Privacy Policy

Last Modified: February 23, 2023

VRIFY Technology Inc. and its affiliates (“VRIFY”, “we”, “us” or “our”) are committed to protecting the privacy of all individuals who: (i) visit any websites or mobile sites offered by VRIFY, including without limitation vrify.com, and including all subdomains, present and future (the “Website”); (ii) use the mobile application that VRIFY makes available from time to time (the “Application”); and (iii) use any of its services, including the content development, technology development, project management, hosting and other services made available from time to time (the “Client Services”). We call the Website, the Application and the Client Services together the “Services”.

It is VRIFY’s policy to respect your privacy and the privacy of all users of the Services. This Privacy Policy has been established to help you understand our commitment to protecting your privacy and personal data, and the steps we take to ensure it. By visiting and/or using any of the Services, you agree to be bound by the terms of the present Privacy Policy (the “Privacy Policy”). Where this Privacy Policy refers to “VRIFY”, it may refer to the Services or to VRIFY Technology Inc., depending on the context.

VRIFY reserves the right, at any time, to modify or replace the Privacy Policy. The most recent version of the Privacy Policy is available at https://vrify.com/legal/privacy. Please check the Privacy Policy periodically for changes, though we will also notify you via email or other direct electronic communication method of any changes that, in our sole discretion, materially impact your use of the Services or the treatment of your Personal Information. Your use of the Services following the posting of any changes to the Privacy Policy constitutes acceptance of those changes.

VRIFY’s Privacy Policy forms part of its wider terms of service. These terms of service are available at https://vrify.com/legal. Additional terms may apply to other Services. To make this policy easier to read, any applicable VRIFY terms of service are referred to as the “Terms”. These Terms, the Privacy Policy, and other VRIFY policies such as our Acceptable Use Policy and Copyright & IP Infringement Policy referenced in the Terms apply to your use of the Services.

Personal information we collect

Personal information is information relating to an identified or identifiable natural person. An identifiable natural person is an individual that can be identified, directly or indirectly, be referenced to an identifier such as: a name, an identification number, specific location data, an online identifier, or other attributes specific to that natural person.

Personal information does not include information that has been anonymized or aggregated in such a way that it can no longer be used to identify a specific natural person, whether on its own or in combination with other information.

The personal information that we collect falls into two broad categories: Account Data and Content.

Account Data

Account data (“Account Data”) is personal information you provide us, or that we collect from you and your devices in connection with your access to and use of our Services (such as when you provide us information to register for an account, or information we collect about your browser when you connect to one of our Services, etc.). In legal terms, we collect and use this Account Data as a data controller.

There are two general categories of Account Data we collect in order to provide you with the Services.

1. Information you give us
2. Account information. You may provide us with information in connection with the creation and management of your account for the Services, such as a name, email address and a password to create a VRIFY account.
3. Billing information. If you have purchased a paid version of the Services, or if you make another financial transaction using our Services, we will collect information about the purchase or transaction. This includes billing details and credit card information, other account and authentication information.
4. Other information. You may otherwise choose to provide us with information when you fill in a form, contact our customer support, respond to surveys or use other features of our Services. You may also provide us with other optional information as part of your account profile.
5. Information we automatically collect from your use of the Services
6. Log data and usage information. Like most websites, when you view content on or otherwise interact with our Services our servers automatically record information, including information that your browser sends whenever you visit a Website or that your Application sends when you are using it. This log data may include your IP address, the address of the web page you visited before using the Services, your browser type and settings, your device information, the date and time of your use of the Services, information about your browser configuration and plug-ins, language preferences, unique identifiers and cookie data.
7. Location information. When you use our Services, we may collect information about your geographic location.
8. Cookies and similar technologies. We use cookies and similar technologies to provide and support our websites and Services, as more fully explained in our Cookie Notice.

