[Effective Date: January 2022]
Socure Inc. and our subsidiaries and affiliates (collectively, "Socure," "we", “us” or "our") provide to business customers high assurance identity verification and fraud detection solutions, which include (but are not limited to) Sigma Identity Fraud, Sigma Synthetic, RiskScores, KYC, Global Watchlist, Doc V, DeviceRisk, and our customer portal, with Dashboard, DevHub and other resources. (collectively, the “Services”). When you apply for or receive products and services from many kinds of businesses, they will use our Services in order to check that they are dealing with a real person (not a fraudster) and that the person is who they say they are.
This Product and Services Privacy Statement (also referred to as the “Privacy Statement”) explains how we collect, use, disclose, and otherwise process personal information on behalf of our business customers in connection with our Services, except that this Privacy Statement does not apply to the personal information that Socure processes pursuant to the Services, as a data processor for its clients who data controllers, subject to the (EU) General Data Protection Regulation and implementing local legislation (“GDPR”) or the data protection laws of the United Kingdom.
Further, Socure’s processing of personal information in connection with the Services is governed by our customer agreements. In the event of any conflict between this Product and Services Privacy Statement and any term of a customer agreement, the term of the customer agreement will control with respect to the personal information processed on behalf of that customer (except to the extent such term would violate applicable law).
This Product and Services Privacy Statement is not a substitute for any privacy notice that Socure customers are required to provide to their consumers or employees.
Information collected via the Services.Personal information that you and our business customer may provide to us through the Services or otherwise includes:
Third-party sources. Our technologies use personal information we obtain from other sources in order to verify the personal information you submit to us via the Services, such as:
Automatic data collection. We, our service providers, and our business customers may automatically log information about you, your computer or mobile device, and your interaction over time with the Service, our communications and other online services, such as:
We use the information we collect for several purposes. First, we use it at the instruction of our business customers and in accordance with the relevant customer agreement, to provide the Services and for related purposes, such as:
We may also use information as we believe necessary or appropriate to (a) deter against fraudulent, harmful, unauthorized, unethical or illegal activity; (b) comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities; (c) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (d) audit our internal processes for compliance with legal and contractual requirements and internal policies; (e) enforce the terms and conditions that govern the Service; (f) and prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
We also use personal information for our business purposes, such as research and development of our existing and new identity verification and fraud prevention products.
We may share the information we collect:
Socure does not use personal information collected by our Services for marketing purposes nor do we sell your information to third-parties.
We may also share information with government, law enforcement officials or private parties as required by law, when we believe such disclosure is necessary or appropriate to (a) comply with applicable law; (b) enforce the terms and conditions that govern the Services; (c) protect our rights, privacy, safety or property, and/or that of you or others; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
We may sell, transfer or otherwise share some or all of Socure’s business or assets, including information that we process as part of the Services, in connection with a business transaction (or potential business transaction) such as a merger, consolidation, acquisition, reorganization or sale of assets or in the event of bankruptcy.
Socure uses commercially reasonable physical, electronic, and procedural safeguards designed to protect information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction, in accordance with applicable law. We cannot, however, guarantee that any safeguards or security measures will be sufficient to prevent a security problem. We recommend that our customers take steps to protect against unauthorized access to any devices or networks used to access the Services.
Our customer is responsible for receiving and responding to your requests to exercise any rights afforded to you under applicable data protection law. Socure will assist its customers in responding to such requests as we’ve agreed to do so in our customer contracts.
Socure may transfer information collected through the Services outside of the country from which it originated, including to the United States.
In general, Socure retains personal information for as long as reasonably necessary to (a) provide our Services as directed by our business customers or for other compatible purposes, which include (where permitted by applicable law), enhancing and improving these Services, quality control and related purposes intended to make sure that these Services are functioning properly, and supporting the recordkeeping and related obligations of our business customers; (b) comply with legal obligations; and (c) resolve disputes and enforce the terms of its Customer agreements (as permitted by applicable law).
This Biometric Information Retention Policy describes the purpose for which your biometric identifiers and/or biometric information (“biometric data”) data may be collected and used by Socure. It also sets forth our policy for retaining and permanently destroying your biometric data, pursuant to the Illinois Biometric Information Privacy Act (“BIPA”).
Purposes of Collection, Use and Disclosure. Socure may access, process and store your biometric data, on behalf of and as directed by our business customers, for the purpose of providing our identity verification and fraud prevention Services, which include: (1) performing identity verification and fraud detection associated with a transaction or interaction between you and one of our customers, (2) quality control and related purposes intended to make sure that these Services are functioning properly, (3) to support the recordkeeping obligations of our business customers associated with your transactions or interactions, which may include proof of the inspection of your provided form of identification, as directed by such customers. We will only disclose your biometric data: (1) to the business customer on whose behalf it has been collected and processed, (2) to our service providers that support our provision of the Services (such as our third-party data storage provider), and (3) to other third parties where the disclosure completes a financial transaction requested or authorized by you, or the disclosure is required by applicable law or pursuant to a valid subpoena, warrant of court order.
Retention of Biometric Data. We only retain biometric data that we collect (1) for as long as reasonably necessary to satisfy the purposes for which this information was initially collected (as directed by our business customers) or to comply with a legal obligation, and (2) for no longer than permitted under applicable laws (such as BIPA where applicable).
Socure reserves the right to modify this Product and Services Privacy Notice at any time. Similar to Socure’s Services, laws, regulations and industry standards may evolve which may make changes to this Privacy Notice appropriate. Socure will post the changes to this page. Socure encourages you to review the Privacy Notice to stay informed. In accordance with applicable law, Socure will notify you of any material changes in its collection, use, or disclosure of your information by posting a notice on its website. Any material changes to this Privacy Notice will be effective thirty (30) calendar days following notice of the changes on the website. These changes will be effective immediately for new users of the Services. If you object to any such changes, you must notify the business that engaged Socure to provide identity verification services.
If you have any questions about this policy or your consumer privacy rights, you can contact us at email@example.com or call (866) 932-9013.