Passbase Privacy Policy
Last Updated: October 13th, 2022
This Privacy Policy applies to personal information processed by Passbase, Inc. and its affiliates (“Passbase,” “we,” “us,” and “our”) in the course of providing our website located at https://passbase.com/ (the “Site”), our identity verification services (“Identity Verification Services”), and our related online and offline offerings. To make this Privacy Policy easier to read, our Site, our Identity Verification Services, and our other offerings are collectively called the “Services.”
Passbase allows individuals to verify their identity (“End Users”) using our Identity Verification Services through the use of a proprietary platform which combines facial recognition technology, ID authenticity checks, and third party database checks.
End Users may use our Identity Verification Services to share personal information with third-party organizations (i.e., Passbase customers). Our customer’s use of an End User’s personal information is governed by their privacy policy, not this Privacy Policy. For more information about the information we disclose to our customers (among other third parties), please see Section 4 – How We Disclose Your Information.
When you use our Services, we may collect the following categories of personal information.
Verification Information. If you are an End User using the Identity Verification Services to verify your identity, we may collect the following personal information:
- Your full name, email address, telephone number, and address;
- Short selfie videos that contain both visual and audio recordings;
- Identification documents (which may include your passport, driver’s license, vaccine card, and any other relevant identification documents requested from time to time and any data contained within that identification document (for example, age, gender, place of birth, vaccine type and date of administration, nationality, place of residence));
- If you consent, biometric information, including your facial image, that is extracted from both your selfie videos and any photos within your identification information. By accepting our Terms of Service and/or Privacy Policy and providing us with selfie videos and/or identification documents, you consent to our extraction and processing of the biometric information contained therein as set forth in this Privacy Policy;
- Your inferred current location based off of your IP address;
- Background check documentation;
- The identity verification outcome and related profile that is generated once we analyze the information you provide.
Customer Account Information. If you are a Passbase customer or an authorized user of a Passbase customer, you will have to create an account to use our Services. When you create an account, we will collect the personal information you provide in connection with your account creation (e.g., your name and email address).
Your Communications with Us. We collect personal information from you such as email address, phone number, or mailing address when you request information about our Services, register for our newsletter, request a demo, or otherwise communicate with us.
Surveys. We may contact you to participate in surveys. If you decide to participate, you may be asked to provide certain information which may include personal information.
Interactive Features. We may offer interactive features such as forums, blogs, chat and messaging services, and social media pages. We and others who use our Services may collect the information you submit or make available through these interactive features. Any content you provide on the public sections of these features will be considered “public” and is not subject to the privacy protections referenced herein. By using these interactive features, you assume the risk that the personal information provided by you may be viewed and used by third parties for their own purposes.
Please note that this section about Interactive Features does not apply to any personal information collected from End Users who are verifying their identity using the Identity Verification Services.
Customer Service and Support. If you call or otherwise interact with Passbase’s customer service and support, we may collect the information you provide to our representatives. In addition, we may record telephone calls between you and our representatives for training and quality assurance purposes.
Conferences, Trade Shows, and Other Events. We may collect personal information from individuals when we attend conferences, trade shows, and other events.
Business Development and Strategic Partnerships. We may collect personal information from individuals and third parties to assess and pursue potential business opportunities.
Job Applications. We may post job openings and opportunities on our Site. If you reply to one of these postings, we may collect your application, CV, cover letter, and/or other information you provide to us.
Automatic Data Collection. We may collect certain information automatically when you use the Services. This information may include your registration date, Internet protocol (IP) address, user settings, MAC address, device or browser based identifiers, mobile carrier, details about your browser, operating system or device, location information (including inferred location based off of your IP address), Internet service provider, pages that you visit before, during and after using the Services, information about the links you click, information about how you interact with the Services, including the frequency and duration of your activities, and other information about how you use the Services. Information we collect may be associated with your account.
- Cookies, Pixel Tags/Web Beacons, and Other Technologies. We, as well as third parties that provide content, advertising, or other functionality on our Services, may use cookies, pixel tags, local storage, and other technologies (“Technologies”) to automatically collect information through your use of our Services.
- Cookies. Cookies are small text files placed in device browsers that store preferences and facilitate and enhance your experience.
- Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in our Services that collects information about engagement on our Services. The use of a pixel tag allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement. We may also include web beacons in e-mails to understand whether messages have been opened, acted on, or forwarded.
