Data Protection Information Notice
Effective as of May 2024
1. Who are we?
We are ID-Pal Limited, a company incorporated under the laws of Ireland with company
registration number 578727, whose registered office is at 145 Pearse Street, Dublin, 2,
D02 CP08, Ireland (“we”, “us” and “our”).
We know your privacy is important to you and we are fully committed to the principles of
data protection, as set out in the General Data Protection Regulation (EU 2016/679)
(GDPR).
This Data Protection Information Notice explains how we and our authorised business
partners, affiliates and agents process information, particularly Personal Data that we
receive from you and others. Please read the following carefully to understand our
approach and practices regarding your personal data and other information and how we
treat it.
We refer to the term “app” multiple times throughout this document. The term “app” refers
to the ID-Pal Native Application, SDKs, and Web Application.
Please do not use our website, app, products or services if you do not agree with the
ways in which we will process your Personal Data and other information.
Personal Data is defined in the GDPR as any information relating to an identified or
identifiable natural person. In jurisdictions outside the EU/EEA, this is often referred to
as Personally Identifiable Information (PII).
We have a separate Cookie Information Notice that provides you with information on the
cookies which we or third parties may place on your computer, when you visit our
website. Certain categories of cookies can only be placed if you consent to them. Further
information is found here.
For the avoidance of doubt, we do not place cookies or other tracking technologies on your device when you use our app, that are capable of identifying you.
We have separate Data Protection Information Notices for employees, candidates and those using our services for Right to Work /Right to Rent schemes in the United Kingdom.
2. What is our role?
We provide client due diligence services to organisations (our Customers) who are
required, under certain legal obligations, or who choose to verify the identity of their
clients. Our Customers may request their clients (the End Clients) to use our app to
provide their identification documents to the Customer.
3. What legal basis do we rely on for the processing of your personal data?
When we process the information of End Clients we do so in accordance with the
instructions of our Customer. We are the Data Processor. If you are an End Client, our
Customer is the Data Controller of your information. Our Customer will determine why,
what and how your information is collected, used, shared, retained and under what lawful
basis it is processed. For more details. please contact them or view their Data Protection
Information Notice on their website.
When we process the business information of our Customer, we do so as Data Controller.
The purpose for collecting Personal Data is to provide our product and services to you
and it is necessary for the performance of our legal contract with you or it is necessary
for compliance with a legal obligation to which we are subject to.
We also love to hear from prospective Customers, so we provide a facility on our website
for you to request information about our product and services and you enter your contact
details for the purpose of us contacting you. We process your personal data here on the
basis of your consent, which can be withdrawn at any time by using our opt-out
mechanism on all marketing emails.
4. What information do we collect about you?
End Clients
Information that you provide to us, or to our Customer such as;
• photographic and video images of you, when you provide us with a “selfie” photo,
video-clip;
• pictures of your passport and national identification card or driving licence;
• biometric data, when we compare your “selfie” photo against your photographic ID;
• details from your passport, such as your name, gender, date of birth, nationality,
passport number and MRZ code;
• details from your national identification card or driving licence, such as your name,
address, date of birth and driving licence number;
• details from your proof of address documentation, such as your name, address and
account number, if visible on documentation;
• additional information that you provide to us at the request of our Customers such
as confirmation of your name, gender, address, date of birth, email address, mobile
telephone number, PPSN, marital status and;
• the details of your device or the device used to make a submission such as
manufacturer, model, and operating system version. This information cannot be
used to identify you as an individual.
Customers
• information that you, or someone in your organisation, provide to us during
registration, including your name and business name, email address, telephone
number, username, and password;
• financial details including your bank details such as the sort code and account
number, to the extent that you supply these to us for the purpose of making
payments and you are a sole trader rather than a corporate entity; and
• information from our logs which indicates activity on the app and the portal.
Website visitors
• information that you submit on the contact pages of our website, or if you request
us to send you a particular document, such as your name and email address; and
• information collected from cookies which may include your IP address, please
see separate Cookie Information Notice.
5. How and why do we collect your information?
All information will be obtained fairly. The information we collect will be adequate,
relevant and not excessive in relation to the purposes for which it is requested.
For End Clients that purpose will be determined by our Customer, the Data Controller.
For more information, please contact them.
For our Customers that purpose is to enable us to deliver our product and services to
you.
For website visitors that purpose is to respond to your query or provide you with
requested information.
We may collect and process information about you in a number of ways, including:
End Clients
• directly from you; when you submit your information through our app, or if you
contact us directly for any reason, for example calling us or emailing us. Calls to
us and from us may be recorded for training, monitoring and quality purposes.
