ZOLOZ PRIVACY NOTICE FOR SERVICES USERS
Effective Date: October 2020
ZOLOZ makes it simple to be known, trusted and safe in the digital world. We use biometrics to answer the question “Who are you?” We do this by transforming your face, eyes, voice, how you act, what you have, and what you know into a digital identity. We then protect, enhance and connect that digital identity to apps and online services asking “Who are you?”
ZOLOZ commits to honoring your privacy and building a deep relationship of trust with all of our users. We developed this Privacy Notice to explain how we handle personally identifiable information about users of our Services (“you” or “your”) that we collect in connection with your use of our Authentication, Authorization, and Identity Verification services (“Services”). The Services are provided by ZOLOZ™, which refers to a family of companies worldwide doing business under the ZOLOZ brand, including the ZOLOZ parent company, Zoloz Co., Ltd, a company incorporated under the laws of the Cayman Islands and having its registered office at PO Box 309, Ugland House, Grand Cayman, KY1-1104, Cayman Islands. The terms “we”, “us”, “our” and “ZOLOZ” refer collectively to ZOLOZ-branded companies worldwide, their Affiliates, successors and assigns. “Affiliates” means other entities that control, are controlled by, or are under common control with ZOLOZ-branded companies worldwide. However, ZOLOZ does not offer any of its services within the United States.
ZOLOZ Services may be offered to you when you use certain mobile apps, websites, or online platforms offered by third parties (“Third Party Apps”) through ZOLOZ-supported mobile devices, kiosks, cameras, booths or other electronic or computing equipment (“Devices”). The ZOLOZ Services verify your online identity to make it easy and safe for you to sign up for and sign in to mobile apps, websites, and online platforms (“Third Party Services”) offered by or through Third Party Apps. We provide our Services through software applications, websites, mobile applications, and offline and online platforms that we own or control, as may also be described on our website at www.zoloz.com (“ZOLOZ Site”) (collectively, the ZOLOZ Site and all of these technologies are referred to collectively in this Privacy Notice as the “ZOLOZ Platform”).
ZOLOZ collects and uses your Personal Data (defined below) to validate that you are you when you want to sign up for certain Third Party Apps and Third Party Services provided by our customers and other third party digital services providers (“Third Party Providers”). We do this by validating that personal information provided by you or your Device in a particular instance, on the one hand, matches personal information about you previously collected by ZOLOZ, on the other hand. (“Authentication”). We also use that Authentication to assist our customers and other third party digital services providers to authorize your use of their Third Party Services whenever you sign in later (“Authorization”). We have a separate service that helps you verify your identity when you need to because of government regulations or industry requirements (“Identity Verification”). We do this by verifying that evidence you present to prove your name, date of birth, nationality, address and other facts that identify you – for example, a government-issued ID, driver’s license, or passport – is genuine, correct, and valid when compared with the official sources.
Our Services are limited to authenticating or verifying your identity or credentials when you access or use Third Party Apps and Third Party Services, and we are in no way responsible for any Third Party Apps or Third Party Services. Please make sure to read the applicable Third Party Provider privacy policies and notices carefully.
This Privacy Notice may be amended by ZOLOZ from time to time. If we make any material changes we will provide notices by email or by posting a notice in your ZOLOZ account or on the ZOLOZ Site. The updated version of this Privacy Notice shall take effect as described in the applicable notice. Each time you use the Services, you confirm that you agree to be bound by this Privacy Notice as may be amended from time to time.
1. WHAT KINDS OF INFORMATION DOES ZOLOZ COLLECT, AND HOW IS IT USED AND PROCESSED?
We use the term “Personal Data” for all types of personally identifiable information defined in this Privacy Notice and in the applicable data privacy laws and regulations of the country in which we are providing the Services to you (“Data Privacy Laws”). This Privacy Notice describes how we handle your Personal Data, which may include your Biometric Data, Behavioral Data, Knowledge/Objects Data and your User ID Data, as defined below. ZOLOZ does not collect more Personal Data from you than is necessary for us to provide you the Services you have requested and take other actions described in this Privacy Notice. ZOLOZ does not offer any of its services in the United States, or share outside the U.S any Personal Data that may be collected for research to improve our anti-spoofing capabilities. ZOLOZ's technology that is in use in the U.S. is sold as licensed software, which clients incorporate into their own products. They then store and process the data internally. ZOLOZ does not process or see any of the Personal Data when this technology is used. ZOLOZ does not offer any of its services in the United States, or share outside the U.S. any Personal Data that may be collected for research to improve our anti-spoofing capabilities. ZOLOZ's technology that is in use in the U.S. is sold as licensed software, which clients incorporate into their own products. They then store and process the data internally. ZOLOZ does not process or see any of Personal Data when this technology is used.
