APLYiD Privacy Policy

Last updated: 13 June 2022

1. APLY Limited (APLYiD) 

APLYiD Limited and its related companies (APLYiD, we) provide Software as a Service using electronic biometric identification technology (System) to enable APLYiD’s business customers (Customers) to verify the identity of their own prospects, customers, business partners, employees and vendors (Applicants) for legal and regulatory compliance purposes (Service). The APLYiD entity responsible for your data will depend on the location of the Customer, as set out in the table below.

This Policy applies to the use, collection and disclosure of information relating to you (Personal Information) that is submitted to or collected by APLYiD’s web application (App) or website www.aplyid.com (Website) in connection with the Service. 

We may sometimes need to modify or even replace this Policy. Please check the Privacy Policy page at the Website regularly for changes, though we will also try to notify you via the Service of any changes if these might impact your use of the Service or the treatment of your Personal Information. 

Some parts of this Privacy Policy will only apply to you if you live in the United Kingdom (UK), as you have specific rights that are available under applicable data protection laws, including the UK Data Protection Act 2018 and the EU General Data Protection Regulation 2016/679, as it forms part of UK law by virtue of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (UK Data Protection Laws).

2. Collection of Personal Information 

Applicants

Because we verify Applicants’ identities as part of the Service, if you are an Applicant you will need to disclose Personal Information to us and our service providers.

If you are an Applicant, we may collect and process your Personal Information as a data processor on behalf of and according to the instructions provided by our Customers, who are the controllers of that Personal Information and use the Service to verify your identity. The Personal Information we may collect or hold about you on behalf of our Customers includes: 

  • full name; 
  • gender; 
  • address; 
  • email address; 
  • telephone number and other contact details; 
  • date and place of birth; 
  • national and governmental identification information, such as your drivers’ licence number and class, Medicare number, state or national ID card number, passport number, and birth or marriage certificate number; 
  • other information identifiable from scanned ID documents you provide, such as your organ donor status or photographs of your face; 
  • biometric information, such as video footage or photographs of your face; 
  • information obtained from fraud-prevention services and document verification services; 
  • your device ID, device type, geo-location information, connection information, IP address and standard web log information; 
  • payment information; 
  • username and password;
  • any additional information relating to you that you provide to us directly through our Website or App or indirectly through your use of our Website or App or online presence or through other websites or accounts from which you permit us to collect information; 
  • information you provide to us through customer surveys; and 
  • any other personal information that may be required to facilitate your dealings with us.

The Personal Information we collect differs from person to person depending on the type of identity documentation verified. 

Other Data Subjects

If you visit the Website or use the App not as an Applicant, or you are a Customer or an employee of a Customer, the Personal Information we may collect or hold about you (where we are acting as a data controller) includes:

  • full name;
  • email address;
  • telephone number;
  • the business or company you represent or work for.

We collect your Personal Information when you: 

  • request us to act on your behalf via the Website or App; 
  • provide information about a service issue or otherwise contact us; 
  • visit our Website;
  • register to use the Service as a Customer.

Our Website and Services are not directed at children. We do not knowingly collect, use or share Personal Information about children under the age of 18.

Reasons for collecting Personal Information

We only collect and process Personal Information if necessary for: (i) the purpose of providing the Service to our Customers, (ii) the performance of a contract to which you are a party, (iii) any other purpose(s) for which you have given consent, (iv) compliance with our legal obligations, or (v) fulfilling our other legitimate interests as described in this Policy, except where our legitimate interests are overridden by your privacy rights. 

If you live in the UK, we rely on the following legal bases under UK Data Protection Laws when using your Personal Information for the above purposes: 

(a) Contract

We use your Personal Information when it is necessary to perform a contract with you, or where you have asked us to take steps prior to your entering into a contract with us, in particular:

  • (If you are a sole trader) to provide you with the Service and any other service(s) you expressly require or authorise, including to verify identification documents against their originating official database;
  • to provide you with online services (access to our Website and App);
  • to provide you with customer service assistance; and
  • to provide support for your account.

