ID Sentry Product Privacy Notice 

 

ID Sentry Product Privacy Notice 

Last update: November 17, 2022

Introduction

At ID Sentry™, we take our responsibilities to carefully handle information collected from customers and clients, as well as information about people who visit our websites or who want more information about our products and services very seriously.  This privacy notice describes how we collect and use your information with our document verification services. For more information on our website privacy policy, please see our general Privacy Notice.

Certain ID Sentry (“ID Sentry”, “we”, “us”, “our”) personal data collection activities resemble those of consumer reporting agencies, as defined under the federal Fair Credit Reporting Act (“FCRA”) and certain similar state laws and regulations. For this reason, ID Sentry is compliant with the provisions of the FCRA.  

For California residents, who are protected under the California Consumer Privacy Act (CCPA), a California Residents Privacy Statement and Notice at Collection section is also included.

This document is our statement to you, as a user of our products or as someone who believes that our products contain some of your personal information, defining what personal information we collect, how we use it, and what choices you have regarding that information.  We also explain how we comply with specific laws and regulations regarding the collection of personal information.

What does ID Sentry do?

ID Sentry is a business-to-business (B2B) provider of services related to the verification of identity and identification documents.  These services are often used for age verification, identity verification, fake ID detection, and detection of other forms of identity fraud.  Our products are mostly electronic services, meaning that we receive, process, and make judgments on information supplied to us by our customers electronically and we respond electronically.  Customers may provide personal data for examination by a variety of means, and our judgments (results – usually a fake/real assessment or a confidence level) are conveyed usually within seconds.  For example, if we receive data from a customer who scanned your driver’s license, we will return a judgment as to whether the license format is valid or fake, whether your age is in a target range, etc.

What personal information is collected?

When a document is scanned by an ID Sentry customer device for document verification purposes, the following personal data may be collected:

  • Name
  • Date of Birth
  • Height, weight, hair and eye color
  • Document number, effective date, and expiration date
  • Photo on a passport, driver’s license, or other identification documents, web camera, or self-photo.
  • Gender
  • Address
  • Postal Code/Zip Code

We may also match that scanner data with information that we have collected, such as:

  • Device information
  • Transactional information
  • Social information
  • Public records information
  • Inferences drawn from the above
  • Information provided by our customer, e.g. customer account number

Where does the personal information come from?

ID Sentry may have collected information about you from these sources:

  • From you personally, either directly or indirectly through our customers
  • From your devices, apps, and browsers
  • From financial institutions and credit reporting agencies
  • From third-party data providers
  • From business customers and partners
  • From government agencies and contractors
  • From public records

How do we use the personal data we collect?

Use of data for identity services

We use the information we collect to make judgments about the authenticity and accuracy of personal identity claims and the documents that support those claims.  Our customers submit information to us about a potential patron or client, including document scans and other forms of personal information (see above).  We provide the customer with a judgment regarding the information submitted.  Usually, this judgment takes the form of a risk score or a fake/real assessment of a document.  

Our judgments regarding the legitimacy of an identity or the authenticity of a document are not perfect, for a variety of reasons, including incomplete or inconsistent input information, advancements in criminal techniques, etc.  But our judgments are very good, and they are shown to be accurate most of the time. We make our judgments with the aid of a variety of tools and methods, including:

  • Sophisticated algorithms that are “trained” to detect a variety of identity issues
  • A very large database of official document types and fraudulent document types
  • Third-party and public databases that can be cross-checked with customer data
  • Publicly available electronic activity data
  • Photo analysis, image matching, and other forms of photo/video or biometric analysis

It is important to note that while we retain a variety of personal information types, we do not pass that information on to our customers or users.  We only provide judgments on the information we are given.  This is not the same as saying we provide our users with no personal information.  By asserting the authenticity of your driver’s license, for example, we have told our customer that you most likely live at the address on the license. 

You always have the option to review the information we have collected on you and demand that it be removed from our systems.  [See section “What choices and control do you have over your information?” below].

Business and other uses of personal data

When you conduct a transaction with ID Sentry, as part of a Service, on a device, we may collect the personal information you give us such as your name, address and email address. Your personal data may be used for the following purposes:

  • To provide and maintain our Service, including monitoring the usage of our service
  • To conduct testing, research, analysis, algorithm and product development
  • To detect security threats or fraudulent activity and prosecution of perpetrators
  • To attend and manage your requests to us

Law enforcement may obtain access to Personal Data, but only when an official investigation has formally been launched and specific information formally requested.  

Our right to collect and analyze personal information

The lawful basis is applicable to personal data in the relevant jurisdiction(s).

Our customers have the right, and the obligation in many cases, to verify that the person they are transacting with is who they claim to be.  Bars and restaurants, for example, may be fined or lose their business license for serving alcohol to minors.  Customers employ the services of ID Sentry to help confirm the authenticity of claimed identities and the documents used to support those claims.  By exercising these rights and obligations, our customers are also helping reduce fraud generally by imposing barriers to fraudulent activity.  

All the personal information we collect is obtained legally, either from publicly available sources or because the person whose identity is being verified has given consent for the collection of their personal data to our customers.  The act of presenting a driver’s license, for example, as proof of identity is recognized in most jurisdictions as personal consent to examine the data on the license for the following purposes:

  • To verify the authenticity of the document used to verify the identity of an individual making non-cash payments or other transactions requiring identity verification
  • To verify the age of the individual document bearer 
  • To prevent fraud or other criminal activity dependent on identity falsification
  • To comply with local regulations

Explicit consent

In some circumstances and jurisdictions, your explicit consent may be required for us to use your personal data for our stated business purposes.  In such cases, you will be asked to provide explicit consent by our customers.  If you choose not to provide your explicit consent, then we will never see your protected data, and we will not make judgments based on it. Please contact our customer to see if other avenues for achieving your objectives may be available.  

