Index

1. Scope of this policy
2. Personal Data Protection: Principles and data subject rights
3. Information Security Practices
4. The services provided by the weblink
5. Information we may collect from you
6. Uses made of the information
7. Disclosure of your information
8. Where we store your personal data
9. Your rights regarding marketing
10. Access to information
11. Changes to data protection policy
12. Contact

Privacy Policy

PURPOSE OF THIS POLICY

PlanetVerify Limited trading as PlanetVerify (“we”) are committed to protecting and respecting your data protection rights and freedoms. The purpose of this policy is as a statement of that commitment.

1. Scope of this policy

1.1 This policy (together with our end-user licence agreement (the “EULA”) and any additional terms of use incorporated by reference into the EULA, (together our “Terms of Use”) applies to your use of the Planet Verify  online secure Weblink, once you have selected Accept Terms on the PlanetVerify secure Weblink page.

1.2

This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

 

 

 

2. Personal data protection: Principles and data subject rights

1. Personal Data Protection Principles:
PlanetVerify undertakes its role to support the Requester of your personal data in performing its responsibilities under the General Data Protection Regulation (GDPR), as follows:

Article 5(1) of the GDPR requires that personal data shall be:

(a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’).

(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’).

(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’).

(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)

(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’).

(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

Article 5(2) requires that the Requester be responsible for, and be able to demonstrate compliance with these principles (‘accountability’). PlanetVerify assists the Requester with ensuring appropriate security of the personal data.

2. Data subject rights:

PlanetVerify undertakes its role to support the Requester of your personal data in satisfying your data subject rights under the GDPR, as follows:

The right to be informed:  You have the right to be informed by the Requester of your personal data to ensure that the processing is fair and transparent, including the identity and contact details of those processing your personal data.  PlanetVerify is the processor of your requested personal data acting under instructions from the Requester and can be contacted at info@planetverify.com.  PlanetVerify’s Data Protection Officer can be contacted at dataprotectionofficer@planetverify.com.

The right of access:  You have the right to obtain confirmation from the Requester as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and certain additional information.  You are given the right of access so that you are aware of and can verify the lawfulness of processing.

The right to rectification:  You have the right to have the Requester rectify inaccurate personal data concerning you.

The right to erasure (to be forgotten):  You have the right to have the Requester erase personal data concerning you in specific circumstances.

The right to restrict processing:  You have the right to have the Requester restrict processing of personal data concerning you in specific circumstances.

The right to data portability:  You have the right to receive from the Requester the personal data you have provided electronically in a machine readable format.

The right to object:  You have the right to object to the Requester regarding the processing of your personal data in specific circumstances, including when your personal data is used for direct marketing purposes.

Rights related to automated decision making and profiling:   You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you.

Right to lodge a complaint with a supervisory authority.

3. Information security practices 

PlanetVerify uses state of the art security features and methods including:

  • Secure hosted platform employing security controls exceeding industry standards with continuous 7X24 management and monitoring of all events
  • Two-factor authentication is available for web services and end-user device apps
  • TLS 256-bit encryption is used on all data transfers
  • Optional IP restrictions on server account access
  • Use of a progressive web app, which increases the security of communications, decreases the numbers of third parties involved, decreases complexity with a single version for all platforms, provides automatic updates, and is network independent
  • Continuous vulnerability management and testing of code and infrastructure and regular penetration testing
  • Privacy by Design principles have been implemented from the outset such as:
    • I share my data if and only when, I decide
    • I will only receive data requests from verified PlanetVerify users, which inhibits fraudsters or imposters
    • I can see when my data has been viewed
  • All server-based personal data is AES 256-bit encrypted and encryption keys are stored in protected key vaults
  • Security practices aligned to ISO 27001 and other leading certification standards
  • Static code analyses are performed using leading practice OWASP and commercial industry standard tools
  • Rigorous and orchestrated incident management procedures based on best practices
  • End-user personal data is protected in many ways including encryption, data classification, authorisation, authentication, and detective controls (auditing)
  • All personal data in the Dublin data centre are asynchronously geo-replicated to a second data centre within the EEA

4. The services provided by the weblink

The Weblink (a progressive web app) offers the following main services:

1).  The Weblink acts as an intermediary between You (the “End-User”) and a third party who has requested that you provide them with a copy of certain personal details and documentation (the “Requester”). The Weblink allows you to add personal details and capture and make copies of your documentation, which may include proof of address, personal references and forms of identification (the “Documentation”). The Weblink also allows you to store this Documentation on your device in a secure encrypted format and transmit securely the Documentation to the Requester.

