iProov is committed to protecting privacy when we process our customers data. This Privacy Notice explains what personal information we collect from you when you use our Private Demonstration Application and how we use it. The notice also explains each parties’ responsibilities when using the iProov Private Demonstration Application.
When you use the iProov Private Demonstration Application, iProov is a Processor of your data and you are a Controller. You make certain decisions on what data is uploaded to our application and who can use it. WE process this data upon your request and instructions.
When you use the iProov Private Demonstration Application you are responsible for collecting any consent necessary from your users for iProov to process your data. You are responsible for all of the data entered into the iProov Private Demonstration Application and for adhering to any applicable law relating to you being a Data Controller.
iProov is responsible for adhering to applicable law relating to Data Processors.
The personal data we collect from your users is:
iProov also collects other data when the iProov Private Demonstration Application is used. This data is not personal data but is shown here for transparency purposes.
Each time your users submit imagery for the purposes of authentication (an “authentication attempt”) iProov uses automated imagery analysis and biometric matching technology to verify them as a living person, to detect impersonation and spoofing attempts.
iProov processes facial imagery (we call this “enrolment imagery”) when enrolling a user in the service. This allows us to perform face-matching during subsequent authentication attempts. We process the enrolment imagery to create a biometric template which can be used for face-matching against authentication attempts. This biometric template is linked to a user’s unique user identifier “User ID”. iProov may update and change the biometric template over time to improve the performance of the matching.
For the purposes of identifying that the person performing the authentication attempt is the same as in the enrolment imagery, iProov compares the biometric template from imagery taken in the authentication attempt with the biometric template taken from the user’s enrolment imagery. The resulting probability of a match between the two biometric templates determines whether iProov issues a pass or fail result for the authentication attempt.
To perform anti-spoofing, which allows us to detect fraud or fake imagery in authentication attempts, we use sophisticated machine-learning algorithms. These algorithms automatically combine the data from the authentication attempt, including imagery and other sensor data “Combined User Data”. The resulting values these algorithms produce enable the system to determine whether the authentication attempt is likely to be bona fide or an attempted spoof.
For your benefit (as a user of iProov services), we monitor and analyse data on authentication attempts, where it is determined to be potentially fraudulent, to improve the accuracy of our authentications. We process imagery from authentication attempts to train, update and improve the accuracy of iProov’s biometric testing.
When iProov collects your user’s personal information, we use the data for the following purposes:
1. To Fulfil a contract between you and iProov. This includes:
2. To conduct our business and fulfil a legitimate interest. In particular:
iProov hosts its demonstration application in the United Kingdom and EEA and does not transfer data to other countries.
iProov keeps your data for a maximum of sixty (60) days after your last use of the iProov Private Demonstration Application. After this point your user’s data is permanently deleted unless you request iProov to retain it for a longer period as a part of the demonstration or evaluation.
If iProov receives data that it believes to be fraudulent it will use system and manual processes to determine whether it is or not. If data is determined to be fraudulent, iProov will retain this data indefinitely.
Under the law of certain countries, your users have rights around iProov’s use of their data. It is your obligation to manage any requests from your users to exercise their rights under data protection laws in the first instance. Where you are unable to service the requests of your users directly, iProov will
Where you make a request, iProov will try to respond to all requests within thirty (30) days. Where it is not possible to do this, we will write to you to inform you that it will take longer to meet your request and will aim to respond within ninety days (90). Where we cannot respond within this time period, we will notify you of why and of your user’s rights.
iProov has a data protection officer who can be contacted at DPO@iproov.com. If you have any questions about this Privacy Notice or about any requests to exercise your legal rights, please send an email to this address.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so would request that you contact us in the first instance.
We are registered with the ICO under number ZA441165.
iProov Limited (we, us or iProov) is a company incorporated in England & Wales under company number 07866563 whose registered office is at 14 Bank Chambers, 25 Jermyn Street, London SW1Y 6HR, England.