We may collect Personal Data about you from various sources, for example: (1) directly from you or your mobile device during your registration for the Services and creation of your account (“ZOLOZ Account”), or later during your use of the Services; (2) from other Devices hosting Third Party Apps or providing Third Party Services you wish to access and use; (3) through others such as Third Party Providers of Third Party Apps or Third Party Services you wish to access and use; and (4) from government agencies or other official sources if we are providing Identity Verification Services. As required by applicable Data Privacy Laws, we will verify with you any Personal Data we collect from you, and will verify Personal Data about you that we collect from other sources to confirm the Processing of that Personal Data has a valid legal basis.
Depending on which Services you use, we may collect the following types of Personal Data:
- Your family and given name, date of birth, address, telephone number, e-mail address, government-issued ID number, and Third Party Provider user ID for a Third Party App or Third Party Service offering our Services (“User ID Data”). If you register for your ZOLOZ Account via a link from a Third Party App or Third Party Service to the ZOLOZ Platform, you have given your free and unconditional consent to the Third Party Provider of that Third Party App or Third Party Service, and hereby reconfirm your consent to that Third Party Provider sharing your User ID Information with ZOLOZ for our use in registering your ZOLOZ Account, providing one or more of the Services to you, and as otherwise permitted in this Privacy Notice.
- Your “Biometric Data”, which is digital data representing your physical characteristics, including facial images, fingerprints, eyeprints, retina or iris recognition, voiceprints, handprints, tattoos, and other similar data specific to you.
- Your “Behavioral Data”, which is digital data representing your behavioral characteristics, such as handwriting, typing dynamics, gait analysis, speech recognition, familiar locations, often-used wifi networks, and other similar data specific to you.
- Your “Knowledge/Objects Data”, which is information you know, items that you own or have in your possession, and other similar data specific to you.
We may combine and enhance your Personal Data with information received from third parties, and if the combination still identifies you, it will be governed by this Privacy Notice and we will verify that the Processing of that combined Personal Data has a valid legal basis as required by applicable Data Privacy Laws. We also may use your Personal Data and other information in other ways for which we have provided specific notice to you at the time of collection, or for which you have subsequently consented.
We may also collect information about your mobile device, such as identifiers, settings, software names and types, operating system and hardware version, and connection information such as the name of your mobile operator, browser type, language and time zone, mobile phone number and IP address. We use and process this information to help us provide the Services, for example as part of our fraud detection activities. Some of this information may be considered Personal Data, and some of it may not identify you at all.
2. HOW IS MY PERSONAL DATA STORED AND PROTECTED?
We understand that the privacy and security of your Personal Data is very important. We take appropriate steps to protect your Personal Data, including using technical, administrative and physical safeguards to protect your Personal Data stored in our databases from loss, misuse and unauthorized access, disclosure, and alteration. We also use financial grade spoof detection, system security, data encryption, digital signatures and other best-in-class technologies to protect your Personal Data, although we cannot guarantee that our safeguards will always be successful.
The privacy and security of your Biometric Data is also very important. We take appropriate steps to protect your Biometric Data, including encrypting transmissions and using digital signatures to ensure it is sent securely, and encrypting Biometric Data using AES256 before it is stored. To enhance security, original Biometric Data is stored on servers separate from production servers, and is only accessed when needed to improve performance of the services - updated templates are then generated for use in providing the services and updated Biometric Data is again encrypted and stored separately. We also guard against “spoofing” - attempts by other people to give us information that looks like your actual Biometric Data - to gain unauthorized access to your accounts. For example, if we detect that someone is trying to use a photo or video of you to try to pretend they are you, our Services will reject the fraudulent request.
It is also our standard policy to store your Biometric Data only in the country in which we are providing the Services to you. Exceptions may be made if necessary for data security or Services performance reasons, if permitted by applicable Data Privacy Laws. However, no Personal Data of U.S. citizens is stored outside the U.S. We will follow all privacy laws and regulations relating to data privacy and security of personally identifiable information in any country in which your Biometric Data may be stored, as well as any Data Privacy Laws governing transfer of your Personal Data outside the country in which we are providing the Services to you. If you have a question about where your Biometric Data is stored, please contact us at firstname.lastname@example.org or otherwise as described below.
In the event that we have a data breach of the ZOLOZ Platform, we will follow local laws and guidelines, and industry best practices, to quickly address the breach. We will notify our users of a data breach in writing, or in other forms as permitted by applicable Data Privacy Laws and agreed by the user, within the time frames required by the applicable Data Privacy Laws.
3. HOW DOES ZOLOZ USE AND PROCESS MY INFORMATION?
- providing you with a personalized user experience when you use the Services, including managing our relationship and communicating with you and monitoring your use of the ZOLOZ Platform;
- protecting your ZOLOZ Account;
- responding to your questions, feedback, claims or disputes;
- improving the Services and other products and services offered by ZOLOZ;
- research and development and data analytics;
- assessing, detecting, investigating, preventing, or remediating fraud or other prohibited or illegal activities, or violations of industry standards, or where necessary to protect the vital interests of any person;
- contacting you by telephone, text (SMS), e-mail, post or fax about the Services, and other products and services that may be of interest to you that are offered by us or our Third Party Providers.
