This statement includes both Socure’s European Union–U.S. Privacy Shield and Switzerland–U.S. Privacy Shield Privacy Statement and the Website Privacy Statement.
Socure complies with the EU–U.S. Privacy Shield Framework and the Switzerland–U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Socure has certified that it adheres to the Privacy Shield Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Privacy Shield program, and to view Socure's certification, please visit http://www.privacyshield.gov.
A full list of Privacy Shield participants and their assigned dispute providers can be found on the Department of Commerce website at: https://www.privacyshield.gov/list
Questions or complaints regarding Socure’s compliance with the Privacy Shield Principles should be first directed to Socure via one of the methods listed in the Contact Us section. Socure has further committed to refer unresolved Privacy Shield complaints to JAMS (http://www.jamsadr.com), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit JAMS for more information or to file a complaint. The services of JAMS are provided at no cost to you. EU and Swiss citizens can also, after contacting both Socure and JAMS for dispute resolution resulting in no acknowledged outcome, enter into binding arbitration to resolve a specific, individual complaint.
Socure is committed to respecting and protecting your privacy and strives to keep your personal information secure. This policy covers the collection and use of information obtained through websites on which this notice appears as well as the information we collect and process at the direction of Our Customers and through their use of our services. If you have questions or complaints regarding our privacy notice or practices, please contact us.
Socure provides the following as notice to all Customers and Consumers regarding the handling of their Personal Data as required under GDPR:
In addition to prepare for May 25, 2018, Socure has also continued to undertake the following measures:
Socure utilizes various vendors to provide its services to customers. As such, vendor agreements (via contract or other similar legal business document) control and define how vendor information is utilized and processed. Agreements include requirements for sufficient technological and business controls to meet acceptable security and privacy standards for the provided service(s).
Socure adheres to these controls to ensure that appropriate legal and technical controls are in place to buffer Socure from privacy violations on behalf of a customer, a data vendor, a service provider, or other person, organization or entity. In case of a third-party breach or privacy violation outside of Socure systems, Socure will follow internal policy and procedures for Security Incidents.
Socure has established a comprehensive Data Retention policy and Data Destruction procedures which all Socure employees must adhere to in handling Customer or Consumer Information. All requests for data destruction from customers and consumers will be performed in accordance with all applicable policies, regulations, certifications, and contractual obligations.
All data sent to or received by from Socure is data acquired via opt-in acceptance. That is, all Socure customers must provide opt-in acceptance for consumers which Socure provides identity verification processing services to.
Services that would require the use of data without opt-in specifications or controls must be disclosed to customers concerning the data privacy and provenance to reasonable ability.
Protecting our customers’ information and their users’ privacy is extremely important to us. As a SaaS company entrusted with our customers’ personally identifiable information we have set high standards for security. To ensure this security, we have successfully completed a SOC 2 Type 2 Report from the American Institute of Certified Public Accountants. Socure has also received internationally recognized security certifications for ISO 27001 (information security management system), ISO 27017 (for implementing security controls in a cloud environment), and ISO 27018 (for protecting personal data in the cloud).
In accordance with GDPR requirements, Socure will continue to adhere to established controls to protect personally identifiable information. Specifically, Socure will continue to provide security incident notifications and will continue to meet its obligations and offer contractual assurances.
Socure’s ID+ service is not intended for access or use by, and we do not knowingly collect personal information from, children under 13 years of age. If you are under 13 years of age, do not access, use or provide any information on our website, including completing the online registration process for the service, or provide any information about yourself to us, including your name, address, telephone number, email address or any other personally identifiable information. If you believe we might have any information from or about a child under 13 years of age, please contact us at: email@example.com
Our website may provide links to third-party websites for your convenience and information. If you access those links, you will leave our website. We do not control those websites or their privacy policies or practices, which may differ from ours. We, therefore, encourage you to review the privacy policies of companies and websites before submitting any personal information to them.
We collect personal information on consumers and businesses in a variety of ways, such as when you:
We also collect supplemental information from other sources, including our Vendors and publicly available sources of information.
The information we collect may include, without limitation, a person’s or business’ name, usernames, passwords, email addresses, phone numbers, date of birth, national ID information (such as Social Security Number, driver license information, passport information, etc.), IP addresses, employer name, geographic location (latitude and longitude), images, and other information necessary to access accounts or profiles with third-parties, including, but not limited to, social media sites.
We use the personal information received from Our Customers only in connection with the provision of products and services to Our Customers. We comply with the Privacy Policies of Our Customers, as applicable. We also use the personal information we receive from Individuals for verification purposes through our ID+ Identity Verification Solution. Our use of received personal information may include sharing the personal information with Vendors working for us to provide products or services to Our Customers, but only as necessary for the provision of those products and services. The Vendors with which we share received personal information are required to keep this information confidential and may generally not use such information for any purpose other than to help us provide requested products and services to Our Customers.
Socure takes appropriate steps to ensure that Vendors protect such personal information. Additionally, your personal information may be disclosed as required by law and when we have reason to believe that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
In cases of onward transfer to third-parties of data of EU and Swiss individuals received pursuant to the EU–U.S. Privacy Shield and Switzerland–U.S. Privacy Shield, Socure is potentially liable.
We collect information about the use of our website, about the browser type and IP address used to visit our website, and about any website from which someone may have been linked to or referred to our website, or to a site which someone may be linked to or referred to from our website. This non-personal information is aggregated for reporting on usability, performance, and effectiveness. It is used to improve the customer experience and the usability and content of our website, and of the services and products we provide.
Socure will take responsible steps to protect information and has implemented appropriate physical, electronic, and managerial procedures to safeguard, secure and protect information from loss, misuse, unauthorized access, disclosure, alteration, destruction, and malicious or unintentional action. However, the Company cannot completely guarantee the security of Information on or transmitted via the Internet.
Whenever we collect your personal information, we take steps to help ensure that it is accurate, complete, and up-to-date. You may request access to such personal information about yourself that Socure holds by contacting us. Additionally, if your personal information changes, or if you believe the information Socure holds is inaccurate, you may request to correct, update, amend or delete/remove inaccurate information by contacting us; except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated.
We encourage interested persons, including those in the EU, to use the contact information provided with questions or concerns about their personal data. We will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Information in accordance with the Principles.
If a complaint or dispute cannot be resolved through our internal process, we agree to dispute resolution using the U.S.-based JAMS (http://www.jamsadr.com).
Finally, as a last resort and in limited situations, EU and Swiss individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.
In compliance with the Privacy Shield Principles, Socure commits to resolve complaints about your privacy and our collection or use of your personal information. EU and Swiss individuals with a question or concern about the use of their Personal Data should contact Socure.
Socure has further committed to refer unresolved privacy complaints to JAMS, an independent and alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact JAMS (http://www.jamsadr.com) for more information and to file a complaint. The services of JAMS are provided at no cost to you.
Socure is committed to following Privacy Shield Principles for all Personal Information within the scope of the Privacy Shield Agreement. If Socure is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our websites of any change in ownership or proposed uses of your personal information, as well as any choices you may have regarding your personal information.
Last revision: 09 May 2018