Being a data controller means 365id is responsible for ensuring that the processing of personal data is carried out in accordance with applicable law (such as the General Data Protection Regulation – GDPR). We therefore take necessary measures to make sure that your personal data is being processed by us in a lawful, fair and transparent manner.
It is important to us that you feel comfortable with how we process your personal data, and therefore we think it is necessary that you read and understand this policy before you use any of our services. If you feel you cannot accept the processing of personal data described herein, you should not use our services.
If you have any question regarding this policy, e.g. in which way we process your personal data, please contact us through the contact details set out in the bottom of this policy.
Please note that our website contains links to websites provided by third parties. These websites have their own privacy policies and 365id is not responsible for their business or their information policies. We recommend you review the privacy policies on these websites before submitting any personal data to them.
For the handling and administration of our business relationship, deliveries of products and performances of services, to make and receive payments, we need to process personal data regarding you as a contact person. This include your name, contact details, information regarding your organization and your position, and other personal data you have provided.
The legal basis for our processing of your personal data is our legitimate interest to fulfil our contractual obligations towards your organization and to take care and develop the business relationship.
This information will be saved as long as you are the contact person for a company doing business with us. However, if your personal data is included in documents being accounting information, it is saved for seven years according to the Swedish Accounting Act, and if included in any agreement, for ten years after the expiration or termination of such agreement due to the period of limitation according to the Swedish statute of limitation.
As a customer to us, your organization will be able to use our services for scanning identification documents through our app and/or our scanners. We will provide a user platform to enable your organization to overview scanned ID documents, create reports and see the list of passports, ID cards and driving licenses that we validate. For such purpose, we will process the personal data of you as a user, including your name, contact details and password, to give you access to this platform. Our app will also be available to use as a guest user.
The legal basis for the processing is fulfillment of our contract with you to provide the platform if you log in as a guest user. If you log in as a user-appointed by a customer of ours, we process your data based on our legitimate interest to fulfill our obligations set out in the agreement between us and the customer.
We will store your personal data related to your account as long as your organization is a customer to us.
You can use our 365id App as a guest or as a customer to us. In the App we collect images of the front and backside of ID documents and perform a liveness capture to be able to complete a face match by comparing the result from the liveness capture and the facial image on the scanned ID document.
We use a sub-processor for the liveness capture and face match process. Your facial data is sent to the sub-processors’ servers located in EU/EEA and UK. Data is retained by the sub-processor 30 days with the purpose of operating and improving the services to protect users and businesses against rapidly evolving threats. All personal data in transfer and rest is encrypted.
For information regarding processing of personal through cookies, please see below under “Cookies – what are cookies and how do we use them?”.
Furthermore, you can contact us by sending a message through our contact form, calling us, or sending us an e-mail. We will process your personal data submitted (such as name, contact details and other information contained in the message) based on our legitimate interest to handle your question, during the time necessary in order to assist you.
If you apply for a job, we store your application, including cover letters, resumé, photos (if applicable), and other personal data received from you. We may also complement this information with information from other sources, e.g. from references provided by you. The legal basis for the processing is our legitimate interest to carry through the recruitment process.
We will save your application and related information for two years after ending the recruitment process in order to protect our rights under the Swedish Discrimination Act. If you provide your consent, we will save your resumé for future recruitment processes until your consent is withdrawn or the resumé is out of date.
We save documents that constitutes accounting information in accordance with applicable accounting legislation. Such documents are saved for seven years. As stated below under “Transfer of personal data”, we will transfer documentation which may include your personal data to authorities e.g. the Swedish Tax Agency, the Police and other relevant public authorities, when permitted and required by law.
We take all reasonable steps to ensure that your personal data is processed and stored securely, and it will never be stored longer than permitted by applicable law. To ensure that, we have an annual routine where we check that no personal data is stored incorrectly.
Your personal data will be processed by us during the time periods set out above under each processing activity. After such time, the personal data will be deleted.
365id never discloses your personal data to any third party, if such party is not directly or indirectly assisting us in providing our services to you, or if a transfer is made to fulfil any legal obligations. Nevertheless, we do not ever sell your personal data to third parties or share it with any marketing or advertising services (if not used to market our own services to you).
Below we list transfers to parties acting on our behalf as data processors that may occur:
Below we list transfers to parties acting as data controllers that may occur:
Any transfers of personal data included in cookies are described below under the cookies section.
As a main rule, we do not transfer any personal data to countries outside of the EU/EEA (called third countries in the GDPR). However, in some cases, personal data may be transferred to third countries, and when such transfers are carried out, we take appropriate measures to ensure that your personal data is adequately protected. We will ensure that at least one of the following conditions is fulfilled in relation to each of those transfers:
By contacting us through the contact details below, you have the right to obtain a copy of the safeguards used when transferring personal data to a third country.
By contacting us through the contact details set out below, you have the right to
For the protection of your privacy and your personal data, we may require that you identify yourself in connection with our assistance.
You can also file a complaint with the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten) at www.imy.se, if you think our processing of personal data is not carried out in accordance with applicable laws.
If we process your personal data based on your consent, it is important that you are aware of your right to withdraw your consent at any time. You may withdraw your consent by contacting us on the contact details provided below. Such withdrawal may be made in whole or in part. If you do not wish to receive marketing and offers from us, you can withdraw your consent by contacting customer service or, as regards direct marketing via e-mail, by following the link in our marketing e-mails. As regards consent for cookies, please see below.
365id’s processing of personal data – in the role of data processor
There are different types of cookies. We use so called permanent cookies, and “session” cookies, which are temporary. Persistent cookies last until they expire on a pre-set date or are manually deleted by you on your device and are used, for example, to remember user specific settings between visits on a website. Session cookies last until you stop browsing and are used, for example, to log statistics when the user moves from one page to the next.
By giving your consent in the cookie banner presented to you when entering the website, either to some or to all types of cookies, you consent to our use of the cookies described in this policy. You may deactivate or restrict the transmission of cookies that are not strictly necessary (which according to applicable law does not require any consent from you) for the functioning of our website, by opting out on this website or by changing the settings of your web browser. Web browser settings are often found in the “Tools” or “Preferences” menu (please refer to your web browser’s help section). Should you visit our website with cookies deactivated, you might not be able to use all of the functions on our website to the full extent.
The following type of cookies are used on our website [and in our app]:
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
If you have questions about how 365id handles your personal information, you are welcome to contact us by email or regular mail.
By e-mail: firstname.lastname@example.org Or by post:
302 31 Halmstad
Att: Data Protection officer