Our Privacy Policies
This Website and B2B Privacy Policy (“Policy”) explains how Onfido, an Entrust company, ("Onfido", "we", "us", “our”) collects, uses, and otherwise processes personal information of visitors to our websites or when you otherwise interact with Onfido in a business to business capacity.
If you are looking for details of the personal information we collect in other circumstances, please see the relevant policy listed below:
- Our Onfido Privacy Policy contains details about the information we collect, use, and otherwise process when we verify an identity, carry out checks related to an identity, or provide user authentication services (our “Identity Services”).
- Our Cookie and SDK Policy contains information about the cookies we use, why we use them, and your privacy choices regarding cookies.
- If you are a candidate applying for a role at Onfido, please see the Candidate Privacy Policy displayed in our Application Portal.
If you are a California resident, please see and refer to our California Privacy Notice for more information about the privacy choices you have regarding your personal information pursuant to California privacy laws, including the California Consumer Privacy Act (“CCPA”).
1. This Policy
This Policy is focussed on how we process the personal information of the employees of our clients, prospects, vendors and partners when they interact with us in the context of our business (defined above). In these situations, Onfido is the controller of the personal information.
We may need to update this Policy from time to time. If we make material changes, we will publish those changes before they come into effect and notify our clients so they can consider whether to update their own policies and notify their employees.
2. The Information We Collect
Information you provide when you interact with us. We collect the personal information you provide when you interact with us. For example, we collect information when you:
- browse our website, including when you interact with the Onfido chatbot, sign up to receive marketing material (either online or in person at an event), or download a whitepaper;
- create a client account, purchase or trial our Identity Services (e.g. via our sign up page), or access the Onfido Dashboard;
- communicate with us as a client or potential client (e.g. when you communicate with your account team, customer success manager or our customer support team, or when you engage with our sales teams);
- visit our offices or attend an Onfido event;
- engage with us on social media or comment on a blog post;
- provide services to, or partner with, Onfido or administer our account; or
- otherwise contact us.
The information we collect in these scenarios might include your name, email address, other contact information, access credentials, postal address, phone number, company information, job title and other information about your role, billing, financial and purchase information, and any other information you choose to provide to us (for example any information you provide during your communications with us).
Please note that Onfido will always ask you whether you permit us to record a phone or video call with you. If you give your permission, the recording may capture audio, video, chat messaging content, transcriptions, transcript edits and recommendations, as well as related context, such as invitation details, meeting or chat name, or meeting agenda (“Content”). Content may contain your voice and image, depending on the account owner’s settings, what you choose to share, your settings, and what you do on the call. Users should refer to Onfido’s Call Recording Consent Notice for more information on how we will use these recordings, including for users in the US information about how we may Process data which may be considered Biometric Data (as defined).
Information we collect automatically: When you browse our websites, access the Onfido Dashboard, or otherwise engage with us digitally, we or our third party service providers, use various technologies (including cookies, SDKs or Software Development Kits (also known as SDKs), Canvas Fingerprinting, pixels, log files, APIs and, web beacons), to automatically collect or derive the following information:
- Device Information - device identifiers, IP address, information about the device (for example the operating system used, hardware model, whether the device is providing false randomized device and network information or has otherwise been compromised).
- Browsing Information - activity information related to your use of the websites or, Onfido Dashboard or Identity Services, such as information about the links clicked, searches, features used, items viewed, and time stamps. We may also analyze how you interact with your device or, our websites to assess the likelihood of you being a genuine user and who you say you are, for example fraudsters will cut and paste large volumes of information from their clipboard, use this functionality multiple times and otherwise navigate between applications on their device very differently from a genuine user.
- Location information - We may collect or derive your broad geographical location, such as through your IP address. Further, with your permission, we may collect precise geolocation information from your device. You may turn off location data sharing through your device settings.
For more information about cookies and other similar technologies, and the choices you have, please see the “Your Privacy Rights and Choices” section below and review our Cookie Policy.
Information we collect from third parties: We may obtain personal information about you from publicly available sources (like LinkedIn) and third party service providers, such as data enrichment providers.
