IDology

Smarter, Multi-Layered Identity Verification

General Privacy Policy

Last Updated: October 1, 2024

Welcome! We are IDology, Inc. and Acuant, Inc. (collectively, “IDology“, “we“, “us” or “our“) delivering omnichannel business-to-business (“B2B”) solutions for fast and secure identity verification, regulatory compliance and fraud management purposes (collectively, our “Products“.). This General Privacy Policy explains how we collect, use, disclose, and otherwise process personal information in connection with our website, IDology.com (the “Site“), Products, and related services (collectively, the “Services“).This General Privacy Policy does not cover or address:

  • Details on how we collect and process your personal information when providing our Products to our business customers. Please refer to our Product Privacy Policy for more information about processing of your personal information in these contexts.
  • How our business customers process your personal information.
  • How we collect and process job applicants, employees and/or contractors’ personal information.
    • To obtain a copy of your Team Member Privacy Policy, please see the latest version available on be/connected.
    • If you are a former employee or contractor, please contact IDology_DPO@gbgplc.com
  • Job applicants.
    • We use a third-party service provider for our job applicant process. Please see the privacy policy that was provided to you at the time of your application, or use any of the Contact Methods at the end of this Privacy Policy to reach out to us directly.

    What is Personal Information?

    When we use the term “personal information” in this Privacy Policy, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an individual. It does not include aggregated, deidentified information, publicly available information, or any other information that may be excluded from qualifying as personal information under the data protection law that is applicable to you.
    Since we are a B2B organization, the majority of personal information that we process belongs to our business customers’ own consumers. Our Services process personal information on behalf of and under the instructions of our business customers, whom will process your personal information according to their own privacy policies.

Our Collection of Personal Information

The type of information we collect from you will depend on how you interact with us.

Sources of Personal Information

We may collect personal information from the following categories of sources:

  • Information you Provide directly to us: if you are visiting our Site or if you create an account with us, subscribe to marketing communications, use any of our chat features, purchase our Services, download our software, use our support offerings, email us, or participate or interact with us in any of our events, sweepstakes, or submit any other types of inquiries or forms.
  • Your Employer / Company: If you interact with our Services through your employer or company, we may receive your information from your employer or company (for B2B purposes).
  • Business Customers: We may receive your information from our business customers when they purchase our Solutions and use our Services.
  • Business Partners: We may receive your information from our business partners who purchase our Services to resell or integrate them into their own products.
  • Service Providers: Our service providers that perform services solely on our behalf, such as survey and marketing providers, and often share some or all of this information with us.
  • Information Providers: We may from time to time obtain information from third-party information providers/data suppliers to correct or supplement personal information on you we collect from our business customers necessary for the provision of our Services.
  • Technology Suppliers: We may also obtain information on you from our technology suppliers when providing our Services on behalf of our business customers.

Categories of Personal Information Collected from Site Visitors and our B2B Customer Account Holders

We may collect the following categories of personal information:

    • Contact Information, including first and last name, email address, mailing address, employer, job title, company name, phone number and communication preferences.
    • Inquiry Information, that you submit to us via custom messages, forms, or email.
    • Account Information, including full name, employer, job title, email address, username and password, profile information, account balances, payment and purchase history information, and any other information you provide to us, our business customers, or other third parties (e.g., we utilize a third-party service provider to process payments on our behalf).
    • Survey Information, including information provided through testimonials.
    • Event Information, including registration information, attendee badge information, and contact information.

For information on the categories of Personal Information that we may process when we provide our services, please see our Description of Personal Information Practices.

Personal Information Automatically Collected for Marketing and Advertising Purposes

As is true of most digital platforms, we and our third-party providers may also collect personal information from an individual’s device, browsing actions and site usage patterns automatically when you visit or interact with our Site. For more information about these practices and your choices regarding cookies, please see our Cookie Policy.
Please note that we do engage in the disclosure of personal information for marketing and advertising purposes, but only if you choose to opt-in by affirmatively consenting to your selected choices in our cookie banner. If you initially chose to opt-in but want to update your preferences to opt-out of the use of any cookies that are not strictly necessary, please use our Cookie Preference Center. In any case, please note that we do not engage in cross-context behavioral/targeted advertising.
We may also collect personal information about B2B individuals, such as contact information, employment-related information, and interest-in-services information, from various marketing vendors. We may combine this information with the information we collect from an individual directly. We may use this information to contact individuals, to send advertising, for promotional materials, to personalize our Services, and to better understand the demographics of the individuals with whom we interact.

