We do not provide services directly to individual end users. Individual end users should contact the Veratad client using our Client Services and/or review their privacy policies for information on how that Veratad client uses their personal data. In this regard, we are a “data processor” or a “service provider” under applicable data protection laws. If you are an individual end user with questions about Veratad’s collection and use of biometric information or biometric identifiers through the Client Services, please see below the section titled “Biometric Information Retention Policy (Illinois Residents and Others)”.
What information does Veratad collect, and how is it used and shared?
Category of Personal Information Collected
Purpose for Collection
Categories of Recipients
Contact information: such as name, address, email and phone number.
Site visitors, client contacts, including employees and representatives we work with provide this information when they visit the Site, call us, or otherwise interact with us.
To communicate with and respond to our clients about the work we do for them and deliver the Client Services to them and their customers, including validation of identity or to meet legal obligations.
We may share this information with select marketing or other service providers and partners.
Browsing information: such as your IP address, MAC address or other device identifier, the kind of browser or computer you use, pages and content that you visit on the Site, what you click on, the state and country from which you access the Site, date and time of your visit, and web pages you linked to our Site from.
To evaluate usage of the Site and improve performance and Client Services; to protect the security and integrity of the Site and our business, such as preventing fraud, hacking, and other criminal activity or to meet legal obligations.
Our service providers who help us with fraud protection and Site analytics.
Recruitment and Job Application information: such as name, address, and phone number, or information on a resume or a curriculum vitae.
Site visitors or job applicants.
To consider you for an employment position or to respond to an employment inquiry.
Our service providers who help us with employee matters or job fulfillment.
Payment information: name, card issuer and card type, credit or debit card number, expiration date, CVV code, and billing address.
From our clients and their payment card issuers.
Authorizing of credit card and other financial transactions for our clients.
Our service providers who process payments for us—they are prohibited from using personal information for any other purposes and are contractually required to comply with all applicable laws and requirements, which includes the Payment Card Industry Data Security standards
Data through our technology platform: Pursuant to the contractual requirements with our clients and through the Client Services, we may collect information about individual end users including public and non-public records, images of government-issued IDs, selfies, and other personal information. Some of this information may be considered to be biometric identifiers or biometric information under applicable law. For more information, please see our Biometric information Retention Policy, below.
Through our client’s sharing of their end users’ data, devices and computers, pursuant to and as directed by our clients.
Compliance with the contracts and related obligations of our clients, typically used to verify your identity and provide other services as directed by our clients as part of the Client Services. We and our third-party service providers and data partners may retain and use this data for legitimate interests (including retention of images for the improvement of our/ their technology or as part of our Client Services), public interest and/or substantial public interest especially for crime/fraud prevention.
With our clients, data partners and service providers subject to strict confidentiality obligations and other precautions intended to limit the volume and retention period for any personal information. This information will be subject to the privacy policies and practices of our clients, and you should consult with them before sharing your information with them through our technology products.
In Connection with Business Transfers: In the event that a division, a product or all of Veratad is bought, sold or otherwise transferred, or is in the process of a potential transaction, personal information will likely be shared for evaluation purposes and included among the transferred business assets, subject to client contractual requirements and applicable law.
To Comply with Laws: Veratad may also disclose specific personal information when such disclosure appears necessary to comply with applicable law, a subpoena in the course of managing a dispute, governmental inquiry or other litigation process. We may also disclose information to our accountants, auditors, agents, lawyers and other advisors in connection with the enforcement or protection of our legal rights or to protect the interests or safety of our clients, our clients’ customers or employees or others, in accordance with or as authorized by law.
For legitimate interests: Veratad may also use and share personal information for its legitimate interests or those of a third-party, such as our clients, where we reasonably consider that the processing is proportionate to the legitimate interest and privacy rights will not be adversely affected by those legitimate interests. This will include the use of personal information for marketing purposes, internal analysis, investigations, improvements of our products and services (including retention of images), protection of our network and systems, crime/fraud prevention (including retention and use of fraudulent information), administration, identifying public security threats or potential criminal acts or other misconduct and similar legitimate interests. Where required under applicable laws, we conduct a legitimate interests assessment.