2).  Upon request, the Requester can also use the Weblink to request that the authenticity of the Documentation provider be verified. We carry out this verification for and on behalf of the Requester using the Documentation which You have provided (a “Verification”).

3). At your discretion, You may save the Documentation on the Site for your use in responding to

future requests from the same or other Requesters (the “PlanetVerify Secure Vault function”).

4).   We offer the Requester a secure central storage where the Documentation of each Information Provider is held.

5).   We offer and strongly recommend the Requester, and the PlanetVerify Secure Vault function user,  to use 2 Factor Authentication (2FA) for all Documentation held in our secure cloud. This adds significantly to security as it requires a code from your device as well as the secure password in order to access Documentation on a device or computer.

6).   We offer the Requester, and the PlanetVerify Secure Vault function user, a “One-Click” option to Purge an entire Information Provider’s Documentation and this can be done with data you provide if you request them to do so.

(together, the “Services”).

For the purpose of the Data Protection Acts 1988, 2003 and 2018 and the General Data Protection Regulation in the provision of the Service, the data controller is the Requester and we act as Data Processor (to the extent that we process personal data on their behalf).  We also act as a data controller for our own employees, when registering enterprise users, and when responding to requests for assistance.

5. Information we may collect from you

On your request and in order to provide the Services, we may process the following data about you:

  • Information you submit (“Submitted information”): This includes any Documentation which you transmit to a Requester using the Weblink. Such documentation may include personal data. You may also give us information about you by filling in forms on the Weblink, or by corresponding with us (for example, by e-mail or chat). This also includes information you provide when you register to use the Weblink, subscribe to any of our Services, search for a Weblink and when you report a problem with Weblink or our Services or ask for assistance and you choose to provide data.    This includes any Documentation which you choose to transmit to a Requester using the Weblink. Such documentation may include personal data. You may also give us information about you by filling in forms on the Weblink, or by corresponding with us (for example, by e-mail or chat). This also includes information you provide when you register to use the Weblink,  subscribe to any of our Services, search for the Weblink or Service. When you report a problem with the Weblink or our Services or ask for assistance and in doing so, you choose to provide data to us, in this case some of that data may be sent outside the EEA through our support systems.

 

  • Information we collect about you and your device. Each time you visit one of our websites or use the Weblink we may automatically collect the following information:
    • Technical information, including the type of mobile device you use, a unique device identifier (for example, your Device’s, the MAC address of the Device’s wireless network interface, or the mobile phone number used by the Device), mobile network information, your mobile operating system, the type of mobile browser you use, and the time zone setting (the “Device Information”).
    • Details of your use of any of the Weblink or your visits to any of our websites including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access (the “Log Information”).
    • Location information. To provide additional security and defense to PlanetVerify’s platform and WebApp we may also use technology to determine your current location. Some of our location-enabled services require your location for this security feature to work.  You can withdraw your consent at any time by altering your device setting.
  • Information we receive from other sources (“Third Party Information”). We are working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them. We also may receive information about you from third parties with whom we work in order to Verify the Documentation (if requested to do so by the Document Requester or by you). Further details about the Verification of Documentation can be found in our EULA.

  If you contact us, we may keep a record of that correspondence.

  • Unique application numbers: when you install or uninstall a Service containing a unique application number or when such a Service searches for automatic updates, that number and information about your installation, for example, the type of operating system, may be sent to us.

