Privacy Policy

June 17, 2021

This privacy policy ("policy") explains what personal data we collect, how we process it, what we use it for and how we store and protect it.

Why? Because we care about your privacy.

1. Who are we (we're the data controller)

We are the company responsible for the processing of your personal data in accordance with this policy which means that we are the data controller. Here's our information:

1ID ApS ("1ID")
Marmorvej 13B, 1th, 2100 Copenhagen O, Denmark
CVR-no.:39916525
privacy@1id.one
+4593830188

To make the policy more user friendly we use "we", "us", "our" etc. to describe our company.

When we talk about our "website" we mean https://www.1id.one, and the other sites and apps we own and operate.

When we refer to "you" we mean you as a user of our website, app or customer of our online services or products.

2. Our data protection officer

Data protection is important to us and we have appointed a data protection officer (also known as a "DPO"). If you want to get in contact with our DPO, here is the contact details: Email: privacy@1id.one.

3. Links to other websites etc.

On our website, in our emails and on our social-media profiles, we may have links to other companies, apps or websites ("other websites") that aren't ours. This policy doesn't cover how those other websites process your data. We encourage you to read the privacy notices on the other websites you visit.

4. Why, what and for long we process your data

Here is information about us and our app:

To give you a better understanding of why, what and for how long we process your data, we've divided our processing activities into areas describing the different purposes we process your data for. Each purpose is marked in bold and underlined.

Deliver our service & products to you:

We process your data to deliver the app and services to you. This includes:

• Registering and identifying you as a user,
• Creating your account and setting up your profile in the app,
• giving you access to the 1ID app,
• Ensuring that you can log into your account,
• Sending you notifications and contacting you about your 1ID account,
• Processing your ID and other identification documents,
• Giving you the ability to have a digital profile,
• Enabling specific account and product features, log and save the actions you take when you use our app,
• Responding to your questions and providing you with customer service and support, including sending service related messages to you and to carry out other services that can be ordered through the app or website.

The data we process about you in that regard is:

Ordinary personal data:

• Your contact details, incl. your name, email, mobile number, address, country, picture
• What partners you allow to verify your identity,
• Purchase history, subscription information and payment and billing Information, e.g. your credit or debit card details and billing address,
• Your requests and actions, e.g. sign-up and use of the app, when you accepted our Terms of Service, when you signed up, when you used the app for identification purposes, and when you contacted us for support etc. If you email us, we will collect the content of your message,
• Login details and verification and information about what choices you made when you set up your account, when you became a user, your user role, when you are logging into our product,
• Other types of interactions you will have with us and our service, e.g account, app and product setup, user interviews, UX research, customer feedback etc.
• Information about how you use our product and services.

Sensitive / confidential information:

• Your passport or driver license or other identification document that you choose to scan via our app and the information related to those IDs. You choose if and what document you want to scan. You can at any time delete your scanned document.

We ONLY process your sensitive information on the basis of your consent / permission and it is only used for providing the functionality of the app. YOU CAN WITHDRAW YOUR CONSENT AT ANY TIME.

This data is regarded as confidential and also regulated as a special category of data as we are helping you with making the identification process easier. We limit the collection and processing of this type of directly acquired through our app to purposes directly related to providing and improving the features of the app.

We collect your personal data directly from you and will not share it with third parties unless you have given your explicit consent.

Here is the legal basis for our processing of your data:

• Your consent (GDPR Article 6.1.a),
• To perform our contract with you (GDPR Article 6.1.b),
• Comply with our legal obligations (GDPR Article 6.1.c), incl. the Danish Bookkeeping Act,
• To pursue legitimate business interests of our own related to operating our website and providing our services to you as long as your interests and fundamental rights do not override those interests (GDPR Article 6.1.f).

We will keep these data for as long as they are necessary for the purposes for which they are being processed.

As a general rule, we'll keep the data for as long as you use our product or services or have an account with us plus 5 years following the conclusion of your account / customer relationship with us. Special circumstances or legal requirements may entail that such periods may be shorter or longer, including for the purpose of complying with legal requirements for the erasure or keeping of data.

Marketing:

We process your data for marketing-related purposes, including

• sending you newsletters,
• providing you with offers,
• tailoring our communication with you to accommodate your areas of interests and focus and,
• sending you relevant product and service promotion.

The data we process about you in that regard is:

Ordinary personal data:

• Your contact details, incl. your name, email, title, telephone number, address and country,
• Interest areas and use of our digital services,
• What newsletters you signed up for, when you asked to receive email marketing,
• When you gave consent and which events you have participated in, signed up for etc.

Sensitive data:
We don't process any sensitive data.

Here is the legal basis for our processing of your data:

• Your consent (GDPR Article 6.1.a),
• Comply with our legal obligations (GDPR Article 6.1.c), incl. the Danish Marketing Practices Act,
• To pursue legitimate business interests of our own related to operating our website and providing our services to you as long as your interests and fundamental rights do not override those interests (GDPR Article 6.1.f),
• Article 9.2.f (necessary for the establishment, exercise or defence of legal claims).

