived from your IP address or other device data.
Authentication logs: we maintain records of each use, and actual or attempted login or authentication through the Services, including date and time stamps, whether the login or authentication was successful. This information may be linkable with the other authentication data and identity data that we collect and process about you.
Metadata: When you upload an image of your ID, or a photo, selfie or other image, we may derive and collect certain “metadata” associated with that image or file, which may include date and time stamps, file size and type, and other attributes and information associated with that image or file.

If you use our mobile application (the “App”), our App uses automatically collected information from your device camera and the TrueDepth API provided by Apple. This information is used to track the user’s head and face so that we can detect any kind of image or video spoofing thus making the scan feature more robust. None of the information collected by the TruDepth API ever leaves the user’s device nor is it persistently stored on the device.

Information We Derive. We may derive additional information or draw inferences about you based on the information we have collected from you directly, passively, or through third parties.

HOW WE USE INFORMATION

The purposes for which we may process personal information vary depending upon the circumstances. For information on how Enterprise

Users collect, use and share the personal information collected via our platform, please refer to the customer’s respective privacy policies.

Generally, AuthenticID uses personal information for the following business and commercial purposes:

Providing our services related support: to provide and operate our services and website, communicate with you about your use of our services or website, to provide troubleshooting and technical support, respond to your inquiries, fulfill your orders and requests, process payments, communicate with you, and for similar service and support purposes.
Performing our contracts: to fulfill our contractual obligations.
Analyzing and improving our services: to better understand how our services and website are accessed and used, in order to administer, monitor, and improve our services, for our internal purposes, and for other research and analytical purposes.
Communicating with you: to respond to your requests or otherwise communicate with you relating to our services or business.
Personalizing content experiences: to tailor content we may send or display on the website or otherwise, to offer location customization and personalized help and instructions, and to otherwise personalize your experiences.
Marketing and promotional purposes: to promote AuthenticID’s products and services to Enterprise Users and prospective customers and for direct marketing purposes, including to send you newsletters, client alerts and information we think may interest you.
Securing and protecting assets and rights: to protect the services and our business operations, to prevent, detect and investigate fraud, misuse, harassment or other types of unlawful activities; where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of this Policy and our applicable agreements and terms of use.
Complying with legal obligations: to comply with the law or legal proceedings. For example, we may disclose information in response to subpoenas, court order, and other lawful requests by regulators and law enforcement, including responding to national security or law enforcement disclosure requirements.
In support of our general business operations: related to the administration of our general business, operational, recruiting, accounting, recordkeeping and legal functions. For example, as part of any merger, sale, transfer of assets, acquisition, financing and/or restructuring, bankruptcy or similar event, including related to due diligence conducted prior to such event where permitted by law.

Biometric Information. We may use your biometric information to verify your identity for certain partners, to detect and help prevent fraud, and for other purposes as stated above in this Privacy Policy. We also may use the information in other ways with your consent. For additional information, please see our Biometric Information Notice and Consent.

Aggregate and De-identified data. We may also create and use aggregate, and/or de-identified data to improve and develop our business and services, and for similar research and analytics purposes. We may use automated processes, artificial intelligence, and machine learning, to analyze data, which helps us improve our services and identify fraud patterns. We will maintain such data in a de-identified form without attempting to re-identify such data, and we may use such de- identified data for any purpose, including but not limited to for research and marketing purposes, and may also share such data with any third parties.

HOW WE DISCLOSE INFORMATION

We may share or disclose personal information that we collect as follows:

Subsidiaries and affiliates: with our subsidiary and affiliated companies (i.e., our parent company and other companies under common ownership, control or management with us); their use and disclosure of such personal information is subject to this Policy.
Vendors and providers: with our third-party service providers who use this information to perform services on our behalf, such as hosting and cloud storage providers, payment providers, auditors, advisors, consultants, customer service and/or support providers. In addition, we may disclose certain information to third parties in order to conduct and improve our authentications services on behalf of Enterprise Users.
Enterprise Users: with our Enterprise Users we share information related to their users who access and manage the services on their behalf as well as information collected and processed on behalf of Enterprise Users.
Other Customers and Partners: with our other customers and partners we may share Contributed Data to better support their fraud detection efforts and other legitimate interests.
Legal compliance: in response to a valid court order, subpoena, government investigation, or as otherwise required by law. We also reserve the right to report to law enforcement agencies any activities that we, in good faith, believe to be unlawful.
Business transfers: as part of any actual or contemplated merger, sale, transfer of assets, acquisition, financing and/or restructuring of all or part of our business, bankruptcy or similar event, including related to due diligence conducted prior to such event where permitted by law.
Protection of rights: where we believe necessary to respond to claims asserted against us, to enforce or administer our agreements and terms, for fraud prevention, risk assessment, investigation, to protect the rights, property or safety of AuthenticID, our affiliates, Enterprise Users, prospective customers and/or others, and/or as evidence in litigation in which we are involved.

