Personr ('we/us/our'), being a software-as-a-service business, takes the requirements and restrictions under the CCPA very seriously.
The CCPA Privacy Notification ('Notification') supplements the privacy provisions contained in Personr's Privacy Notice.
This notification is addressed to Personr's clients who reside in the State of California and those who are California residents and will provide their personal information to Personr for processing, including Personr's public-facing websites.
We adopt this Notification to comply with the requirements and restrictions under the California Consumer Privacy Act of 2018 ('CCPA') and other California privacy laws.
According to the definitions outlined in Civil Code section 1798.140, for purposes of this Notification:
Consumer
A natural person who is a California resident, as defined in Section 17014 of Title 18 of the California Code of Regulations, as that section read on September 1, 2017, however, identified, including by any unique identifier. The consumer is considered a User ('User' or 'you/your') when receiving any services provided by Personr.
Personal information
Any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information includes, but is not limited to, the following if it identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household.
Business
A legal entity that is organised or operated for the profit or financial benefit of its shareholders or other owners that collects consumers' personal information, or on behalf of which such information is collected and that alone, or jointly with others, determines the purposes and means of the processing of consumers' personal information, that does business in the State of California, and that satisfies one or more of the thresholds indicated in Section 1798.140.
The Business is considered to be a Client when applying for Personr services.
Service Provider
A person who processes personal information on behalf of a business and receives from or on behalf of the business a consumer's personal information for a business purpose according to a written contract. Personr may be a Service Provider under the Service Provider Agreement.
Agreement
The Service Provider Agreement concluded by Personr with each Business (or 'Client'), its annexes, and appendices.Service(s)the personal identity verification service and connected services provided by Personr.
Third-Party
The service providers, authorised to exercise certain processing activities under the direct authority of Personr. Any other terms defined in the CCPA and Privacy Notice have the same meaning when used in this Policy.
We may act as a Service Provider
We process personal data where it is engaged by a Business (a Client or its agent) for the purposes of the respective Agreement.
As part of the Services provided to a Business, we perform remote identity verification procedures for clarity. Before passing such procedures, Users express their Consent in line with the Business's privacy policy.
We may act as a Business.
We may determine the purposes and means of personal data processing in some instances. This applies, in particular, to the following situations:
When "cookie" files are collected in the course of the website or livechat operation;
When we obtain data from the forms filled out on the website;
When a prospective Client's representative creates a Customer Account via the website;
when taking steps before entering the contract with a Client and further processing for the performance of the contract;
When Personr's Demo Mobile App or WebSDK Demo on Personr's website.
Category A – Identifiers
Full name, postal address, Internet Protocol address, email address, Social Security number, driver's license number, identity document data (such us document type, issuing country, number, expiry date, MRZ, information embedded into document barcodes (may vary depending on the document), security features), or other similar identifiers.
Category B – Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
Full name, signature, Social Security number, address, email address, telephone number, identity document data (such as document type, issuing country, number, expiry date, MRZ, information embedded into document barcodes (may vary depending on the document), security features), driver's license or state identification card number, bank account number, credit or debit card number (cardholder name, expiry date, first six and last four digits of the card number), or any other financial information (documents provided as proof of source of funds/wealth).
Category C – Protected classification characteristics under California or federal law
Age (if the User is over 40s) and citizenship.
Category D – Commercial information
Records of personal property.
Category E - Biometric information
Facial features.
Category F – Internet or other similar network activity
Access history and information on your interaction with our services.
Category H - Audio, electronic, visual, thermal, olfactory, or similar information
Photos of the face (including selfie images) and photo or scan of the face on the identification document, videos, sound recordings.
Category I – Professional or employment-related information
Occupation, employment information.
Category L - Sensitive personal information
Information concerning health (vaccination certificates data, test certificates (NAAT/RT-PCR test or a rapid antigen test) data, and certificates for persons who have recovered from COVID-19).
We collect the above-listed categories of personal information from the following sources:
Directly from our clients or their agents (e.g., our clients provide to us the information necessary for the Services for which they engage us).
Directly from you (e.g., you provide us with the information when our clients or agents subscribe and engage our services).
Directly and indirectly from you when interacting with our websites (e.g., tech information collected automatically in your interaction with our website or application and other information you left when filling in the forms or making the requests).
We will not collect additional categories of personal information or use the personal information already collected for materially different, unrelated, or incompatible purposes to those indicated below without providing you notice:
As the Business
We may collect and further process personal data submitted via the website to:
Provide you with the information you may request from us in a livechat or the 'Contact Us' form;
Provide you with the information you may request from us in the 'Make a request form;
Email you regarding compliance-related advice, news, and guidelines (if you have previously consented to it using the 'Contact Us' form);
Evaluate the information presented by you when considering a candidacy and contact you back;
Maintain communication with a Client's representative regarding entering into an Agreement, carrying out due diligence of the Clients, and providing Services to the respective Client and other similar matters;
Provide a representative of a prospective Client with an opportunity to create a Customer Account on the website and operate it to be serviced and invoiced;
Provide the test of WebSDK Demo on Personr's website to demonstrate the capabilities of Personr's facial and identity verification service when the Personr's сlients integrated with Personr service.