Our Use of Personal Information

We use personal information for the following purposes:

  • Fulfill or meet the reason the information was provided, such as to fulfill our contractual obligations, to perform our Services, and to process transactions;
  • Manage our organization and its day-to-day operations, including responding to your inquiries;
  • Market or communicate with B2B individuals;
  • Request individuals provide feedback about our organization, partners, and Services;
  • Administer, improve and personalize our Services;
  • Process payment for our Services via our third-party service providers;
  • Facilitate client benefits and services, including customer support through our command center services;
  • Identify and analyze how individuals use our Site and Services;
  • Conduct research and analytics on our client base and our Services;
  • Improve and customize our Services to address the needs and interests of our client base and other individuals we interact with;
  • Test, enhance, update and monitor the Services, develop new Services, or diagnose or fix technology problems;
  • Help maintain the safety, security and integrity of our property, Services, technology assets and business;
  • Evaluate your candidacy for employment, to communicate with you during the application process and to facilitate the onboarding process, if you are applying for employment.
  • Defend, protect or enforce our rights or applicable contracts and agreements;
  • Prevent, investigate, or provide notice of fraud, unlawful or criminal activity; and
  • Comply with legal obligations.

Legal Basis for Processing

If you are based in a jurisdiction that requires legal grounds for us to be able to process your personal information, we process your information on the following grounds:

  • Compliance with a legal obligation.
  • For our or our customers’ legitimate interests (subject to balancing test), such as to market to you (B2B) and perform analytics, to answer any queries you may have, to improve our products and services; to otherwise support our business, operations, and Services; and prevent and/or address violations of our terms or policies.
  • Protect your vital interests or those of another person.
  • With your consent, for example, if you apply for a job with us and you elect to affirmatively consent to provide your ethnic background.

Our Disclosure of Personal Information

We may disclose personal information as follows:

  • Affiliates. We may share personal information with other companies owned or controlled by us, and other companies owned by or under common ownership as us.
  • Your Employer / Company: If you interact with our Services through your employer or company, we may disclose your information to your employer or company.
  • Survey Providers: We share personal information with third parties who assist us in delivering our survey offerings and processing the responses.
  • Marketing Providers: We may coordinate and share personal information with our marketing providers in order to communicate with individuals about the Services we make available.
  • Customer Service and Communication Providers: We may share personal information with third parties who assist us in providing our customer services and facilitating our communications with individuals that submit inquiries.
  • Other Service Providers: We may also engage other third-party service providers that perform business or operational services for us or on our behalf, such as website hosting, infrastructure provisioning, IT services, analytics services, employment application-related services, cloud hosting services, payment processing services, and administrative services.
  • Business Transaction or Reorganization: We may take part in or be involved with a corporate business transaction, such as a merger, acquisition, joint venture, or financing or sale of company assets. We may disclose personal information to a third party in connection with such corporate business transaction. Personal information may also be disclosed in the event of insolvency, bankruptcy, or receivership.
  • Legal Obligations and Rights: We may disclose personal information to third parties, such as legal advisors and law enforcement:
    • in connection with the establishment, exercise, or defense of legal claims;
    • to comply with laws or to respond to lawful requests and legal process;
    • to protect our rights and property and the rights and property of others, including to enforce our agreements and policies;
    • to detect, suppress, or prevent fraud;
    • to protect the health and safety of us and others; or
    • as otherwise required by applicable law.
  • Otherwise with Consent or Direction: We may disclose personal information about an individual to certain other third parties or publicly at the instruction of our customer, or with the data subject’s own consent or direction. For example, with an individual’s consent or direction we may post their testimonial on our Site or other publications.

Description of Personal Information Practices

The chart below set out the personal information we collect and use, regardless of our role, but please also see our Product Privacy Policy for additional information on our Services.

