Privacy Policy – 1ID

Date: November 14, 2024

This privacy policy (“policy”) explains what personal data we collect, how we process it, what we use it for, and how we store and protect it. Why? Because we care about your privacy.

1. Who are we (we’re the data controller)

We are the company responsible for the processing of your personal data in accordance with this policy, which means that we are the data controller. Here’s our information:

1ID ApS (“1ID”)
Marmorvej 13B, 1st, 2100 Copenhagen O, Denmark
CVR-no.: 39916525
Email: privacy@1id.one

To make the policy more user-friendly, we use “we”, “us”, “our”, etc. to describe our company. When we talk about our “website”, we mean https://www.1id.one, and the other sites and apps we own and operate. When we refer to “you”, we mean you as a user of our website, app, or customer of our online services or products.

2. Our data protection officer

Data protection is important to us, and we have appointed a data protection officer (also known as a “DPO”). If you want to get in contact with our DPO, here are the contact details:

Email: privacy@1id.one

3. Links to other websites etc.

On our website, in our emails, and on our social media profiles, we may have links to other companies, apps, or websites (“other websites”) that aren’t ours. This policy doesn’t cover how those other websites process your data. We encourage you to read the privacy notices on the other websites you visit.

4. Why, what and for how long we process your data

Here is information about us and our app:

To give you a better understanding of why, what, and for how long we process your data, we’ve divided our processing activities into areas describing the different purposes we process your data for. Each purpose is marked in bold and underlined.

Deliver our service & products to you

We process your data to deliver the app and services to you. This includes:

• Registering and identifying you as a user,
• Creating your account and setting up your profile in the app,
• Giving you access to the 1ID app,
• Ensuring that you can log into your account,
• Sending you notifications and contacting you about your 1ID account,
• Processing your ID and other identification documents,
• Giving you the ability to have a digital profile,
• Enabling specific account and product features, log and save the actions you take when you use our app,
• Responding to your questions and providing you with customer service and support, including sending service-related messages to you and carrying out other services that can be ordered through the app or website.

The data we process about you in that regard is:

Ordinary personal data:

• Your contact details, incl. your 1ID no., gender, date of birth, name, email, mobile number, address, country, photo, company name, business email, business mobile,
• What partners you allow to verify your identity,
• Purchase history, subscription information, and payment and billing information, e.g., your credit or debit card details and billing address,
• Your requests and actions, e.g., sign-up and use of the app, when you accepted our Terms of Service, when you signed up, when you used the app for identification purposes, and when you contacted us for support, etc. If you email us, we will collect the content of your message,
• Login details and verification and information about what choices you made when you set up your account, when you became a user, your user role, when you are logging into our product,
• Other types of interactions you will have with us and our service, e.g., account, app, and product setup, user interviews, UX research, customer feedback, etc.
• Information about how you use our product and services.

The permissions we require to process the data:

These includes:

• Internet Access (android.permission.INTERNET) - This permission grants the app access to the internet, enabling features that require an online connection, such as fetching data and updating content in real-time.
• Camera Access (android.permission.CAMERA) - This permission is required to access your device's camera for features such as capturing photos or scanning documents within the app.
• Notification Access (android.permission.POST_NOTIFICATIONS) - This permission enables the app to send notifications to your device, ensuring you stay informed about important updates, messages, and other relevant information related to the app.
• Biometric Authentication (android.permission.USE_BIOMETRIC and android.permission.USE_FINGERPRINT) - These permissions enable the app to use biometric authentication, such as fingerprint or facial recognition, to enhance security and provide a secure login experience for authorized users.
• Near Field Communication (NFC) (android.hardware.nfc and android.permission.NFC) - The app utilizes NFC technology to enable key features, such as secure payments and data exchange through NFC-enabled devices. This feature is essential for devices using the app.

Sensitive / confidential information:

• Your passport, driver license, or other identification document that you choose to scan via our app and the information related to those IDs. You choose if and what document you want to scan. You can at any time delete your scanned document.