Customer lawful basis

Our customers, depending on where they are and what information they are collecting, will have their own lawful basis for collecting personal data.  It is their job to ensure that they have communicated appropriately to you regarding your personal data and the rights you retain thereof. 

Do we share and/or sell personal information to third parties?

Sharing of personal information

It is our policy not to share personal information with customers or partners in the course of normal business activities, but there are exceptions.  The primary exception to this policy is when we share personal information with a third-party data provider to gain added confidence for our identity judgments.  In all such instances, the third party, by contract, will not be permitted to use the information we provided for any reason other than to return to us added detail for an identity that we submitted to them.  

The Company also reserves the right to disclose personal data in the good faith belief that such action is necessary to:

  • Protect and defend the rights or property of the Company
  • Prevent or investigate possible wrongdoing in connection with ID Sentry services
  • Protect the personal safety of users of ID Sentry services or the public
  • Protect against legal liability

We may share personal information in the event of a corporate sale, merger, acquisition, dissolution, or similar event. If such an event takes place, we will notify you by email (if we have your email address) and/or a prominent notice on our applicable website(s) of any change in ownership, as well as any choices you may have regarding your personal information.

Legal requirements to disclose

Sometimes, we may be required to share personal information for legal reasons; for example, if we are required to do so by a regulation, court order, subpoena, or other legal processes. We may also share information when we believe it is necessary to comply with the law or respond to a government request or when we believe disclosure is necessary or appropriate to protect ID Sentry, our customers, or others. 

How do we provide security for and protect your data?

How information is protected

ID Sentry uses a variety of security technologies and procedures to help protect all personal data from unauthorized access, use or disclosure. ID Sentry stores all personal data on computer servers with access controls that are located in controlled facilities. When transmitting sensitive data over the internet, ID Sentry protects it through the use of encryption software such as software adhering to the Secure Socket Layer (SSL) protocol. ID Sentry also encrypts all data stored on its database server. ID Sentry only uses certified data centers to store all data collected. The data centers are SSAE16 SOC 2 certified, security-reviewed facilities with the existing infrastructure of industry-standard server and security technology. Procedures are in place to restrict logical access to this data center and client systems. No personal data is provided to third parties outside of law enforcement and venue staff. 

Information retention

We may retain your account information for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes, and enforce our agreements. Personal data obtained from customers or their scanners is retained as long as necessary to fulfill the purposes for which it was collected. We may also keep it to conform with legal requirements, resolve disputes, or defend our claims. 

Once the personal information is no longer useful for its primary purposes, it may be scrambled cryptographically so that no personal information is recoverable.  The encrypted signatures of the personal data may be used for passive pattern recognition and for internal process improvement. 

What choices and control do you have over your information?

ID Sentry adheres to the spirit of the Federal Fair Credit Reporting Act (FCRA) and the California Consumer Privacy Act (CCPA) even though these acts do not technically apply to most of our activities.  We are not a credit reporting agency, and most of our clients are not California residents, nonetheless we do comply with these Acts specifically as they apply to our business.  Details about the rights defined in these Acts are listed below.

ID Sentry adheres to the policies of these Acts and affirms the rights defined.  Specifically, all customers, patrons, or individuals whose personal information is collected by ID Sentry have the right to Access, Delete, and Opt-Out.  Specifically:

Right to Access

  • The right to know what information is collected about you, where it came from, and what it is being used for
  • The right to know who receives your personal information
  • The right to request from any company which may have your personal information to disclose all such information, and who it was shared with

Right to Delete

  • The right to require businesses to remove any personal information they have collected about you, unless they must keep the information for legal reasons

Right to Opt-Out

  • The right to deny sharing of your personal information with third parties
  • The right to opt-out of receiving marketing communications

Request form for Access, Delete, or Opt-Out

At any time you may request to view or remove any Personal Data linked to you by following this link: ID Sentry Personal Information Request Form, or by contacting ID Sentry at one of the Contact Us options.  

If you are a California resident, then this policy is consistent with the CCPA [link], exercising your “right to know” and your “right to delete”.

We will do our best to respond promptly to your request. Within ten (10) business days of receiving your request, we will:

  • Confirm receipt of your request
  • Outline the next steps that we will perform to fulfill your request.  In rare circumstances, you may be asked to provide additional information so we can ensure that we are properly complying with the Act.  

Information provided on the form will only be used to enable ID Sentry to fulfill your request.

Changes to this product privacy policy

Product privacy policy updates

We may need to update our Privacy Policy as our customers and we grow and evolve. If we make material changes, we will notify you by email (sent to the email address specified in your account) or by means of posting a notice on this website prior to the change becoming effective, as well as inform you of any choices you may have with respect to these changes.

Contact us

If you have any questions about our Privacy Policy or practices, please contact us.

If you would like to: access, correct, amend or delete any personal information we have about you, you are invited to contact us by one of the means below.  If you believe that ID Sentry data was used by one of our customers for any discriminatory or other illegal purposes, please provide details in your communication.:

By email: privacy@idsentry.com

By visiting this page on our website: http://www.PrivacyRequest.idsentry.com

By phone: 302.485.5158

By mail: ID Sentry, Inc., attn: Privacy, 3511 Silverside Rd, Suite 105, Wilmington, DE 19810

 

Frequently Asked Questions Proudly powered by WordPress