Content

The content (the “Content”) which you upload or otherwise make available (including through us in connection with the Client Services), download, or view on our Services (defined as “Content” in our User Terms and “Client Content” and “Client Information” in our Client Terms) may, but does not necessarily, contain personal information. When we refer to “Content” in this notice, we mean the personal information in Content that we process. We only process Content at your direction. In legal terms, we act as data processors for the personal information included in the Content. Our obligations and commitments as it relates to our processing of Content on behalf of our users is outlined in the section below called Content - VRIFY as a Data Processor.

Account Data – How we use it

We use, store, and process Account Data as a data controller to provide, understand, improve and develop our Services, keep our Services safe and to comply with our legal obligations. More particularly, we use it to:

• identify you when you create and login to your account
• enable us to operate the Services and provide them to you
• verify your transactions and for purchase confirmation, billing, security, and authentication (including security tokens for communication with installed third-party applications)
• analyze the Services and information about our clients, visitors and users, including research into our user demographics and user behaviour in order to improve our content and Services
• contact you about your account and provide customer service support, including responding to your comments and questions
• share aggregate (non-identifiable) statistics about users of the Services to prospective advertisers and partners
• keep you informed about the Services, features, surveys, newsletters, offers, contests and events we think you may find useful or which you have requested from us
• sell or market VRIFY products and services to you, if you have opted-in to receive our commercial communications
• better understand your needs and the needs of users in the aggregate, diagnose problems, analyze trends, improve the features and usability of the Services, and better understand and market to our customers and users
• verify accounts and activity, maintain the integrity of our Services, and to keep the Services safe and secure

We also use non-identifiable information gathered for statistical purposes to keep track of the number of visits to the Services with a view to introducing improvements and improving usability of the Services. We may share this type of statistical data so that our partners also understand how often people use the Services, so that they, too, may provide you with an optimal experience.

Account Data – Legal basis for use

Our legal basis for collecting and using Account Data as a data controller will depend on the specific context in which we collect it. However, as a data controller, we will collect personal information from you where:

• we have your consent to do so
• where we need the personal information to perform a contract with you (e.g. to deliver the Services you have requested), or
• where the processing is in our legitimate interests (and not overridden by your data protection interests or fundamental rights and freedoms)

Subject to obligations consistent with this Privacy Policy, we may also disclose information to our affiliates, agents, contractors, and service providers in order to facilitate the functioning of the Services or to perform tasks that are integral to the Services, such as processing transactions, fulfilling requests for information, or providing support services or other tasks, from time to time. These service providers are not authorized by us to use or disclose your information except as necessary to perform services on our behalf or to comply with legal requirements. If you do not wish us to provide your Personal Information to our service providers, we may be unable to provide you with the Services.

In some cases, we may also have a legal obligation to collect personal information from you, or may otherwise need the personal information to protect your vital interests or those of another person.

Where we rely on your consent to process Account Data, you have the right to withdraw or decline your consent at any time. Please note that this does not affect the lawfulness of the processing based on consent before its withdrawal.

If we ask you to provide Account Data to comply with a legal requirement we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our legitimate interest which are not already described in this notice, we will make clear to you at the relevant time what those legitimate interests are.

Account Data – Access, control and correction of personal information and certain other important rights

As a user, you may update or correct most of your Account Data by logging in to your account to edit your profile or organization record. To make a request to have Account Data returned to you, removed, or to make additional corrections, please email our privacy team. Requests to access, correct, or remove your information will be handled within 30 days and may be subject to a fee as permitted by applicable law.