We ONLY process your sensitive information based on your consent/permission, and it is only used for providing the functionality of the app. YOU CAN WITHDRAW YOUR CONSENT AT ANY TIME.

This data is regarded as confidential and regulated as a special category of data as we are helping you with making the identification process easier. We limit the collection and processing of this type of data directly acquired through our app to purposes directly related to providing and improving the features of the app.

We collect your personal data directly from you and will not share it with third parties unless you have given your explicit consent.

Here is the legal basis for our processing of your data:

• Your consent (GDPR Article 6.1.a),
• To perform our contract with you (GDPR Article 6.1.b),
• Comply with our legal obligations (GDPR Article 6.1.c), including the Danish Bookkeeping Act,
• To pursue legitimate business interests of our own related to operating our website and providing our services to you, if your interests and fundamental rights do not override those interests (GDPR Article 6.1.f).

We will keep this data for as long as they are necessary for the purposes for which they are being processed.

As a rule, we’ll keep the data for as long as you use our product or services or have an account with us, plus 5 years following the conclusion of your account/customer relationship with us. Special circumstances or legal requirements may entail that such periods may be shorter or longer, including for the purpose of complying with legal requirements for the erasure or keeping of data.

Marketing

We process your data for marketing-related purposes. This includes:

• Sending you newsletters,
• Providing you with offers,
• Tailoring our communication with you to accommodate your areas of interests and focus, and
• Sending you relevant product and service promotions.

The data we process about you in that regard is:

Ordinary personal data:

• Your contact details, including your name, email, title, telephone number, address, and country,
• Interest areas and use of our digital services,
• What newsletters you signed up for, when you asked to receive email marketing,
• When you gave consent and which events you have participated in, signed up for, etc.

Sensitive data:

We don’t process any sensitive data.

Here is the legal basis for our processing of your data:

• Your consent (GDPR Article 6.1.a),
• Comply with our legal obligations (GDPR Article 6.1.c), including the Danish Marketing Practices Act.

• To pursue legitimate business interests of our own related to operating our website and providing our services to you if your interests and fundamental rights do not override those interests (GDPR Article 6.1.f),
• Article 9.2.f (necessary for the establishment, exercise, or defence of legal claims).

We keep your data for as long as you are subscribing to our newsletters, email marketing, etc. If you ask us to unsubscribe you, we will keep your data for 5 years after your request so we can show that we have honored your request and to make sure that you aren’t receiving the material. We keep your information for up to 5 years after our most recent contact with you.

If we have collected publicly accessible information about you for the purpose of being able to carry out marketing activities, we will keep such data for as long as the relevant activity is ongoing and for two years after that.

Regarding events, we’ll keep your personal data if they are necessary for the purposes of the course, the event, or seminar in question and for evaluating them.

We collect your personal data directly from you.

Improve, optimize or modify the experience on our website and online service:

We process your data collected by your use of our website, apps, and online services and products to improve the user experience on our website and the services we offer. We use the data to operate our services, enhance and protect security, and ensure their secure, reliable, and robust performance, to improve the content we show you, determine what content is most helpful, and evaluate the usability of our website, apps, and online services.

You can read about the cookies we use on our website https://www.1id.one.

Ordinary Personal Data

The data we process about you in that regard is:

• When you visit our website, our servers may automatically log the standard data provided by your web browser. This includes your computer’s Internet Protocol (IP) address, your browser type and version, your user agent, the pages you visit, the time and date of your visit, the time spent on each page, and other details.
• Cookie information: We use cookies and similar technologies to collect additional website usage data and to operate our services.
• We receive information when you interact with our services, e.g. when you visit our websites, when you sign into your account, or when you interact with email subscriptions. This includes information such as your IP address, browser type, browser language, operating system, referring web page, pages visited, location, device information, and cookie information.

Sensitive Data

We don’t process sensitive data.