- ensuring our Services, systems and information are secure;
- enabling any due diligence and other appraisals or evaluations for actual or proposed merger, acquisition, financing transactions or joint ventures; and
- processing your Personal Data where we have a specific legitimate interest under applicable laws or regulations to do so, and to comply with our legal and regulatory obligations.
Except for certain information that is required by law, your decision to provide any Personal Data to us is voluntary. However, if you do not do so, we may not be able to (1) allow you to use the Services or access our Third Party Providers’ Third Party Apps or Third Party Services; or (2) verify your identity as part of the Identity Verification Services. We only use Personal Data of U.S. citizens for research development, and do not share any of that Personal Data outside the U.S.
You understand that ZOLOZ may collect and process information from or about you or your device that does not identify you, or has been de-identified or aggregated so that it can no longer identify you. Because it does not identify you, we may use and share this information to improve our existing services, develop new services, perform data analytics, and for our other business purposes. We may collect some de-identified information by using cookies or pixel tags, so that we can recognize your device when you save your preferences and when we provide information to you. Cookies are text files saved to the device you use to access the Services. A pixel tag, also known as a web beacon or clear GIF, generates a notice of the visit and permits the website to save or read cookies. For example, to help us better understand how people use the ZOLOZ Platform, we may work with a number of analytics partners, which may include Google Analytics. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-Out Browser by clicking here.
4. IN WHAT CIRCUMSTANCES MAY ZOLOZ SHARE MY PERSONAL DATA?
ZOLOZ does not sell your Personal Data, or permit any marketing companies to do so. ZOLOZ does not share any Personal Data of U.S. citizens outside the U.S.
- each Third Party Provider whose services you choose to use with our Services, but only so that they can help us improve our Services, and provide the products and services that you request after you have been Authenticated by our Services;
- our vendors and advisors, but only so that they can help us provide, develop and improve the Services, and help us provide you with information about other products and services that may be of interest to you that are offered by us or our Third Party Providers;
- government agencies and industry associations, when necessary to verify your identity through official sources, but only after you have consented to having your identity verified through the Identity Verification Services;
- companies to whom or through which payments are made by you after you have been Authenticated by our Services, and to which you have authorized payments, but only for purposes relating to those authorized payments;
- companies involved in any merger, acquisition, financing transaction or joint venture with us, but only subject to our Privacy Notice; and
- professional advisers, law enforcement agencies, insurers, government and regulatory authorities or any other organizations to which ZOLOZ is under an obligation to make disclosure under applicable law or regulation.
We also may share your Personal Data in other ways for which we have provided specific notice to you, or for which you have specifically consented.
5. HOW DO THIRD PARTY WEBSITES AND ONLINE SERVICES PROTECT MY INFORMATION?
We may provide links to other websites and services, including those of our Third Party Providers. These services and websites operate independently from us and may have their own privacy notices or policies, which we strongly suggest you review before you use any of their services or conduct any activities on those mobile apps, websites or online services. ZOLOZ is not responsible for the contents, privacy practices, or the quality of the products or services of any mobile apps, websites, or online services linked from our Services, including those of our Third Party Providers.
6. WHAT ARE MY RIGHTS?
You are entitled to know whether we hold Personal Data about you and, if we do, to have access to that Personal Data, require it to be corrected or deleted, to object to or restrict the processing of your Personal Data, and to request a copy of your Personal Data, subject to the Data Privacy Laws in the country in which we are providing the Services to you. If, despite our commitment and efforts to protect your Personal Data, you believe that your data privacy rights have been violated, you have the right at all times to lodge a complaint with the appropriate government authority. Contact us at email@example.com or as described below to exercise any of your rights. We may charge a nominal and reasonable fee for processing any data access or copy request.
7. HOW CAN I WITHDRAW MY CONSENT AND HOW LONG DOES ZOLOZ KEEP MY PERSONAL DATA?
You must notify ZOLOZ that you wish to terminate your ZOLOZ Account – notifying Third Party Providers of Third Party Apps or Third Party Services offering ZOLOZ Services will not result in ZOLOZ deleting your Personal Data from our systems. Disabling the collection of Biometric Data offered in a Third Party App or Third Party Service will not result in deactivation or termination of your ZOLOZ Account or deletion of your Personal Data. In addition, you must notify others that have your Personal Data directly of your wishes; any withdrawal of consent you send to us will only result in ZOLOZ terminating your ZOLOZ Account and deleting your Personal Data as described above.
8. WHAT HAPPENS WHEN ZOLOZ RECEIVES A LEGAL REQUEST FOR INFORMATION ABOUT ME?
9. HOW DO I CONTACT ZOLOZ?
Questions, comments and requests regarding this Privacy Notice are welcomed and should be addressed to:
ZOLOZ US Headquarters
c/o EYEVERIFY, INC.
1740 E. Main Street, Suite 100
Kansas City, Missouri, 64108, USA
Attn: CEO; General Counsel
ZOLOZ China Headquarters
1 Danling Street
International Finance Center, Floor 23
Zhongguancun, Haidian District
Beijing, China 100080
Attn: General Manager; General Counsel
10. YOUR ACCEPTANCE OF THIS PRIVACY NOTICE