About 365id and this privacy policy

This privacy policy describes 365id AB’s, reg. no. 559006- 1957, Slottsmöllan 10 B, SE-302 31 Halmstad, Sweden, (“365id”, “we”) processing of personal data as data controller, when you interact with us, e.g. through the website, in our app or 365id portal, when you enter into an agreement, apply for a job, or otherwise come in contact with us.

Being a data controller means 365id is responsible for ensuring that the processing of personal data is carried out in accordance with applicable law (such as the General Data Protection Regulation – GDPR). We therefore take necessary measures to make sure that your personal data is being processed by us in a lawful, fair and transparent manner.

It is important to us that you feel comfortable with how we process your personal data, and therefore we think it is necessary that you read and understand this policy before you use any of our services. If you feel you cannot accept the processing of personal data described herein, you should not use our services.

If you have any question regarding this policy, e.g. in which way we process your personal data, please contact us through the contact details set out in the bottom of this policy.

Please note that our website contains links to websites provided by third parties. These websites have their own privacy policies and 365id is not responsible for their business or their information policies. We recommend you review the privacy policies on these websites before submitting any personal data to them.

What personal data do we collect, for what purposes and for how long it is processed, and which legal basis that applies

When you act as a contact person for a customer, supplier or other actor

For the handling and administration of our business relationship, deliveries of products and performances of services, to make and receive payments, we need to process personal data regarding you as a contact person. This include your name, contact details, information regarding your organization and your position, and other personal data you have provided.

The legal basis for our processing of your personal data is our legitimate interest to fulfil our contractual obligations towards your organization and to take care and develop the business relationship.

This information will be saved as long as you are the contact person for a company doing business with us. However, if your personal data is included in documents being accounting information, it is saved for seven years according to the Swedish Accounting Act, and if included in any agreement, for ten years after the expiration or termination of such agreement due to the period of limitation according to the Swedish statute of limitation.

When you use our services including the 365id Portal

As a customer to us, your organization will be able to use our services for scanning identification documents through our app and/or our scanners. We will provide a user platform to enable your organization to overview scanned ID documents, create reports and see the list of passports, ID cards and driving licenses that we validate. For such purpose, we will process the personal data of you as a user, including your name, contact details and password, to give you access to this platform. Our app will also be available to use as a guest user.

The legal basis for the processing is fulfillment of our contract with you to provide the platform if you log in as a guest user. If you log in as a user-appointed by a customer of ours, we process your data based on our legitimate interest to fulfill our obligations set out in the agreement between us and the customer.

We will store your personal data related to your account as long as your organization is a customer to us.

When you use our 365id App

You can use our 365id App as a guest or as a customer to us. In the App we collect images of the front and backside of ID documents and perform a liveness capture to be able to complete a face match by comparing the result from the liveness capture and the facial image on the scanned ID document.

We use a sub-processor for the liveness capture and face match process. Your facial data is sent to the sub-processors’ servers located in EU/EEA and UK. Data is retained by the sub-processor 30 days with the purpose of operating and improving the services to protect users and businesses against rapidly evolving threats. All personal data in transfer and rest is encrypted.

When you visit and browse our website

For information regarding processing of personal through cookies, please see below under “Cookies – what are cookies and how do we use them?”.

In addition to our use of cookies, you have the option to sign up for our newsletter through the website to receive news of our products and other information related to our services. The legal basis for processing of your e-mail submitted is your consent, and we will send the newsletters until you have withdrawn your consent.

Furthermore, you can contact us by sending a message through our contact form, calling us, or sending us an e-mail. We will process your personal data submitted (such as name, contact details and other information contained in the message) based on our legitimate interest to handle your question, during the time necessary in order to assist you.

When you apply for a job

If you apply for a job, we store your application, including cover letters, resumé, photos (if applicable), and other personal data received from you. We may also complement this information with information from other sources, e.g. from references provided by you. The legal basis for the processing is our legitimate interest to carry through the recruitment process.
We will save your application and related information for two years after ending the recruitment process in order to protect our rights under the Swedish Discrimination Act. If you provide your consent, we will save your resumé for future recruitment processes until your consent is withdrawn or the resumé is out of date.

To fulfil legal obligations

We save documents that constitutes accounting information in accordance with applicable accounting legislation. Such documents are saved for seven years. As stated below under “Transfer of personal data”, we will transfer documentation which may include your personal data to authorities e.g. the Swedish Tax Agency, the Police and other relevant public authorities, when permitted and required by law.

How long do we store personal data?

We take all reasonable steps to ensure that your personal data is processed and stored securely, and it will never be stored longer than permitted by applicable law. To ensure that, we have an annual routine where we check that no personal data is stored incorrectly.
Your personal data will be processed by us during the time periods set out above under each processing activity. After such time, the personal data will be deleted.

Transfer of personal data

365id never discloses your personal data to any third party, if such party is not directly or indirectly assisting us in providing our services to you, or if a transfer is made to fulfil any legal obligations. Nevertheless, we do not ever sell your personal data to third parties or share it with any marketing or advertising services (if not used to market our own services to you).

Below we list transfers to parties acting on our behalf as data processors that may occur:

Third-party service providers: Some companies provide services on our behalf. These services include, inter alia, IT-supplier (such as hosting services), providers of communication tools and platforms, and accounting. These companies will get access to your personal data to the extent necessary for them to fulfil their obligations, but they may not use or share the information for any other purposes.