 

  •  Cookies

We use cookies to distinguish you from other users of the Weblink and our website. This helps us to provide you with a good experience when you use the Weblink or browse the site and also allows us to improve the Weblink or site.

Certain information about you, (including personal information), may be collected through the use of cookies when you use our Services and the App. Some of these cookies are essential for the App to operate and ensure that we provide the Services as requested. By using our Services you agree to the use of certain non-essential cookies unless you set your browser to reject them.

A cookie is a small text file that is stored on your Device’s hard drive or browser. We use cookies and the information contained therein for a number of purposes including but not limited to:

  • tracking the duration of visits and content accessed; and
  • storing frequently used user information to personalise your online experience and ease the log-in process.

Set out below is an indicative list of the types of cookies we use:

Cookie Type

Authentication Cookie

Purpose

An anonymous identifier used to recognise a visitor during a session.

More information

It expires after 30 minutes

Two-Factor Authentication Cookie

Used to store the last successful 2FA authentication.

It is used to recognise you as a returning 2FA user

Analytics Cookies

These are used to collect information about how visitors use our website/App. We use the information to compile reports and to help us improve the website/App

 

The cookies collect information in an anonymous form, including the number of visitors to our website/App, where visitors have come to the website from and the pages they visited.

You may block cookies by activating the setting on your browser which allows you to refuse the setting of all or some cookies.  However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website/Weblink. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies as soon you visit our website/Weblink. Further information on cookies and how websites use them can be obtained at www.cookiecentral.com

6. Uses made of the information

We use information held about you in the following ways:

  • Submitted Information: We will use the Submitted Information in the manner set out in the EULA and this Data Protection Policy including but not limited to:
    • Providing the Services by transmitting your Documentation as instructed by you, to the Document Requester
    • Verifying the authenticity of the Documentation including by contacting third parties to do so; and
    • Responding to your requests for assistance.
  • Device information: For Weblink compatibility issues and potentially for multi-factor Verification purposes.
  • Log information: For the assistance of identity verification or trouble shooting purposes.
  • Location information: We may use this information for verification/authentication purposes.
  • Third Party Information: For the assistance of identity verification/authentication.
  • Unique application numbers: As described above and also for multi-factor verification purposes.

We may associate any category of information with any other category of information and if such data then constitutes personal data, we will treat it as such.

7. Disclosure of your information

We may disclose some or all of the data we collect from you when you download or use the App to the following third parties:

Category of dataRecipient
The Documentation which you uploadThe Requester (i.e. the third party with whom you share the Documentation using the Weblink).
The Documentation which you uploadThird parties (such as utility companies) who we may contact on behalf of the Requester in order to Verify the Documentation in question.

We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries.

We may disclose your personal information to third parties:

  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
  • If Planet Verify or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request.
  • In order to:
    • enforce or apply the EULA, and other agreements or to investigate potential breaches; or
    • protect the rights, property or safety of Planet Verify our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

8. Where we store your personal data

To the extent that we do store data which we collect from you, the data that we collect from you will be stored within the European Economic Area (“EEA”). We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this data protection policy.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to us; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

We may collect and store personal data on your Device using browser web storage (including HTML 5) and other technology.

9. Your rights regarding marketing

You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. We may also collect business contact information from third parties to market our products and services. You can exercise the right at any time by contacting us at info@planetverify.com.

10. Access to information

The Data Protection Acts 1988, 2003 and 2018 and the General Data Protection Regulation give you the right to access information held about you. Your right of access can be exercised in accordance with those Acts. Please contact us at info@planetverify.com to discuss this further.

11. Changes due to data protection policy

Any changes we may make to our data protection policy in the future will be posted on this page and, where appropriate, notified to you when you next log in to the Weblink. The new terms may be displayed on-screen and you may be required to read and accept them to continue your use of the Weblink or the Services. This policy was last revised in January 2022.

12. Contact

Questions, comments and requests regarding this data protection policy are welcomed and should be addressed to info@planetverify.com.

(353) 1-44 33 848

info@planetverify.com

Copyright © 2022 PlanetVerify. All Rights Reserved coll