ID Sentry California and FCRA Privacy Notice
Last update: July 24, 2022
Jurisdiction Compliance, including FCRA and CCPA for California residents
Privacy compliance by jurisdiction
We believe ID Sentry is privacy compliant in all US and Canadian jurisdictions. We limit the collection and use of Personal Data to those uses that are legally permitted, and we offer Customers and Personal Data owners the opportunity to review, amend, or remove any and all data on file with ID Sentry.
When validating official documents, no personal data is shared with third parties, only a judgment as to the validity of the data provided to us. The only exception to this is if data is formally requested by law enforcement.
Nevada Residents
ID Sentry™ does not “sell” personal information as defined under Nevada law.
If you are a Nevada resident, you have the right to request that ID Sentry not sell your personal information to third parties. To submit this request, please send us an email: info@idsentry.com
Fair Credit Reporting Act (FCRA)
ID Sentry does not engage in credit reporting, but it is possible that some of our customers may scan personal official documents and employ ID Sentry services as part of credit-related activities. The Fair Credit Reporting Act (FCRA) is designed to protect individuals from credit-related abuse. You can learn more about the FCRA at www.consumerfinance.gov/learnmore, or by writing to: Consumer Financial Protection Bureau, 1700 G Street N.W., Washington, DC 20552.
Here are the main rights protected under FCRA:
- You must be informed if your information is used “against” you to deny credit, etc.
- You are allowed to know what information is being retained about you
- You are allowed to know your credit score (for a fee)
- You are allowed to challenge information in your file which you believe is inaccurate
- Credit reporting agencies must correct inaccurate information about you
- Credit reporting agencies may not retain old information about you (over 7 years)
- Credit reporting agencies may not release your information without a legitimate business need
- Your credit information may not be given to employers without your consent
- You have the right to put a security freeze on your credit report, which prevents credit reporting agencies from sharing information in your file without your permission
California Consumer Privacy Act (CCPA)
CCPA Enumerated Rights
The California Consumer Privacy Act (CCPA) enumerates five “rights” that California citizens share. ID Sentry is not currently required to comply with the act, but we are acting as if we do as far as disclosure and consumer rights are concerned, and we may fall under the jurisdiction of the CCPA in the future.
- The right to know what information is collected about you, where it came from, and what it is being used for
- The right to know who receives your personal information, and the right to deny sharing of your personal information
- The right to request from any company which may have your personal information to disclose all such information, and who it was shared with
- The right to require businesses to remove any personal information they have collected about you, unless they must keep the information for legal reasons
- The right to equal treatment from all businesses regardless of whether you exercised your rights under the CCPA
CCPA on anonymized or “de-identified” data
Under the CCPA, companies are allowed to collect, retain, or sell aggregated data that cannot be associated with a particular person or household. ID Sentry does encrypt scan data received from customers in a way that is not reversible and cannot be linked to specific individuals. This encrypted data is used for feature detection, algorithm development, and service improvement.
CCPA definition of “personal information”:
- Personally identifiable information such as name, address, phone number, email address, social security number, driver’s license number, etc.
- Biometric information, such as DNA or fingerprints. Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement.
- Geolocation data.
- Audio, electronic, visual, thermal, olfactory, or similar information.
- Professional or employment-related information. Education information, defined as information that is not publicly available.
- Inferences drawn from any of the above examples that can create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
California Residents Privacy Statement and Notice at Collection
The sections below, preceded by “California:”, are notification requirements of the CCPA, collectively titled “California Residents Privacy Statement and Notice of Collection”
For purposes of this section, “personal information” has the meaning provided by the California Consumer Privacy Act (the “CCPA”) and may exclude certain information that is publicly available, deidentified, aggregated, subject to the Fair Credit Reporting Act, GLBA, HIPAA, or the Driver’s Privacy Protection Act of 1994, or otherwise exempt or excluded from the CCPA.