(b) Legal obligation

We use your Personal Information to comply with our legal obligations, which, depending on local laws, may include responding to legal processes or complying with or as required by any applicable law or the governmental or regulatory requirements of any relevant jurisdiction.

(c) Legitimate interest

We use your Personal Information when it is necessary for our legitimate interests or those of third parties. In these cases, we perform relevant legitimate interests balancing tests to ensure that we have considered and weighed any privacy impact in relation to the interest in question. In particular, we may use your Personal Information to:

  • better understand your needs, diagnose problems, analyse trends, and improve the features and usability of the Service;
  • deal with requests, enquiries and complaints and facilitating other customer services;
  • keep the Service safe and secure;
  • manage our relationship with you or your organisation;
  • monitor compliance with our policies and standards;
  • ensure security of our communications and other systems;
  • detect and prevent security threats, fraud or other criminal or malicious activities; and
  • exercise or defend our legal rights or comply with court orders.

You have no obligation to provide APLYiD with any Personal Information requested by us. However, due to the nature of the Service, if you do not to provide us with the information requested, we will be unable to provide the Service to our Customer and if you are an Applicant you may need to verify your identity in a different way.

3. Disclosure of Personal Information

We may disclose your Personal Information to:

  • the Customer who is using the Service to verify your identity, for the purpose of providing the Service to that Customer (if you are an Applicant); 
  • our service providers to facilitate the provision of our Services to our Customers. We have agreements with our service providers that require them to: (a) use your personal information solely for the purpose of enabling us to provide our Services to you (Purpose); (b) not hold your personal information for longer than is necessary for the Purpose; and (c) otherwise comply with applicable data protection and privacy laws; 
  • our hosting providers AWS and Heroku as described in this Privacy Policy;
  • providers of third-party services that we make available to you via the Website or the App. Some of these third-party service providers may be located in countries other than yours or ours. These third-party service providers will process your Personal Information according to their own privacy policies, which we recommend you review.  

In exceptional circumstances, we may share your Personal Information with another party if we believe it is reasonably necessary to: (a) comply with any applicable law, legal process or governmental request; (b) enforce our agreements, policies and terms of service; (c) protect the security or integrity of our Service or Website; or (d) protect us, our Customers, or the public from harm or illegal activities.

4. Overseas Transfers of Personal Information

Some of our service providers may be based outside the country in which you live. Whenever we transfer your Personal Information to another country, we comply with applicable law and ensure a similar degree of protection is given to it using contractual or other safeguards.


Please contact our Privacy Officer if you want further information on the specific safeguards used when transferring your personal information to another country or if you are an individual in the UK and you want to obtain a copy of them.


If you live in the United Kingdom, the following applies to you:


  • We may share your Personal Information with entities located within the UK or European Economic Area and countries where such transfers are based on the adequacy regulations of the UK Data Protection Act 2018.


  • In the absence of such adequacy regulations, we may share your Personal Information with entities located outside the United Kingdom or outside the countries covered by the adequacy regulations. 


  • In such cases, we implement appropriate safeguards, in particular standard data protection clauses or standard data protection clauses issued by the Information Commissioner, such as the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses. You can obtain a copy of those clauses or other safeguards by contacting us in accordance with Section 7 below. 

5. Using Personal Information

We understand the importance of using your Personal Information in a responsible and secure manner. We will only use your Personal Information to: 

  • verify identification documents against their originating official database; 
  • send your Personal Information to our Customer (e.g. solicitor, bank) who will be relying on your verified identification to meet its legal requirements; 
  • deal with requests, enquiries, complaints and facilitate other customer services; 
  • contact you about your account and provide support; 
  • comply with any legal, government or regulatory obligations; 
  • provide the Service and any other service(s) you expressly require or authorise; 
  • better understand your needs, diagnose problems, analyse trends, improve the features and usability of the Service (when we do this, we only use aggregated information that does not identify you personally); and 
  • keep the Service safe and secure. 

