LoginID Privacy Statement
- INTRODUCTION
-
WHEN DOES THIS
PRIVACY STATEMENT APPLY? -
WHO IS RESPONSIBLE
FOR YOUR PERSONAL DATA? -
FOR WHICH PURPOSES
DO WE PROCESS
YOUR PERSONAL DATA? - COOKIES
-
WHO HAS ACCESS
TO YOUR PERSONAL DATA? -
HOW ARE YOUR
PERSONAL DATA SECURED? -
HOW LONG ARE YOUR
PERSONAL DATA RETAINED? -
HOW CAN YOU EXERCISE
YOUR PRIVACY RIGHTS? -
DO YOU HAVE QUESTIONS
OR COMPLAINTS?
1. INTRODUCTION
This is the LoginID Privacy Statement for consumer, customer,
supplier and business partner data, where this information relates
to an individual. This Privacy Statement provides information on the
processing of personal data by LoginID, hereafter LoginID, we or us.
In this Privacy Statement we describe who we are, how and for which purposes we process your personal data, how you can exercise your privacy rights and all other information that may be relevant to you.
We did our best to provide you with all information in a clear and readable format. However, if you have any questions about our use of your personal data after reading this Privacy Statement, you can of course always contact us through the contact details provided below.
This Privacy Statement may be changed over time. The most up-to-date Privacy Statement is published on our website. This Privacy Statement applies from September 1, 2020. The last modifications to this Privacy Statement were made on September 1, 2020.
In this Privacy Statement we describe who we are, how and for which purposes we process your personal data, how you can exercise your privacy rights and all other information that may be relevant to you.
We did our best to provide you with all information in a clear and readable format. However, if you have any questions about our use of your personal data after reading this Privacy Statement, you can of course always contact us through the contact details provided below.
This Privacy Statement may be changed over time. The most up-to-date Privacy Statement is published on our website. This Privacy Statement applies from September 1, 2020. The last modifications to this Privacy Statement were made on September 1, 2020.
2. WHEN DOES THIS PRIVACY STATEMENT APPLY?
This Privacy Statement is applicable to the processing by LoginID of
all personal data of business clients and their end-users. LoginID’s
Business Clients are our affiliated partners (merchants,
applications, and websites), resellers, and agents that have
integrated with the LoginID service. This Privacy Statement does not
address the processing of personal data of applicants or employees
in the context of their employment relationship with LoginID.
It is LoginID ’s policy to comply with the privacy legislation within each jurisdiction in which we operate. Sometimes the privacy legislation and/or an individual’s right to privacy are different from one jurisdiction to another. This Privacy Policy has a limited scope and application. Consequently, the rights and obligations contained in this Privacy Policy may not be available to all individuals or in all jurisdictions. If you are unsure if or how this Privacy Policy applies to you, please contact our Privacy Officer for more information.
It is LoginID ’s policy to comply with the privacy legislation within each jurisdiction in which we operate. Sometimes the privacy legislation and/or an individual’s right to privacy are different from one jurisdiction to another. This Privacy Policy has a limited scope and application. Consequently, the rights and obligations contained in this Privacy Policy may not be available to all individuals or in all jurisdictions. If you are unsure if or how this Privacy Policy applies to you, please contact our Privacy Officer for more information.
3. WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA?
LoginID is either a data controller or a data processor for the
processing of all personal data that fall within the scope of this
Privacy Statement. More information on what our specific data
protection role is in relation to our processing activities can be
found below, under Section 4 “For which purposes do we process your
personal 2 data?”. This Privacy Statement provides information on
what personal data are collected and used (processed) by LoginID and
for what purpose, and to which persons or entities the data will or
may be provided. LoginID will not share your personal data with
external parties, unless specifically requested by the responsible
business client or the data subject, or otherwise to comply with a
legal obligation.
4. FOR WHICH PURPOSES DO WE PROCESS YOUR PERSONAL DATA?
4.1 When you make use of the LoginID service
When you use the LoginID service, whether as a developer or as an end-user of one of our business clients, we will process your personal data. Through our authentication process, we process your personal data to create your credentials, so that you can always authenticate yourself on the LoginID service. Once verified, we store and manage your personal data so that it is secure and readily accessible, and retrieved at your request or at request of our business clients.
