Smile ID Privacy Policy

2.1. “Server logs” refers to a document that automatically records information and details about online interactions with our sites. For example, server logs may record information about a person's visit to our Site at a particular date and time, and collect information such as device ID or IP address.

2.2. “Cookies” refer to small files that are stored on a user's device through the use of our websites. A cookie allows the Site to recognize users who have visited and may store user preferences and other information. For example, cookies can be used to collect or store information about use of our website during a session and over time (including the pages viewed, and the files downloaded), the device’s operating system, device ID, IP address, and users general geographic location.

2.3. “Personal information” refers to information that can be used to identify, locate, or contact an individual, alone or when combined with other personal or identifying information.

3.3. Personal information provided directly by you through the Site

We collect personal information from Users who create an account on the Site, log into their account on the Site, or apply to a job with us. We may collect the following categories of information from these users:

• Full name
• The password you create for your account
• Email address
• Phone number
• Organisation name
• Information about your customers
• Payment card information
• Resume information (including experiences and education information)
• Any personal information you provide in your cover letter
• Information we collect through your social media profiles or personal website

3.4. Personal information collected through our identity verification services

We may collect the following categories of information about Users who are subject to our identity verification, ID fraud detection, authentication or KYC services through our Customers and partners:

• Full name
• Contact Information
• Biometric information (facial geometry)
• Government ID number (from a national database)
• A photo of your face (selfie)

4.1. We use the information that we collect for a variety of purposes. Our legal bases for processing personal information are:

• our legitimate interest in running and maintaining our business;
• our legitimate interest in providing secure authentication and preventing fraud;
• the performance and fulfilment of our contracts;
• consent and;
• compliance with our legal obligations.

In many instances, more than one of these legal basis apply to the processing of your personal information.

4.2. The purposes for which we use personal information include:

• To provide Users with our Services;
• To help detect and prevent fraud which may include the use of artificial intelligence and machine learning technologies and maintaining secure anti-fraud databases;
• Respond to questions or requests concerning the Services;
• Fulfill the terms of any agreement requiring processing of personal data;
• Fulfill requests for our Services or otherwise complete a transaction that persons initiate;
• Send information about our Services and other topics that are likely to be of interest, including newsletters, updates, or other communications, including promotional emails;
• Improve our artificial intelligence and machine learning technology;
• Deliver confirmations, account information, notifications, and similar operational communications;
• Improve User experience and the quality of our products and Services;
• Comply with legal and/or regulatory requirements;
• Aggregate and de-identify information;
• Serve advertisements;
• Analyze how visitors use the Services and various Services features, including to count and recognize visitors to the Services;
• Create new products and Services, and;
• Manage our business.

5.1. We share personal information with third parties for a variety of purposes, as described below:

• 5.1.1. Businesses who sign up for our Services: We may share personal information, which includes identity verification status, with the businesses who utilize our verification KYC services. Information collected is subject to the privacy policies of these businesses.
• 5.1.2. Fraud prevention: We process personal data for fraud prevention and identity authentication. This includes maintaining a secure hashed database, using AI systems to detect anomalies, and deploying human review to evaluate machine decisions.
• 5.1.3. Third-party data sharing: We may share personal information with third-party partners to facilitate fraud prevention, identity verification, or to develop new products to improve identity verification in accordance with applicable laws.
• 5.1.4. Third-party service providers: Smile ID uses providers for web-hosting, mailing, and transaction fulfillment. These providers may collect or use personal information to assist us in achieving our business purposes and fulfilling requests.
• 5.1.5. Analytics: We partner with third parties for analysis, auditing, research, and reporting. These parties may use pixels, server logs, device IDs, and IP addresses to obtain automatically collected information.
• 5.1.6. Interest-based Advertising: The Services enable third-party tracking (e.g., Facebook) to collect information for online interest-based advertising and targeting ads based on mobile activity.

5.2. The use of online tracking mechanisms by third parties is subject to those third parties’ own privacy policies, and not this Policy. Persons who prefer to prevent third parties from setting and accessing cookies may configure their browser to block cookies.

5.3. Additionally, persons may remove themselves from targeted advertising via the Network Advertising Initiative or the Digital Advertising Alliance. Although our Site currently does not respond to “do not track” browser headers, persons can limit tracking through these third-party programs.

6.1. Persons who may wish to access, correct, or delete the personal information we have on file, may contact us at dpo@usesmileid.com

6.2. Residents of the EU, UK, or another jurisdiction with an applicable privacy law, may have certain rights. These rights may include:

• The right to be informed about our data collection practices;
• The right to access and rectify your data;
• The right to erase or delete your data;
• The right to data portability;
• The right to restrict and object to the processing of your data (including for direct marketing purposes);
• The right to opt-out of marketing emails and text messages;
• The right to limit our use of any automated decision-making processes;
• The right to lodge a complaint to your local data protection authority; and
• The right to withdraw consent (to the extent applicable).

6.3. To exercise any of the rights listed above, please contact us via email at compliance@usesmileid.com. We will respond to your request as soon as reasonably possible but no longer than thirty (30) calendar days.

7.1. We do not warrant, endorse, guarantee, or assume responsibility for the accuracy or reliability of any information offered by third-party websites linked through the site or any website or feature linked in any banner or other advertising.

8.1. We employ physical, technical, and administrative procedures to safeguard the personal information we collect both online and offline. However, no website or platform is 100% secure, and we cannot ensure or warrant the security of any information you transmit through the Services or to us, and therefore you transmit such information at your own risk.

9.1. We retain personal information about you only for as long as is necessary to fulfil the purpose for which that information was collected or as required or permitted by law. We may also retain certain data points for fraud prevention and identity authentication purposes. This is based on our legitimate interest in maintaining the security and integrity of our systems and services, as well as preventing ID-related fraud for Users and third-party service providers. We do not retain personal information longer than is necessary to achieve this purpose. Individuals reserve their rights to object to this processing or request the erasure of their information under Applicable Data Protection Laws. We may however, continue to retain the data where: (i) in compliance with a legal obligation; (ii) required for legal claims; (iii) necessary for reasons of substantial public interest; (iv) necessary for preventing or detecting unlawful behaviour; or (v) as otherwise lawfully permitted by Applicable Data Protection Laws. When we destroy personal information which no longer needs to be retained, we do so in a way that prevents that information from being restored or reconstructed. Further information about our data retention practices is outlined in the Smile ID Data Retention Policy.

10.1. The information that we collect through or in connection with the Services is transferred to and processed in the United States of America for the purposes described above. We may also subcontract the processing of your data to, or otherwise share your data with, Affiliates or third parties in countries other than your country of residence. The data-protection laws in these countries may be different from, and less stringent than, those in your country of residence. However, we comply with all Applicable Data Protection Law regarding international data transfers.

10.2. By using the Services or by providing any information to us, persons expressly consent to such transfer and processing.

11.1. Content on the Services is directed at individuals over the age of 18 and is not directed at children under the age of 13. We do not knowingly collect personally identifiable information from children under the age of 13.

12.1. We may make changes to the Services in the future and as a consequence will need to revise this Policy to reflect those changes. We will notify you and post all such changes on the Services, and we encourage users to review this page periodically.

13.1. If there are questions or concerns about this Policy, we can be contacted by email at compliance@usesmileid.com.