This Privacy Notice sets out the basis on which any personal data we collect from you in accessing our valid8Me service will be used by us as controllers for the purposes of the Data Protection Law. Please read this Privacy Notice carefully to understand our views and practices regarding the personal data we collect and how we will treat it.
This Privacy Notice is a statement of our commitment to protect the rights and privacy of individuals in accordance with data protection law.
Horizon8 is the owner of a software product known as valid8Me which is a “Know your client” (“KYC”) document sourcing and sharing service that allows corporate, individual and professional bodies (“End Users”) to:
upload, maintain and revokeaccess to key identification documents;
securely connect with various business entities (“Onboarding Entities”) with whom the End User engages for a specific business purpose (e.g. opening a bank account; applying for home insurance; seeking legal advice); and
share their identification documents with the Onboarding Entities to enable those entities fulfil their legal; AML and KYC obligations;
securely connect with individuals and organisations authorised (“Authorised Representatives”) to access and share with Onboarding entities their personal data and documents;
securely connect with Counterparties (e.g. Notaries, Auditors, etc.) to simplify and accelerate the on boarding process.
WHO THIS NOTICE APPLIES TO
This Privacy Notice provides specific information relating to the following data subjects where we act as controllers of their personal data for the purposes of the GDPR:
individual/private End Users who contract us directly for use of and access to valid8Me and their authorised representatives;
Commercial/corporate End Users who contact us directly for use of and access to valid8Me and their authorised representatives;
Onboarding Entities and their employees, directors (or equivalent) and/or other authorised representatives;
professional bodies such as Notaries, Auditors engaged by Users or Onboarding Entities
OUR PROCESSING ACTIVITIES
We use your personal data to enable both End Users and Onboarding Entities connect for the purpose of sharing of identification and verification documents required by Onboarding Entities for the purpose of providing their products and services.
Personal data will be collected via a mobile application that the End User can download to their device. An Onboarding Entity can request any type of information or documentation as mandated by their AML / KYC policies. The End User will, having considered the Onboarding Entity’s requirements, decide whether to upload and share their information.
Under data protection law, Horizon8 must ensure that it has an appropriate lawful basis for the processing of your personal data and let you know what that basis is.
We will be processing your personal data based on the following:
consent of the End User;
processing is necessary for the performance of a contract to which the End User is a party or in order to take steps at the request of the data subject prior to entering into a contract;
compliance with a legal obligation;
for the purpose of the legitimate interest pursued by the End User;
Where the personal data includes special category personal data, Horizon8 may seek to rely on:
explicit consent of the End User;
In addition there will be some processing undertaken for administrative purposes, to provide information to you, to operate, evaluate, maintain, develop and improve our websites and services or to maintain their security.
We may need to use your information to comply with legal and regulatory obligations, including complying with your information rights, with reporting obligations and with Court orders. We may also process your personal data where necessary to protect your vital interests or those of another person.
THE PERSONAL DATA WE COLLECT
Personal data means any information relating to you, which allows us to identify you, such as your name, contact details, payment details and information about your interaction with the services provided by us.
We collect identity data as follows:
End User identification documents (e.g. Passports; Driver Licenses; National Identity cards);
Proof of Address documents (e.g. Utility bills; Leases);
Commercial/Corporate Identity Information (e.g. Articles of Association; Company Register Certificates);
End User credentials (e.g. email address; phone number and other identifiers) required to securely enable End Users to login to valid8Me
Biometric Data (facial recognition and fingerprints for identity verification checks to prevent identity fraud)
We collect data from your interactions with us and our business relationship
If you interact with us we will record details of those interactions. For example, we will collect details of phone calls, email correspondence and hard copy correspondence.
We collect certain non-personal technical data from your interactions with our website
When you interact with us online we will automatically collect data about your use of our services, including data on the type of device you’re using, its IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. This information is collected at an aggregate level and your identity data is not stored as part of this technical data.
For further information see our cookies policiesbelow.
SOURCES OF PERSONAL DATA
We will collect personal data supplied by the End User which is uploaded and shared with the Onboarding Entity. The Onboarding Entity may request special category or sensitive personal data to be shared but the End User will have control over the information that is uploaded or shared with the Onboarding entity.
In addition, our servers, logs and other technologies automatically collect certain information to help us administer, protect and improve our services, analyse usage and improve End User experiences.
HOW WE USE PERSONAL DATA
We will only use personal data for the purpose of our processing activities mentioned including to enable End Users create a digital identity through a process of identity verification to connect with an Onboarding Entity for a product or service. The End User will be asked to provide certain information and valid8Me will explicitly seek the consent of End User before sharing each piece of information and documentation with an Onboarding Entity or other Authorised Representative. The information will be shared with any Onboarding Entity the End User or their Authorised Representative connects with and permits access to their documents. The End User or Authorised Representative will receive a request to connect and it will be for it to decide what and with whom it wishes to provide access to documents. Any request left unanswered by the End User or Authorised Representative will remain pending and no access will be permitted until approved by them.