Here is the legal basis for our processing of your data:

• Your consent (GDPR Article 6.1.a),
• Comply with our legal obligations (GDPR Article 6.1.c), incl. ePrivacy directive,
• Article 6.1.f (necessary for the pursuit of legitimate purposes for us) to be able to give you the best experience when interacting with us and/or make use of our services. We can use personal data to improve our services to you.

We keep this data for up to 5 years and cookie information is kept in accordance with the cookie policy. We collect your data from you and your use of cookies and our website and products.

Business- and product development:

We process your data to do data analysis, audits, developing new products and services, identifying usage trends, determining the effectiveness of our campaigns, and operating and expanding our business activities.

Ordinary Personal Data

The data we process about you in that regard is:

• Your contact details, incl. your name, email, title, telephone number, address, and country,
• How you are using our products and services,
• Interest areas and use of our digital services.

Sensitive Data

We don’t process sensitive data.

• Your consent (GDPR Article 6.1.a),
• Article 6.1.f (necessary for the pursuit of legitimate purposes for us) to be able to give you the best experience when interacting with us and/or make use of our services and products.

We collect your data directly from you and we’ll retain the data processed for this purpose for up to 5 years from the date of collection.

Statistics

We process your data to compile statistics for the use of our website and app. The data we process about you in that regard is:

Ordinary Personal Data

• When you visit our website or apps, our servers may automatically log the standard data provided by your web browser. It includes your computer’s Internet Protocol (IP) address, your browser type and version, your user agent, the pages you visit, the time and date of your visit, the time spent on each page, and other details,
• Cookie information: We use cookies and similar technologies to collect additional website usage data and to operate our services,
• We receive information when you interact with our services, e.g. when you visit our websites, when you sign into your account, or when you interact with email.subscriptions. This includes information such as your IP address, browser type, browser language, operating system, the referring web page, pages visited, location, device information, and cookie information.

Sensitive Personal Data

We don’t process sensitive data.

• Your consent (GDPR Article 6.1.a),
• Article 6.1.f (necessary for the pursuit of legitimate purposes for us) to be able to give you the best experience when interacting with us and/or make use of our services and products.

We collect your personal data from you, and we’ll retain your data processed for this purpose for up to 5 years from the date of collection.

5. Additional Information

We do not sell or rent your data to marketers or third parties.

Some of these grounds for processing your data overlap, so there may be several reasons which justify us processing your data. We may also use your data in other ways, but we will inform you about these purposes when we collect your data. If you would like more information about our legal basis for processing your data, feel free to contact us.

Please note that special circumstances or legal requirements may mean that such periods may be shorter or longer, depending on the purpose of complying with legal requirements for the erasure or keeping of information.

6. Google & Apple App Store

You may opt-out of being tracked online by certain companies who are listed at aboutads.info or networkadvertising.org and may also learn more about online behavioural advertising at such websites. If you opt-out, you will still receive advertisements, but they will not be delivered to you by such companies from whom you have opted-out based upon your behavioural data possessed by the companies from whom you have opted-out.

You may download and set your preferences on the DAA’s App Choices mobile application(s) available in Google Play or the Apple App stores. More information about opting-out on mobile devices is available here.

To learn how to limit ad tracking or to reset the advertising identifier on your iOS and Android device, click on the following links:

• iOS
• Android

7. Keeping Your Data Safe

We use reasonable organisational, technical, and administrative measures to protect your data within our company. The Internet is not a 100% secure environment and that means we cannot guarantee the security of the data you transmit to us. Emails sent via the Internet might not be encrypted, so we advise you not to include any confidential or sensitive information in your emails to us. You can read more about our security measures and how we keep your data safe here.

8. Third Parties and Processors

We use companies (processors) to help us deliver our services to you, e.g., to provide the hosting environment for our product, send out newsletters, help us run our website, manage our payment, etc.