When you use the LoginID service, whether as a developer or as an end-user of one of our business clients, we will process your personal data. Through our authentication process, we process your personal data to create your credentials, so that you can always authenticate yourself on the LoginID service. Once verified, we store and manage your personal data so that it is secure and readily accessible, and retrieved at your request or at request of our business clients. As part of our continuing efforts to manage and maintain our business operations including investigating and resolving incidents, and securing the integrity of the LoginID service, we may monitor, and log the interactions of developers and administrators.
(a) Client device verification and authentication
In order for you to use the LoginID service, we process your personal data to verify your device. The one-time verification process creates the credentials through which you and our customers authenticate themselves when using the platform(s) and/or service(s) of our business clients who have integrated with the LoginID service. For these processing activities, our business clients are the data controller and LoginID is the data processor.
Client device verification and authentication relies on Strong Customer Authentication (SCA), based on the FIDO protocols, which uses standard public key cryptography technologies to provide stronger and more effective authentication. When using the LoginID service for the first time, we need you to register your device with the online service that you want to log in to and unlock the FIDO authenticator by presenting your local device with a biometric (such as your fingerprint, facial recognition, or iris scanning). The device will create a public/private key pair that is unique to (i) your device, (ii) the business client’s online service and (iii) your account (with that service). The public key is stored with LoginID while your private key (including any biometric information) never leaves your device.
For these purposes, we process your username, e-mail address, IP-address and FIDO public key. For administrators and developers of our business clients, LoginID processes the same categories of personal data in addition to e-mail address and country of business.
The legal basis for this processing activity is the performance of a contract.
(b) Data management, storage, and collection
We manage and store your personal data on behalf of and according to the instructions of our business clients. LoginID ensures that your personal data is both accessible, reliable, and can be retrieved at your request or at request of our business clients.
For these purposes, we process the personal data provided to us by you and those personal data provided by our business clients. This processing is limited to your username, e-mail address, IP-address, and FIDO public key.
The legal basis for this processing activity is the performance of a contract.
(c) Monitoring and logging
To ensure the security of your personal data and compliance the Terms and Conditions of our service, we monitor the behaviour of developers and administrators of our partnered business clients. The log data that we collect works as a forensic trail and allows us to respond to incidents quickly and resolve them effectively. This processing activity allows us to monitor administrator interactions around dashboard-related activities.
For this purpose, we may process personal data such as the administrator username, activity timestamp, user roles, and generated errors (if any). The legal basis for this processing activity is our legitimate interest.
(d) To manage, maintain and develop the LoginID service and business operations
We process your personal data in order to assess, analyse and improve the LoginID service. We use aggregated personal data to analyse how users interact with the service and the features it provides, so that we may adjust and improve our products and services accordingly. By analysing this aggregated personal data, we can calculate certain values such as the percentage of end-users authenticating themselves with biometrics versus username and password, or the percentage of end-users use their desktop versus device.
For this purpose, we may process personal data such as IP-address, particular authentication factors used (such as SMS, biometric, username and password), browser, device information, and geolocation of your network.
The legal basis for this processing activity is legitimate interest.
4.2 When you interact with LoginID (online or offline)
If you get in touch with us via info@loginid.io on the LoginID website, we will use your personal data in order to reply to and answer your question. For this purpose, we process your name, contact details, your correspondence with us your question and all other personal data which are necessary to answer your question.
We are active on social media platforms like LinkedIn and Telegram. When you contact us through these channels, we will assume your consent to the collection, use and disclosure of your personal information for the purposes related to answering your questions and responding to your messages. We process your personal data accordingly, including your (user)name, email address, and the personal data you have included in your message.
The legal basis for this processing activity is consent.
