Please review this Policy periodically as we may modify it from time to time. If we make any material changes, we’ll notify you, which may include posting a notice on our website and/or sending you an email to the address we have on record for you.
If you are a California resident, please see and refer to our California Privacy Notice for more information about the privacy choices you have regarding your personal information pursuant to California privacy laws, including the California Consumer Privacy Act (“CCPA”).
The Information We Collect
We collect the personal information you provide when browsing our websites or when you otherwise interact with us. For example, we collect information when you:
- Create a client account, purchase or trial our Identity Services via our sign up page or access the Onfido Dashboard;
- interact with the Onfido chatbot, sign up to receive marketing material (either online or in person at an event), attend an Onfido event or download a whitepaper;
- provide services to or partner with Onfido or administer our account;
- contact your account team, Customer Success Manager or our Customer Support Team;
- visit our offices;
- engage with us on social media, comment on a blog post; or
- otherwise contact us.
This information might include your name, email address, other contact information, access credentials, postal address, phone number, company information, job title and other information about your role, billing, financial and purchase information, and any other information you choose to provide to us (for example any information you provide during your communications with us).
In addition, we or our third party service providers, use various technologies (including cookies, SDKs or Software Development Kits, Canvas Fingerprinting, pixels, log files, APIs and, web beacons), to automatically collect or derive the following information, information when you browse our websites, access the Onfido Dashboard or otherwise engage with us digitally:
- Device Information- device identifiers, IP address, information about the device (for example the operating system used, hardware model, whether the device is providing false randomized device and network information or has otherwise been compromised).
- Browsing Information - We also collect activity information related to your use of the websites, Onfido Dashboard or Identity Services, such as information about the links clicked, searches, features used, items viewed, and time stamps. We may also analyze how you interact with the device, our website or app to assess the likelihood of you being a genuine user and who you say you are, for example fraudsters will cut and paste large volumes of information from their clipboard, use this functionality multiple times and otherwise navigate between applications on their device very differently from a genuine user.
- Location information - We may collect or derive your broad geographical location, such as through your IP address. Further, with your permission, we may collect precise geolocation information from your device. You may turn off location data sharing through your device settings.
Purposes of Collection, Use and Disclosure of Information
We use the information we collect to:
- Provide, maintain and improve our websites, the Onfido Dashboard and Identity Services;
- Provide and deliver the Identity Services you request, process transactions and send you related information, including confirmations and invoices;
- Detect and protect against fraud, security threats, illegal or prohibited activities, including any abuse of our websites and service terms and conditions;
- Administer your account;
- Send you technical notices, updates, security alerts and support and administrative messages;
- Respond to your comments, questions and requests and provide customer service;
- Communicate with you about products, services, offers, promotions, rewards, and events offered by Onfido and others, and provide news and information we think will be of interest to you;
- Advertise and promote our products and services on third-party websites;
- Tailor content we may send or display on our websites, including to offer location customization and personalized help and instructions, and to otherwise personalize your experiences;
- Planning and managing events;
- Monitor and analyze trends, usage and activities in connection with the websites;
- Exercise legal rights, defend legal claims or comply with our legal and regulatory obligations; and
- Carry out any other purpose for which the information was collected.
We use information for the above purposes where it is necessary for the performance of a contract to which an individual is subject, where it is necessary in our legitimate interest to do so, where we have a legal obligation, or where an individual has provided their consent.
Sharing Information Outside Onfido
In general, we may disclose and make available personal information to third parties as described in this section:
- Our affiliates: we may disclose personal information we collect to our affiliates or subsidiaries, who will use and disclose this personal information in accordance with the principles of this Policy;
- Vendors and service providers: we may disclose personal information we collect to our service providers (including our affiliates), processors and others who perform functions on our behalf. These may include, for example, IT service providers, help desk, analytics providers, consultants, auditors, legal counsel and those listed below:
- Website Chatbot: we use a third party service provider to provide the chatbot on Onfido.com. Chat sessions will be monitored, recorded and reviewed by Onfido and our third-party vendor in order to respond to you and fulfill your requests, and for training, quality, analytics, and improvement purposes;
- Third-Party Analytics and Tools: we use third party analytics tools, such as Google Analytics. These third-party analytics companies may collect usage data (using cookies, pixels and similar tools) about our services in order to provide us with reports and metrics that help us to evaluate usage of our services, determine the popularity of certain content and improve performance and user experiences;
- Third-party plug-ins and features: Our website offers social sharing features and other integrated tools (such as the Facebook "Like" button), which lets you share actions you take on the website with other media, and vice versa. Your use of such features enables the sharing of information with your friends or the public, depending on the settings you establish with the entity that provides the social sharing feature. For more information about the purpose and scope of data collection and processing in connection with social sharing features, please visit the privacy policies of the entities that provide these features.