Aggregated and De-identified Data. We may share aggregate or de- identified data with third parties for research, marketing, advertising, analytics and/or other purposes.

COOKIES AND OTHER TRACKING INFORMATION

We and our third-party providers use cookies, clear GIFs/pixel tags, JavaScript, local storage, log files, and other mechanisms to automatically collect and record information about your browsing activities and use of the website and online services. Please see the section titled “Information We Collect Automatically” above for more details. We may combine this information with other personal information we collect about you. We use this information as set forth in the section titled “How We Use Information” above, including without limitation to understand how our website and services are used, track bugs and errors, provide and improve our services, verify account credentials, allow logins, track sessions, prevent fraud, and protect our Services, to personalize content, and for analytics purposes.

Cookies. Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our website, while others allow us to track your activities while using our Site. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Parts of our website may not work properly if you disable cookies.

Pixel Tags. Pixel tags are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages. We may use pixel tags (also referred to as web beacons, web bugs or clear GIFs), in connection with our Services to, among other things, help us manage ads and content, and compile statistics about usage of our Services. We may also use pixel tags in HTML emails to our customers, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.

Browser Settings. You can also block or disable cookies for the device and browser you are using, through your browser settings; however, certain features on our website may not be available or function properly if you block or disable cookies. Please note, that your cookie preferences are applied on a browser and device basis. So, you will need to set your cookie preferences for each browser and device you use to access our website.

Interest-Based Advertising. We may work with third party ad networks, analytics companies, measurement services and others (“third party ad companies”) to help us manage our advertising on third party sites and services. We and these third party ad companies may use cookies, pixels tags, and other tools to collect activity information on our website (as well as on third party sites and services), as well as IP address, device ID, cookie and advertising IDs, and other identifiers, general location information, and, with your consent; we and these third party ad companies use this information to provide you more relevant ads and content and to evaluate the success of such ads and content. In addition, these third parties may combine the information collected from us and our website with information collected about you from third-party sites, apps, and services, in order to make inferences about you and your interests, to better tailor advertising and content to you across multiple sites, apps, and services and to collect associated metrics. For more information about third party ad networks and how to opt out of interest- based ads from many ad networks go to:

Canada: www.youradchoices.ca
U.S.: www.aboutads.info

YOUR CHOICES AND RIGHTS

Access, Amend and Correct. If you wish to access or amend certain personal information that you have submitted to us, to request the correction of any inaccurate information you have submitted to us, or to request deletion of your information, please send your request

to [email protected]. We will review your request and make reasonable efforts to respond to it as soon as practicable. We may ask you for additional information so that we can confirm your identity.

If you have a request related to the personal information we collect and process on behalf of an Enterprise User, you should contact that Enterprise User directly. If you submit your request to us, we will attempt to forward it to the relevant Enterprise User so that they may respond to you directly.

Direct Marketing. You may always opt-out of direct marketing emails. If you would like to unsubscribe from our email subscriptions or otherwise change your email preferences with AuthenticID, please follow the instructions in any of our promotional emails that we send to you, e.g., by clicking the unsubscribe link provided therein. Please note, that we may continue to send you transactional or service-related communications, such as service announcements and administrative messages.

Additional Information. In the sections Additional Information for California and U.S. Residents, Additional Information for Washington Residents, and Additional Information for European Residents below, we provide additional information as required under privacy laws. Applicable residents should review this section for more information regarding their rights under privacy laws.

SECURITY

We have implemented administrative, physical, personnel, and technical safeguards designed to protect the personal information we collect or hold on behalf of customers from loss, misuse, unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our efforts, no data security measures can guarantee security.

RETENTION

Generally, we retain your personal information for as long as necessary to fulfill the purposes for which we collected it or as necessary to comply with our legal obligations, resolve disputes, maintain appropriate business records, and enforce our agreements.

To the extent we collect your “biometric information” or “biometric identifiers” as defined by applicable law, unless otherwise required by an order from a court of competent jurisdiction or applicable law, we will delete that information permanently and securely upon the earlier of the expiration of the retention period specified by the Enterprise User or three years after your last interaction with us. For additional information, please see our Biometric Information Notice and Consent.