California: Categories of personal information collected [tables]
Category of Personal Information | Personal information we collect From whom we collect it |
| Personal and Online Identifiers | What we collect – Name (first, last, and/or maiden name) (or that of a family member or child); home address, billing address, or other physical address; email address(es); telephone number(s). – Social Security number or certain other information, such as date of birth, employment information, and credit card account information. – Device identification information used to access the Site. We may associate this device with a mobile telephone number. – Information collected passively via cookies and similar technology. – IP addresses, device identifiers, and application identifiers. – Revenue-related information of Subscribers. From whom we collect it (by category of sources): – Information you provide – Information collected passively via cookies and similar technology. – Advertising Partners. – Banks/credit unions – Collection agencies – Credit reporting agencies – Data brokers, which include data aggregators, data compilers, and data compilers/originators – Financial technology (Fintech) companies – Government entities – Information that is publicly available – Insurance carriers – Marketing companies – TransUnion Companies |
| Personal information categories listed in the California Customer Records statute Any information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, an individual’s name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Note that personal information in this category may overlap with other categories. | Note that personal information in this category may overlap with other categories What we collect Including, but not limited to the following: – Name (first, last, and/or maiden name) (or that of a family member or child); home address, billing address, or other physical address; email address(es), telephone number(s). – Social Security number or certain other information, such as date of birth, employment information, and credit card account information. – Device identification information, which we may associate with a mobile telephone number. – Information collected passively via cookies and similar technology. – Revenue-related information of Subscribers. – IP addresses, device identifiers, and application identifiers. From whom we collect it (by category of sources) – Information you provide – Information collected passively via cookies and similar technology – Advertising Partners – Banks/credit unions – Collection agencies – Credit reporting agencies – Data brokers, which include data aggregators, data compilers, and data compilers/originators – Financial technology (Fintech) companies – Public records made lawfully available from Government agencies – Government (information not in public records) – Insurance carriers – Marketing companies – TransUnion companies |
| Protected classification characteristics under California or federal law An individual’s age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | What we collect Including, but not limited to the following: – Age, race, ethnicity, religion, marital status, political party affiliation, country of origin, spoken language, and gender From whom we collect it (by category of sources) – Information you provide. – Advertising partners. – Banks/credit unions – Collection agencies – Credit reporting agencies – Data brokers, which include data aggregators, data compilers, and data compilers/originators – Financial technology (Fintech) companies – Public records made lawfully available from Government agencies – Government (information not in public records) – Insurance carriers – Marketing companies – TransUnion Companies |
| Commercial information | What we collect Including, but not limited to the following: – Records of online services you purchased, obtained, or considered purchasing from us. – Property records – Small/personally-owned business data – Business data that identifies, describes, or could reasonably be linked/associated to you From whom we collect it (by category of sources) – Information you provide. – Banks/credit unions – Collection agencies – Credit reporting agencies – Data brokers, which include data aggregators, data compilers, and data compilers/originators – Financial technology (Fintech) companies – Public records made lawfully available from Government agencies – Government (information not in public records) – Insurance carriers – Marketing companies |
| Biometric | What we collect Including, but not limited to the following: – Audio recordings as part of contact with you, for customer support or otherwise. – Facial imaging information From whom we collect it (by category of sources) – Information directly collected from you. Why we collect it (purpose and use of the personal information) – Customer service and quality control. – Identity verification |
| Internet or other similar network activity | What we collect Including, but not limited to the following: – Information about your interactions with the website, for example, when you view or search content, we receive and track that information; web session; log file information; information such as the website(s) you visited, when you visited the website, how long you stayed, your behavior while you are on our website and from what device you accessed the website. – Information collected from advertising partners. – Information about your interactions with our online forms; for example, the use of autofill, number of pauses, length of time to complete a field, number of errors, number of changed answers, typing fluency and number of repeat interactions. From whom we collect it (by category of sources) – Information directly collected from you – Information collected passively via cookies and similar technology – Data brokers, which include data aggregators, data compilers, and data compilers/originators – Marketing companies – TransUnion companies |
| Geolocation data | What we collect Including, but not limited to the following: -We collect geolocation by using various technologies to determine your location including, but not limited to IP address, Wi-Fi access points, and cell towers.From whom we collect it (by category of sources) – Information directly collected from you. – Information collected passively via cookies and similar technology. – Telecommunications providers. – Data brokers, which include data aggregators, data compilers, and data compilers/originators – Marketing companies – TransUnion companies |