3. Purposes of Collection, Use and Disclosure of Information
We use the information we collect to:
- Provide, maintain and improve our websites, the Onfido Dashboard and Identity Services;
- Provide and deliver the Identity Services you request, process transactions and send you related information, including confirmations and invoices;
- Detect and protect against fraud, security threats, illegal or prohibited activities, including any abuse of our websites and service terms and conditions;
- Administer your account;
- Send you technical notices, updates, security alerts and support and administrative messages;
- Respond to your comments, questions and requests and provide customer service;
- Communicate with you about products, services, offers, promotions, rewards, and events offered by Onfido and others, and provide news and information we think will be of interest to you;
- Advertise and promote our products and services on third-party websites;
- Tailor content we may send or display on our websites, including to offer location customization and personalized help and instructions, and to otherwise personalize your experiences;
- Plan and manage events;
- Monitor and analyze trends, usage and activities in connection with our websites;
- Exercise legal rights, defend legal claims or comply with our legal and regulatory obligations; and
- Carry out any other purpose for which the information was collected.
We use information for the above purposes where it is necessary for the performance of a contract to which an individual is subject, where it is necessary in our legitimate interest to do so, where we have a legal obligation, or where an individual has provided their consent.
4. Sharing Information Outside Onfido
In general, we may disclose and make available personal information to third parties as described in this section:
- Our affiliates: we may disclose personal information we collect to our affiliates or subsidiaries, who will use and disclose this personal information in accordance with the principles of this Policy;
- Vendors and service providers: we may disclose personal information we collect to our service providers (including our affiliates), processors and others who perform functions on our behalf. These may include, for example, IT service providers, help desk, analytics providers, consultants, auditors, legal counsel and those listed below:
- Third Party Payment Processing: we rely on third party payment partners (such as Stripe), to accept payments on our behalf. We do not directly store any payment card details. All payment information necessary to complete a payment transaction is provided directly to Stripe. For more information about how Stripe processes payment card data, please see Stripe’s Privacy Policy;
- Website Chatbot: we use a third party service provider to provide the chatbot on Onfido.com. Chat sessions will be monitored, recorded and reviewed by Onfido and our third-party vendor in order to respond to you and fulfill your requests, and for training, quality, analytics, and improvement purposes;
- Third-Party Analytics and Tools: we use third party analytics tools, such as Google Analytics. These third-party analytics companies may collect usage data (using cookies, pixels and similar tools) about our services in order to provide us with reports and metrics that help us to evaluate usage of our services, determine the popularity of certain content and improve performance and user experiences; and
- Advertising and Analytics Services: we work with third parties, such as ad networks, channel partners, analytics and measurement services and others (“third-party ad companies”) to deliver advertising and content targeted to your interests, better understand your online activity, manage our advertising on third-party sites and mobile apps and evaluate the success of such ads and content. We may share certain information with these third-party ad companies, and we and them may use cookies, pixels, tags, and other tools to collect usage and browsing information within our website, as well as on third-party sites, apps and services. For more information about interest-based ads, and how to opt out of receiving targeted ads from participating third-party ad networks, please visit see our Cookies Policy or www.aboutads.info/choices.
- Third-party plug-ins and features: our website offers social sharing features and other integrated tools (such as the Facebook "Like" button), which lets you share actions you take on the website with other media, and vice versa. Your use of such features enables the sharing of information with your friends or the public, depending on the settings you establish with the entity that provides the social sharing feature. For more information about the purpose and scope of data collection and processing in connection with social sharing features, please visit the privacy policies of the entities that provide these features;
- As part of a business transfers: we may disclose your personal information to an actual or potential buyer, investor or partner (and its agents and advisers) in relation to any actual or proposed divestiture, merger, acquisition, joint venture, bankruptcy, dissolution, reorganization, or any other similar transaction or proceeding;
- Compliance with regulatory and legal obligations: we may disclose personal information to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
- Fraud detection and prevention: we may disclose personal information to prevent, detect, investigate and respond to fraud, unauthorized activities and access, illegal activities, and misuse of the Identity Services; and
- Other reasons: we may also disclose personal information to any other person where we have your consent to the disclosure or a legitimate legal reason for doing so.
Whenever legally possible, we seek to protect the information we share by imposing contractual privacy and security safeguards on the recipient of the information. In some cases, however, it’s not possible for us to do so — for example, when we have a legal obligation to disclose information to a government authority and that government authority isn’t willing to enter into such contractual safeguards.
