Jumio Corp. Privacy Policy for Online Services

Jumio Corporation (“Jumio”) respects the privacy of our users.  This Privacy Policy (“Policy”) describes our privacy practices concerning information collected in connection with Jumio’s payment, verification, and related online services, including Fastfill, Netswipe, and Netverify (the “Services”).  A separate policy, available here, describes our privacy practices in connection with our online website, located at www.jumio.com.

Jumio makes the Services available to third parties for integration into those third parties’ websites, applications, and online services.  Jumio collects, uses, and discloses individual users’ information only as directed by these third parties and, accordingly, Jumio is a mere processor of user information with respect to the Services and not a controller.  Further, some features of the Services may be disabled or altered by the data controller, or the controller may require Jumio to collect, use, disclose, or otherwise process data in ways that differ from those described below.  Thus, to fully understand how your information will be handled when you use the Services, you must review not just this Policy, but also the privacy policy of the third party with whom you are dealing directly (the “Third-Party Data Controller”).

Notwithstanding the above, Jumio may process certain individual users’ information in pseudonymized or anonymized form for its own purposes, thereby acting as a controller in this limited regard.

Jumio is headquartered in the United States at 268 Lambert Avenue, Palo Alto, CA 94306.  As discussed below, Jumio complies with the US-Swiss Safe Harbor Framework regarding the collection, use, and retention of personal information from Switzerland.

What personal and other information Jumio collects about you

Jumio collects both “personal information” and “pseudonymized information” about users of the Services.  For purposes of this Policy, “pseudonymized information” is information that Jumio cannot directly associate with a specific person without the aid of additional information.  By contrast, “personal information,” is information such as a name, email address, or identification card image that Jumio can directly associate with a specific person or entity without additional information.

Personal information.  Jumio collects a wide range of personal information through the Services.  This information varies depending on the Jumio application and the Third-Party Data Controller in question, but may include such information as name, physical address, email address, telephone number, social security number, driver’s license number, state or national ID card number, passport number, other ID card number, credit or debit card number, CVV, expiration date, and/or date of birth.  In some cases, Jumio may collect a visually scanned or photographed image of your face and/or your identification card, driver’s license, passport, utility bill, bank account statement, insurance card, or credit/debit card.  This image may include your photograph and other information from the imaged document, such as your eye color, weight, height, and organ donor status.

Data provided by third parties.  We may receive personal or pseudonymized information about you from the Third-Party Data Controller that integrates the Services into its website, application, or other online service.  This information includes a customer ID, selected by the Third-Party Data Controller, that uniquely identifies you in the third party’s database.  For additional information, review the privacy policy of the Third-Party Data Controller.

At the direction of the Third-Party Data Controller, Jumio also might obtain information about you from other third parties, such as consumer reporting agencies and fraud-prevention services.

Cookies and other tracking data.  When you use the Services, we automatically receive and record certain information from your computer (or other device) and/or your web browser.  This may include such information as the third-party website or application into which the Services are integrated, the date and time that you use the Services, your IP address and domain name, your software and hardware attributes (including operating system, device model, and hashed device fingerprint information), and your general geographic location (e.g., your city, state, or metropolitan region).  To obtain such information, we may use web logs or applications that recognize your computer and gather information about its online activity.       

We also use cookies in connection with the Services.  For further information please refer to the section entitled “Cookies” below.

Cookies

What are cookies? Cookies are small files that are stored on your computer or other device by your web browser.  A cookie allows Jumio to recognize whether you have used the Services before and may store user preferences and other information.

How are cookies used? For example, cookies can be used to collect information about your use of the Services during your current session and over time, your computer or other device’s operating system and browser type, your Internet service provider, your domain name and IP address, and your general geographic location.

What kind of cookies are used on the Website? Our website primarily uses the following types of cookies:

 

Cookie Name Cookie Type Purpose
__ga Persistent cookie This cookie is used to distinguish users and expires after 2 years.
__gat Session cookie This cookie is used to throttle the request rate and expires after 10 minutes.

 

“Session cookies” are temporary bits of information which are deleted when you exit your web browser. Session cookies are typically used to improve navigation and to collect web statistics.

“Persistent cookies” are more permanent bits of information that are stored and remain on your computer until they are deleted by you. This type of cookie stores information on your computer for a number of purposes; such as saving your passwords. Persistent cookies delete themselves after a certain period of time but are renewed each time you visit the website.

How do you avoid cookies? If you are concerned about having cookies on your computer or device, you can set your browser to refuse all cookies or to indicate when a cookie is being set, allowing you to decide whether to accept it.  You can also delete cookies from your computer.  However, if you choose to block or delete cookies, certain features of the Services may not operate correctly.

How Jumio uses the personal and pseudonymized information that we collect

In general, Jumio uses the personal and pseudonymized information that we collect in connection with the Services as discussed in this section of the Policy.

Personal information is used by Jumio only as directed by the Third-Party Data Controller that integrates the Services into its website, application, or other online service.  Subject to the privacy policy of the Third-Party Data Controller, we use your personal information as follows on behalf of the Third-Party Data Controller:

Jumio may use your personal information to provide the Services.  For example, we might use your credit card information or ID card information to populate an online form, or to verify your identity in connection with your use of another online service.  We also may use your personal information to fulfill the terms of any agreement between us and the Third-Party Data Controller; to complete a transaction that you initiate; to deliver confirmations, account information, notifications, and similar operational communications; to improve your user experience and the quality of our products and services; and to comply with legal and/or regulatory requirements.