| Sensory data | What we collect Including, but not limited to the following: – Audio and electronic recording, for example, when you call in with a question to customer service. From whom we collect it (by category of sources) – Information directly collected from you. |
| Professional or employment | What we collect Including, but not limited to the following: – Professional Licenses – Employment Dates – Employer Name – Employer Information From whom we collect it (by category of sources): – Information you provide. – Banks/credit unions – Collection agencies – Credit reporting agencies – Data brokers, which include data aggregators, data compilers, and data compilers/originators – Financial technology (Fintech) companies – Public records made lawfully available from Government agencies – Government (information not in public records) – Insurance carriers – Marketing companies – TransUnion companies |
| Non-public education information (per the Family Educational Rights and Privacy Act) | – We do not collect this information |
| Inferences drawn from other personal information | What we collect Including, but not limited to the following: – Site preferences, behavior, characteristics, personal preferences From whom we collect it (by category of sources) – Information directly collected from you. – Information collected passively via cookies and similar technology. – Information collected from advertising partners. – Banks/credit unions – Collection agencies – Credit reporting agencies – Data brokers, which include data aggregators, data compilers, and data compilers/originators – Financial technology (Fintech) companies – Public records made lawfully available from Government agencies – Government (information not in public records) Insurance carriers – Marketing companies – TransUnion companies |
California: Purpose and use of personal information collected
| Category of Personal Information | Purpose of Collection |
| Identifiers and Personal information categories listed in the California Customer Records statute | – To verify your identity. – To finalize an application and otherwise set up an account for access to the online services. – To enhance and optimize an account for access to and use of the online services. – To display, optimize, and provide personalized advertisements – To communicate with you. – To conduct surveys used for research, analytics, and to enhance our product development and offerings. – For fulfillment of your requests and purchases, transactional and other communications about our websites and the online services. – For product development and research, and for any purpose subject to the limitations set forth in this Notice and applicable law. – For incorporation into risk and account management and services provided to our customers – We may utilize data from third parties, such as your telecommunications provider, to help confirm your identity and prevent fraudulent access. It is likely that you authorize your telecommunications provider (AT&T, Sprint, T-Mobile, Verizon, etc.), to share your personal information for the purposes of fraud prevention and identity verification. The information they share, if available, may include your telephone number, name, address, email, network status, customer type, billing type, mobile identifiers (IMSI) and (IMEI), and other subscriber status details. TransUnion limits the use of this information to prevent fraud and unauthorized access or disclosures of your personal information. |
| Protected classification characteristics under California or federal law | – To verify your identity. – To finalize an application and otherwise set up an account for access to the online services. – To enhance and optimize an account for access to and use of the online services. – To display, optimize and provide personalized advertisements – To communicate with you. – For product development and research, and for any purpose subject to the limitations set forth in this Notice and applicable law. – For incorporation into risk and account management services provided to our customers |
| Commercial information | – For product development and research, and for any purpose subject to the limitations set forth in this Notice and applicable law. – To enhance and optimize an account for access to and use of the online services. – To display, optimize, and provide personalized advertisements – For fulfillment of your requests and purchases, transactional and other communications about our websites and the online services. – For incorporation into risk and account management services provided to our customers |
| Biometric | – Customer service and quality control. – To verify your identity. |
| Internet or other similar network activity | – To display, optimize, and personalize advertisements. – To measure advertising effectiveness. – To perform website analysis. – To predict the risk of fraud. |
| Geolocation data | – To verify your identity. – To finalize an application and otherwise set up an account for access to the online services. – To enhance and optimize an account for access to and use of the online services. – To display, optimize and provide personalized advertisements – To communicate with you. – For product development and research, and for any purpose subject to the limitations set forth in this Notice and applicable law. – For incorporation into risk and account management services provided to our customers |
| Sensory data | – For customer service purposes and to support consumers. – To train agents to ensure best customer service delivery. – To ensure legal and compliance obligations. – To help answer questions and resolve disputes. – For customer service representatives agent training purposes and to ensure customer satisfaction. |