You may also decide to provide us feedback on our product and services.
• from our Customer, when they provide us with your email address or phone
number to connect you to our services, or if they submit your information on your
behalf, for example, if they complete your checks in person;
• from third party service providers or public sources, to conduct verification checks
on the information you have provided to us; or
Customers
• directly from you; when you submit your information through our website, portal,
or if you contact us directly for any reason. Calls to us and from us may be
recorded for training, monitoring and quality purposes;
• from your employer or another person in your organisation, for example, when
they provide us with your details to facilitate configuration of our system or to
create a user account for you;
• from third parties, such as, resellers, service providers or your nominated
representatives; or
• from our records of how you use our products or services, for example when you
access and use our web portal;
Website visitors
• directly from you, when you visit our website and request us to contact you.
• from your computer or device.
6. What do we use your information for?
End Clients
• we will only use the information that you submit to us through our app to conduct
identification and other verification checks on behalf of our Customers who have
instructed us to do so;
• we will use the information generated when you use our website and app to
promote the safety and security of our products and services, to investigate
problems, suspicious activity or violations of our policies and to improve our
product and services based on your feedback;
• if you contact us directly for any reason, we will use the information to respond to
you, to assist with any enquiries you have and to maintain our records; and
• as permitted or required by any law applicable to us or arising from your interaction
with us.
Customers
• providing our products and services to you;
• determining your suitability for our products and services;
• administering and managing the products and services we provide to you, to
charge you for them, to process payment and collect any amounts you may owe
us and to deliver them;
• promoting the safety and security of our products and services and investigating
suspicious activity or violations of our policies;
• assisting you with enquiries and to provide you with better customer service;
• providing you with information that you request from us about our products and
services and products and services that we feel may interest you;
• conducting market research and analysis to further enhance and improve the
quality of the products and services we offer;
• sending you communications such as news updates in our newsletter, where you
have opted to receive these;
• notifying you about changes to our products and services; or
• as permitted or required by any law applicable to us or arising from your interaction
with us.
Website visitors
• responding to your request to contact you; and
• sending you communications such as news updates in our newsletter for as long
as you wish to receive it.
7. Who do we share your information with?
The information we collect from our Customers, whether that is their information or End
Client information, may be transferred to third parties in connection with our business
model. It may also be processed by these companies and/or by our and their respective
employees and service providers. These third parties are processors, when we are acting
as a data controller, and as sub- processors when we are acting as a processor, and we
remain liable to you for their performance of obligations. We will take steps to ensure that
these third parties will:
• only process personal data in accordance with our instructions;
• take appropriate security measures to protect your personal data;
• commit themselves and their employees to confidentiality;
• provide assistance to us in the discharge of our obligations to you; and
• report all data breaches to us without undue delay.
In particular we may disclose your information to the following third parties:
• our professional advisers in order for them to provide us with advice;
• third party service providers, such as our payment processors, verification service
providers and database hosts where necessary for them to provide us with services
or to provide services that you have requested;
• our technology providers, including those which host your data on our behalf and
provide certain IT software, support, and/or professional services to us; or
• if you are a Customer, business partners and/or possible acquirers or investors
(and our and/or their advisors) in the context of a facilitating or implementing a
business re-organisation or a transfer/sale of all or part of our assets or business;
If you are an End Client, we will provide our Customer with the results of our identity
and verification checks on you.
We may also have to share information with third parties to meet any applicable law,
regulation or lawful request from a law enforcement agency. When we believe we have
been given false or misleading information, or we suspect criminal activity we have an
obligation to record this and report to law enforcement agencies, which may be either in
or outside Ireland.
Other than as outlined above, we will not disclose your Personal Data.
8.International Data Transfers
Personal Data may be transferred to third parties who are our processors/sub processors
as part of our business model as described in sections 5 and 6 above. This may include
the transfer of data to other jurisdictions for processing at a destination outside the
European Economic Area (“EEA“). Such transfers only occur either on the basis of an
adequacy decision made by the European Commission as permitted by Article 45 of the
GDPR or approved safeguard measures pursuant to Article 46 of GDPR.
9. For how long do we retain your personal data?
End Clients:
We retain your Personal Data for as long as we are instructed to do so by our Customer,
the Data Controller. For more information, please contact them.
Customers:
We retain your Personal Data for no longer than is necessary with regard to the purposes
for which it was collected or lawfully further processed. We will retain your Personal Data
for the duration of our relationship and seven years thereafter as required by our legal
obligation to the Revenue Commissioners.