Pseudonymized information that we collect in connection with the Services is used by Jumio for its own purposes as follows:  counting and recognizing users of the Services; analyzing how users make use of the Services and various features of the Services; improving the Services and enhancing users’ experiences with the Services; creating new products and services or improving our existing products and services; and enabling additional analytics and research concerning the Services.

How Jumio shares personal and pseudonymized information with third parties 

In general, Jumio shares the personal and pseudonymized information that we collect in connection with the Services as discussed below.

However, Jumio shares personal information only as directed by the Third-Party Data Controller, and thus the following language is subject to the privacy policy of the Third-Party Data Controller.

Third-Party Data Controller.  We share the personal and pseudonymized information that we collect on behalf of a particular Third-Party Data Controller with that Third-Party Data Controller.

Jumio service providers.  Jumio also uses third-party service providers to help us deliver, manage, and improve the Services.  These service providers may collect and/or use your personal or pseudonymized information to assist us in achieving the purposes discussed above in the section entitled “How we use the personal and non-personal information that we collect.”  For example, we use a third party to help us translate the information contained in scanned images of identification cards.

We also may share your personal or pseudonymized information with other third parties when necessary to fulfill your requests for services; to complete a transaction that you initiate; or to meet the terms of any agreement that you have with us or our partners.

Analytics providers.  We partner with certain other third parties to collect pseudonymized information and engage in analysis, auditing, research, and reporting.  These third parties may use web logs or cookies.  The use of online tracking mechanisms by third parties is subject to those third parties’ own privacy policies, and not this Policy.  If you prefer to prevent third parties from setting and accessing cookies on your computer or other device, you may set your browser to block cookies.

Legal purposes.  We also may use or share your pseudonymized information with third parties when we have reason to believe that doing so is necessary:

  • to comply with applicable law or a court order, subpoena, or other legal process;
  • to investigate, prevent, or take action regarding illegal activities, suspected fraud, violations of our terms and conditions, or situations involving threats to our property or the property or physical safety of any person or third party;
  • to establish, protect, or exercise our legal rights or defend against legal claims; or
  • to facilitate the financing, securitization, insuring, sale, assignment, bankruptcy, or other disposal of all or part of our business or assets.

Aggregated information.  From time to time, Jumio may also share anonymized and aggregated information about users of the Services, such as by publishing a report on trends in the usage of the Services.

Security

Jumio uses commercially reasonable physical, electronic, and procedural safeguards to protect your personal and pseudonymized information against loss or unauthorized access, use, modification, or deletion. Among other things, Jumio encrypts sensitive information both in transit and at rest.  Jumio is PCI Level 1 compliant and regularly conducts security audits, vulnerability scans, and penetration tests to ensure compliance with security best practices and standards.  However, no security program is foolproof, and thus we cannot guarantee the absolute security of your personal or other information.  Moreover, we cannot guarantee the safety of your information when in the possession of other parties, such as the Third-Party Data Controller.

Reviewing and updating your information 

Jumio will grant you access to your personal information as directed by the Third-Party Data Controller that integrates the Services into its website, application, or online service.  Jumio also will retain your personal information as directed by the Third-Party Data Controller and, accordingly, we may retain your personal information for as short as a few minutes or as long as five years.

Thus, if you want to learn more about the personal information that Jumio has about you, or you would like to submit a request to update or change that information, please contact the Third-Party Data Controller.  You also may reach us by email at privacy@jumio.com.

Information for users of the Services from outside the United States

The personal and pseudonymized information that Jumio collects through or in connection with the Services is transferred to and processed in the United States for the purposes described above.  Jumio also may subcontract the processing of your data to, or otherwise share your data with, affiliates or third parties in the United States or countries other than your country of residence.  The data protection laws in these countries may be different from, and less stringent than, those in your country of residence.

Jumio complies with the US-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from Switzerland.  Jumio has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.  To learn more about the Safe Harbor program, and to view Jumio’s certification, please visit http://www.export.gov/safeharbor/.

In compliance with the US-Swiss Safe Harbor Principles, Jumio commits to resolve complaints about your privacy and our collection or use of your personal information.  Swiss citizens with inquiries or complaints regarding this Policy should first contact Jumio at:

Privacy Officer

Jumio Corporation

268 Lambert Avenue

Palo Alto, California 94306

Email: privacy@jumio.com

 

Children’s Privacy

The Services are not directed to children under the age of 13, and Jumio will never knowingly collect personal or other information from anyone it knows is under the age of 13. We recommend that persons over 13 but under 18 years of age ask their parents for permission before using the Services or sending any information about themselves to anyone over the Internet.

Changes to this Policy 

Technology and the Internet are rapidly changing.  Jumio therefore is likely to make changes to the Services in the future and as a consequence will need to revise this Policy to reflect those changes.  When we revise the Policy, Jumio will post the new Policy on the Jumio website’s home page (www.jumio.com), so you should review that page periodically.  If we make a material change to the Policy, you will be provided with appropriate notice.  If we maintain your email address, we also may email you a copy of the revised Policy at your most recently provided email address.  It is therefore important that you update your email address if it changes.

Questions or comments

If you have any questions or comments regarding our Policy, please mail or email us at:

Jumio Corporation

268 Lambert Avenue

Palo Alto, CA 94306

Email: privacy@jumio.com

 

Effective date:  June 7, 2016