Veratad Personal or Confidential Information
If you choose to provide Veratad with personally-identifiable information–by sending us an e-mail message or by filling out an online form and submitting it to us through our Site, please be aware that we may use the information to improve our service to you, respond to your request, or send you relevant marketing information. Your message could be saved in an electronic database or forwarded, in print or as e-mail, to others within Veratad or its affiliated and subsidiary operations who may be better able to help you. Except as required by law, we do not share our e-mail with outside organizations.
Please note that e-mail is not secure from interception, so senders cannot expect privacy. This also applies to sending online forms, unless the form is secure. If you would rather not submit information via email, you may wish to send it by traditional mail or courier instead to the following address:
Veratad Technologies, LLC
500 Frank W. Burr Blvd
Teaneck, New Jersey 07666
You may also call Veratad at 201-510-6000 and ask to be referred to someone who may be able to answer your questions and provide you with instructions on how to submit your information.
Our Client Services and our Site are not directed toward children and we do not knowingly solicit or collect personal information online from children under the age of 13 (or such applicable higher age of consent) without prior verifiable parental consent. If Veratad learns that a child under the age of 13 (or such higher applicable age) has submitted personal information online without parental consent, we will take all reasonable measures to delete such information from our databases and to not use such information for any purpose (except where necessary to protect the safety of the child or others as required or allowed by law). If you become aware of any personal information we have collected from children under age 13 (or such higher applicable age), please contact us at:
Cross-border Transfer of Personal Information
EU-US Data Privacy Framework Policy:
With respect to personal data received or transferred pursuant to the EU-US and Swiss-US Frameworks, Veratad is subject to the regulatory enforcement powers of the US Federal Trade Commission. In certain situations, Veratad may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
We acknowledge the right of EU, UK and Swiss individuals to access their personal data. Upon request, Veratad will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. To request this information please contact us at email@example.com.
You may access, correct, or request deletion of your personal information processed or stored by Veratad by contacting us at firstname.lastname@example.org. We will respond to these requests within a reasonable time-frame.
We may retain your information for as long as your account is active or as needed to provide you services, comply with our legal and audit obligations, resolve disputes and enforce our agreements.
We will also provide EU, UK or Swiss individuals with opt-out or opt-in choice before we share their data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized.
To limit the use and disclosure of your personal information, please submit a written request to email@example.com.
Veratad Technologies, LLC has further committed to refer unresolved privacy complaints under the Data Privacy Framework Principles to an independent dispute resolution mechanism, DATA PRIVACY FRAMEWORK SERVICES, operated in the U.S by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.
IF YOUR DPF COMPLAINT CANNOT BE RESOLVED THROUGH THE ABOVE CHANNELS, UNDER CERTAIN CONDITIONS, YOU MAY INVOKE BINDING ARBITRATION FOR SOME RESIDUAL CLAIMS NOT RESOLVED BY OTHER REDRESS MECHANISMS.
Veratad Processing of Personal Data
Veratad is responsible for the processing of personal data it receives and subsequently transfers to a third party acting as an agent on its behalf, under the Data Privacy Framework. These third parties include trusted and verified data providers, such as credit bureaus, government entities, mobile carrier’s as well as providers of identity document and biometric evaluation services, all for the purpose of verifying the age and identity of our client’s end users as provided in our Client Services. Veratad complies with the DPF Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions. In cases of onward transfer to third parties of data of EU or Swiss individuals received pursuant to the EU-US and Swiss-US Data Privacy Framework, and the UK Extension to the EU-US DPF, Veratad is potentially liable unless we can prove we were not a party giving rise to the damages. In the course of providing our verification services, Veratad may receive the personal information of our client’s customers which is solely used by Veratad for the purposes of verifying age and/or identity. This personal information we receive may include name, address, date of birth, government issued ID, email address and phone number.
Veratad IS NOT an aggregator of sensitive personal data but rather accesses, on a transactional basis, billions public and non-public records provided to Veratad by trusted and verified third party data providers in order to deliver its verification services. Upon completion of a data verification transaction, other than for re-processing and reporting purposes, we do not store sensitive personal information which may be entered during our verification process.
Sharing Your Personal Data with Third Parties
Veratad may share your personal data with partners or third-party agents involved in delivering the Veratad services. These third-parties include trusted and verified data providers, such as credit bureaus, government entities, mobile carrier’s as well as providers of identity document and biometric evaluation services, all for the purpose of verifying the age and identity of our Client’s end users. We may also send your personal information to credit card processors in order to process a payment.