- As part of a business transfers: we may disclose your personal information to an actual or potential buyer, investor or partner (and its agents and advisers) in relation to any actual or proposed divestiture, merger, acquisition, joint venture, bankruptcy, dissolution, reorganization, or any other similar transaction or proceeding;
- Compliance with regulatory and legal obligations: we may disclose personal information to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
- Fraud detection and prevention: we may disclose personal information to prevent, detect, investigate and respond to fraud, unauthorized activities and access, illegal activities, and misuse of the Identity Services,
- Other reasons: we may also disclose personal information to any other person where we have your consent to the disclosure or a legitimate legal reason for doing so.
Whenever legally possible, we seek to protect the information we share by imposing contractual privacy and security safeguards on the recipient of the information. This is particularly important in cases where the recipient is located in a country that has different or lesser privacy laws than those of the country where the information was originally collected. In some cases, however, it’s not possible for us to do so — for example, when we have a legal obligation to disclose information to a government authority and that government authority isn’t willing to enter into such contractual safeguards.
Onfido takes safeguards designed to help protect information about users from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. If you think you have identified a security vulnerability or bug in our Identity Verification Services, please report it to the Onfido security team at firstname.lastname@example.org and as described in the Onfido Responsible Security Bug Disclosure Policy.
We store the information described in this Policy only for as long as reasonably necessary to fulfill the purposes identified above or otherwise disclosed to you at the time of collection. For example, we generally maintain website log data for a brief period of time, but we retain communications we may have with individuals for much longer to ensure that we can continue to service those individuals on an ongoing basis.
Your Privacy Rights and Choices
We make available several ways for you to manage your privacy rights and preferences. In this section, we describe the rights and choices you have regarding our collection, use and processing of your personal information and how to exercise your rights and choices.
Depending on where you live and subject to applicable data protection law, you may have a number of privacy rights and preferences:
- The right to request access to and disclosure of information that we hold;
- the right to change and/or correct inaccurate information;
- the right to block or suppress the processing of your information. This enables you to request that Onfido suspends the processing of your information in certain circumstances;
- the right to object to our processing of your information where we are relying on a legitimate interest (or those of a third party) and you feel such processing impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms;
- the right to request that we delete your personal information, subject to certain exceptions;
- the right to request portability of your personal information. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format;
- the right to withdraw your consent, if applicable. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
If you exercise any of your data protection rights detailed in this section, we will not discriminate against you.
If you would like to exercise any of the rights set out above, you may contact Onfido as set out in the Contact Onfido section below. We will process your request in accordance with applicable privacy and data protection laws. In order to respond to your request, we may ask you for additional information so that we can confirm your identity or process your request.
In addition, you may find the following tools helpful in exercising the above rights:
- Client Account: If you are a business client, you may update, correct or delete information from your client account at any time by logging into your client account here or by emailing Onfido at email@example.com. If you wish to delete or deactivate your account, please email us at firstname.lastname@example.org, but note that we may retain certain information as required by law or for legitimate business purposes. We may also retain cached or archived copies of information about you for a limited period of time.
- Promotional communications: You may opt out of receiving promotional communications, including direct marketing emails from Onfido by following the instructions in the communications you receive, such as by clicking the unsubscribe link. If you opt out of receiving marketing, we may still send you non-promotional communications, such as transactional communications related to your account or our ongoing business relations with you.
- Browser settings: Most web browsers are set to accept cookies by default. If you prefer, you can also choose to set your browser to remove or reject browser cookies. If you wish to prevent cookies from tracking your activity on our website or visits across multiple websites, you can set your browser to block certain cookies or notify you when a cookie is set; you can also delete cookies. The Help portion of the toolbar on most browsers will tell you how to prevent your device from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to delete cookies. Visitors to our services who disable cookies will be able to browse the website, but some features may not function properly.
- Cookie Preference Manager: You can review and adjust your preferences for cookies and targeted advertising on our websites using our Cookie Preferences Manager, which can be accessed by clicking the shield icon (or if you are in California the “Do Not Sell or Share My Personal Information” link) in the footer of our websites.
You may also have a right to lodge a complaint with your local data protection authority or regulator. If you’d like to raise a concern with a Privacy Supervisory Authority, a list of contact points is available here.
If you have any questions or concerns about how we use your personal information, please do not hesitate to let us know.
If you would like more information about how Onfido collects and uses information, please contact Onfido at email@example.com, or at:
Attention: Privacy Office Onfido Limited, 14-18 Finsbury Square 3rd Floor, London EC2A 1AH United Kingdom
If you would like to raise a concern with or otherwise communicate with our Data Protection Officer, you may contact them at firstname.lastname@example.org, or at:
Attention: Onfido Data Protection Officer Heward Mills 77 Farringdon Rd London EC1M 3JU, UK.