We will never sell your Personal Information to anyone. 

6. Storage and Security of Personal Information 

We have put in place measures to ensure the security of the Personal Information we collect and store. 

Your Personal Information will be held in our System which is hosted by Amazon Web Services (AWS) and Heroku.  Both platforms provide encryption in transit with HTTPS and SSL across all services.

If you are an Applicant, we will securely delete your Personal Information no later than 14 days after collection. 

We strive to protect your Personal Information against unauthorised disclosure or access, including using network and database security measures, but we cannot guarantee the security of any information we collect and store. 

  
If you have an account with us, you must prevent unauthorised access to your account and Personal Information by selecting and protecting your password or other sign-on mechanism appropriately and limiting access to your computer or device by signing off after you have finished accessing your account.


Our Customers who use the Service to verify your identity are responsible for their own compliance with applicable data protection and privacy laws with respect to their collection, storage and use of your Personal Information. 


If you are not an Applicant, we will only retain your Personal Information for as long as necessary to fulfil the purposes we collected it for. Depending on the applicable purposes of the processing, we will store your Personal Information for as long as in at least one of the following cases:

  • if we use your Personal Information to perform a contract, we will generally store it for the duration of the contract and until the lapse of the claims limitation period;
  • if we use your Personal Information to perform our legal obligations, we will store it for any retention periods mandated by applicable laws;
  • if we use your Personal Information on the basis of a legitimate interest, we will store it as long as necessary to fulfil our legitimate interest, or until you successfully exercise your right to object. 

7. Privacy Officer

You can contact us at privacy@aplyid.com if you have any questions on our Privacy Policy or treatment of data.

8. Your Rights 

If you receive a verification link from a Customer to verify your identity, you can (and should) review your information during the identification verification process and correct any errors that might have occurred as the information has been extracted from the identification documentation you submitted to the Service. After this, you will have no ability to access or review your results from the verification process.  If you have completed the identification verification process with the incorrect information, you must request that the Customer sends you another verification link. You may also supplement any incomplete Personal Information we have, taking into account the purposes of the processing. Any supplementary Personal Information will need to be provided directly to the Customer.

In certain circumstances, by law you may have the right to:

  • request access to the Personal Information that we hold about you;
  • request correction or deletion of the Personal Information that we hold about you; 
  • object to us processing your Personal Information or ask us to restrict our processing of your Personal Information;
  • withdraw your consent to us processing your Personal Information;
  • receive a copy of the Personal Information we hold about you in a structured, commonly used, and machine-readable form; and
  • make a complaint with the relevant data protection authority.

If you wish to exercise any of these rights, please email our Privacy Officer. We may not be able to provide your personal information if it has already been deleted from our systems.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Information or to exercise any of your other rights. This is a security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it. To speed up our response, we may also contact you to ask you for further information in relation to your request. 

We will not generally charge you a fee for exercising your legal rights. However, we may charge a reasonable fee for making information available to you in accordance with your request where the law allows (for example if there is significant work involved).


We try to respond to all legitimate requests within two weeks. Occasionally it may take us longer to respond if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.


In some circumstances, the law may allow us to deny you access to the Personal Information we hold about you. In such a case we will explain to you the reason for refusing access.

If you live in the United Kingdom, you have the following additional rights:

  • right of access - you have the right to ask us for copies of your personal information; however there are some exemptions, which means you may not always receive all the information we process;
  • right to rectification – you have the right to ask us to rectify information you think is inaccurate, as well as the right to ask us to complete information you think is incomplete;
  • right to erasure -  in certain situations, you can request that we erase your Personal Information, for example, if we no longer need it to achieve the purpose of the processing or we processed it unlawfully. We can refuse your request for specific reasons, for example, if we need the Personal Information for the establishment, exercise or defence of legal claims;
  • right to request a restriction of processing – in certain situations, you can request that we limit the ways in which we process your Personal Information, for example, if you contest its accuracy or you have brought an objection and we are assessing whether your objection is valid;
  • right to data portability – if you provided Personal Information to us and we process it by automated means because it is necessary to perform a contract, you can request that we provide the Personal Information in a structured, commonly used and machine-readable format, and that we have the Personal Information transmitted to another controller;
  • right to object to processing objection – if the processing is based on our legitimate interests, you have the right to object to the processing of your Personal Information on grounds relating to your particular situation, and  at any time. In such a case, we will no longer process your Personal Information, unless we demonstrate that there are legitimate grounds for processing that override your privacy rights.

To exercise your rights described above, please contact us as described in section 7. If you disagree with the way we process your Personal Information, you also a have right to lodge a complaint with the Information Commissioner (ICO). You can contact the ICO using information available at: https://ico.org.uk/global/contact-us/.

9. Log Data 

Whenever you visit the Website, we collect information that your browser sends to us (Log Data). Log Data may include information such as your computer’s Internet Protocol (IP) address, browser version, pages of our Service that you visit, the time and date of your visit, the time spent on those pages, and other statistics. The Log Data is a type of Personal Information.

10. Cookie Notice 

We may use cookies, tracking pixels and other related technologies containing information that can identify the computer, smartphone or other web–enabled device that you are using. You may access and change your cookie preferences at any time by clicking the below icon at the bottom left corner on the Website. 

What are cookies? 

A cookie is a very small text document, which often includes an anonymous unique identifier. Cookies are created when your browser loads a particular website. The website sends information to the browser which then creates a text file. Every time the user goes back to the same website, the browser retrieves and sends this file to the website's server. Find out more about the use of cookies on www.allaboutcookies.org

We also use other forms of technology (as mentioned above), which serve a similar purpose to cookies and which allow us to monitor and improve our Website and email communications. When we talk about cookies in this Cookie Notice, this term includes these similar technologies. 


What cookies do we use and what information do they collect?

We may use the information generated by cookies, tracking pixels and other related technologies for the following purposes: 


  • Analytical (statistical) – we use these cookies to track traffic patterns to and from the Website, including information like the pages you visit, and features you use, the time you spend on the different parts or features of the Website, the date, time, and length of your use of the Website, as well as track your responses to ads and emails
  • Advertising (marketing)– we use these cookies to ensure advertising is being shown to the most appropriate person and limit the frequency of display for certain ad formats; and
  • Necessary – these cookies are required to enable the core functionality of services provided via the Website, i.e. they enable you to enter the Website, and use certain services without having to log in each time, and to visit and to visit Customer-only areas of the Website. The website cannot function properly without these cookies.

Third parties

Your use of the Website may result in some cookies being stored that are not controlled by us. This may occur when a part of the Website you are visiting makes use of a third-party analytics or marketing automation/management tool or includes content displayed from a third-party website, for example, Google or Facebook. You should review the privacy and cookie policies of these services to find out how these third parties use cookies and whether your cookie data will be transferred to a third country. 

Information on the third parties that place cookies on the Website can be found by clicking the below icon at the bottom left corner on the Website.

Your consent

When you visit the Website for the first time, you may be asked to accept or decline cookies.  You can manage or reset cookies on the Website by clicking the above icon at the bottom left corner on the Website, or through your browser settings.  Each browser is different, so check the “Help” menu of your browser to learn about how to change your cookie preferences. You do not need to have cookies turned on to use the Website in general, but cookies are often used to enable and improve functions on the Website.  If you choose to switch certain cookies off, it may affect how the Website works and you may not be able to access all or parts of the Website. We can use Necessary cookies without your consent. We may use other types of cookies only with your consent. 

How do you manage these technologies?

We keep information collected from cookies for a maximum of 24 months.


11. Links to Other Sites 

Our Service may contain links to other websites. If you click on a third-party link, you will be directed to that site. We strongly advise you to review the Privacy Policy of these websites. We have no control over, and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.