If the sharing of personal information involves cross border international transfers of data, we make such transfers in accordance with relevant privacy law requirements. For example, if personal information that is processed subject to the GDPR is transferred outside of the EEA/UK to a country that the European Commission does not consider provides an adequate level of protection for your personal information, we will require the receiving party to enter into the European Commission approved Standard Contractual Clauses (and/or their UK and Switzerland equivalents). You can request a copy of these clauses by contacting us using the details in the section below headed “Contact Onfido or our Data Protection Officer.”
5. Information Security
Onfido has implemented safeguards designed to help protect personal information from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. If you think you have identified a security vulnerability or bug in our Identity Verification Services, please report it to the Onfido security team at security@onfido.com and as described in the Onfido Responsible Security Bug Disclosure Policy.
6. Retention
We store the information described in this Policy only for as long as reasonably necessary to fulfill the purposes identified above or otherwise disclosed to you at the time of collection. For example, we generally maintain website log data for a brief period of time, but we retain communications we may have with individuals for much longer to ensure that we can continue to service those individuals on an ongoing basis.
7. Your Privacy Rights and Choices
We make available several ways for you to manage your privacy rights and preferences. In this section, we describe the rights and choices you have regarding our collection, use and processing of your personal information and how to exercise your rights and choices.
If you are a California resident, please refer to our California Privacy Policy for information about the rights you have with regard to your personal information and how to exercise your rights.
Depending on where you live and subject to applicable privacy law, you may have a number of privacy rights and preferences:
- the right to request access to and disclosure of your information that we hold;
- the right to change and/or correct your inaccurate information;
- the right to block or suppress the processing of your information. This enables you to request that Onfido suspends the processing of your information in certain circumstances;
- the right to object to our processing of your information where we are relying on a legitimate interest (or that of a third party) and you feel such processing impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms;
- the right to request that we delete your personal information, subject to certain exceptions;
- the right to request portability of your personal information. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format; and
- the right to withdraw your consent, if applicable. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
If you exercise any of your data protection rights detailed in this section, we will not discriminate against you.
If you would like to exercise any of the rights set out above, you may contact Onfido as set out in the Contact Onfido section below. We will process your request in accordance with applicable privacy laws. In order to respond to your request, we may ask you for additional information so that we can confirm your identity or process your request.
In addition, you may find the following tools helpful in exercising the above rights:
- Client Account: If you are a business client, you may update, correct or delete information from your client account at any time by logging into your client account here or by emailing Onfido at client-support@onfido.com. If you wish to delete or deactivate your account, please email us at client-support@onfido.com, but note that we may retain certain information as required by law or for legitimate business purposes. We may also retain cached or archived copies of information about you for a limited period of time.
- Promotional communications: You may opt out of receiving promotional communications, including direct marketing emails from Onfido by following the instructions in the communications you receive, such as by clicking the unsubscribe link. If you opt out of receiving marketing, we may still send you non-promotional communications, such as transactional communications related to your account or our ongoing business relations with you.
- Browser settings Most web browsers are set to accept cookies by default. If you prefer, you can also choose to set your browser to remove or reject browser cookies. If you wish to prevent cookies from tracking your activity on our website or visits across multiple websites, you can set your browser to block certain cookies or notify you when a cookie is set; you can also delete cookies. The Help portion of the toolbar on most browsers will tell you how to prevent your device from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to delete cookies. Visitors to our Websites who disable cookies will be able to browse the website, but some features may not function properly.
- Cookie Preference Manager: You can review and adjust your preferences for cookies and targeted advertising on our websites using our Cookie Preferences Manager, which can be accessed by clicking the shield icon (or if you are in California the “Do Not Sell or Share My Personal Information” link) in the footer of our websites.
You may also have a right to lodge a complaint with your local data protection authority or regulator. If you’d like to raise a concern with a Privacy Supervisory Authority, a list of contact points is available here.
If you have any questions or concerns about how we use your personal information, please do not hesitate to let us know.
8. Contact Onfido or our Data Protection Officer
If you would like more information about how Onfido collects and uses personal information, please contact Onfido at privacyrequests@onfido.com, or at: Attention: Privacy Office Onfido Limited, 14-18 Finsbury Square, 3rd Floor, London, EC2A 1AH, United Kingdom.
If you would like to raise a concern with or otherwise communicate with our Data Protection Officer, you may contact them at onfido@hewardmills.com, or at: Attention: Onfido Data Protection Officer, Heward Mills, 77 Farringdon Road, London, EC1M 3JU, United Kingdom.