Our uses of these Technologies fall into the following general categories:
- Operationally Necessary. This includes Technologies that allow you access to our Services, applications, and tools that are required to identify irregular website behavior, prevent fraudulent activity and improve security or that allow you to make use of our functionality;
- Performance-Related. We may use Technologies to assess the performance of our Services, including as part of our analytic practices to help us understand how individuals use our Services (see Analytics below);
- Functionality-Related. We may use Technologies that allow us to offer you enhanced functionality when accessing or using our Services. This may include identifying you when you sign into our Services or keeping track of your specified preferences, interests, or past items viewed;
- Advertising- or Targeting-Related. We may use first party or third-party Technologies to deliver content, including ads relevant to your interests, on our Services or on third-party websites. However, Passbase does not set advertising or targeting Technologies when End Users are authenticating themselves via the Identity Verification Services.
See “Your Choices” below to understand your choices regarding these Technologies.
- Analytics. We may use Technologies and other third-party tools to process analytics information on our Services. Some of our analytics partners include:
- Google Analytics. For more information, please visit Google Analytics’ Privacy Policy. To learn more about how to opt-out of Google Analytics’ use of your information, please click here.
Third Party Services and Organizations. We may obtain information about individuals (including End Users) from other sources, including through third party services and organizations. For example, we may obtain supplemental information from background check providers letting us know whether the personal information you have provided is true or valid.
Passbase uses personal information for a variety of business purposes, including:
To provide the Identity Verification Services to End Users, such as:
- Authenticating the unique biometric information extracted from an End User’s selfie videos against the biometric information represented on the End User’s identity document for identity verification and fraud prevention;
- Populating a user profile composed of the personal information we collect about an End User; and
- At the instruction of an End User, sharing the End User’s personal information with other third parties the End User chooses to interact with.
To Provide the Services or Information Requested, such as:
- Fulfilling our contract with you or the organization on whose behalf you use the Services;
- Sending you an invitation to register to use our Services;
- Managing your information and account;
- Sending you SMS messages where your mobile phone number is requested for the purpose of fulfilling a multi-factor authentication process;
- Responding to questions, comments, and other requests;
- Processing your financial information and other payment methods for Services purchased;
- Allowing you to register for events;
- Providing access to certain areas, functionalities, and features of our Services; and
- Answering requests for customer or technical support.
Administrative Purposes, such as:
- Pursuing legitimate interests, such as direct marketing, research and development (including marketing research), network and information security, and fraud prevention (but, please note that we do not use any personal information collected from End Users who are verifying their identity with the Identity Verification Services for marketing or advertising purposes;
- Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity;
- Measuring interest and engagement in our Services;
- Improving, upgrading or enhancing our Services;
- Developing new products and services;
- Ensuring internal quality control and safety;
- Authenticating and verifying your identity;
- Carrying out audits;
- Communicating with you about your account, activities on our Services and Privacy Policy changes;
- Preventing and prosecuting potentially prohibited or illegal activities;
- Processing applications if you apply for a job we post on our Services;
- Enforcing our agreements; and
- Complying with our legal obligations.
Marketing Our Products and Services. Please note that we do not use any personal information collected from End Users who are verifying their identity with the Identity Verification Services for marketing or advertising purposes.
However, we may use any other personal information we collect to tailor and provide you with content and advertisements. We may provide you with these materials as permitted by applicable law.
Some of the ways we market to you include email campaigns, custom audiences advertising, and “interest-based” or “personalised advertising” including cross-device tracking. If you have any questions about our marketing practices or if you would like to opt out of the use of your personal information for marketing purposes, you may contact us at any time as set forth below.
Consent. We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information, or with your consent.
De-identified and Aggregated Information Use. We may use personal information and other data about you to create de-identified and/or aggregated information, such as de-identified demographic information, de-identified location information, information about the device from which you access our Services, or other analyses we create. De-identified and/or aggregated information is not personal information, and we may use and disclose such information in a number of ways, including research, internal analysis, analytics, and any other legally permissible purposes.
If you are located in the European Economic Area, Switzerland, and/or the United Kingdom, Passbase’s processing of your personal information is supported by the following lawful bases:
- Performance of a Contract: Passbase needs to process your personal information to perform our contract with you, namely the Terms of Service.
- Legitimate Interest: Passbase may process your personal information to further its legitimate interests but only where our interests are not overridden by your interests or fundamental rights and freedoms.
- Consent and Explicit Consent: In some cases, Passbase also relies on your consent and/or explicit consent to process your personal information. For example, by providing us with your selfie video and/or identification documents, you explicitly consent to our extraction and processing of the biometric information contained therein.
- Compliance with our Legal Obligations: Passbase may process your personal information to comply with our legal obligations.