Depending on where you reside, you may have the right to exercise additional rights available to you under applicable laws with regards to the personal information VRIFY holds about you as a data controller, including:

• Right of erasure: In certain circumstances, you may have a broader right to erasure of personal information that we hold about you – for example, if it is no longer necessary in relation to the purposes for which it was originally collected. Please note, however, that we may need to retain certain information for as long as you maintain an account for our Services, or as needed to provide you with our Services, for record keeping purposes, to comply with our legal obligations, resolve disputes and enforce the Terms.
• Right to object to processing: You may have the right to request that VRIFY stops processing your personal information and/or to stop sending you marketing communications.
• Right to restrict processing: You may have the right to request that we restrict processing of your personal information in certain circumstances (for example, where you believe that the personal information we hold about you is inaccurate or unlawfully held).
• Right to data portability: In certain circumstances, you may have the right to be provided with your personal information in a structured, machine readable and commonly used format and to request that we transfer the personal information to another data controller without hindrance.

If you would like to exercise such rights, please contact us. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request.

You also have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.

Content – VRIFY as a Data Processor

You, as a VRIFY user or client, control how Content is generated, requested, submitted or published and processed on our Services. When you use our Services, you may view, create, and analyze Content which may ultimately be published on the Services. The Content that flows through our Services may include personal information of all types, including but not limited to the following categories:

• user or client generated content
• contact details (such as name, email address, telephone number)
• additional individual information (such as age, gender, employer, profession, geographic location, education information, financial status, habits and preferences)
• information relating to an individual’s real time location

As the user or client, you are the data controller of your Content and we are the data processor for such Content. Where we process Content, we do so at your direction and on your behalf in accordance with the instructions you give us through the Services. We may, in limited circumstances process Content for the purposes of improving the Services and functionalities users ask for as part of their VRIFY experience.

If you are using the Services by invitation of a VRIFY customer, whether that customer is your employer, another organization, or an individual, that customer determines its own policies regarding storage, access, modification, deletion, sharing, and retention of Content, which may apply to your use of the Services. Please check with the customer about the policies and settings it has in place.

Access, correction, and deletion of Content

In several instances, the Content published via VRIFY will not be in VRIFY’s custody, and any Content that has been shared or otherwise made available by you via the Services may continue to be available to third parties and the public at large.

An individual who seeks access to, or who seeks to correct or, amend inaccuracies in, or delete Content stored or processed by us on behalf of a user or client should direct his/her query to the VRIFY client (the data controller). Upon receipt of a request from one of our users or clients for us to remove the data, we will respond to their request within 30 days. Please note however that we may need to retain certain information on our systems for as long as you maintain an account for our Services, for record keeping purposes, to comply with our legal obligations, to resolve disputes, enforce our Terms, or as required or authorized by applicable law. Please refer How Long We Keep Personal Information section below for further detail.

For our users and clients with a principal location in the EEA or otherwise subject to the General Data Protection Regulation (GDPR)

Under EU law, VRIfy is a data processor of Content generated, requested or published via the Services. We process this Content in accordance with the instructions of our users and clients. Because our users and clients control how their Content is collected and used by them, our users and clients are, in legal terms, the controllers of the Content that they process through our Services and are responsible for complying with applicable data protection laws, including the GDPR.

Privacy Information that applies to both Account Data and Content

When we may share personal information

Except as provided in this privacy notice, VRIFY does not share any personal information gathered via the Services with third parties. We may however share Account Data or Content under the following circumstances:

• with your consent or at your direction
• with service providers (including payment processors) we engage to perform functions or provide services to us, where those service providers are subject to obligations that are consistent with this privacy notice and to appropriate confidentiality and security measures
• where we believe that it is reasonably necessary to comply with a law, regulation or if we are otherwise legally required to do so, such as in response to court orders or legal process, or to establish, protect, or exercise our legal rights or to defend against legal claims or demands
• if we believe it is necessary in order to investigate, prevent, or take action against illegal activities, fraud, situations involving potential threats to our rights or property (or to the rights or property of those who use our Services), or to protect the personal safety of any person
• if we believe it is necessary to investigate, prevent, or take action regarding situations that involve the security of our Services, abuse of the Services infrastructure, or the Internet in general (such as voluminous spamming, denial of service attacks, or attempts to compromise the security of the Services)
• to a parent company, subsidiaries, joint venture, or other companies under common control with VRIFY
• if we are acquired by or merged with another entity (in which case we will require such entity to assume our obligations under this privacy notice), if we are involved in a bankruptcy, or if the ownership or control of all or part of our Services or their assets changes

How long we keep personal information

We retain your Account Data for as long as necessary to provide the Services you have requested, or for other essential purposes such as complying with our legal obligations, resolving disputes, or enforcing our Terms.