IDology does not sell your personal information including “sale” as defined under current comprehensive US State privacy laws that are in effect. IDology also does not “share” your personal information as that term is defined in California.

Personal Information Categories Sources of Personal Information Business or Commercial Purpose for Collection
  • Identifiers, such as your name, date of birth, phone/mobile number, and email address, identification documentation (e.g., drivers licenses, passports, and other government issued ID documents) and its corresponding data
    Identifiers include California Customer Records (Cal. Civ. Code § 1798.80(e)), such as your real name, address, telephone number, email address, IP address, date of birth, login name or handle, and other similar identifiers
  • You or IDology’s partners/business customers to whom you provide it to.
  • To enable use of our Sites, Services, products, to communicate with you, to understand how our users interact with our Sites, to improve our offerings, to market our products or services, to secure our Services, to fulfil our legal compliance obligations, in connection with a business merger or transaction, and otherwise for internal business purposes and to comply with applicable legal requirements.
  • Financial information, such as credit or debit card information, and account numbers
  • You or IDology’s partners/business customers to whom you provide it to.
  • To transact with you if you use our products or services, to enable transactions you’ve requested, and otherwise for our own internal business purposes.
    Additionally, we may also use this information to enable our services and products to function, if not provided in a B2B/employment capacity.
  • Commercial information and preferences, such as product purchase history/transactional information.
    In relation to our B2B transactions with our customers, we also collect contact information (name, job, title, work email, phone, and address).
  • You
  • To enable use of our Sites, Services, products, to communicate with you, to understand how our users interact with our Sites, to improve our offerings, to market our products or services, to secure our Services, to fulfil our legal compliance obligations, in connection with a business merger or transaction, and otherwise for internal business purposes and to comply with applicable legal requirements.
    In relation to our B2B transactions with our customers, to transact with you, in your capacity as a B2B employee, if you use our Sites, products, or services, to enable transactions you’ve requested as a B2B employee, to market our products or services, and for our own internal business purposes such as record-keeping
  • Internet or other electronic network activity information on this Site, such as system version, browser type, internet service provider, browsing history, websites visited prior to our Sites, cookie IDs, device type, details about how you use our Site, the referring web page and pages visited, and other similar activity information
  • Your device
  • To enable use of our Sites, Services, products, to communicate with you, to understand how our users interact with our Sites, to improve our offerings, to market our products or services, to secure our Services, to fulfil our legal compliance obligations, in connection with a business merger or transaction, and otherwise for internal business purposes and to comply with applicable legal requirements.
  • Internet/Network Information, such as device information, IP address, device address, logs and analytics data;
  • You or IDology’s partners/business customers to whom you provide it to.
  • To enable use of our services and products.
  • Image: Photo on a passport, driving license, or other identification document, (including the personal information contained therein), self-taken photos
  • You or IDology’s partners/business customers to whom you provide it to.
  • To enable use of our services and products.
  • Sensitive Personal Information: your geolocation, driver’s license and passport numbers, social security numbers, citizenship/immigration status contained in passports;
    For hiring purposes we may collect information on your ethnicity, religious beliefs, or medical conditions (only if you choose to provide this information)
  • Biometric Information, meaning facial algorithms match scores for the purpose of authenticating ID documents
  • Information Pertaining to Minors (under 16) and Children (under 13), our customers may provide us with passports and medical insurance cards pertaining to individuals who fall under this age group. We do not target this group for collection ourselves and cannot control the data that our customers provide to us. We do not knowingly sell data in relation to children under 13.
  • You or IDology’s partners/business customers to whom you provide it to.
  • To enable use of our services and products.
    For employees, we would collect this for standard, diversity, and/or legally mandated hiring and HR purposes.
  
  • Professional or employment-related information, such as job title, employment history, background checks, and organizational affiliation
  • You, or any third party to whom you have granted permission to provide us with the relevant personal information
  • To provide services or products you’ve requested, to comply with applicable legal obligations, and for internal business purposes. For employees, we would collect this for standard and/or legally mandated hiring and HR purposes
  • Inferences: such as information generated from your interactions or transactions with our clients (which they provide to us) to create risk scores for fraud prevention and regulatory compliance purposes.
  • You or IDology’s partners/business customers to whom you provide it to.
  • To enable use of our services and products.