In certain circumstances, we may disclose personal data to third parties as follows:-
business partners for the performance of any contract including, payment processors, data aggregators and hosting service providers;
our insurers and/or professional advisers insofar as reasonably necessary for the purpose of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal disputes;
analytics and search engine providers that assist us in the improvement and optimisation of our Website. This consists of aggregated anonymous information only and relates to the web pages visited on the Website and not the information included on those web pages;
if we or substantially all of our assets are acquired by a third party, in which case personal data held by us will be one of the transferred assets;
if we are under a duty to disclose or share your personal data in order to comply with any legal obligation;
to protect our rights, property, or safety, or that of yours or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection;
as required by law, in order to respond to a court order or request from law enforcement or other public authority and in order to meet national security or law enforcement requirements. We will disclose your personal data if this is necessary to:
comply with a legal obligation;
protect or defend our rights, interests or property or that of a third party;
prevent or investigate possible wrongdoing in connection with our services;
act in urgent circumstances to protect the personal safety of one or more individuals; and
protect against legal liability.
When we engage another organisation to perform services for us, we may provide them with information including personal data, in connection with their performance of those functions. We do not allow third parties to use personal data except for the purpose of providing these services
We will take all steps reasonably necessary to ensure that personal data is treated securely in accordance with this Privacy Notice and the relevant law.
In particular, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we manage and collect. All End Users of valid8Me will conduct base IDV checks when setting up their account to ensure that the person holding the device is the same person in the identification documents as well as other measures to minimise identity fraud.
End Users will use valid8Me to create a digital identity through a process of identity verification (selfie photo, identity document, liveness test, two factor authentication) to confirm they are using the correct device.
All information uploaded will be stored in a specific, secure and encrypted online vault hosted by Horizon8.
We also use secure connections to protect personal data during its transmission. Where you have been given (or where you have chosen) a password which enables you to access the services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
TRANSFERS OUTSIDE THE EEA
We do not transfer personal data outside the European Economic Area (“EEA”). If at any time it becomes necessary for us to transfer personal data outside the EEA, it will only be transferred outside the area using legally approved transfer mechanisms.
Cookies enable us to store information about your preferences and therefore customise the Website according to your individual interests. They are also used to monitor which parts of the Website are the most popular to its visitors. Please be aware that if you do disable cookies however, certain services on the Website will not be available to you and your use and enjoyment of them will be impaired. You can use the Cookies Settings button below to manage cookies.
WHAT COOKIES DO WE USE
THIRD PARTY WEBSITES
Our Website and the Platform may contain links to and from third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy notices. We do not accept any responsibility or liability for these third party websites nor do we provide support for their services. Please undertake the appropriate due diligence before submitting any personal data to these websites.
YOUR RIGHTS UNDER GDPR
If you are resident in the EEA, you have several rights under the GDPR. These rights are as follows:
your right to withdraw your consent to the processing of Personal Data at any time;
your right to request from us access to personal data and to have any incorrect personal data rectified;
your right to the restriction of processing concerning you or to object to processing;
your right to have your personal data transferred to another service provider;
your right to have personal data erased (where appropriate);
information on the existence of automated decision-making, if any, as well as meaningful information about the logic involved, its significance and its envisaged consequences;
Vindication of your rights shall not affect any rights which we may have under Data Protection Law. You have the right to lodge a complaint with the local supervisory authority for data protection in the EU member state where you usually reside, where you work or where you think an infringement of data protection law took place.
In some circumstances it is not possible for us to specify in advance the period for which we will retain your personal data. In such cases we will determine the appropriate retention period based on balancing your rights against our legitimate business interests. We may also retain certain personal data beyond the periods specified herein in some circumstances such as where required for the purposes of a legal claims.
The information and documentation will be retained and processed by valid8Me for as long as an End User maintains it in their personal vault or the Onboarding Entity requires access to it. Once that data is knowingly made available to an Onboarding entity, which the End User has consented to, it will remain available for a number of years in line with the Onboarding Entities legal obligations relating to KYC and AML. In advance of the legal obligation period elapsing, the Onboarding Entity will be informed to confirm they no longer require access. If the Onboarding Entity does not extend the legal term their access to that documentation will be revoked and the End User notified.
AMENDMENTS TO THIS PRIVACY NOTICE
We will post any changes on the Website and when doing so will change the updated date at the top of this Privacy Notice. Please make sure to check the date when you use our services to see if there have been any changes since you last used those services. If you are not happy with any changes that we have made you should cease using our services.
In some cases we may provide you with additional notice of changes to this Privacy Notice, such as via email. We will always provide you with such additional notice well in advance of the changes taking effect where we consider the changes to be material
HOW TO CONTACT US
Please contact us if you have any questions about this Privacy Notice or information we hold about you:
or write to us at: If you an employee of one of our Customers, please contact your employer directly
The Data Protection Commission in Ireland may be contacted through their website at https://forms.dataprotection.ie/contact if you have any concerns or questions about the processing of your personal data.