We retain Content for as long as needed to provide the Services, or until you ask us to delete it pursuant to the Terms. We retain and use this Content as necessary to comply with our legal obligations, resolve disputes, and enforce the Terms.

Please note that certain personal information may need to be retained by VRIFY for a period of time following the cancellation of your account where this is necessary for our legitimate business purposes or required or authorized by applicable law. Our specific retention periods for personal information are documented in our internal retention policies and any applicable retention schedules that we maintain as required by applicable law.

After it is no longer necessary for us to retain your personal information, we will dispose of it in a secure manner, according to our data retention and deletion policies.

How we protect personal information

VRIFY follows industry best practices to protect personal information from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the Account Data and Content we collect, use, process and store, and the current state of technology.

International transfers

VRIFY Technology Inc., the entity which provides the Services, is a Canadian company with its head-office located in Vancouver, British Columbia. For the purposes of EU data protection law, Canada is considered a country which provides adequate protections for personal information, as confirmed by the European Commission in Commission Decision 2002/2/EC.

The Services are mainly provided from our offices in Canada. VRIFY uses third-party service providers (such as managed hosting providers, card processors, CRM systems, sub-processors of Content and technology partners) to provide the necessary software, networking, infrastructure and other services that we use to operate the Services. These third party providers may process, or store, personal information on servers outside of the EEA, including in Canada or the US.

Also, by the very nature of the Services provided, the data that is viewed, collected, stored or posted on or through the Services also needs to flow from wherever you are located in the world, to where our the same data is stored.

Whenever we transfer personal information from data subjects located in the EEA to a third-party service provider located in a country that has been deemed inadequate, whether that personal information is contained in Account Data or in Content, we do so with and approved legal adequacy mechanisms in place. For any transfers of personal information to the US, we rely on either the third-party’s registration in the EU-US Privacy Shield or on the implementation of the EU’s Standard Contractual Clauses.

By using any of the Services, or submitting or collecting any personal information via the Services, you authorize VRIFY and its authorized service partners to use and process Content and Account Data (including any personal information) in these countries.

Cookies and similar technologies

When you visit or interact with our Services, we, or our authorized third party services providers may use cookies and other similar technologies to help us provide you with a better, faster, and safer experience, and for advertising and marketing purposes. We may collect some personal information via these Cookies. You can get more details on our use of cookies and similar technologies in our full Cookie Notice.

Choices

Marketing Emails

You may opt out of marketing communications sent by VRIFY by following the unsubscribe instructions included in each marketing email.

Customized Advertising

We may use Account Data to customize advertising that we direct to you, utilizing third parties. The Network Advertising Initiative has developed a tool that may help you understand which third parties have currently enabled cookies for your browser and opt-out of those cookies.

Children

Our Services are not intended for use by children and should only be accessed by individuals of at least 18 years old.

Changes to this Privacy Notice

VRIFY reserves the right to make changes to its privacy notice at any time. Innovation in software happens quickly and laws, regulations and industry standards evolve, which may make those changes necessary, or we may make changes to our business. If we do make changes to the privacy notice, we will post them to this page, so we encourage you to stay informed by checking back here periodically.

Contacting us

VRIFY is headquartered in Vancouver, British Columbia, in Canada. You can contact our Privacy Team via email.

Or via mail:

VRIFY Technology Inc.

401 – 353 Water St.

Vancouver, BC, Canada

V6B 1B8

info@vrify.com

© VRIFY Technology Inc. 2023