4.3 For the management and improvement of our internal business operations
LoginID collects personal information to enable us to manage, maintain and develop our business and operations, including:
● to establish, maintain and manage our relationship with you so that we may provide you with, or receive from you, the products and services that have been requested (for example, we will use your personal information to establish your identity and credentials so that we may provide you with the products and services that you have requested);
● to review the products and services that we provide to you so that we may understand your requirements for our products and services and so that we may work to improve our products and services;
● to review the products and services that we obtain from you so that we may work with you and so that you may understand our requirements for such products and services;
● to comply with your requests (for example, if you prefer to be contacted at a business or residential telephone number and advise us of your preference, we will use this information to contact you at that number);
● to protect us against error, fraud, theft and damage to our goods and property;
● to enable us to undertake our environmental, health and safety activities, including incident planning, response and investigation;
● and any other reasonable purpose to which you consent.
4.4 To comply with the law
In some cases, we process your personal data to comply with laws and regulations. This could, for example, be the case where tax or business conduct related obligations apply. In order to comply with relevant laws and regulations, we may need to disclose your personal data to government institutions or supervisory authorities.
The categories of personal data processed for this purpose depends on the legal obligation and we will limit the processing of the personal data to what is strictly necessary to comply with that obligation.
When you use the LoginID service, whether as a developer or as an end-user of one of our business clients, we will process your personal data. Through our authentication process, we process your personal data to create your credentials, so that you can always authenticate yourself on the LoginID service. Once verified, we store and manage your personal data so that it is secure and readily accessible, and retrieved at your request or at request of our business clients.
When you use the LoginID service, whether as a developer or as an end-user of one of our business clients, we will process your personal data. Through our authentication process, we process your personal data to create your credentials, so that you can always authenticate yourself on the LoginID service. Once verified, we store and manage your personal data so that it is secure and readily accessible, and retrieved at your request or at request of our business clients. As part of our continuing efforts to manage and maintain our business operations including investigating and resolving incidents, and securing the integrity of the LoginID service, we may monitor, and log the interactions of developers and administrators.
(a) Client device verification and authentication
In order for you to use the LoginID service, we process your personal data to verify your device. The one-time verification process creates the credentials through which you and our customers authenticate themselves when using the platform(s) and/or service(s) of our business clients who have integrated with the LoginID service. For these processing activities, our business clients are the data controller and LoginID is the data processor.
Client device verification and authentication relies on Strong Customer Authentication (SCA), based on the FIDO protocols, which uses standard public key cryptography technologies to provide stronger and more effective authentication. When using the LoginID service for the first time, we need you to register your device with the online service that you want to log in to and unlock the FIDO authenticator by presenting your local device with a biometric (such as your fingerprint, facial recognition, or iris scanning). The device will create a public/private key pair that is unique to (i) your device, (ii) the business client’s online service and (iii) your account (with that service). The public key is stored with LoginID while your private key (including any biometric information) never leaves your device.
For these purposes, we process your username, e-mail address, IP-address and FIDO public key. For administrators and developers of our business clients, LoginID processes the same categories of personal data in addition to e-mail address and country of business.
The legal basis for this processing activity is the performance of a contract.
(b) Data management, storage, and collection
We manage and store your personal data on behalf of and according to the instructions of our business clients. LoginID ensures that your personal data is both accessible, reliable, and can be retrieved at your request or at request of our business clients.
For these purposes, we process the personal data provided to us by you and those personal data provided by our business clients. This processing is limited to your username, e-mail address, IP-address, and FIDO public key.
The legal basis for this processing activity is the performance of a contract.
(c) Monitoring and logging
To ensure the security of your personal data and compliance the Terms and Conditions of our service, we monitor the behaviour of developers and administrators of our partnered business clients. The log data that we collect works as a forensic trail and allows us to respond to incidents quickly and resolve them effectively. This processing activity allows us to monitor administrator interactions around dashboard-related activities.
For this purpose, we may process personal data such as the administrator username, activity timestamp, user roles, and generated errors (if any). The legal basis for this processing activity is our legitimate interest.
(d) To manage, maintain and develop the LoginID service and business operations
We process your personal data in order to assess, analyse and improve the LoginID service. We use aggregated personal data to analyse how users interact with the service and the features it provides, so that we may adjust and improve our products and services accordingly. By analysing this aggregated personal data, we can calculate certain values such as the percentage of end-users authenticating themselves with biometrics versus username and password, or the percentage of end-users use their desktop versus device.