We keep your data for as long as you are subscribing to our newsletters, email marketing etc. If you ask us to unsubscribe you, we will keep your data for 5 years after your request so we can show that we have honored your request and to make sure that you aren't receiving the material. We keep your information for up to 5 years after our most recent contact with you.

If we have collected publicly accessible information about you for the purpose of being able to carry out marketing activities, we will keep such data for as long as the relevant activity is ongoing and for two years after that.

Regarding events etc. we'll keep your personal data as long as they are necessary for the purposes of the course, the event or seminar in question and for evaluating them.

We collect your personal data directly from you.

Improve, optimize or modify the experience on our website and online service:

We process your data collected by your use of our website, apps and online services and products to improve the user experience on our website and the services we offer. We use the data to operate our services, enhance and protect the security and ensure their secure, reliable, and robust performance, to improve the content we show you, determine what content is most helpful and the usability of our website, apps and online services.

You can read about the cookies we use on our website here https://www.1id.one.

Ordinary personal data:
The data we process about you in that regard is:

• When you visit our website, our servers may automatically log the standard data provided by your web browser. It includes your computer's Internet Protocol (IP) address, your browser type and version, your user agent, the pages you visit, the time and date of your visit, the time spent on each page, and other details.
• Cookie information: We use cookies and similar technologies to collect additional website usage data and to operate our services.
• We receive information when you interact with our services, e.g. when you visit our websites, when you sign into your account, or when you interact with email subscriptions. This includes information such as your IP address, browser type, browser language, operating system, the referring web page, pages visited, location, device information, and cookie information.

Sensitive data:
We don't process sensitive data.

Here is the legal basis for our processing of your data:

• Your consent (GDPR Article 6.1.a),
• Comply with our legal obligations (GDPR Article 6.1.c), incl. ePrivacy directive,
• Article 6.1.f (necessary for the pursuit of legitimate purposes for us) to be able to give you the best experience when interacting with us and / or make use of our services we can use personal data to improve our services to you.

We keep this data for up to 5 years and cookie information is kept in accordance with the cookie policy. We collect your data from you and your use of cookies and our website and products.

Business- and product development:

We process your data to do data analysis, audits, developing new products and services, identifying usage trends, determining the effectiveness of our campaigns and operating and expanding our business activities.

Ordinary personal data:
The data we process about you in that regard is:

• Your contact details, incl. your name, emali, title, telephone number, address and country,
• How you are using our products and services,
• Interest areas and use of our digital services.

Sensitive data:
We don't process sensitive data.

Here is the legal basis for our processing of your data:

• Your consent (GDPR Article 6.1.a),
• Article 6.1.f (necessary for the pursuit of legitimate purposes for us) to be able to give you the best experience when interacting with us and / or make use of our services and products.

We collect your data directly from you and we'll retain the data processed for this purpose for up to 5 years from the date of collection.

Statistics:

We process your data to compile statistics for the use of our website and app. The data we process about you in that regard is:

Ordinary personal data:

• When you visit our website or apps, our servers may automatically log the standard data provided by your web browser. It includes your computer's Internet Protocol (IP) address, your browser type and version, your user agent, the pages you visit, the time and date of your visit, the time spent on each page, and other details,
• Cookie information: We use cookies and similar technologies to collect additional website usage data and to operate our services,
• We receive information when you interact with our services, e.g. when you visit our websites, when you sign into your account, or when you interact with email subscriptions. This includes information such as your IP address, browser type, browser language, operating system, the referring web page, pages visited, location, device information, and cookie information.

Sensitive personal data:
We don't process sensitive data.

We process your data on the following legal bases:

• Your consent (GDPR Article 6.1.a),
• Article 6.1.f (necessary for the pursuit of legitimate purposes for us) to be able to give you the best experience when interacting with us and / or make use of our services and products.

We collect your personal data from you and we'll retain your data processed for this purpose for up to 5 years from the date of collection.

5. Additional information

We do not sell or rent your data to marketers or third parties.

Some of these grounds for processing your data overlap, so there may be several reasons which justify us processing your data. We may also use your data in other ways but we will inform you about these purposes when we collect your data. If you would like more information about our legal basis for processing your data, feel free to contact us.

Please note that special circumstances or legal requirements may mean that such periods may be shorter or longer, depending on the purpose of complying with legal requirements for the erasure or keeping of information.

6. Google & Apple App store

You may opt-out of being tracked online by certain companies who are listed at https://aboutads.info/choices OR https://networkadvertising.org/managing/opt_out.asp and may also learn more about online behavioral advertising at such websites. If you opt-out, you will still receive advertisements, but they will not be delivered to you by such companies from whom you have opted-out based upon your behavioral data possessed by the companies from whom you have opted-out.