When we use a processor, we make sure that there is a legal agreement in place regarding how they will be handling data on our behalf. We’ll also make sure that they have appropriate security measures in place and if they are located outside the EU, we’ll of course make sure that there is a legal agreement in place allowing us to give them access to the data (see more below).

We share your data with suppliers and vendors that we work with to assist our company (meaning service providers, technical support, supply services, and financial institutions)

Here you can see which suppliers we are using. They are processing data on our behalf:

• Amazon Web Services,
• Firebase,
• Kmphitech,
• Stripe,
• Baltic Assist,
• Visma e-conomics,
• Bunny,
• WordPress,
• Google Analytics,
• Google Play Store (Developer Program),
• Apple App Store (Developer Program),
• Microsoft (Office 365),
• Mailchimp.

Read our cookie policy regarding the suppliers we use for those services.

If we are involved in a bankruptcy, merger, acquisition, or reorganization, your information may be transferred as part of that transaction.

9. Transfer to Countries Outside the EU/EEA

In some cases, we’ll transfer personal data to the following countries outside the EU/EEA: USA and India. The transfers will take place based on the following legal basis:

We’ll provide appropriate safeguards for the transfer by using "Model Contracts for the Transfer of Personal Data to Third Countries", as published by the Commission of the European Union, or any other contractual agreement approved by the competent authorities. You can always get a copy of the contract by contacting us at privacy@1id.one.

10. Your Rights

You have the following rights:

1. Access and Rectification:

   You have the right to ask us for copies of your personal data or ask us to rectify information you think is inaccurate. We are obligated to inform you whether we are processing personal information about you, the purpose of the processing, the categories of the personal information and any other available information as to the source of such data. There are some exemptions, which means you may not always receive all the information we process but as a main rule you can always contact us and ask for your information.

2. Erasure:

   You can ask us to erase your personal information in certain circumstances.

3. Withdrawal of Consent:

   If processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Your withdrawal will not affect the lawfulness of the processing carried out before you withdraw your consent. You may withdraw your consent by contacting privacy@1id.one.

4. Objection and Restriction:

   You have the right to ask us to restrict the processing of your data and a similar right to object to processing. You may at any time object to our processing of the data concerning you. If your objection is justified, we’ll no longer process such information.

5. Data Portability:

   You have the right to receive your personal information in a structured, commonly used, and machine-readable format (data portability). Where your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data about you for such marketing.

There may be conditions or limitations on these rights. It is therefore not certain, e.g., you have the right of data portability in a specific case - this depends on the specific circumstances of the processing activity. You are always welcome to contact us and ask. The law gives us one month to respond to you, but we’ll try to respond sooner.

a. Complaints

If you wish to report an issue or if you feel that we haven’t addressed your concerns in a satisfactory manner, you may contact the Danish Data Protection Agency:

• Website: datatilsynet.dk
• Email: dt@datatilsynet.dk
• Address: Borgergade 28, 5., 1300 Kbh K, Denmark
• Telephone: +45 33 19 32 00

b. Assistance and Additional Information

You can take steps to exercise your rights by using this email: privacy@1id.one. If you have questions about the policy, feel free to contact us using the contact details in this policy.

11. How to Unsubscribe to Email Marketing Material

If you have subscribed to our newsletters or asked to receive marketing material from us, you can always unsubscribe. In all these emails, we include an unsubscribe link that you can click to easily unsubscribe.

You can also unsubscribe by sending us an email at privacy@1id.one.

12. Children and Our Services

Our services and website are not directed to children, and you may not use our services if you are under the age of 18.

13. Changes to This Policy

Sometimes we need to make changes to this policy to reflect our current practices. We will take reasonable steps to let you know about changes via our website.

If you are a registered user, we will notify you via email if significant changes are being made to the policy using the email address you gave us when you signed up. If you continue to use our website or services after the notification, we will regard this as your acceptance of our privacy practices.

The policy was last updated on November 14, 2024.