Please note that with respect to any other personal information that we collect and process as a service provider or processor on behalf of an Enterprise User, we will retain such personal information for the period of time specified by the Enterprise User.

CHILDREN

Our Services are not targeted to minors under the age of sixteen (16) and we do not knowingly or specifically collect information about minors under the age of 16. If you believe we have unintentionally collected such information, please notify us as set out in the Contact Us section below.

CHANGES TO THIS PRIVACY POLICY

We may update this Policy from time to time, for example to reflect new privacy law requirements or changes in our privacy practice. If we make changes to this Policy, we will notify you by posting a new version of this Policy on our website. You are responsible for periodically reviewing this Policy to check for any changes and for the latest updates. Changes to this Policy are effective when they are posted on this page. You acknowledge that continued use of our Services after we publish or send a notice about our changes to this Policy means that the collection, use and sharing of your personal information is subject to the updated Policy.

CONTACT US

If you have any questions about this policy, please feel free to contact us at [email protected].

ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS

Some U.S. state privacy laws require specific disclosures. In this section, we provide additional information, as required under California privacy laws including the California Consumer Privacy Act (“CCPA”) and other U.S. state privacy laws. This section does not address or apply to our handling of publicly available information lawfully made available by state or federal government records or other personal information that is exempt under the CCPA or other U.S. state privacy laws. While our collection, use and disclosure of personal information varies based upon our relationship and interactions with you, in this section we describe, generally, how we have collected and disclosed personal information about consumers in the prior 12 months (from the Effective Date above).

Categories of personal information collected and disclosed. The table below identifies the categories of personal information we have collected about consumers, as well as how we have disclosed such information for a business purpose. For more information about the business and commercial purposes for which we collect, use and disclose personal information, please see the How We Use Information and the How We Disclose Information sections above.

Personal Information Collected

Categories	Description	Categories of Third Parties to Whom We May Disclose this Information
Identifiers	Includes direct identifiers, such as name, alias user ID, username, account number; email address, phone number, address and other contact information; IP address and other online identifiers; SSN, driver’s license number, passport number, tax and other similar identifiers.	• service providers, advisors, and agents • government entities and law enforcement • affiliates and subsidiaries • data analytics providers • internet service providers

Categories	Description	Categories of Third Parties to Whom We May Disclose this Information
	ID and other government identifiers; and other similar identifiers.	• operating systems and platforms • Enterprise Users
Customer Records	Includes personal information, such as name, account name, user ID, contact information, employment information, account number, and financial or payment information), that individuals provide us in order to purchase or obtain our products and services. For example, this may include account registration information, or information collected when an individual purchases or orders our products and services, or enters into an agreement with us related to our products and services.	• service providers, advisors, and agents • government entities and law enforcement • our affiliates and subsidiaries • Enterprise Users
Commercial Information	Includes records of personal property, products or services purchased, obtained, or considered, or other purchasing or use histories or tendencies.	• service providers, advisors, and agents • government entities and law enforcement • affiliates and subsidiaries • data analytics providers • internet service providers • operating systems and platforms • data brokers • Enterprise Users
Usage Data	Includes browsing history, clickstream data, search history, access logs and other usage data and information regarding an individual’s interaction with our websites, mobile apps and other Services, and our marketing emails and online ads.	• service providers, advisors, and agents • government entities and law enforcement • affiliates and subsidiaries • data analytics providers • internet service providers • operating systems and platforms • Enterprise Users
Audio, video and electronic data	Includes audio, electronic, visual, thermal, olfactory, or similar information, photographs and images (e.g., that you provide us or post to your profile) and call recordings (e.g., of customer support calls).	• service providers, advisors, and agents • government entities and law enforcement • affiliates and subsidiaries • Enterprise Users

Categories	Description	Categories of Third Parties to Whom We May Disclose this Information

Professional information	Includes professional and employment-related information such as business contact information and professional memberships.	• service providers, advisors, and agents • government entities and law enforcement • affiliates and subsidiaries
Education information	Information about an individual’s educational history such as the schools attended, degrees you were awarded, and associated dates.	• service providers, advisors, and agents • government entities and law enforcement • affiliates and subsidiaries
Inferences	Includes inferences drawn from other personal information that we collect to create a profile reflecting an individual’s preferences, characteristics, predispositions, behavior, attitudes, intelligence, abilities or aptitudes. For example, we may analyze personal information in order to identify the offers and information that may be most relevant to customers, so that we can better reach them with relevant offers and ads.	• service providers, advisors, and agents • government entities and law enforcement • our affiliates and subsidiaries analytics providers