We may share your personal information with the following categories of third parties:
- Other Organizations at your Instruction. Third-party organizations use Passbase to help them verify End User identities. When an End User uses the Services, the End User may instruct Passbase to share their personal information with one of these third-party organizations for their own, independent purposes. Passbase will not share an End User’s biometric information with the third-party organization, but it will share the output of the biometric identity verification process (i.e., whether or not the facial images from the selfie video and identity documents are the same person).
Once an End User elects to have us share their personal information with a third-party organization, it will be subject to the privacy policy and practices of the receiving party and such party will be a separate, independent “controller” and/or “business” as defined by applicable data protection laws. These third parties are not controlled by Passbase. We encourage End Usersto read the privacy policies of each third party with which they interact. We are not responsible for the privacy and security practices of such third parties. Disclosing your information to these third parties is at your own risk.
- Service Providers. Passbase may share the personal information it collects, including biometric information, with our third party service providers. The categories of service providers to whom we entrust personal information include service providers for: (i) the provision of the Services; (ii) the provision of information, products, and other services you have requested; (iii) customer service activities; and (iv) the provision of IT and related services.
- Affiliates. We may share your personal information with our company affiliates
- Our Customers (Authorized Users Only). In cases where you use our Services as an authorized user of our customer, that customer may access information associated with your use of the Services including usage data and the contents of the communications and files associated with your account. Your personal information may also be subject to the customer’s privacy policy. We are not responsible for the customer’s processing of your personal information.
- Advertising Partners. We may share your personal information with third-party advertising partners. These third-party advertising partners may set Technologies and other tracking tools on our Services to collect information regarding your activities and your device (e.g., your IP address, cookie identifiers, page(s) visited, location, time of day). These advertising partners may use this information (and similar information collected from other services) for purposes of delivering personalized advertisements to you when you visit digital properties within their networks. This practice is commonly referred to as “interest-based advertising” or “personalized advertising.
Please note that this section does not apply to personal information that is collected from End Users who are verifying their identity with the Identity Verification Services.
- APIs/SDKs. We may use third-party application program interfaces (“APIs”) and software development kits (“SDKs”) as part of the functionality of our Services. For more information about our use of APIs and SDKs, please contact us as set forth in “Contact Us” below.
- Disclosures to Protect Us or Others. We may access, preserve, and disclose any information we store in association with you to external parties if we, in good faith, believe doing so is required or appropriate to: (i) comply with law enforcement or national security requests and legal process, such as a court order or subpoena; (ii) protect your, our, or others’ rights, property, or safety; (iii) enforce our policies or contracts; (iv) collect amounts owed to us; or (v) assist with an investigation or prosecution of suspected or actual illegal activity.
- Disclosure in the Event of Merger, Sale, or Other Asset Transfer. If we are involved in a merger, acquisition, financing due diligence, reorganisation, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction.
Passbase may transfer, process, and store your personal information in the countries that are necessary for Passbase to operate its business. These countries may have data protection laws that are different from the laws where you live. We endeavor to safeguard your information consistent with the requirements of applicable laws. Further details can be provided upon request.
- General. You may have the right to opt out of certain uses of your personal information.
- Email Communications. If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails regarding products or Services you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (e.g., communications regarding the Services or updates to our Terms of Service or this Privacy Policy).
- Mobile Devices. We may send you push notifications through our mobile application. You may at any time opt-out from receiving these types of communications by changing the settings on your mobile device. With your consent, we may also collect precise location information if you use our mobile applications. You may opt-out of this collection by changing the settings on your mobile device.
- Do Not Track. Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
- Cookies and Interest-Based Advertising. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. However, if you adjust your preferences, our Services may not work properly. Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt-out of personalized advertisements on some mobile applications by following the instructions for Android, iOS and others.
The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy by visiting the Network Advertising Initiative, the Digital Advertising Alliance, the European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada.
Please note you must separately opt out in each browser and on each device.
In accordance with and subject to certain exceptions prescribed by applicable law, you may have the right to:
(i) request confirmation of whether we are processing your personal information;
(ii) obtain access to or a copy of your personal information;
(iii) receive an electronic copy of personal information that you have provided to us, or
ask us to send that information to another company (the “right of data portability”);
(iv) object to our processing of your personal information
(v) restrict our uses of your personal information;
(vi) seek correction or amendment of inaccurate, untrue, incomplete, or improperly processed personal information;
(vii) withdraw your consent; and
(viii) request erasure of personal information held about you by us.