For this purpose, we may process personal data such as IP-address, particular authentication factors used (such as SMS, biometric, username and password), browser, device information, and geolocation of your network.
The legal basis for this processing activity is legitimate interest.
4.2 When you interact with LoginID (online or offline)
If you get in touch with us via info@loginid.io on the LoginID website, we will use your personal data in order to reply to and answer your question. For this purpose, we process your name, contact details, your correspondence with us your question and all other personal data which are necessary to answer your question.
We are active on social media platforms like LinkedIn and Telegram. When you contact us through these channels, we will assume your consent to the collection, use and disclosure of your personal information for the purposes related to answering your questions and responding to your messages. We process your personal data accordingly, including your (user)name, email address, and the personal data you have included in your message.
The legal basis for this processing activity is consent.
4.3 For the management and improvement of our internal business operations
LoginID collects personal information to enable us to manage, maintain and develop our business and operations, including:
● to establish, maintain and manage our relationship with you so that we may provide you with, or receive from you, the products and services that have been requested (for example, we will use your personal information to establish your identity and credentials so that we may provide you with the products and services that you have requested);
● to review the products and services that we provide to you so that we may understand your requirements for our products and services and so that we may work to improve our products and services;
● to review the products and services that we obtain from you so that we may work with you and so that you may understand our requirements for such products and services;
● to comply with your requests (for example, if you prefer to be contacted at a business or residential telephone number and advise us of your preference, we will use this information to contact you at that number);
● to protect us against error, fraud, theft and damage to our goods and property;
● to enable us to undertake our environmental, health and safety activities, including incident planning, response and investigation;
● and any other reasonable purpose to which you consent.
4.4 To comply with the law
In some cases, we process your personal data to comply with laws and regulations. This could, for example, be the case where tax or business conduct related obligations apply. In order to comply with relevant laws and regulations, we may need to disclose your personal data to government institutions or supervisory authorities.
The categories of personal data processed for this purpose depends on the legal obligation and we will limit the processing of the personal data to what is strictly necessary to comply with that obligation.
5. Cookies
We also collect information through the use of cookies. Cookies are
small files of information which save and retrieve information about
your visit to this website – for example, how you entered our site,
how you navigated through the site, and what information was of
interest to you.
6. WHO HAS ACCESS TO YOUR PERSONAL DATA?
6.1 Access to your personal data within LoginID
As a global organisation, data we collect may be transferred internationally throughout our worldwide organisation. Our employees are authorised to access personal data only to the extent necessary to serve the applicable purpose and to perform their jobs.
6.2 Access to your personal data by third parties
The following third parties might have access to your personal data for the purpose of provisioning of their products or services to us:
● Amazon Web Services (AWS) – hosting and storage services
● Pipedrive – customer relationship management
● Mailchimp – integrated marketing platform for small businesses
● Google Analytics - statistics and analytics service
● Crisp - customer messaging platform
When third parties are given access to your personal data, we will take the required contractual, technical and organisational measures to ensure that your personal data are only processed to the extent that such processing is necessary. The third parties will only process your personal data in accordance with applicable law.
If your personal data are transferred to a recipient in a country that does not provide an adequate level of protection for personal data, we will take measures to ensure that your personal data are adequately protected, such as entering into EU Standard Contractual Clauses with these recipients.
In other cases, your personal data will not be supplied to third parties, except where required by law.
6.3 The use of your personal data by data (sub-)processors
When a third party processes your personal data solely following LoginID instructions, it acts as a data (sub-)processor. We enter into an agreement with such a data processor for the processing of personal data. In this agreement we include obligations to ensure that your personal data are processed by the data processor solely to provide services to us.
As a global organisation, data we collect may be transferred internationally throughout our worldwide organisation. Our employees are authorised to access personal data only to the extent necessary to serve the applicable purpose and to perform their jobs.
