Last updated: 2019-12-31
ID.me only shares your Biometric Data with third parties where there is a legitimate need related to delivering the Services to you, such as processing a payment at a point of sale. Otherwise, ID.me does not disseminate your Biometric Data without your request or consent.
ID.me stores and uses your Biometric Data as long as you have an active account with ID.me. However, you may request that ID.me delete your Biometric Data at any time and ID.me will process such request for deletion promptly.
You may delete any of your Biometric Data and consent to use your Biometric Data or by notifying us at firstname.lastname@example.org. You may also decline to provide Biometric Data. If you revoke your consent or decline to provide Biometric Data that is required for you to use ID.me’s Services or website, however, you may experience a loss of functionality as well as a reduced user experience.
Biometric data is identifying information related to your biometric characteristics which may be used to identify you and includes both “biometric identifiers” and “biometric information” as defined in the Illinois Biometric Information Privacy Act, 740 ILCS Sec. 14/1, et seq. Common examples of biometric identifiers that you may use in your daily life include fingerprints, voiceprints, scan of a hand, facial geometry recognition and iris or retina recognition. Biometric information is any information based on an individual’s biometric identifier(s) used to identify an individual, regardless of the method of capture, conversion, storage or how it is shared. When ID.me discusses “Biometric Data”, we mean both biometric identifiers and biometric information and are referring to certain physical information we collect about you (such as certain facial recognition characteristics or voiceprints) and securely store in order to identify you individually in to provide our resources and services available through our Website, applications and APIs (collectively, the “Services”) to you.
It is ID.me’s policy that whenever ID.me collects Biometric Data for any purpose, ID.me will first inform the data subject of the collection and purpose of the collection of the Biometric Data and obtain a written consent and release before biometric data is collected. ID.me must also inform the data subject of how ID.me will use, process, store, disclose, protect and how long ID.me will retain the Biometric Data. In any event, ID.me must obtain from each data subject, prior to or at the time of collection.
When you sign up for a ID.me account, you may be asked to provide certain Biometric Data, including but not limited to a voiceprint and or a photograph that may be used for facial geometry recognition, to ID.me. ID.me collects that Biometric Data and then encrypts and stores it on ID.me’s data servers, which ID.me will use to identify you when you want to use ID.me Services. ID.me does not collect, capture, receive or otherwise obtain your Biometric Data without notifying you in writing in advance or without your consent or without the consent of your legally authorized representative. You may decline to provide your Biometric Data. However, if you decline to provide Biometric Data, certain ID.me Services that require the use of such data will become unavailable to you. You may also experience a loss of functionality of some or all of the Services that we provide.
It is the policy of ID.me to not disclose, redisclose or otherwise disseminate a person's biometric identifier or biometric information unless the data subject of the biometric identifier or biometric information or the data subject's legally authorized representative consents to the disclosure or redisclosure; the disclosure or redisclosure completes a financial transaction requested or authorized by the data subject of the biometric identifier or the biometric information or the data subject's legally authorized representative; the disclosure or redisclosure is required by state or federal law or municipal ordinance; or the disclosure is required pursuant to a valid subpoena, warrant or other legal process issued by a court of competent jurisdiction of your information because we periodically back-up information.
ID.me will store your biometric data safely, whether in electronic or paper form, in accordance with applicable legislation,. ID.me shall ensure that your biometric data is protected against unauthorized access, accidental change or deletion and hacking attempts. Questions about how ID.me safely stores your biometric data should be directed to the IT Manager or Data Controller.
ID.me will only access Biometric Data when the information relates to and is necessary to perform authorized services for the data subject. No ID.me employee or contractor may access Biometric Data for any reason unrelated to his or her job duties. ID.me employees and contractors may not use Biometric Data in a way that is incompatible with the notice given to the data subject at the time the information was collected. If any ID.me employee or consultant is unsure about whether a specific use or disclosure is appropriate, he or she is directed to promptly consult with a supervisor. ID.me employees and consultants may only share Biometric Data with another ID.me employee, agent, or representative if the recipient has a job-related need to know the information. Biometric Data may only be shared with a third-party service provider if it has a need to know the information for the purpose of providing the contracted services and if sharing the Biometric Data complies with the privacy notice provided to the data subject. ID.me and its employees and contractors may not share Biometric Data with a third party service provider without prior written supervisor approval and a fully executed written contract. Further, when working with Biometric Data, ID.me employees are instructed: (i) to ensure the screens of their computers are always locked when left unattended for any period of time; (ii) that Biometric Data should never be shared informally; (iii) Biometric Data should not be sent by email; and (iv) Biometric Data must be encrypted before being transferred electronically.
When you use the Services, you will provide certain Biometric Data to ID.me, which may include facial geometry scans and voiceprints. Your Biometric Data will then be encrypted. Biometrics Data such as facial geometry scans that utilize your photo on identification documents, may be used to verify your identity. ID.me may also use your Biometric Data for fraud prevention purposes.
ID.me does not sell, lease, or trade your Biometric Data to any third parties or derive any profit in such a manner. ID.me may work with certain third parties to provide the Services to you, but only as necessary to provide you with such Services. ID.me only shares your Biometric Data with a third party where the third party has a legitimate need related to delivering the Services to you. ID.me has agreements with any third parties that will receive your Biometric Data that requires them to keep your Biometric Data secret and secure. We do not disclose, re-disclose or otherwise disseminate your Biometric Data without your request or consent or without the request or consent of your legally authorized representative. However, in certain specific instances, we may be compelled to disclose your Biometric Data in cases where such disclosure or re-disclosure is required by State or federal law, or municipal ordinance, or when required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.
In order to deliver the Services to you, ID.me stores and may use your Biometric Data as long as you have an active account with ID.me and the initial purpose, or another business purpose for collecting or obtaining your Biometric Data remains in effect. Your account is considered active until you specifically request that we close your account. You may request that we delete your Biometric Data at any time by notifying us at email@example.com.
Personal information including Biometrics Data will be retained until we have fulfilled ID.me’s legal, contractual and policy obligations. Currently, in order to fulfill these obligations, our retention policy is the duration of your relationship with ID.me plus seven and a half years.
After you close your account (or your account automatically closes, as described above), ID.me will keep your Biometric Data on file for up to seven and a half years, for reasons including fraud prevention. ID.me will permanently destroy your Biometric Data after the seven and a half-year anniversary of the date that you close your account. After your account is closed, you will need to re-enroll, which may include providing your Biometric Data to ID.me again, before you can use the Services.
Copyright © 2020 ID.me, Inc. All rights reserved.