Product-Specific Information (our Products)

For additional information specific to how our Services process personal information, please see our Product Privacy Policy.

Retention of Personal Information

We may retain personal information as required or permitted by applicable laws and regulations. Specifically, we retain information for our legitimate interests and essential business purposes (e.g., to provide, maintain and improve our Services, to comply with legal obligations, to exercise our legal rights and remedies, etc.).

We will retain B2B personal information for seven (7) years, or for as long as we reasonably deem necessary to fulfil our legal obligations or to exercise, defend or establish our rights.

For information specific to how long we retain information that we collect from you on our Site, please see our Cookie Policy.

For information specific to employee or contractor, please visit be/connected for our Team Member Privacy Policy or contact IDology_DPO@gbgplc.com. For job applicants, please visit our third-party service provider privacy policy that was provided to you when you applied for a job at GBG IDology or Contact Us

For information specific to how long our Solutions retain personal information, please see our Product Privacy Policy.

Children’s Personal Information

While our Services are not intended for individuals under the age of eighteen (18), some of our business customers may send us information on individuals under that age for certain types of processing within our Solutions, such as age gating for example. However, where required we contractually obligate our business customers to obtain any consents or permissions that are necessary under applicable privacy law.
We do not knowingly collect or solicit personal information from children under the age of thirteen (13).

If you become aware that a child has provided personal information to us without permission, please contact us so we can promptly delete their information.

Our Services may include links to third-party websites, plug-ins and applications. This General Privacy Policy does not apply to, and we are not responsible for, any personal information practices of third-party websites and online services or the practices of other third parties. To learn about the personal information practices of third parties, please visit their respective policies.

Your Privacy Rights

Depending on your jurisdiction (in the US, this currently only includes California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and Montana), you may have some or all of the following rights:

  • The right to access/know your personal information – You have a right to know what personal information we hold on you and for what purpose we are processing your personal information. This is known as a Subject Access Request (SAR).
  • The right to data portability – you can request that the personal information you have provided to us be ported to another organization, or be provided to you (to the extent technically feasible) in a readily useable format that allows you to transmit it yourself.
  • The right to opt-out of sale of your personal information and targeted advertising – you have the right to stop us from “selling” your personal information to third parties. However, please note that GBG does not sell personal information or engage in targeted advertising.
  • The right to withdraw consent – you can withdraw consent at any time.
  • The right to erasure/delete – you can request that we remove your personal information from our systems.
  • The right to restrict processing – you can request that GBG only process your personal information for the purposes you specify (applicable under GDPR) or limit processing of your sensitive personal data.
  • The right to rectification/correction – you have the right to ask us to rectify/correct any information you believe is inaccurate. You may also have the right to ask us to complete information you think is incomplete.
  • The right to No Discrimination – You have the right not to receive discriminatory or retaliatory treatment for exercising your privacy rights. This includes the right as an employee, applicant, or independent contractor to not be retaliated against for the exercise of your rights.
  • The right to object to processing – you have the right to object to processing if we are able to process your information because the processing is in our legitimate interests (applicable under GDPR).
  • The right to obtain information upon request on the balancing test we have carried out when determining we are able to rely on legitimate interest as our lawful basis for processing your personal information (applicable under GDPR).

Please keep in mind that if you’re subject to GDPR, some of these rights are subject to an internal assessment that one of the grounds thereunder is satisfied.

  • If you are a resident of the State of Nevada, you may opt out of future sales of certain covered information that a website operator has collected or will collect about a resident of the State of Nevada. We do not currently sell covered information for monetary consideration, but you may still contact us on our webform to submit such a request.
  • If you are a resident of the Sate of California:
    • Shine the Light: California residents that have an established business relationship with us have rights to know how their information is disclosed to third parties for their direct marketing purposes under California’s “Shine the Light” law (Civ. Code §1798.83).
    • The right to limit the use of sensitive information – you have the right to request that we limit our usage of you personal information to what is strictly necessary to perform our Services. However, we only use and disclose sensitive personal information that we collected for purposes specified in section 7027, subsection (m) of the CCPA regulations.