Website visitors
We will retain your Personal Data on our contact database for as long as you are our
business contact and wish to receive information about us.
10. Am I subject to a decision based solely on automated processing?
End Clients:
Our product conducts identification and verification checks by automated technical
means. The results of these checks will verify your identity and in turn this may contribute
to an overall decision made by our Customer.
11. How do we keep your information safe?
All information including Personal Data is encrypted at rest and in transit. We use AWS
in Europe, for storage. We have firewalls on our application and database servers.
Personal Data is logically segmented to the extent that we in ID-Pal do not have access
to the Personal Data stored. Only a Customer, who has been authenticated, has access
to this information. Our Customer may provide your Personal Data to us for the purpose
of troubleshooting or technical support.
While we take these steps to maintain the security of your information, you should be
aware of the many information security risks that exist and take appropriate care to help
safeguard your information. The nature of the internet is such that we cannot guarantee
the security of the information you transmit to us electronically, and any transmission is
at your own risk.
12. Third party sites and services
Our website, web portal and app may contain links to third party websites. When using
our services, you may be redirected to third party websites, for example, to our payment
processor’s website to complete your payment. Your use of these websites and services
will be subject to these third parties’ terms of use privacy/data protection policies and
cookie policies. Please review the privacy/data protection policy and terms of conditions
of these websites, as we are not responsible for them.
13. What are your rights?
You have rights under the Data Protection Acts 1988 to 2018, and, the General Data
Protection Regulation (2016/679) (“Data Protection Legislation”) which can be
summarised as follows:
• You have the right to request information about whether we hold your
personal data, and, if so, what that personal data is and why we are
holding/using it.
• You have the right to request access to your personal data (commonly known
as a “data subject access request”). This enables you to receive a copy of the
personal data we hold about you and to check that we are lawfully processing
it.
• You have the right to request correction of the personal data that we hold
about you. This enables you to have any incomplete or inaccurate personal
data we hold about you corrected.
• You have the right to request erasure of your personal data. This enables you
to ask us to delete or remove personal data where there is no good reason
for us continuing to process it. You also have the right to ask us to delete or
remove your personal data where you have exercised your right to object to
processing (see below).
• You have the right to object to processing of your personal data where we are
relying on a legitimate interest (or those of a third party) and there is
something about your particular situation which makes you want to object to
processing on this ground. You also have the right to object where we are
processing your personal data for direct marketing purposes.
• You have the right to object to automated decision-making including profiling,
that is not to be the subject of any automated decision-making by us using
your personal information or profiling of you. ID-Pal does not make decisions
based solely on automated processing.
• You have the right to request the restriction of processing of your personal
information. This enables you to ask us to suspend the processing of personal
information about you, for example if you want us to establish its accuracy or
the reason for processing it.
• You have the right to request transfer of your personal information in an
electronic and structured form to you or to another party (commonly known
as a right to “data portability”).
You have the right to make a complaint to the Data Protection Commission.
Further information on your Data Protection rights is available on the website of the Irish
Data Protection Commissioner at http://www.dataprotection.ie
End Clients
When we process End Clients’ Personal Data, we do this in accordance with the
instructions of our Customer. If you are an End Client, our Customer will be the Data
Controller. Our Customer will determine the purpose of and the legal basis for processing
your Personal Data and how your information is collected, used, shared and retained by
them.
For more information, or to exercise your rights under Data Protection Legislation, please
contact our Customer, the Data Controller.
Customers
You can exercise your Data Protection rights by contacting our Data Protection Officer
by sending an email to sinead@id-pal.com or by writing to us at 145 Pearse Street,
Dublin, 2, D02 CP08. You can update your contact preferences, regarding direct
marketing through your ‘my account’ section on our website.
If you choose not to provide certain information to us, we may not be able to continue to
provide you with the products or services you require and/or it may impact our ability to
better respond to your needs.
14.Definitions
Any terms not defined in this Data Protection Information Notice have the meanings given
to such terms in the Data Protection Legislation.
15. Changes to our Data Protection Statement
From time to time, we may need to change this Data Protection Information Notice. If we
do so, we will post an updated version of our Data Protection Information Notice on this
page and it will apply to all of your information held by us at the time. We may choose to
notify you of any material changes via email or posting on our website
Contacting us
If you have any questions, comments and requests regarding this Data Protection
Information Notice or our processing of your Personal Data and you should address all
correspondence to our Data Protection Officer at sinead@id-pal.com or ID-Pal Limited,
145 Pearse Street, Dublin, 2, D02 CP08, Ireland.