Below we list transfers to parties acting as data controllers that may occur:

Legal obligations: Your personal data may be disclosed for the purpose of our compliance with certain legal obligations, and it may be transferred to the e.g. the Swedish Tax Agency, the Police and other relevant public authorities, when permitted and required by law.
Business transactions: If all or part of our operations are sold or integrated with any other business, operation or company, your personal data may be disclosed to our advisors, potential buyers and their advisors, and be transferred to the new owners of the operation.

Any transfers of personal data included in cookies are described below under the cookies section.

Transfer of personal data to countries outside of EU/EEA

As a main rule, we do not transfer any personal data to countries outside of the EU/EEA (called third countries in the GDPR). However, in some cases, personal data may be transferred to third countries, and when such transfers are carried out, we take appropriate measures to ensure that your personal data is adequately protected. We will ensure that at least one of the following conditions is fulfilled in relation to each of those transfers:

the receiving country ensures an adequate level of protection;
an agreement including certain standard contractual clauses issued by the European Commission – (EU) 2021/914 – have been entered into between us and the recipient, without any conflicting changes or amendments, and if necessary – with supplementary security measures taken; or
the recipient has adopted binding corporate rules for the processing which have been approved by the relevant supervisory authority and the recipient of the personal data in the third country is bound by these rules.

By contacting us through the contact details below, you have the right to obtain a copy of the safeguards used when transferring personal data to a third country.

What rights do you have?

By contacting us through the contact details set out below, you have the right to

request information about the personal data of yours we are processing and how it is being used by us.
request correction of incorrect, incomplete or ambiguous personal data.
request that your personal data is erased or that the processing of your personal data is restricted.
object to the processing of your personal data, e.g. if the legal basis is our legitimate interest.
request that your personal data be transmitted in an electronic format (data portability).

For the protection of your privacy and your personal data, we may require that you identify yourself in connection with our assistance.

You can also file a complaint with the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten) at www.imy.se, if you think our processing of personal data is not carried out in accordance with applicable laws.

Withdrawal of consent

If we process your personal data based on your consent, it is important that you are aware of your right to withdraw your consent at any time. You may withdraw your consent by contacting us on the contact details provided below. Such withdrawal may be made in whole or in part. If you do not wish to receive marketing and offers from us, you can withdraw your consent by contacting customer service or, as regards direct marketing via e-mail, by following the link in our marketing e-mails. As regards consent for cookies, please see below.

365id’s processing of personal data – in the role of data processor

365id also handles personal data in the role of data processor to customers using our scanners or app. Our processing of personal data is in this context regulated in a with written agreement with the customer, including a data processing agreement. Since the customer is the data controller of the personal data included in the identification documents scanned in 365id scanners or app, information regarding the processing activities performed are to be found in the data controller’s privacy policy.

Cookies – what are cookies and how do we use them?

We use cookies on our website to analyse trends, administer the website, track user’s movement patterns and gather demographic information about our website users.

Cookies are small text files that are placed on your computer by a web server. Cookies allow our website to remember information that will make your visit to the website more comfortable. As with most other websites, we use cookies primarily to improve your service and experience of our website. If you don’t want cookies, then you can disable the feature in your web browser.

There are different types of cookies. We use so called permanent cookies, and “session” cookies, which are temporary. Persistent cookies last until they expire on a pre-set date or are manually deleted by you on your device and are used, for example, to remember user specific settings between visits on a website. Session cookies last until you stop browsing and are used, for example, to log statistics when the user moves from one page to the next.
By giving your consent in the cookie banner presented to you when entering the website, either to some or to all types of cookies, you consent to our use of the cookies described in this policy. You may deactivate or restrict the transmission of cookies that are not strictly necessary (which according to applicable law does not require any consent from you) for the functioning of our website, by opting out on this website or by changing the settings of your web browser. Web browser settings are often found in the “Tools” or “Preferences” menu (please refer to your web browser’s help section). Should you visit our website with cookies deactivated, you might not be able to use all of the functions on our website to the full extent.

The following type of cookies are used on our website [and in our app]:

Necessary

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Functional

Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.

Performance

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

Analytics

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.

Advertisment

Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.

Other

Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.

Changes to this privacy policy

Please note that the terms of this privacy policy may be changed or amended. Any new version will be published on our website.

Contact information

If you have questions about how 365id handles your personal information, you are welcome to contact us by email or regular mail.

By e-mail: info@365id.com Or by post:
365id AB
Slottsmöllan 10B
302 31 Halmstad
Sweden
Att: Data Protection officer

Cookie	Duration	Description
_lfa	2 years	This cookie is set by the provider Leadfeeder to identify the IP address of devices visiting the website, in order to retarget multiple users routing from the same IP address.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-functional	1 year	The cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
cookielawinfo-checkbox-others	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Others".
cookielawinfo-checkbox-performance	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
elementor	never	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
JSESSIONID	session	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
pll_language	1 year	The pll _language cookie is used by Polylang to remember the language selected by the user when returning to the website, and also to get the language information when not available in another way.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_SFWLG3RCQJ	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_16275319_24	1 minute	Set by Google to distinguish users.
_gat_UA-16275319-24	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.

Cookie	Duration	Description
__kuid	7 days	This cookie is used to collect information of the visitors, this informations is then stored as a ID string. The ID information strings is used to target groups having similar preferences, or for targeted ads.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Cookie	Duration	Description
__upsales_v_8bc2ca2b18334572a1475d8bb2660fcd_session	2 hours	No description
__upsales_v_8bc2ca2b18334572a1475d8bb2660fcd_tracker	2 years	No description
_lfa_test_cookie_stored	session	No description
DEVICE_INFO	5 months 27 days	No description
nitroCachedPage	session	No description