Please also note that any rights request you make with us will be actioned in accordance with the privacy law that applies to you.

How to Make a Privacy Rights Request

Please use our webform, or send via phone or post using the information provided in our “Contact Us” section of this General Privacy Policy.

You are not required to pay any charge for exercising your rights. We usually have one calendar month to respond, but this may vary depending on your location (for example, if you are in the US we have 45 days depending on your state of residence). If we are unable to comply with your request, we will provide you with an explanation.

Verification. Due to the confidential nature of your personal information, we may ask you to provide proof of identity when exercising the above rights to verify your identity, in accordance with applicable data privacy laws. This can be done by providing a copy of a valid identity document issued by the US State where you are a resident and is exercised for the purpose of ensuring that the individual making the rights request is in fact who they claim to be.

Authorized Agents. You may use an authorized agent to exercise your rights on your behalf, in accordance with the privacy law that applies to you. If you are making any of the requests above through an authorized agent, we will request written authorization from you and will seek to verify you as described above or we will accept a legal Power of Attorney. To make a request using an authorized agent, have your agent use our webform and upload documentation demonstrating authorization from you.

Complaints and Appeals

You have the right to complain to your local data protection/supervisory authority if you believe we have mishandled your request. Information about how to contact your local data protection authority is available here if you are subject to GDPR.
In the U.K., our regulator is:
The Information Commissioner’s office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone number: 0303 123 113 or 01625 545 745
Email: casework@ico.org.uk
If you are a resident of a jurisdiction that allows you to appeal a decision we have made in connection with your attempt to assert a right under applicable Data Protection Laws, you may file an appeal of our decision by contacting us at IDology_DPO@gbgplc.com. Please ensure you provide us with the postal address in which you reside, accompanied with details for the basis of your appeal.
Your jurisdiction may allow you to file a complaint regarding any concerns with the result of your appeal request. US residents whose states have enacted an applicable privacy law may file a complaint with their corresponding state’s Attorney General or dedicated Agency if they have concerns about the result of the appeal.

International Transfers

International Transfers of Your Personal Information. The personal information we collect may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third-party service providers have operations, including in the United States. For example, if you are accessing our website from the EEA, your Personal Information will be processed outside of the EEA in the US.
Security. We implement appropriate technical and organizational measures to protect your personal information against accidental or unlawful destruction, loss, change or damage.
In the event of a cross-border data transfer, we ensure that: (i) the personal information is transferred to countries recognized as offering an equivalent level of protection; or (ii) the transfer is made pursuant to appropriate safeguards, such as standard data protection clauses adopted by the European Commission.

Updates to This General Privacy Policy

We will update this General Privacy Policy from time to time. When we make changes to this General Privacy Policy, we will change the date at the beginning of this General Privacy Policy. If we make material changes to this General Privacy Policy, all such changes shall be effective from the date of publication unless otherwise noted.

Contact Us

If you have any questions or requests in connection with this General Privacy Policy, please send an email to IDology_DPO@gbgplc.com, or if you are an EEA resident: DPO@gbgplc.com. However this email is for questions only. For officially filing a rights request with us, please use our webform.
Alternatively, inquiries may be made to:

Jurisdiction Phone Address
  • UK
  • +44 (0) 1244 657277
  • Privacy & Data Compliance Team GBG
    The Foundation
    Herons Way
    Chester Business Park
    Chester
    CH4 9GB
    United Kingdom
  • EEA /Swiss
  • +34 (0) 935 451 156
  • Our EEA representative is located at:
    GBG
    Edifici El Triangle 4a planta
    Placa de Catalunya
    1 08002 Barcelona
    Spain
  • All other jurisdictions (including the US)
  • 1(833) 383-0085
  • IDology, Inc.
    Attn: Privacy Department
    2018 Powers Ferry Rd
    Atlanta, GA 30339
    USA
The owner of this website has made a commitment to accessibility and inclusion, please report any problems that you encounter using the contact form on this website. This site uses the WP ADA Compliance Check plugin to enhance accessibility.