Sources of personal information. As further described in the section Information we collect above, we may collect personal information from the following sources:

directly from the data subject
Enterprise Users
data analytics providers
resellers and business partners
public records
service providers
advisors and agents
derived from existing personal information

Your rights. Depending on where you live and subject to applicable exceptions, you have the following rights with respect to your personal information:

Do-not-sell (opt-out): to opt-out of our sale of their personal information. We do not sell personal information, including those we have actual knowledge are younger than sixteen (16).
Right of deletion: to request deletion of their personal information that we have collected about them and to have such personal information deleted (without charge), subject to certain exceptions.
Right to know: with respect to the personal information we have collected about them in the prior 12 months, to require that we disclose the following to them (up to twice per year and subject to certain exemptions):
— categories of personal information collected;
— categories of sources of personal information;
— categories of personal information about them we have disclosed for a business purpose or sold;
— categories of third parties to whom we have sold or disclosed for a business purpose their personal information;
— the business or commercial purposes for collecting or selling their personal information;
— and a copy of the specific pieces of personal information we have collected about them.
Right to non-discrimination: the right not to be subject to discriminatory treatment for exercising their privacy rights.

Submitting privacy rights requests. You may submit requests to know (access) and requests to delete personal information by email at [email protected].

When you submit a request to know or a request to delete, we will take steps to verify your request by matching the information provided by you with the information we have in our records. You must email us with any requested information (or otherwise provide us with this information to verify your request. In some cases, we may request additional information in order to verify your request or where necessary to process your request. If we are unable to adequately verify a request, we will notify the requestor. Authorized agents may initiate a request on behalf of another individual by contacting us through the above listed method; authorized agents will be required to provide proof of their authorization and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent. If you would like to submit a privacy rights request regarding personal information we process on behalf of an Enterprise User (i.e., in our role as a service provider), you should contact the relevant Enterprise User directly; if you submit such request to us, we will endeavor to forward your request to the relevant Enterprise User (where known) so that they may respond to your request.

ADDITIONAL INFORMATION FOR WASHINGTON RESIDENTS

Please refer to our WashingtonConsumer Health Data Privacy Notice available here.

ADDITIONAL INFORMATION FOR USERS OUTSIDE THE UNITED STATES

Our company is based in the United States. Our products and services are controlled and operated by us from the United States and are not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the laws of the country(ies) where our products and services are controlled. Your personal information may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the our products and services you consent to the transfer of information to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your personal information.

ADDITIONAL INFORMATION FOR EUROPEAN RESIDENTS

We typically will process your information pursuant to the following legal bases:

with your consent;
as necessary to perform our agreement to provide services to you; or
as necessary for our legitimate interests. This includes data processing for the legitimate interests of AuthenticID, either to improve our customers’ services or the performance of our algorithms and models, or it is demonstrated that the processing is necessary and proportionate.

We also may process your information where it is necessary to comply with a legal obligation to which we are subject.

The laws of certain jurisdictions may provide data subjects with various rights in connection with the processing of personal information, including:

• The right to withdraw any previously provided consent;
• The right to access certain information about you that we process;
• The right to have us correct or update any personal information;
• The right to have certain personal information erased;
• The right to have us temporarily block our processing of certain personal information;
• The right to have personal information exported into common machine-readable format;
• The right to object to our processing of personal information in cases of direct marketing, or when we rely on legitimate interests as our lawful basis to process your information; and
• The right to lodge a complaint with the appropriate data protection authority

Where we are deemed a data controller under the laws of certain jurisdictions, we will take steps to help ensure that you are able to exercise your rights regarding personal information about you in accordance with applicable law. To do so, you may contact us at [email protected]. Please note these rights may be limited in certain circumstances as provided by applicable law. We will promptly review all such requests in accordance with applicable laws. Depending on where you live, you may also have a right to lodge a complaint with a supervisory authority or other regulatory agency if you believe that we have violated any of the rights concerning personal information about you. We encourage you to first reach out to us at [email protected], so we have an opportunity to address your concerns directly before you do so.

Under the laws of certain jurisdictions, when processing personal data on behalf of our Enterprise Users, we may be deemed a ‘data processor’ while our Enterprise Users are deemed ‘data controllers’. Where we are deemed a data processor, you should contact the Enterprise User, the data controller, to pursue any such legal data subject rights. We will reasonably cooperate with our Enterprise Users to support and comply with any such data subject rights requests.