Biometric Information Retention Policy (Illinois Residents and Others)
This Biometric Information Retention Policy is provided pursuant to the Illinois Biometric Information Privacy Act (“BIPA”) and other applicable laws that govern the collection of biometric data. It also describes the purpose for which your biometric data may be collected, an applicable retention schedule, and guidelines for permanently destroying your biometric data.
Purpose of Collection. Veratad’s access to or collection of your Personal Information in connection with the Client Services, if any, may include biometric identifiers and/or biometric information (collectively, “biometric data”). Veratad does not interact directly with you with respect to collection of your biometric data. Through our clients and at their specific direction, Veratad may access, process, and store your biometric data for the purpose of verification services, fraud prevention, and/or long-term proof of inspection of your provided form of identification, on behalf of and as instructed by our clients. Where required by law, Veratad’s clients must obtain consent to collect or possess your biometric data. Veratad will not sell, lease, trade, or otherwise profit from your biometric data.
(1) The Illinois Biometric Information Privacy Act, 740 ILCS 14/1 et seq., the Business and Commerce Code of Texas, on the Capture or Use of Biometric Identifiers, Tex.Bus.& Comm.Code § 503.001, the Washington Biometric Statute, Wash. Rev. Code § 19.375.010, Quebec’s Bill 64 and Law 25, and other proposed and enacted legislation across domestic and foreign jurisdictions, regulate the collection, storage, use, and retention of “biometric identifiers” and “biometric information”. “Biometric identifier” means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. Biometric identifiers do not include writing samples, written signatures, photographs, human biological samples used for valid scientific testing or screening, demographic data, tattoo descriptions, or physical descriptions such as height, weight, hair color, or eye color. “Biometric information” means any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual.
(2) Veratad, individually or through its service providers, may collect certain biometric identifiers and biometric information, namely face scan information (face geometry information ), during the identity verification process. Veratad collects and uses this information to verify your identity, prevent fraud, and provide authentication Services to our Clients on an ongoing basis.
(3) For Illinois residents, we will permanently destroy their biometric identifiers and biometric information when the initial purpose for collecting or obtaining such identifiers or information has been satisfied or within 3 years of the individual’s last interaction with Veratad’s Clients, whichever occurs first.
(4) For Texas residents, we will permanently destroy their biometric identifiers the later of (1) one year after the purpose for collecting the identifier expires, or (2) one year after any recordkeeping obligations imposed by law in connection with the collection of the biometric identifier expires.
(5) For Washington residents, we will retain their biometric identifiers as long as reasonably necessary to provide the service for which the biometric identifier was enrolled, and will permanently destroy their biometric identifiers thereafter.
(6) For Quebec residents, we will permanently destroy their biometric identifiers once the purposes for which personal information was collected or used are achieved.
(7) For all other residents, we will permanently destroy their biometric identifiers once the purposes for which collecting or maintaining such information has been satisfied.
8) Except where prohibited by law, your biometric data is accessible only to us and our service providers, which process your data only on our behalf to provide the Services. We do not share biometric data with any other third parties. The Client on whose behalf Veratad processes your data may receive from us information about you, such as copies of the identification document and photo you provided us, and data indicating whether we were able to identify and authenticate your identity, but we do not disclose to Clients your biometric data.
9) By giving your consent prior to the verification or authentication process, and choosing to continue, you acknowledge and agree that you have read the relevant disclosures, and that you voluntarily consent to Veratad’s, or its service providers’, collection, storage, retention, use, and disclosure of your biometric data.
(10) Veratad does not sell, lease, trade or otherwise profit from the biometric data.
General Data Protection Regulation (GDPR)
When Veratad is processing your personal data, we do this for our Commercial Benefit and for the benefit of our customers.
When you visit our website as an individual, you may have certain rights under the GDPR regarding the use of your personal data, these are:
- The right to object – you can object to Veratad processing your personal data at any time. Email firstname.lastname@example.org to object.
- The right to be forgotten – you can request that Veratad remove your personal data from our systems. Email email@example.com to request removal.
