1. Welcome To Verifica

Welcome to Verifica! We are ID Verification and Fraud Prevention SaaS for B2B. Throughout this policy, the terms "Verifica," "we," "us," and "our" refer to our company. We are dedicated to delivering secure B2B solutions for efficient identity verification. This Privacy Policy sheds light on how we handle personal information related to our website, Verifica.com, and its associated services.

This policy outlines how we gather, utilize, and disclose your data when you use our Services. It also informs you about your privacy rights and legal protections. By engaging with our Services, you consent to our data handling practices as described herein.

2. Understanding Personal Information

In this policy, "personal information" denotes data that can potentially identify or be linked to an individual. This does not encompass aggregated or anonymized data, or other data not classified as personal under relevant data protection legislation.

Given our B2B focus, most of the personal data we manage is related to our clients' consumers. We handle this data for fraud prevention and compliance, within the confines of our client contracts.

This policy doesn't delve into:
- Our clients' personal data processing techniques.

3. Data Collection for Marketing & Advertising

Like many digital platforms, in collaboration with third-party providers, we might automatically gather data from devices and user activities on our Site. If you opt-in, we might share some personal data. To change your preferences about cookie sharing, you can opt-out anytime. We might also amass B2B-related data, including contact and employment specifics, from marketing vendors. This can be combined with data we collect directly from you, aiding in our marketing efforts.

4.Grounds for Data Processing

If your jurisdiction mandates legal bases for personal data processing, we do so on these grounds:

• Legal compliance

• Our clients' valid interests, like B2B marketing, product enhancement, business operations, and terms/policy adherence

• Protection of your or another's vital interests.

• With your explicit consent, e.g., when you share specific personal attributes during a verification application.

5. Sharing/Disclosing Personal Information

Your personal data might be shared/disclosed in these scenarios:

• Affiliates: With companies under our ownership or control.

• Your Employer/Company: If our Services are accessed via your employer.

• Survey Providers: With third parties helping us with our surveys.

• Marketing Providers: To communicate about our available Services.

• Customer Service and Communication Providers: With entities aiding in our customer support and communication.

• Other Service Providers: Third parties that provide services like IT, analytics, payment processing, hosting, and administrative services.

• Business Transactions: In mergers, acquisitions, joint ventures, asset sales, or similar activities.

• Legal Obligations and Rights: Disclosure to entities like legal advisors or law enforcement, based on various reasons such as legal claims, laws, rights protection, fraud prevention, health, safety, or other legal requirements.

• Consent or Direction: With specific third parties upon your approval or request, like publishing a testimonial.

• Customers/Suppliers: To facilitate our Services.

6. Protection of Minors' Data

Although our Services are primarily designed for individuals aged 18 and above, there are instances where our clients might provide us with information concerning individuals below this age, especially in processes like age verification. Whenever such data is required, we make sure through contractual obligations that our clients have the necessary permissions as mandated by relevant privacy laws. We make it clear that we don’t intentionally collect personal data from children below 13. If you discover a minor has inadvertently provided their information, please get in touch so we can take the necessary steps to erase it.

Additionally, Verifica may share your information with:

• Our group's entities to enhance service delivery and business support.

• External parties aiding us in operations, such as IT providers, data analysts, and other support services.

• Potential or current business partners in mergers, acquisitions, or similar corporate activities.

• Law enforcement or other legal entities where required by law or to safeguard our rights.

• Any other party with your explicit consent or under lawful conditions, including sharing data on behalf of our clients for fraud prevention.

We emphasize that wherever possible, we bind recipients of shared data to stringent data protection clauses, especially if the recipient is from a country with different data protection standards.

7. Your Privacy Rights

Depending on where you reside (U.S states including but not limited to California, Virginia, Colorado, and Connecticut), you may be entitled to:

• Access your personal data.

• Port your data to another organization or receive it in a usable format.

• Opt-out from us selling your information.

• Withdraw your data consent.

• Request deletion of your data.

• Limit or restrict data processing.

• Correct inaccuracies in your data.

• Object to certain data processing activities.

• Acquire information on our legitimate interest basis for data processing.

Residents of Nevada can use our webform to prevent future data sales, even though we don’t currently sell data for monetary gains. California residents have additional rights under the "Shine the Light" law regarding information disclosure and can also request limited use of their sensitive information under specific CCPA regulations.

Note: If you're covered by GDPR, please be aware that some rights are contingent upon internal assessments ensuring GDPR grounds are met.

This update aims to provide clarity on our practices. However, always remember that the use of our Services indicates your agreement to these terms.

8. Initiating a Privacy Rights Request

To exercise your privacy rights, kindly use our webform or reach out to us via phone or post. The details for these can be found in the “Contact Us” section of this Privacy Policy. There is no fee associated with making these requests. Typically, our response time is one calendar month, but it might differ based on your location. For instance, if you're in the US, our response time could extend up to 45 days based on your specific state. Should GBG be unable to fulfill your request, a detailed explanation will be provided.

9. Identity Verification

Given the sensitive nature of personal data, we may need you to verify your identity when you request access or modifications to your data. This could involve providing a copy of a valid ID, ensuring that the requester is genuine.

10. Using an Authorized Representative

If you're using an authorized agent to act on your behalf, we'll need written authorization from you. Alternatively, a legal Power of Attorney will suffice. To begin the process, have your agent complete our webform, attaching any required authorization documents.