When you interact with the website, fill in the forms or live chat, or test WebSDK Demo, we collect "cookie" files. Cookies are necessary to store your preferences and settings, enabling you to sign in, personalise content and advertising, combat fraud, and analyse the incoming traffic. The Cookie Policy is available here.
As the Service Provider
We provide Services to our Clients, collecting and further processing Users' personal information to verify their identities. Such procedures may be necessary for the Clients' compliance with the applicable AML/CFT or other laws and regulations and the Clients' internal due diligence policies and procedures.
We subject some personal information to automated reading, verification of authenticity, and other types of automated processing, such as cross-checks against multiple databases of Data Providers (e.g., PEP lists, global and country-specific sanctions lists, criminal lists, financial lists).
Once the personal data is no longer necessary for the relevant purpose, we, upon the written instruction of the Business, erase it from its servers without leaving any backup copies after having transferred it to the Business (if the Business so requests).
We may share personal information with Third-Parties if such is necessary to provide a service under the Agreement with a client or its agent or to operate Personr websites as well as to achieve other purposes of Personr as well as to comply with the legal obligations vested on Personr. The applied Third-Parties are mostly limited to only accessing or using personal information to limited purposes and provide reasonable assurances they appropriately safeguard the personal information.
Sometimes Personr may have to share the personal information to Third-Parties that have their own purposes. In this case, Personr manages to conclude all the necessary agreements containing applicable law compliance and non-disclosure obligations.
In the preceding twelve (12) months, we have disclosed the following categories of personal information indicated in Section 3 of the Notification:
Category A: Identifiers.
Category B: California Customer Records personal information categories.
Category C: Protected classification characteristics under California or federal law.
Category D: Commercial information.
Category E: Biometric information.
Category F: Internet or other similar network activity.
Category H: Audio, electronic, visual, thermal, olfactory, or similar information.
Category I: Professional or employment-related information.
Category L: Sensitive personal information.
We have never sold personal information.
You are granted specific rights regarding your personal information under CCPA. This section describes your CCPA rights and explains the ways how to exercise those rights within Personr.
As the Business, we respect and guarantee the following rights of each consumer:
Right to know
The categories of your personal information we collected;
Our purposes for collecting that personal information;
The categories of third parties with whom we share that personal information;
The specific pieces of your personal information we collected (so-called data portability right).
Right to delete
You have the right to request us to delete any of your personal information we collected from you and retained, subject to certain exceptions. Once we receive a valid request and verify your identity, we delete (and direct our service providers to delete) your personal information from our systems unless an exception applies.
Your deletion request may be denied if retaining the information is necessary to:
Ensure information security, including actions for detection of security incidents, protection against malicious, deceptive, fraudulent, or illegal activity, or prosecution of those responsible for such activities;
Exercise the prevailing human rights such as the right of another consumer to exercise their free speech rights, or another right provided for by law;
Comply with the requirements of the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.);
Comply with a legal obligation to retain personal information under applicable laws;
Make other internal and legitimate uses of that information compatible with the purposes for which you provided it.
To exercise the rights described above, please submit a valid request to us by email at privacy@personr.co.
Only you or a person registered with the California Secretary of State that you authorise to act on your behalf may make a valid request related to your personal information.
You may only make a valid request for data portability twice within 12 months. To make a valid request, you must describe it with sufficient detail to properly understand and evaluate it and pass the verification procedure. If we cannot verify your identity or authority to make the request and verify the personal information related to you, we cannot respond to your request or provide you with personal information.
As the Service Provider, we assist Businesses in exercising your CCPA rights upon the respective Business's written instruction.
We endeavour to respond to a valid request within 45 days of its receipt. We inform you of the reason and extension period in writing when we require more time (up to 90 days).
We will deliver our written response in the way a valid request has been obtained: we'll email you back if you email us. If the response is supposed to be delivered by any other means of communication, we'll do so.
We do not charge a fee to process or respond to any request unless it has an excessive, repetitive, or manifestly unfounded manner. If we determine that the request warrants a fee, we will inform you of the reasons for that decision and provide you with a cost estimate before completing the request.
Please note that any disclosures we provide only cover the 12 months preceding the valid request's receipt. The response also explains the reasons we cannot comply with a request, if applicable. For data portability requests, we choose a format to provide your personal information that is readily usable and should allow you to transmit the information with no obstacles.
We will not discriminate against you in connection to your exercising the CCPA rights. Unless permitted by the CCPA, we do not:
Deny your use of our Websites or Services.
Provide you with a different level or quality of Websites or Services.
This Notification is constantly reviewed and amended to provide appropriate compliance with the CCPA and other applicable laws.
The date this Notification was last updated is identified at the bottom of this page.
If you have any request or complaint regarding the CCPA Privacy Notification or wish to exercise any of the rights granted to you by the applicable laws, please contact us at:
hello@personr.co or privacy@personr.co.
Our support team works 24/7 and will answer you shortly.