6.2 Access to your personal data by third parties
The following third parties might have access to your personal data for the purpose of provisioning of their products or services to us:
● Amazon Web Services (AWS) – hosting and storage services
● Pipedrive – customer relationship management
● Mailchimp – integrated marketing platform for small businesses
● Google Analytics - statistics and analytics service
● Crisp - customer messaging platform
When third parties are given access to your personal data, we will take the required contractual, technical and organisational measures to ensure that your personal data are only processed to the extent that such processing is necessary. The third parties will only process your personal data in accordance with applicable law.
If your personal data are transferred to a recipient in a country that does not provide an adequate level of protection for personal data, we will take measures to ensure that your personal data are adequately protected, such as entering into EU Standard Contractual Clauses with these recipients.
In other cases, your personal data will not be supplied to third parties, except where required by law.
6.3 The use of your personal data by data (sub-)processors
When a third party processes your personal data solely following LoginID instructions, it acts as a data (sub-)processor. We enter into an agreement with such a data processor for the processing of personal data. In this agreement we include obligations to ensure that your personal data are processed by the data processor solely to provide services to us.
7. HOW ARE YOUR PERSONAL DATA SECURED?
LoginID has taken adequate safeguards to ensure the confidentiality
and security of your personal data. We have implemented appropriate
technical, physical and organisational measures to protect personal
data against accidental or unlawful destruction or accidental loss,
damage, alteration, unauthorised disclosure or access as well as all
other forms of unlawful processing (including, but not limited to,
unnecessary collection) or further processing. Examples are IT
security policies, staff training and secure servers.
8. HOW LONG ARE YOUR PERSONAL DATA RETAINED?
Your personal data will be removed or made anonymous when your
personal data is no longer necessary for the purposes for which
these personal data are processed. However, LoginID’s role as a
processor means that the applicable retention periods are determined
by our business clients.
9. HOW CAN YOU EXERCISE YOUR PRIVACY RIGHTS?
You have the right to request access to an overview of your personal
data, and, under certain conditions, rectification and/or erasure of
personal data. In addition, you may also have the right of
restriction of processing concerning your personal data, the right
to object to processing as well as the right to data portability.
To invoke your right of access, rectification, and/or erasure of personal data, your right of restriction of processing, and/or your right to object to processing as well as to invoke your right to data portability please:
● If you are one of our clients’ end-users: please contact our client directly.
● If you are one of our client developers or admins: please contact us at privacy@loginid.io.
If you have given your consent to a certain purpose, you can withdraw your consent at any time. Please keep in mind that withdrawal does not have retrospective effect. You can contact us by using the contact details at the bottom of this Privacy Statement.
To invoke your right of access, rectification, and/or erasure of personal data, your right of restriction of processing, and/or your right to object to processing as well as to invoke your right to data portability please:
● If you are one of our clients’ end-users: please contact our client directly.
● If you are one of our client developers or admins: please contact us at privacy@loginid.io.
If you have given your consent to a certain purpose, you can withdraw your consent at any time. Please keep in mind that withdrawal does not have retrospective effect. You can contact us by using the contact details at the bottom of this Privacy Statement.
10. DO YOU HAVE QUESTIONS OR COMPLAINTS?
If you have any further questions about the way we process your
personal data, please contact us at privacy@loginid.io.
Should you still be of the opinion that your request or complaint was not handled satisfactorily by us, you have the right to lodge a complaint with your local data
protection supervisory authority. Please contact your local data protection supervisory authority through the contact details on their website.
Should you still be of the opinion that your request or complaint was not handled satisfactorily by us, you have the right to lodge a complaint with your local data
protection supervisory authority. Please contact your local data protection supervisory authority through the contact details on their website.
Connect with us
129 Spadina Avenue Suite 200
Toronto, Ontario, Canada
M5V 2L3
Toronto, Ontario, Canada
M5V 2L3
400 Concar Dr
San Mateo, CA, USA
94402
San Mateo, CA, USA
94402
Trade Centre
135 Bonham Strand
Sheung Wan, Hong Kong
135 Bonham Strand
Sheung Wan, Hong Kong
Join Our Mailing List to get the latest updates!