You may download and set your preferences on the DAA's App Choices mobile application(s) available in Google Play or the Apple App stores. More information about opting-out on mobile devices is available here - https://www.networkadvertising.org/mobile-choice

To learn how to limit ad tracking or to reset the advertising identifier on your iOS and Android device, click on the following links:

iOS - https://support.apple.com/en-us/HT202074
Android - https://support.google.com/ads/answer/2662922?hl=en

7. Keeping your data safe

We use reasonable organisational, technical and administrative measures to protect your data within our company. The Internet is not a 100% secure environment and that means we cannot guarantee the security of the data you transmit to us. Emails sent via the Internet might not be encrypted, so we advise you not to include any confidential or sensitive information in your emails to us. You can read more about our security measures and how we keep your data safe here: https://www.1id.one.

8. Third parties and processors

We use companies (processors) to help us deliver our services to you, e.g. to provide the hosting environment for our product, send out newsletters, to help us run our website, manage our payment etc.

When we use a processor we make sure that there is a legal agreement in place regarding how they will be handling data on our behalf. We'll also make sure that they have appropriate security measures in place and if they are located outside the EU, we'll of course make sure that there is a legal agreement in place allowing us to give them access to the data (see more below).

We share your data with suppliers and vendors that we work with to assist our company (meaning service providers, technical support, supply services, and financial institutions). Here you can see which suppliers we are using. They are processing data on our behalf:

• Amazon Web Services,
• Wordpress,
• Google Analytics,
• Google Business,
• Google Play Store (Developer Program),
• Apple Store (Developer Program),
• Microsoft,
• MailChimp,
• HubSpot.

Read our cookie policy regarding the suppliers we use for those services.

In the event that we are involved in a bankruptcy, merger, acquisition, reorganization, your information may be transferred as part of that transaction.

9. Transfer to countries outside the EU/EEA

In some cases, we'll transfer personal data to the following countries outside the EU/EEA: USA and India. The transfers will take place on the basis of the following legal basis:

We'll provide appropriate safeguards for the transfer by using "Model Contracts for the Transfer of Personal Data to Third Countries", as published by the Commission of the European Union, or any other contractual agreement approved by the competent authorities. You can always get a copy of the contract by contacting us at privacy@1id.one.

10. Your rights

You have the following rights:

1. Access and rectification:
   You have the right to ask us for copies of your personal data or ask us to rectify information you think is inaccurate. We are obligated to inform you whether or not we are processing personal information about you, the purpose of the processing, the categories of the personal information and any other available information as to the source of such data. There are some exemptions, which means you may not always receive all the information we process but as a main rule you can always contact us and ask for your information,
2. Erasure:
   You can ask us to erase your personal information in certain circumstances,
3. Withdrawal of consent:
   If processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Your withdrawal will not affect the lawfulness of the processing carried out before you withdraw your consent. You may withdraw your consent by privacy@1id.one,
4. Objection and restriction:
   You have the right to ask us to restrict the processing of your data and a similar right to object to processing. You may at any time object to our processing of the data concerning you. If your objection is justified, we'll no longer process such information,
5. Data portability:
   You have the right to receive your personal information in a structured, commonly used and machine-readable format (data portability),
6. Where your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data about you for such marketing.

There may be conditions or limitations on these rights. It is therefore not certain e.g. you have the right of data portability in a specific case - this depends on the specific circumstances of the processing activity. You are always welcome to contact us and ask. The same goes for some of the other rights.

The law gives us one month to respond to you, but we'll try to respond sooner.

a. Complaints

If you wish to report an issue or if you feel that we haven't addressed your concerns in a satisfactory manner, you may contact the Danish Data Protection Agency:

Website: https://www.datatilsynet.dk
Email: dt@datatilsynet.dk
Address: Borgergade 28, 5., 1300 Kbh K
Telephone: +45 33 19 32 00

b. Assistance and additional information

You can take steps to exercise your rights by using this email: privacy@1id.one.

If you have questions about the policy, feel free to contact us by using the contact details in this policy.

11. How to unsubscribe to email marketing material?

If you have subscribed to our newsletters or asked to receive marketing material from us, you can always unsubscribe. In all these emails we include an unsubscribe link and you always click the link and easily unsubscribe.

You can also unsubscribe by sending us an email to privacy@1id.one.

12. Children and Our Services

Our services and website are not directed to children, and you may not use our services if you are under the age of 18.

13. Changes to this policy

Sometimes we need to make changes to this policy to reflect our current practices. We will take reasonable steps to let you know about changes via our website.

If you are a registered user, we will notify you via email if significant changes are being made to the policy using the email address you gave us when you signed up. If you continue to use our website or services after the notification, we will regard this as your acceptance of our privacy practices.

The policy was last updated on June 17, 2021.