| Professional or employment | – To finalize an application and otherwise set up an account for access to the online services. – To enhance and optimize an account for access to and use of the online services. – To display, optimize and provide personalized advertisements – To communicate with you. – For fulfillment of your requests and purchases, transactional and other communications about our websites and the online services. – For product development and research, and for any purpose subject to the limitations set forth in this Notice and applicable law. – We may utilize data from third parties, such as your telecommunications provider, to help confirm your identity and prevent fraudulent access. It is likely that you authorize your telecommunications provider (AT&T, Sprint, T-Mobile, Verizon, etc.), to share your personal information for the purposes of fraud prevention and identity verification. The information they share, if available, may include your telephone number, name, address, email, network status, customer type, billing type, mobile identifiers (IMSI) and (IMEI), and other subscriber status details. TransUnion limits the use of this information to prevent fraud and unauthorized access or disclosures of your personal information. – For incorporation into risk and account management services provided to our customers |
| Non-public education information (per the Family Educational Rights and Privacy Act) | We do not collect this information. |
| Inferences drawn from other personal information | – To create a customer profile in order to better optimize your customer experience and offer personalize advertisements. – To verify your identity. – To finalize an application and otherwise set up an account for access to the online services. – To enhance and optimize an account for access to and use of the online services. – To display, optimize and provide personalized advertisements – To communicate with you. – For fulfillment of your requests and purchases, transactional and other communications about our websites and the online services. – For product development and research, and for any purpose subject to the limitations set forth in this Notice and applicable law. – For incorporation into risk and account management services provided to our customers |
California: Selling or Sharing your personal information [tables]
|
Category of Personal Information |
Sold during the prior 12 months, by category of third parties |
Disclosed for a business purpose during the prior 12 months, by category of third parties |
|
Identifiers and Personal information categories listed in the California Customer Records statute |
|
|
|
Protected classification characteristics under California or federal law |
|
|
|
Commercial information |
|
|
|
Biometric |
We do not sell this category of personal information |
We do not disclose this category of personal information for a business purpose. |
|
Internet or other similar network activity |
|
|
|
Geolocation data |
|
|
|
Sensory data |
We do not sell this category of personal information. |
We do not disclose this category of personal information for a business purpose. |
|
Professional or employment |
|
|
|
Inferences drawn from other Personal Information |
|
|
California: CCPA Privacy Rights Request Metrics
7/12021 through 6/30/2022 Data (Last 12 Months)
|
Request Type |
Requests Received |
Requests Completed |
Requests Denied |
Median Days to Resolution |
|
Deletion |
0 |
0 |
0 |
0 |
|
Opt Out |
0 |
0 |
0 |
0 |
|
Data Privacy Disclosure |
0 |
0 |
0 |
0 |
This data reflects requests received in 2021 from all individuals.
California: Rights of California residents – Access, Delete, Opt-Out
ID Sentry adheres to the spirit of the Federal Fair Credit Reporting Act (FCRA) and the California Consumer Privacy Act (CCPA) even though these acts do not technically apply to most of our activities. It is ID Sentry’s policy to allow anyone who believes ID Sentry has collected their personal data, to know what data, if any, is being held by ID Sentry, and to request that it be deleted. We are not a credit reporting agency, and our California client volume is below CCPA thresholds, nonetheless we do comply with these Acts specifically as they apply to our business.
ID Sentry adheres to the policies of these Acts and affirms the rights defined. Specifically, all customers, patrons, or individuals whose personal information is collected by ID Sentry have the right to Access, Delete, and Opt-Out. Specifically:
Right to Access
- The right to know what information is collected about you, where it came from, and what it is being used for
- The right to know who receives your personal information
- The right to request from any company which may have your personal information to disclose all such information, and who it was shared with
Right to Delete
- The right to require businesses to remove any personal information they have collected about you, unless they must keep the information for legal reasons
Right to Opt-Out
- The right to deny sharing of your personal information with third parties
- The right to opt-out of receiving marketing communications
Request form for Access, Delete, or Opt-Out
At any time you may request to view or remove any Personal Data linked to you by following this link: “ID Sentry Personal Information Request Form”, or by contacting ID Sentry at one of the Contact Us options.
California: Right to be free from discrimination
Data used to illegally discriminate
Customers are permitted by law to refuse to provide products or services to any individual for any reason as long they are not discriminating against any of the protected classes including; race or color, national origin or citizenship status, religion or creed, sex, age, disability, pregnancy or genetic information,veteran status, marital status, sexual orientation or gender identity, medical condition or HIV/AIDS status, military or veteran status, political affiliation or activities, status as a victim of domestic violence, and assault or stalking.
No Personal Data which directly links to one of the above protected classes is collected by ID Sentry except gender. Address information may be correlated with protected classes, but no analysis or reporting related to or targeting any protected class is ever performed or provided by ID Sentry for any reason.
ID Sentry specifically prohibits the Customer use of any Service information to be used in any way which leads to discrimination based on any of the protected classes.
If you believe that a Customer used your Personal Data to discriminate based on your status in a protected class, you may start a formal investigation with ID Sentry at http://www.PrivacyRequest.idsentry.com. All discrimination investigations will be conducted within two weeks and you will be contacted with the results of the investigation. If any Customer is found to be using ID Sentry Services for a discrimination purpose, ID Sentry will immediately suspend all Services to that venue and report the matter to the appropriate law enforcement agency.