If you would like to exercise any of these rights, please contact us as set forth below.
We will process such requests in accordance with applicable laws. To protect your privacy, we will take steps to verify your identity before fulfilling your request.
This Supplemental California Privacy Notice only applies to our processing of personal information that is subject to the California Consumer Privacy Act of 2018 (“CCPA”). The CCPA provides California residents with the right to know what categories of personal information Passbase has collected about them and whether Passbase disclosed that personal information for a business purpose (e.g., to a service provider) in the preceding twelve months. California residents can find this information below:
Category of Personal Information | Collected by Passbase about End Users and Shared with Third Parties for a Business Purpose? | Collected by Passbase about our Customer’s Authorized Users that use the Services and Shared with Third Parties for a Business Purpose? | Collected by Passbase about Other Individuals and Shared with Third Parties for a Business Purpose? |
Identifiers | Collected: Yes Shared with:
| Collected: Yes Shared with:
| Collected: Yes Shared with:
|
Personal information categories listed in Cal. Civ. Code § 1798.80(e) | Collected: Yes Shared with:
| Collected: Yes Shared with:
| Collected: Yes Shared with:
|
Protected classification characteristics under California or federal law | Collected: Yes Shared with:
| Collected: No. | Collected: Yes Shared with:
|
Commercial information | Collected: Yes Shared with:
| Collected: Yes Shared with:
| Collected: Yes Shared with:
|
Biometric Information | Collected: Yes Shared with:
| Collected: No. | Collected: No. |
Internet or other electronic network activity | Collected: Yes Shared with:
| Collected: Yes Shared with:
| Collected: Yes Shared with:
|
Geolocation data | Collected: Yes Shared with:
| Collected: No. | Collected: No. |
Sensory data | Collected: Yes Shared with:
| Collected: No. | Collected: No. |
Professional or employment-related information | Collected: Yes Shared with:
| Collected: Yes Shared with:
| Collected: Yes Shared with:
|
Inferences drawn from other personal information to create a profile about a consumer | Collected: Yes Shared with:
| Collected: Yes. Shared with:
| Collected: Yes Shared with:
|
The categories of sources from which we collect personal information and our business and commercial purposes for using personal information are set forth above.
Additional Privacy Rights for California Residents
“Sales” of Personal Information under the CCPA. For purposes of the CCPA, Passbase does not “sell” personal information, nor do we have actual knowledge of any “sale” of personal information of minors under 16 years of age.
Non-Discrimination. California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the CCPA.
Authorized Agent. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. To designate an authorized agent, please contact us as set forth below.
Verification. When you make a request, we will ask you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include confirming the email address associated with any personal information we have about you.
If you are a California resident and would like to exercise any of your rights under the CCPA, please contact us as set forth below. We will process such requests in accordance with applicable laws.
Accessibility. If you are an individual with a disability that needs to access this Privacy Policy in a different format, please contact us as set forth below for assistance.
If you are a resident of Nevada, you have the right to opt-out of the sale of certain personal information to third parties who intend to license or sell that personal information. Please note that we do not currently sell your personal information as sales are defined in Nevada Revised Statutes Chapter 603A. If you have any questions, please contact us as set forth below.
We store the personal information we receive as described in this Privacy Policy for as long as you use our Services or as necessary to fulfil the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defences, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws. Where required by applicable law, we will delete your biometric information within three years of your last interaction with the Services.
We take steps to ensure that your information is treated securely and in accordance with this Privacy Policy. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any information you provide to us. To the fullest extent permitted by applicable laws, we do not accept liability for unauthorized disclosure.
By using the Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the Services, by mail or by sending an email to you.
The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Visiting these other websites or applications is at your own risk.
The Services are not directed to children under 13 (or other age as required by local law), and we do not knowingly collect personal information from children. If you learn that your child has provided us with personal information without your consent, you may contact us as set forth below. If we learn that we have collected a child’s personal information in violation of applicable law, we will promptly take steps to delete such information and terminate the child’s account.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to lodge a complaint with a supervisory authority in your jurisdiction if you believe our processing of your personal information violates applicable law.
We may revise this Privacy Policy from time to time in our sole discretion. If there are any material changes to this Privacy Policy, we will notify you as required by applicable law. You understand and agree that you will be deemed to have accepted the updated Privacy Policy if you continue to use the Services after the new Privacy Policy takes effect.
- Passbase, Inc.: 179 Franklin St, New York, NY 10013
- Passbase GmbH.: Monbijou Platz 2, 4th Floor, Berlin 10178, Germany
Last modified 1mo ago