- The right to access your personal data – You have a right to know what personal data Veratad holds on you and for what purpose we are processing your personal data this is known as a Data Subject Access Request (DSAR). These requests must be made in writing by either email or letter with photographic identification to confirm your identity. You can send these requests to firstname.lastname@example.org by mail to the address noted below. If Veratad is unable to comply with your request, Veratad will provide you with an explanation:
Director of Client Quality Services
Veratad Technologies, LLC
500 Frank W. Burr Blvd Teaneck, NJ 07666
5th Floor Suite 14
Teaneck, New Jersey 07666
- You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en. If you need further assistance regarding your rights, please contact us using the contact information provided above and we will consider your request in accordance with applicable law. In some cases our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.
Veratad’s GDPR Role: Data Processor
Veratad does not believe ourselves to be the Data Controller for the products we offer because we do not determine the purposes for which, or the manner in which, personal data is processed. This is done by 2 parties: Veratad’s Data Partners and Veratad’s Customers.
Veratad does not have any overall control over the ‘why’ and the ‘how’ of a data processing activity. Veratad operates under the instructions of our Data Partner/Customer. Veratad’s Data Partners determine the purpose of processing in relation to the data they collect. The collection of the personal data at the point of capture and the legal basis for doing so is done by our Data Partner/Customer. Veratad’s Data Partner and Customer decide which items of personal data to collect, i.e. the content of the data. They both define the purpose or purposes for which the data will be used. Veratad has no power to influence the collection of personal data or the purpose of any immediate subsequent processing.
Veratad’s Data Partner/Customer decide which individuals to collect data about and whether to disclose the data, and if so, to whom. They decide on the information contained within the Fair Processing Notice that is provided to the individual.
If Veratad receives a subject access request (SAR) related to the services we provide, this is passed to the Data Controller (Data Partner or Customer) as we do not have full visibility at an individual level of the evidence in relation to data collection.
California Residents (Effective January 1, 2020)
Disclosures About Your Personal Information
- Information necessary to provide you with access to and use of our websites, products and services
- Information necessary to respond to your request for information, order or support
- Information about your use of Veratad Services
- Business contact information of clients, prospects, partners and suppliers
- Information about visitors to our sites and locations
- Information collected for marketing and business intelligence
This includes Personal Information defined by the CCPA as:
- Identifiers such as IP address and cookies
- Personal information under the Customer Records provision of the California Civil Code such as your name, postal address, email address or payment information you provide to purchase an Veratad product or service
- Commercial information related to purchases of Veratad products or services
- Internet activity information relating to your interactions with Veratad websites
- Audio, electronic and visual information such as visitors’ presence on security systems at Veratad offices
- Professional information such as your employer name and job title
- Inferences about your consumer preferences
Sources and Sharing of Personal Information
Sale of Personal Information
When you use Veratad websites, Veratad’s authorized partners may collect cookies and similar technologies and use this data for their own purposes. This activity may qualify as a “sale” under the CCPA. You can make choices to allow or prevent such uses. Depending on your choices, during the past twelve months, we may have “sold” information within the following categories defined by the CCPA:
- Identifiers like IP address and cookies
- Internet activity information relating to your interactions with Veratad websites
- Inferences about your consumer preferences
Know your Personal Information
You can request specific pieces of Personal Information, or information about the categories of Personal Information that Veratad holds about you by submitting a request through our webform here or by calling us (toll free) 888-510-7343.
You can request the deletion of the Personal Information that Veratad holds about you by submitting a request through our web form here or by calling us (toll free) 888-510-7343.
Opt-Out of the Sale of Personal Information
When you use Veratad websites, Veratad’s authorized partners may collect cookies and similar technologies and use this data for their own purposes. This activity may qualify as a “sale” under the CCPA. You can make choices to allow or prevent such uses. To opt-out of Veratad making information relating to cookies, and similar technologies, available to third parties for their own purposes, click here.
If you are accessing our websites while located outside of California, you can opt-out by going to “Cookie Settings” in the footer and setting your cookie preferences to “Required.”
If you choose to exercise any of these rights, we will not deny goods or services to you or provide different quality of services.
How to Contact Us
Questions about this Policy or about Veratad’s handling of your Personal Information may be submitted by email at email@example.com.
LAST UPDATE October 11, 2023