4. Data Collection for Identity Services

We gather specific data about our clients' users to offer our Identity Services. The data type varies based on the service we're rendering. To ensure user privacy and reduce security risks, where feasible, we use techniques like pseudonymization and data aggregation.

11. Document Verification

Verifica's system confirms the authenticity of global documents by examining their images or videos. The system extracts data either directly from the visual content or from any embedded security chips. This helps in checking if the document is genuine and detecting any fraudulent activities.

Information Extracted: This might include personal details such as name, document number, date of birth, and other specifics embedded in barcodes, QR codes, or security chips.

12. Data Verification Services

Verifica aids clients with data verification through a combination of reliable Data Providers and our internal verifications. Our primary goal is to ensure user verification, detect any fraud, and fulfill AML and KYC mandates. We achieve this by cross-referencing personal data supplied by the client or user with databases from our trusted Data Providers.

Our global verification network varies based on user locations. This may encompass voter lists, driver's license databases, government data sources, and more.

Information Gathered: Depending on the service chosen by Verifica's client and location-based checks available, we might collect contact details, social security numbers, details from uploaded utility bills, or other pertinent data provided by Data Providers.

This update ensures that you are informed about how your data is managed. Your continued use of our services indicates your agreement to these terms.

13. Fraud Detection and Device Authenticity

Verifica utilizes multiple fraud detection techniques. Some are specific to certain Identity Services chosen by our clients, while others are universally applied. As an example, we scrutinize the metadata of the document's image or video and its user, like detecting any editing software, to evaluate the user's authenticity.

In our commitment to safeguarding user privacy, we minimize the use of personal information by pseudonymizing, aggregating, and de-identifying data wherever feasible.

With Verifica, clients can ascertain the legitimacy of devices, emails, or phone numbers linked to suspected fraud, unusual patterns, or manipulative actions. Passive signals, like mobile numbers or device details, might be collected as users engage with the client’s platform or our Identity Services. These signals, combined with other data such as your IP address and device interactions, aid in determining user genuineness, risk assessment, and identifying your approximate location based on your IP.

We might also cross-reference information provided during checks, including biometric verifications, with previously verified, pseudonymized, or de-identified data. This enhances identity verification, safeguarding both our client and their users from potential frauds.

14. Additional Data Collection

To ensure compliance with global sanctions, biometric, and privacy laws pertaining to our Identity Services, we might collect your general geographic location, such as city or country. This can be acquired directly, via clients, or approximated using your IP address, facilitating localized services and obtaining any essential biometric permissions. When processing data for legal compliance, we act as a data controller, motivated by our commitment to align with prevailing regulations. Our approach emphasizes striking a balance between our interests and the rights of end users, ensuring location data is processed up to a city level.

Furthermore, we maintain logs detailing interactions of clients, users, and Data Providers with our Identity Services. These logs, essential for legal and regulatory compliance, security monitoring, and service enhancement, might consist of timestamps, upload methods, and device details. As always, we prioritize pseudonymizing, aggregating, and de-identifying information for statistical and business insights.

By continuing to use our services, you consent to these terms.

15. Automated Decision-Making & Verifica Analysis

Whenever we execute identity verification or a check for a client, an Verifica Analysis is forwarded to the said client, detailing our recommendation along with its basis. This reasoning is derived from a combination of machine learning models and human evaluations. As these methods continuously evolve, listing them here would be challenging. However, a current list can be found in our Technical Documentation, primarily consulted by our integrating clients.

16. Successful Verifica Assessments

Our analyses furnish clients with recommendations, aiding their decisions regarding user progression. If we verify a user's identity without any indications of fraud or other discrepancies, the client is informed of the successful verification.

17. Unsuccessful Verifica Assessments

In cases where identity verification is inconclusive due to reasons like unclear document images or inconsistencies in provided details, or if there are hints of fraudulent activity, we return with outcomes labeled 'Consider', 'Suspected', 'Rejected', or 'Caution'. Clients will then determine their next steps based on our feedback and their internal procedures, which may involve declining the user, proceeding nonetheless, or necessitating further verification. We might assist with these extended evaluations.

18. Information Utilization for Identity Services

At Verifica, our aim is to demystify digital identity. With client consent and legal permissibility, we leverage the gathered information to enhance our Identity Services. This involves refining algorithms, innovating, and introducing new checks and offerings to more accurately verify identities and detect fraudulent activities. This iterative process, known as machine learning, enables our systems to recognize patterns and deduce information from new data sets. Benefiting from a vast collection of global images and fraud datasets, our machine learning models are trained to extract document data, identify fraud, and carry out facial verifications. Our human experts augment this process, especially when machine learning is still adapting. Periodic re-evaluations ensure service reliability, especially when we introduce new features or conduct quality assessments. This collective progress fortifies Verifica's offerings for all stakeholders. When we utilize data for our Identity Services' enhancement, we base it on the legitimate interest of clients and Verifica. We have instituted measures, like pseudonymization and rigorous security protocols, to prioritize user rights and interests.

19. Data Preservation

At Verifica, user privacy is paramount. We incessantly strive to minimize potential data threats by limiting stored data. We also employ methods like pseudonymization, aggregation, and de-identification to ensure utmost confidentiality and diminish security risks. We offer our Identity Services at our clients' behest, and it's the clients who inform us about data retention durations, based on legal mandates, Data Providers' directives, or our guidelines. Users wishing to request data deletion should approach the client who conducted their check. Further details on this process are provided under the "Your Rights" section. In exceptional scenarios, mandated by genuine legal reasons, data may be retained beyond the specified duration.